PKI

Stream

Certificate Authority for enterprise-grade certificate management

CLM

Horizon

Certificate Lifecycle Management platform for automated operations

Crypto Decoder

Tools

Validate and decode digital certificates with precision
Book a Demo Contact Sales Integrations

Learning & Knowledge

Education Center

Comprehensive PKI guides, best practices, and technical documentation for security professionals

Blog & Industry Insights

Latest cybersecurity trends, PKI developments, and expert analysis on digital certificate management

Free Tools & Decoders

Online certificate decoder and validation tools for analyzing digital certificates and cryptographic assets

Whitepapers & Resources

Comprehensive whitepapers, datasheets, and technical resources on certificate management and PKI

Events & Community

Webinars & Live Sessions

Expert-led sessions on PKI implementation, certificate management, and cybersecurity best practices

Newsroom & Press

Latest company news, product announcements, and media resources for journalists and analysts

Events & Conferences

Meet us at industry conferences, trade shows, and cybersecurity events worldwide

About Evertrust

Learn about our mission, team, and commitment to European digital sovereignty and security

Support Center Contact Sales
Blog Article

Trust Now, Forge Later: the quantum threat to Digital Integrity

Invalid Date
6 min read
PKI & Security

Published on

Invalid Date

Why Digital Signature forgery poses a greater risk than Data Decryption

Quantum computing is poised to revolutionize how we approach cybersecurity—but not in the way most organizations think. While discussions about quantum threats typically center on "Harvest Now, Decrypt Later" (HNDL) attacks, where encrypted data collected today becomes decryptable when quantum computers mature, there's a more insidious threat lurking in the background.

"Trust Now, Forge Later" (TNFL) could undermine the very foundations of digital security much faster and with far more devastating consequences. At Evertrust, we recognize that protecting digital trust is about ensuring the integrity and authenticity of every digital transaction, from software updates to identity verification. Understanding the TNFL threat is critical for organizations planning their quantum-safe future.

What is Trust Now, Forge Later?

Trust Now, Forge Later describes a scenario where digital signatures and certificates widely trusted today become forgeable in the future when quantum computers achieve sufficient computational power. While HNDL attacks threaten confidentiality by exposing encrypted data retroactively, TNFL attacks target the integrity and authenticity of digital transactions directly.

The fundamental difference is critical: compromised confidentiality affects data privacy, while compromised integrity affects system safety and operational reliability. The digital signatures that validate software updates, device firmware, identity documents, and financial transactions could all be forged retroactively once quantum computers break current public-key cryptographic algorithms like RSA and ECDSA.

This means that a signature created today with current algorithms could be deemed untrustworthy or even falsifiable tomorrow.

Why TNFL is potentially more dangerous than HNDL

While both threats are serious, TNFL represents an immediate operational danger that goes beyond data privacy concerns. Here's why:

-> Undetectable breaches:

Unlike HNDL, which reveals itself through exposed data, TNFL attacks can occur silently. A malicious software update forged with a quantum-cracked private key would be accepted as genuine by security systems, potentially enabling attackers to gain control of critical systems without triggering alerts.

-> Supply Chain vulnerability:

Modern organizations rely on a complex ecosystem of software dependencies, firmware updates, and third-party integrations. A forged signature in any of these areas could compromise entire supply chains, affecting thousands of downstream users.

-> Physical world impact:

In operational technology (OT) environments—power grids, hospitals, manufacturing facilities—forged commands could have catastrophic real-world consequences, from equipment damage to loss of life.

-> Retroactive attacks:

Attackers can harvest signatures today and forge them retroactively once quantum capability is achieved. This means today's secure transactions could become tomorrow's security vulnerabilities.

-> Integrity over confidentiality:

In cybersecurity discussions, confidentiality often takes center stage. Yet for many critical systems, integrity is paramount. A power grid that cannot verify the authenticity of control commands is far more dangerous than one with exposed operational logs.

Let's consider these scenarios:

*A forged firmware signature could allow attackers to introduce code into a pacemaker, turning a life-saving device into a threat.

Ready to secure your PKI infrastructure?

