On the Practical Feasibility of Harvest-Now, Decrypt-Later Attacks

This is an academic paper (36 days old, arxiv source) with an attached open-source testbed. The core contribution is reframing HN-DL attacks as an economic problem and quantifying adversary costs—a novel framing and analysis angle rather than a new cryptographic breakthrough. The testbed reproduces known attack mechanics (harvesting ciphertext, decryption post-quantum) across four protocols, but applies it systematically to modern TLS/QUIC/SSH. Defensibility is low (3/10): the project is a reference implementation tied to a paper, not a product with users or ecosystem lock-in. The testbed is reproducible by anyone with protocol knowledge; no significant technical moat exists. Frontier risk is medium: frontier labs (OpenAI/Anthropic don't focus here, but Google/academic labs studying post-quantum cryptography) could easily reproduce or integrate this analysis into their threat modeling. Governments and standards bodies (NIST, IETF) are already actively researching HN-DL defenses. The economic modeling angle is useful for policy/procurement decisions but doesn't create defensibility for the code artifact itself. Integration surface is reference_implementation because this is designed as a reproducible research artifact, not a reusable library or service. No clear path to pip/API consumption.