CivilsWisdom.
Updated · Today
Science & Technology May 28, 2026 6 min read Daily brief · #3 of 26

Quantum-safe thinking: on the new DST Task Force report

India's Department of Science and Technology (DST) published the report 'Implementation of Quantum Safe Ecosystem in India' on 5 February 2026, produced by a...

GS Paper 3 (Science & Technology Cybersecurity Internal Security)

What Happened

  • India's Department of Science and Technology (DST) published the report 'Implementation of Quantum Safe Ecosystem in India' on 5 February 2026, produced by a Task Force chaired by the CEO of C-DOT (Centre for Development of Telematics) and comprising experts from government agencies, industry, academia, and research laboratories.
  • The Task Force was convened under the National Quantum Mission (NQM) to formulate a phased roadmap for migrating India's digital infrastructure — especially Critical Information Infrastructure (CII) — to post-quantum cryptographic (PQC) algorithms before cryptographically relevant quantum computers become available.
  • The roadmap proposes that CII sectors complete migration to quantum-safe algorithms by 2029, with broader government and commercial adoption by 2033.
  • By December 2026, dedicated Tier-1 and Tier-2 testing and certification laboratories under TEC (Telecommunications Engineering Centre), STQC (Standardisation Testing and Quality Certification), and BIS (Bureau of Indian Standards) are to be operationalised.
  • The DST report flags the "harvest now, decrypt later" (HNDL) threat as an immediate risk: adversarial actors are currently collecting encrypted government and financial data with the intent to decrypt it retrospectively once quantum computing capabilities mature.
  • NIST (US National Institute of Standards and Technology) finalised its first three post-quantum cryptography standards in 2024, based on lattice and hash-function mathematical problems, providing the algorithmic baseline India proposes to adopt and adapt.

Static Topic Bridges

Post-Quantum Cryptography (PQC) and the Quantum Threat

Current public-key encryption standards — RSA, ECC (Elliptic Curve Cryptography), and Diffie-Hellman key exchange — derive their security from the computational difficulty of factoring large integers or computing discrete logarithms. A sufficiently powerful quantum computer running Shor's algorithm could break these systems in polynomial time, rendering most of the world's encrypted communications and digital signatures vulnerable. Post-quantum cryptography (also called quantum-resistant or quantum-safe cryptography) refers to a new generation of algorithms designed to resist attacks from both classical and quantum computers.

  • NIST's first three PQC standards (2024): ML-KEM (CRYSTALS-Kyber), ML-DSA (CRYSTALS-Dilithium), SLH-DSA (SPHINCS+) — based on lattice and hash-function problems.
  • A "cryptographically relevant quantum computer" (CRQC) capable of breaking RSA-2048 is estimated to require thousands of stable logical qubits; current systems have far fewer.
  • The transition timeline is urgent not because CRQCs exist today but because HNDL attacks mean encrypted data collected now could be broken retroactively.
  • "Hybrid cryptography" combines classical and PQC algorithms during the transition period as a belt-and-suspenders approach.

Connection to this news: The DST Task Force report translates NIST's global technical standards into an India-specific implementation roadmap, defining sector-by-sector timelines, testing infrastructure, and governance for the national PQC migration — a necessity given how deeply embedded legacy encryption is in banking, telecom, defence, and government systems.

National Quantum Mission (NQM)

The National Quantum Mission was approved by the Union Cabinet on 19 April 2023 at a total outlay of Rs 6,003.65 crore for 2023–24 to 2030–31, to be administered by the Department of Science and Technology. The Mission aims to develop intermediate-scale quantum computers (50–1,000 physical qubits) in various hardware platforms including superconducting and photonic technologies, establish satellite-based quantum communication over 2,000 km within India, and support quantum sensing, metrology, and materials research. Four Thematic Hubs (T-Hubs) focus on quantum computing, quantum communication, quantum sensing and metrology, and quantum materials and devices.

