What Is Trust Now, Forge Later (TNFL)? TNFL vs HNDL Attacks Explained

Suppose that the hospital allows a vital software update of its infusion pumps to go through, and all security tests pass. The signature looks valid. The certificate is scrapless. Everything appears legitimate. The update was forged by an attacker who cracked a key that was considered unbreakable just five years ago.

The general perception of most individuals is that after encryption or after data is digitally signed,  it stays secure indefinitely.

That assumption is now perilously outdated.

Threats such as Harvest Now, Decrypt Later (HNDL), Trust Now, Forge Later (TNFL), stealthy and unobtrusive attacks, not with brute force, but with patient, measured actions to weaponise tomorrow’s quantum computers against decisions made today.

It is not only dangerous for someone to view your personal information. It is that they can impersonate you, and be your authority, and nobody will ever know.

That’s why TNFL is worth learning about before it is too late.

What is Trust Now, Forge Later (TNFL)?

Trust Now, Forge Later (TNFL) is a quantum era attack strategy, a repeated attack in which attackers gather digitally signed information today, and then use future quantum computers to forge those signatures and impersonate trusted systems.

• “Trust Now” means the digital signatures and certificates that are used by the world today for code signing, software updates, device authentication, and legal documents. All that is considered proven and acceptable by society.

• “Forge Later” is the final stage of the attackers. Once a powerful quantum computer is available,  they use Shor’s algorithm to reverse-engineer the private signing key from publicly available data, and later use it to forge signatures whenever they want.

Practically, the first stage of an attacker is to gather signed artefacts, firmware images, certificates, and software binaries. Then they wait till quantum capability matures. Lastly, they extract the private key and begin to sign malicious content, which all old systems will believe is authentic.

TNFL does not attack weak passwords or unpatched systems, as is the case with traditional cyberattacks. It focuses on the mathematical basis of digital trust itself.

A Real-world Example:

A software update dated today is signed with RSA-2048. That signature looks ironclad. However, a quantum computer that is running Shor’s algorithm would be able to reconstruct the signing key, and it would rewrite all future updates of that vendor as a possible forgery.

TNFL essentially is an assault on integrity and authenticity, rather than privacy.

Why TNFL Is More Dangerous Than Most Security Threats?

TNFL is especially perilous as the harm is not inflicted at the moment when the attack occurs but long after, and without any noise, with trust having been earned.

The Damage Arrives Late and Compounds Silently

The attacker has nothing but to be patient. Today, they gather signed artefacts and wait until quantum computing matures and then attack, at a time when the defences are still tuned to classical attacks.

By the time the forgery is known, the signing that took place has been forgotten way back, and is virtually undetectable.

It Doesn’t Break One Lock It Breaks the Entire Chain

TNFL doesn’t target one vulnerability. It attacks the root cryptographic signing keys that validate the signed software updates, device firmware, legal contracts, and identity certificates.

Once that root is compromised, every layer of trust built on top of it collapses simultaneously.

Recommended: Top Best Practices for Storing X.509 Private Keys

Detection Is Nearly Impossible by Design

A forged signature looks the same as a legitimate one. No firewall flags it. No antivirus detects it. Systems will take the malicious update, command, or document without a second thought since technically, the signature checks out.

Long-Lived Systems Carry a Permanent Liability

Industrial control systems, medical devices, satellites, and critical infrastructure have operating periods of 15-25 years. Many run on hardware that cannot be patched or upgraded.

A signing key embedded today becomes a permanent liability the moment quantum computers arrive.

In simple terms, TNFL does not simply steal information; it takes your identity, corrupts trust at the source, providing attackers with the ability to rewrite what the world perceives as reality.

How a TNFL Attack Actually Unfolds: Stage by Stage

The process of a TNFL attack can be divided into several phases – all silent, carefully thought-out, and leading to one fruitful outburst of destruction.

Stage 1: Collection – Harvest What’s Already Public

The attacker will first systematically gather publicly available signed artefacts, such as firmware binaries, software update packages, code-signing certificates, TLS certificates, and timestamped legal documents. All this does not involve hacking. Much of it is openly accessible.

Stage 2: Storage – Archive Everything and Wait

The attacker then logs this information and the respective public keys. Storage is cheap. Patience is the only real investment at this stage. The aim is to conserve all that will be required to decrypt the signing key when quantum capability is available.

Stage 3: Cryptographic Breakthrough – The Point of No Return

Eventually, a powerful enough quantum computer running Shor’s algorithm allows what classical computers never could: to derive a private signing key based on its public counterpart. RSA-2048 and ECC are said to be safe today, but offer no resistance at that point.

Recommended: PQC Code Signing in a CNSA 2.0 World: Preparing for the Quantum Leap

Stage 4: Forgery – Clone the Trusted Identity

The attacker then produces new signatures using the retrieved private key, which are cryptographically identical to valid signatures. They are now capable of signing any file, command, update or certificate as the original trusted authority.

