Post-Quantum Cryptography: Securing the Digital Future in a Quantum World

1. Introduction: The Cryptographic Reckoning Ahead

For decades, the security of the internet has rested on a handful of mathematical problems considered practically unsolvable by classical computers. The RSA algorithm, first published in 1977, derives its strength from the near impossibility of factoring the product of two large prime numbers. Elliptic Curve Cryptography (ECC) similarly relies on the discrete logarithm problem. These algorithms today protect everything from banking transactions and healthcare records to classified government communications and military command channels.

Quantum computing upends this foundation entirely. A sufficiently powerful quantum computer, running Shor’s algorithm — first theorized by MIT mathematician Peter Shor in 1994 — could factorize large prime numbers exponentially faster than any classical machine. This does not represent an incremental improvement in computational power; it represents a categorical transformation. As ORF’s Expert Speak notes, this “precise point when this occurs has come to be called Q-Day, and it is fast approaching.”

The scale of exposure is immense. Virtually every sector of the global economy — finance, defense, healthcare, energy, telecommunications, and critical infrastructure — relies on cryptographic protocols that quantum computers will be able to break. The transition to Post-Quantum Cryptography (PQC) is therefore not a speculative exercise in futureproofing; it is an urgent, present-tense strategic imperative.

2. How Quantum Computers Break Classical Encryption

To understand why PQC matters, it is necessary to appreciate how quantum computers threaten existing cryptographic systems. Two quantum algorithms are of particular concern:

2.1 Shor’s Algorithm and Public-Key Cryptography

Shor’s algorithm, when executed on a large-scale fault-tolerant quantum computer, can solve the integer factorization problem and the discrete logarithm problem in polynomial time. This directly breaks RSA, Diffie-Hellman key exchange, and ECC — the three cryptographic schemes that form the backbone of virtually all secure internet communications today. The TLS/SSL protocols that protect web browsing, the X.509 certificates that authenticate digital identities, and the PGP encryption used for secure email are all vulnerable.

2.2 Grover’s Algorithm and Symmetric Cryptography

Symmetric encryption schemes like the Advanced Encryption Standard (AES) and hash functions like SHA-256 are less catastrophically threatened but are not immune. Grover’s algorithm provides a quadratic speedup for unstructured search problems, effectively halving the bit-security of symmetric keys. AES-128 would be reduced to 64-bit equivalent security — no longer adequate. AES-256, however, retains a 128-bit equivalent security margin and remains robust. The mitigation here is comparatively straightforward: upgrade key sizes.

The table below summarizes the quantum threat landscape for commonly deployed cryptographic algorithms:

Table 1: Quantum Vulnerability Assessment of Common Cryptographic Algorithms

3. Harvest Now, Decrypt Later: A Present-Day Threat

Perhaps the most underappreciated dimension of the quantum threat is its temporal reach. The “harvest now, decrypt later” (HNDL) strategy, documented extensively in ORF’s analysis, describes a threat model where adversaries intercept and archive encrypted communications today, with the intention of decrypting them once quantum computers become sufficiently powerful.

This has profound implications for the urgency of PQC adoption. Data that must remain confidential for decades — classified government intelligence, medical research, diplomatic cables, financial records, intellectual property, nuclear facility designs — is already at risk. As ORF’s April 2025 analysis on nuclear security observes: “While large-scale quantum computers capable of breaking classical encryption are still at least a decade away, the threat is already present due to the ‘store now, decrypt later’ caveat.”

Intelligence agencies, including the U.S. National Security Agency (NSA) and the UK’s National Cyber Security Centre (NCSC), have assessed that state-level adversaries are already engaged in large-scale data harvesting operations. The window for a secure migration is therefore already closing, and for data with a long sensitivity horizon, it has potentially already closed.

4. The NIST PQC Standardization Project: A Global Benchmark

Recognizing the urgency of the threat, the United States National Institute of Standards and Technology (NIST) launched its Post-Quantum Cryptography Standardization Project in 2016. The initiative invited submissions of candidate PQC algorithms from the global cryptographic research community and subjected them to years of rigorous public scrutiny and cryptanalysis.