  • NQM approved: 19 April 2023; outlay Rs 6,003.65 crore over 2023–2031.
  • India becomes the sixth country (after the US, Austria, Finland, France, and China) with a dedicated national quantum mission.
  • Target: satellite-based Quantum Key Distribution (QKD) between ground stations within India over 2,000 km; inter-city QKD over 2,000 km.
  • C-DOT is the nodal agency under DST for telecom-related quantum communication implementation.

Connection to this news: The DST Task Force on quantum-safe cryptography operates as a policy arm of NQM, translating the mission's quantum communication research investments into defensive cybersecurity policy — ensuring that India's critical systems are protected against the very quantum capabilities NQM is helping to develop globally.

Critical Information Infrastructure (CII) and Information Technology Act, 2000

Critical Information Infrastructure refers to computer resources whose incapacitation or destruction would have a debilitating impact on national security, economy, public health, or safety. Section 70 of the Information Technology Act, 2000 empowers the Central Government to declare any computer resource as "protected systems" (CII). The National Critical Information Infrastructure Protection Centre (NCIIPC), under the National Technical Research Organisation (NTRO), is responsible for protecting India's CII.

  • Section 70, IT Act, 2000: legal basis for designating and protecting CII.
  • NCIIPC established under Section 70A of the IT Act (inserted by the IT Amendment Act, 2008).
  • CII sectors in India include: power and energy, banking and financial services, telecommunications, transport, e-governance, and strategic enterprises.
  • The DST roadmap prioritises CII migration to PQC by 2029, given that a breach of CII systems would have cascading national security implications.

Connection to this news: The DST Task Force's prioritisation of CII for PQC migration by 2029 operationalises the protection mandate under Section 70 of the IT Act for the quantum era — recognising that the HNDL threat is particularly acute for CII data, which has long-term sensitivity requiring confidentiality well beyond today's decryption horizon.

"Harvest Now, Decrypt Later" (HNDL) Threat

The HNDL threat describes a class of adversarial strategy in which encrypted data is collected in bulk today — from government communications, financial transactions, intelligence traffic, or scientific databases — with the expectation that sufficiently powerful quantum computers in the future will be able to decrypt it retrospectively. The strategy is particularly concerning for data with long-term sensitivity: diplomatic communications, defence plans, personal health records, or financial secrets that must remain confidential for decades.

  • HNDL attacks require no current quantum capability — only data collection infrastructure and long-term storage.
  • State-level adversaries are the primary threat actors for HNDL targeting national CII.
  • HNDL makes the PQC migration timeline a matter of current urgency, not a distant future problem.
  • The window for action is now: systems must begin migrating before CRQCs exist, not after, because legacy-encrypted data already in adversarial possession cannot be "re-encrypted" retroactively.

Connection to this news: The DST Task Force's report explicitly identifies HNDL as justification for India's aggressive migration timelines (CII by 2029), placing the report in the current-affairs frame that quantum safety is an active cybersecurity threat today, not merely a theoretical future risk.

Key Facts & Data

  • DST Task Force report: 'Implementation of Quantum Safe Ecosystem in India', published 5 February 2026.
  • Task Force chair: CEO, C-DOT (Centre for Development of Telematics).
  • CII migration deadline: 2029; broader government and commercial adoption: 2033.
  • Testing labs to be operationalised by December 2026: under TEC, STQC, BIS.
  • National Quantum Mission: approved 19 April 2023; outlay Rs 6,003.65 crore (2023–2031).
  • NIST PQC standards (2024): ML-KEM, ML-DSA, SLH-DSA — lattice and hash-function based.
  • Section 70, IT Act, 2000: legal basis for CII designation and protection.
  • NCIIPC: nodal body for CII protection in India (under NTRO, Section 70A).
  • India is the sixth country with a dedicated national quantum mission.
  • Key threat: "Harvest Now, Decrypt Later" (HNDL) — adversaries collecting encrypted data today for future quantum decryption.
On this page
  1. What Happened
  2. Static Topic Bridges
  3. Post-Quantum Cryptography (PQC) and the Quantum Threat
  4. National Quantum Mission (NQM)
  5. Critical Information Infrastructure (CII) and Information Technology Act, 2000
  6. "Harvest Now, Decrypt Later" (HNDL) Threat
  7. Key Facts & Data
Display