Critical sectors must have quantum-safe encryption, urges task force

📌 Summary:

• DST (Department of Science & Technology) task force recommends India's critical sectors — government, defence, power, telecom, transport, banking & finance — begin a phased switch to Post-Quantum Cryptography (PQC)
• Risk: current public-key encryption protecting sensitive data could be broken by future quantum computers; failure to act may cause "irreversible compromise" of confidential data and erosion of digital governance
• PQC = new generation of encryption algorithms designed to run on ordinary computers but resistant to quantum attacks
• Task force chair: Rajkumar Upadhyay (CEO, C-DOT, Centre for Development of Telematics); co-chair: Prof. Manindra Agrawal (Director, IIT Kanpur)
• Report prepared under National Quantum Mission (NQM) — approved by Union Cabinet in April 2023; outlay ₹6,003.65 crore through 2030–31; 4 thematic hubs at IISc and IITs (computing, communication, sensing, materials)
• Tiered migration calendar — Critical Information Infrastructure (CII) sectors: foundation by 2027 → high-priority migration by 2028 → full PQC by 2029
• Other enterprises: foundation 2028 → high-priority 2030 → full PQC 2033
• Short-term: "sandbox pilots" of PQC + hybrid systems (current + new) by 2027 (CII) / 2028 (others)
• Recommends sector-specific rules via SEBI, RBI, CERC and Ministries (Railways, Finance, Power)
• Proposes National PQC Testing & Certification Programme — first labs operational by December 2026
• Long-term: composite Indian architecture — software-based PQC + hardware-based Quantum Key Distribution (QKD) backbone
• Threat models cited: "Q-Day" (when quantum computers can break public-key crypto) "may arrive within 3 years" per IonQ CEO; and "harvest now, decrypt later" attacks where encrypted data stolen today is stored for future decryption — hence migration must follow "assume-breach" principle

🎯 UPSC Relevance: GS3 — Internal Security (Cyber Security); GS3 S&T (Emerging Tech / Quantum); critical infrastructure protection; National Quantum Mission; technological sovereignty

📝 Prelims Facts:

• Task force chair: Rajkumar Upadhyay (CEO, C-DOT); co-chair: Manindra Agrawal (Director, IIT Kanpur)
• National Quantum Mission (NQM) — Cabinet approval: April 2023; outlay ₹6,003.65 crore through 2030–31
• NQM has 4 thematic hubs at IISc and IITs: computing, communication, sensing, materials
• CII full PQC adoption target: 2029; non-CII: 2033
• Other Indian bodies named: SEBI, RBI, CERC, MeitY, CERT-In, C-DOT
• Countries that have prioritised software-based PQC: US, UK, EU, Canada, Australia

🔑 Key Term: Post-Quantum Cryptography (PQC) — a class of encryption algorithms (e.g., lattice-based, hash-based) executable on classical computers but designed to be resistant to attacks by sufficiently powerful quantum computers; intended to replace today's RSA/ECC public-key systems before "Q-Day".