Of 69 eligible initial submissions, the process ultimately yielded four algorithms for standardization, formally published in August 2024 as Federal Information Processing Standards (FIPS):

Table 2: NIST-Standardized Post-Quantum Cryptography Algorithms (2024)

4.1 Lattice-Based Cryptography: The Dominant Paradigm

Three of the four NIST-standardized algorithms — CRYSTALS-Kyber, CRYSTALS-Di lithium, and FALCON — are built on lattice-based cryptographic foundations. As ORF’s analysis explains, these algorithms rely on the “shortest vector problem”: the difficulty of finding the point on a high-dimensional lattice closest to a randomly selected point. This problem is believed to be computationally intractable even for quantum computers.

Lattice-based schemes offer an attractive combination of strong security assumptions, reasonable computational efficiency, and relatively compact key sizes — making them well-suited for resource-constrained environments like embedded systems, IoT devices, and mobile hardware.

4.2 Hash-Based Cryptography: SPHINCS+

SPHINCS+ takes a different approach, deriving its security from the collision resistance of cryptographic hash functions, which are well-understood and considered quantum-resistant when using sufficient output lengths. While SPHINCS+ produces larger signatures than lattice-based alternatives, its security rests on more conservative and well-studied mathematical assumptions, making it a valuable component of a diversified PQC portfolio.

4.3 India’s Parallel Opportunity: Ramanujan Graphs

ORF has specifically highlighted India’s unique opportunity to contribute to the PQC frontier through research into Ramanujan graphs — mathematical structures with exceptional expansion properties named after the legendary Indian mathematician Srinivasa Ramanujan. These graphs have promising applications in constructing quantum-resistant cryptographic primitives, and India’s strong mathematical heritage positions it to make meaningful contributions to this emerging field.

5. Quantum Key Distribution vs. Post-Quantum Cryptography

A common point of confusion in policy discourse is the conflation of Quantum Key Distribution (QKD) with Post-Quantum Cryptography. These are distinct technologies with different mechanisms, maturity levels, and deployment profiles.

Table 3: QKD vs. PQC — A Comparative Analysis

As ORF’s cybersecurity analysis notes: “On one hand, Quantum Key Distribution will provide secure communication; on the other, quantum computers will also be able to disrupt and hack into existing encryption algorithms.” The two technologies are complementary, not interchangeable. For most practical deployment contexts — particularly across the internet and enterprise networks — PQC is the near-term viable solution, while QKD may find niche applications in ultra-high-security point-to-point government or military links.

6. The Quantum Hardware Race: How Close Is Q-Day?

For many years, the timeline to cryptographically relevant quantum computers (CRQCs) — machines with enough stable, error-corrected qubits to run Shor’s algorithm against real-world key sizes — was measured in decades. Recent developments have compressed that estimate considerably.

6.1 Google’s Willow Processor

In late 2024, Google’s Quantum AI team published a landmark paper in Nature announcing its “Willow” quantum processor. The breakthrough was not merely a qubit count milestone but a demonstration of a crucial scaling property: as the number of physical qubits increased, the system’s error correction improved exponentially — the opposite of what previous quantum systems had shown, and a prerequisite for fault-tolerant quantum computing. As ORF notes in its February 2025 analysis: “Willow’s error correction increases exponentially as its qubits are scaled up,” a development that “paves the way for large-scale quantum computers to become a practical reality in the near future.”

6.2 The Race Among Major Powers

The quantum computing race has become a dimension of great-power competition. The United States, China, the European Union, and Canada have all made substantial national investments. China has invested heavily in both quantum communications infrastructure and quantum computing research, reportedly operating a 4,600-kilometre quantum-secured communication backbone. The United States has channeled billions through DARPA, NSF, and the Department of Energy’s quantum initiatives. In this environment, the question is not whether a CRQC will be built, but by whom and when.

7. India’s Strategic Position: Ambition, Gaps, and Opportunities

7.1 National Mission on Quantum Technologies

India formally entered the quantum race when the Union Budget 2020 announced the National Mission on Quantum Technology and Applications (NM-QTA), and the Government formally approved the National Quantum Mission (NQM) in April 2023. The mission targets the development of intermediate-scale quantum computers with 50-1,000 physical qubits within eight years, alongside quantum communication, sensing, and materials research.

However, ORF’s analysis has characterized these objectives as “rather modest” and urged a broader, more ambitious vision. India’s mission, while a welcome foundation, risks falling behind the investment trajectories of the United States and China if it is not scaled significantly.