Stage 5: Deploy at Scale, Invisibly

Lastly, this feature also allows attackers to install malicious firmware to medical devices, completely inject backdoors into software fixes, forge legal contracts, or pretend to be controllers of key infrastructure, and all while every security check returns green.

This step-by-step process reveals the uncomfortable truth: TNFL is transforming the current safe digital infrastructure into a future attack surface.

TNFL vs. HNDL: Same Technology, Fundamentally Different Threats

A better way to understand TNFL is to compare it with Harvest Now, Decrypt Later (HNDL), where attackers capture and store encrypted information today, then decrypt it when quantum computers are powerful enough to crack current encryption algorithms such as RSA and AES.

Both attacks weaponise the same future technology. Their objectives, however, are fundamentally different:

Goal

TNFL is interested in creating trusted identities and manipulating what the systems can perceive as legitimate.

HNDL concentrates on revealing what has been a secret in systems. One corrupts trust. The other infringes on privacy.

Target

TNFL attacks digital signatures, keys used in signing, and authentication certificates – the things that authenticate who has sent something.

HNDL focuses on the encrypted messages and stored data, as well as the encryption of the sent messages.

Impact

An apt TNFL attack allows attackers to act as sellers, states, or critical infrastructure – with no footprint left behind.

HNDL creates data exposure, which is severe but essentially limited to what was intercepted.

Timing

They both include delayed exploitation, but TNFL is also an actively functioning weapon as soon as one of the private keys is broken.

HNDL is resource-intensive in terms of scale because it has to be decrypted individually on each captured session.

Visibility

TNFL is virtually invisible. Counterfeit signatures are validated on all checks. HNDL, in its turn, requires the initial data at least to have been intercepted, leaving possible forensic footprints.

Since TNFL undermines integrity and authentication at the cryptographic root, it can be suggested that it presents a more systemic risk compared to HNDL; it not only reveals secrets but also attempts to rewrite the history of what the world believes to be real.

How to Defend Against TNFL – Before the Window Closes?

Mitigating TNFL requires proactive organisational design, implementation, and maintenance of secure systems, starting now and not when quantum computers become a practical reality.

Switch to Post-Quantum Cryptography

• The best direct defence is to swap RSA and ECC with quantum-resistant algorithms. In 2024, NIST completed its original PQC standards, which consist of CRYSTALS-Dilithium digital signatures.
• Any organisation that is not moving this transition soon is simply increasing its attack window, and not evading it.

Recommended: Google Cloud KMS Introduces Quantum-Safe Digital Signatures Align with NIST’s PQC Standards

Build Crypto-Agility Into Every System

Crypto-agility refers to developing systems that can be reconfigured by replacing the cryptographic algorithms without having to recreate the whole architecture.

Agile systems are responsive to the next vulnerability, and when it occurs, it takes days, not years.

Shorten Certificate Lifetimes and Rotate Keys Regularly

The favourite of TNFL is long-lived signing keys. Shifting the length of certificates and key rotation constraints the amount of value that an attacker derives from an individually compromised key.

Harden Every Software Update Pipeline

Multi-layer checking is required of secure update pipes – not only signature checking, but behavioural checking, anomaly detection, and out-of-band checking of critical infrastructure updates. Only a forged signature should never be the final gatekeeper.

Deploy Hybrid Cryptographic Systems During the Transition

It is possible to use hybrid methods that combine classical and post-quantum algorithms simultaneously. This safeguards the current threats to these future quantum attacks over the transition period – without resting solely on a single cryptographic standard.

Goal is simple: Ensure that all signing keys are short-lived, replaceable, and resistant to quantum computing by the time the time bomb goes off.

Recommended: AWS KMS Embraces the Quantum Era with ML-DSA Digital Signature Support

The Clock Is Already Running – Act Before It Stops

Trust Now, Forge Later is not a far-fetched concept, but an inherent flaw in the structure of the security choices organisations are implementing today.

Considering that HNDL is focused on data confidentiality, TNFL targets an even more difficult-to-restore element of authentication rather than data.

Damage that can be done using identities that are forged identities and manipulating systems that seem to be absolutely genuine does not resemble a breach. It appears to be in normal operation.

That is what makes this threat unusual and dangerous at once and easy to do away with, which is unique and unique to dismiss unless it is too late.

The way ahead requires something other than awareness. Quantum-resistant cryptography, crypto-agile designs, and keys that have shorter lifetimes that can be deployed to organisations are all needed by the arrival of the quantum computers that would render the existing strategy outdated.

The Post-Quantum Cryptography standards by NIST have a clear starting point, the roadmap is there, and the urgency is a reality.

Wholesome security choices taken in the current world will either ensure trust over the next 10 years, or provide assailants the keys to systems that we are only beginning to construct.

Search