Discover how Evertrust can help you manage your certificates efficiently and securely.

Get Started

* A forged command in a water treatment facility could alter chemical dosing, endangering public health.

* A forged digital signature on a financial transaction could transfer millions without detection, undermining trust in the entire financial system.

The TNFL threat is particularly acute for operational technology (OT) environments. Unlike information technology (IT) systems, which can be updated relatively quickly, OT devices often operate for decades with limited patch cycles and strict regulatory constraints.

Many OT devices were never designed to support quantum-resistant algorithms. They lack the processing power or memory required for post-quantum cryptography.

Also, critical infrastructure often operates under strict regulatory frameworks that require extensive testing before any system changes. Shutting down systems for upgrades isn't always feasible in environments like hospitals or power plants.

Without proactive planning now, millions of critical devices could become vulnerable as quantum computing capabilities advance. The cost of remediation will only increase with time.

Preparing for quantum-safe signatures: a strategic approach

The path to quantum-resistant digital infrastructure requires immediate, strategic action. Here's how organizations should approach the challenge:

1. Identify and map digital signatures

The first step is comprehensive visibility. Organizations must identify where digital signatures and certificates are used throughout their infrastructure—in software repositories, firmware updates, identity systems, and transaction verification processes. This inventory is essential for prioritizing upgrades.

Want to learn more about certificate management?

Download our comprehensive guide to PKI best practices and implementation strategies.

Download Guide

2. Assess quantum vulnerability

Not all systems face equal risk. Assess which signatures are most critical to your operations and which have the longest lifespans. A firmware signature that will be in use for 20 years requires priority attention; a short-lived session token is lower risk.

3. Implement Crypto-Agility

Crypto-agility—the ability to switch cryptographic algorithms without major system redesigns—is key to responding to quantum threats. Design systems that can easily adopt new algorithms as post-quantum standards mature. Evertrust's PKI solutions are built with this principle in mind, enabling organizations to adapt quickly as NIST's post-quantum cryptography standards finalize.

4. Adopt Post-Quantum Cryptography standards

NIST has been developing post-quantum cryptography standards to replace RSA and ECDSA. Organizations should monitor these standards and plan migration strategies. Early adoption of quantum-resistant algorithms, even in parallel with current systems, provides a path toward long-term security.

5. Deploy quantum-safe gateways

For legacy systems that cannot be immediately upgraded, quantum-safe gateways can intercept and validate signatures, adding a layer of protection until full system replacement is feasible.

Conclusion: the time for action is Now

The "Trust Now, Forge Later" threat represents a fundamental challenge to the digital trust infrastructure that modern society depends on. Unlike Harvest Now, Decrypt Later—which primarily threatens privacy—TNFL threatens operational safety, system integrity, and the authenticity of critical transactions.

For organizations in critical infrastructure, finance, healthcare, and manufacturing, the stakes could not be higher. The convergence of long device lifecycles, complex regulatory environments, and the devastating potential of forged commands creates an urgent need for proactive quantum-safe planning.

Organizations that begin their quantum-safe transformation now will be well-positioned to protect the integrity, authenticity, and safety of their digital systems in the quantum age. Those that delay risk discovering vulnerabilities too late—when quantum computers are already a reality and their systems are already compromised.

The quantum threat is not a distant concern for the future. It is a present-day imperative for action.

---

About Evertrust

Evertrust is Europe's trusted partner for PKI and certificate lifecycle management. With over 30 million certificates under management and deep expertise in quantum-safe cryptography, we help organizations safeguard the integrity of their digital trust infrastructure.

Found this helpful?
← Back to blog

Table of Contents

Stay Updated

Get the latest PKI insights and security best practices delivered to your inbox.

By subscribing you accept to receive our communications. You can unsubscribe at any moment.

Related Articles

Article image

Sequence 2: Install and configure NGINX for TLS encryption on RHEL/Debian/OpenSUSE

Continue Reading
Article image

Enable Post Quantum Cryptography Support in Web Browsers

Continue Reading
Article image

Sequence 1: The guide to Installing and configuring Apache Httpd for TLS encryption on RHEL, Debian, OpenSUSE

Continue Reading