7.2 The Cryptographic Migration Imperative

For India, the cryptographic dimension of quantum risk is particularly acute. India’s digital infrastructure has expanded at extraordinary speed: the Aadhaar biometric identity system holds over 1.3 billion records, the Unified Payments Interface (UPI) processes hundreds of millions of transactions daily, and critical sectors from power grids to defense networks rely on encrypted digital communications. All this infrastructure is built on cryptographic foundations that a CRQC would compromise.

ORF has urged India to ensure “timely migration to PQC algorithms across all sectors, particularly critical infrastructure.” This migration must be treated as a long-lead-time program: inventorying cryptographic assets, prioritizing the most sensitive, testing PQC implementations, and executing phased rollouts across government, banking, defense, and telecom. None of this can wait until Q-Day is imminent.

7.3 Homomorphic Encryption and Domestic Research

Beyond PQC standardization, ORF has highlighted homomorphic encryption as a complementary technology deserving investment. Homomorphic encryption allows computation on encrypted data without first decrypting it — enabling secure cloud computing, privacy-preserving analytics, and cross-institutional data sharing without exposing sensitive content. Combined with PQC, it forms a powerful toolkit for a quantum-resilient digital architecture.

India should also leverage its world-class mathematical research community. Investment in Ramanujan graph-based cryptographic research, lattice mathematics, and post-quantum signature schemes could position India not merely as a consumer of Western PQC standards but as a contributor to the next generation of cryptographic infrastructure.

8. Critical Infrastructure and Nuclear Security

The stakes of inadequate PQC preparation are not merely economic. ORF’s April 2025 analysis on nuclear security makes the alarming point that command-and-control systems for nuclear arsenals, which rely on encrypted communications to authenticate launch orders and prevent unauthorized use, are themselves vulnerable to quantum attack. The “store now, decrypt later” vector applies equally to classified nuclear command architectures.

A state actor that harvested encrypted military communications over the past decade and then acquired CRQC capability would potentially be able to reconstruct the authentication protocols, cryptographic keys, and command sequences embedded in archived communications. The implications for strategic stability are grave and have received insufficient attention in Indian strategic discourse.

9. The Three-Pillar Response Framework

ORF’s broader policy architecture for navigating the quantum-cryptographic transition rests on the convergence of three institutional actors:

9.1 Government

• Mandate PQC adoption timelines for all federal and critical infrastructure systems
• Fund national cryptographic inventory program to identify vulnerable systems
• Align with NIST FIPS 203, 204, 205, and 206 standards, adapting for domestic context
• Establish a national PQC migration task force with cross-ministry representation
• Integrate PQC requirements into procurement standards for all government IT

9.2 Industry

• Begin cryptographic agility planning — designing systems to swap algorithms without full rewrites
• Engage with sector-specific regulators (RBI, SEBI, TRAI, CERT-In) on PQC compliance roadmaps
• Invest in PQC library implementations and hardware security module (HSM) upgrades
• Prioritize HNDL-sensitive data categories for immediate encryption upgrade

9.3 Academia

• Expand post-quantum mathematics curricula in engineering and computer science program
• Fund research into novel PQC primitives including Ramanujan graph-based schemes
• Establish India-led international research consortia on quantum-safe cryptography
• Support open-source PQC implementation projects and security audits

10. Conclusion: The Urgency Cannot Be Overstated

Post-Quantum Cryptography is not a distant theoretical concern. It is an immediate operational and strategic priority that touches every institution that relies on encrypted communications — which is to say, every institution of consequence in modern society. The NIST standardization of ML-KEM, ML-DSA, SLH-DSA, and FN-DSA in 2024 removed the final obstacle to a principled migration pathway: the standards now exist, the algorithms have been vetted, and the tools to implement them are available.

The remaining obstacle is institutional urgency. Governments, corporations, and agencies must internalize three truths simultaneously: that Q-Day will arrive within this decade in all probability; that adversaries are harvesting sensitive data right now; and that the migration to PQC is a multi-year program that must begin immediately to complete in time.

For India, the stakes are especially high and the opportunity especially significant. A country that has built one of the world’s most ambitious digital public infrastructure stacks — from Aadhaar to UPI to DigiLocker — cannot afford to have that infrastructure rendered cryptographically naked by a geopolitical competitor’s quantum breakthrough. India’s National Quantum Mission must be complemented by a National PQC Migration Strategy with clear timelines, accountable owners, and adequate funding.

As ORF’s researchers have consistently argued, the quantum age will reward the prepared and punish the complacent. The lynchpin of that preparedness is Post-Quantum Cryptography.