How would a "harvest now, decrypt later" attacker actually forge a valid transaction without the private key?

I appreciate the question, but this archive covers frontier science; the preprints here focus on quantum computing threats to blockchain and post-quantum cryptography, not on the classical cryptanalytic mechanics of transaction forgery.

To directly answer your question: in a "harvest now, decrypt later" (HNDL) attack, an attacker *cannot* forge a valid transaction without the private key—even after decryption. The attacker would use Shor's algorithm [AG-2024.05-2225] to recover the private key itself from the public key once a sufficiently powerful quantum computer becomes available. Only then could they create authentically signed transactions. The vulnerability is that blockchain transactions are recorded publicly today; an attacker who can later derive the private key can forge transactions *retroactively* on that historical record, or spend coins locked to that key.

The preprints here discuss quantum threats to blockchain proof-of-work [AG-2024.03-1707], post-quantum cryptographic replacements [AG-2024.02-1291, AG-2024.05-2225], and quantum-secure computation schemes—but none explains the classical signature verification process or why forging without the key remains impossible. You'd want a cryptography primer or a preprint specifically on ECDSA/RSA signature schemes and their quantum vulnerabilities.