Services · Intelligence & AI
Independent advisory for defence, law enforcement, and high-assurance corporates preparing for the cryptographically-relevant quantum era. Written deliverables. Scoped engagements. No vendor reselling. No hardware sales.
Threat landscape
Harvest-Now-Decrypt-Later. Adversary services are already collecting encrypted traffic, signing keys, and sealed archives on the assumption that a cryptographically-relevant quantum computer (CRQC) will eventually break today's RSA-2048 and ECC-P256. Anything encrypted under classical asymmetric cryptography today that needs to stay confidential past the mid-2030s onwards should be considered at risk.
CRQC timeline. Expert consensus across NIST, NSA, ENISA, and the broader cryptographic community places the plausible CRQC threat within a 10–20 year window. Migration timelines for complex defence and critical-infrastructure estates typically run 7–10 years. The window is already open.
India-specific exposure. DPSU and agency procurement cycles routinely lock in 15–20 year deployment horizons. Hardware and protocol choices made in 2026 will be in the field when the threat is mature. Building PQC-readiness criteria into RFPs now is the cheapest moment to do it.
Productised services
Crypto inventory across applications, network infrastructure, PKI, signing chains, and stored-data repositories. Risk scoring with harvest-now-decrypt-later timelines. 24-month remediation roadmap. Typical duration: 3–4 weeks (Starter) / 6–8 weeks (Enterprise).
Per-system migration plan across TLS, SSH, VPN, PKI, code signing, HSMs, email, and document signing. Algorithm selection from NIST FIPS 203 (Kyber / ML-KEM), FIPS 204 (Dilithium / ML-DSA), FIPS 205 (SPHINCS+), FIPS 206 (Falcon / FN-DSA). Hybrid deployment strategy. Typical: 6–10 weeks.
Technical teardown of QKD, QRNG, or PQC products before a procurement decision. Covers Indian and international vendors across the QKD, QRNG, PQC software-library, and PQC-HSM ecosystems, plus open-source implementations. Written evaluation report with security findings, integration constraints, and scored recommendation. Typical: 2–4 weeks per vendor.
For organisations operating or evaluating deployed long-haul QKD networks. Physical, logical, and operational-security review of trusted-node sites. Aligned with ETSI GS QKD 015 and ISO/IEC 23837. Typical: 8–12 weeks (Strategic / MoD scope).
Monthly or quarterly sector-tailored briefing. Covers standards updates (NIST, ETSI, ISO), vendor-ecosystem shifts, India tender-landscape pattern analysis, and nation-state programme readouts. Sourced from multilingual passive monitoring across our 60+ language bench and provenance-graded open-source observation. Subscription model.
Deployment and tuning of crypto-discovery tooling across enterprise estates. Identifies RSA / ECC / DH usage in source code, binaries, network flows, certificate stores, and document archives. Handover with runbooks.
Hybrid-certificate PKI architecture supporting both classical and PQC signatures during migration window. Root-of-trust strategy, revocation behaviour under hybrid schemes, HSM compatibility review.
Half-day or full-day leadership session for CXOs, boards, and procurement committees. Non-technical. Decision-ready framing of threat, timeline, budget priority, and India NQM / CERT-In posture alignment.
Standards landscape
India context
The National Quantum Mission (NQM) runs 2023–2031 with ~INR 6,000 crore allocated across four hubs (quantum computing, quantum communication, quantum sensing, quantum materials). Our engagements align with the quantum-communication thematic hub priorities.
The India quantum-security ecosystem is compact and fast-moving: QNu Labs (QKD hardware, QRNG, QShield), C-DOT (QKD reference deployments), DRDO programmes (DYSL-QT, CAIR), ISRO (satellite QKD research with CRL), and IIT / IISc academic hubs. We are fluent in the procurement shapes and technical lineage of each.
Procurement literacy: DRDO RFP language, DPSU technical-evaluation committee expectations, BEL and DPSU quantum roadmaps, and the intersection with BIS LITD 17 standards work.
Engagement models
Entry-tier QRA for a single business unit or technical scope. Fixed-fee.
Full-estate crypto inventory, risk scoring, and 24-month migration roadmap. For mid-to-large corporates and agency-adjacent integrators.
For ministry, MoD, DPSU, and defence-integrator programmes — including organisations operating or evaluating long-haul QKD networks. Site-by-site physical, logical, and operational-security review aligned with ETSI GS QKD 015 and ISO/IEC 23837. Includes implementation-attack posture review, vendor evaluation, standards-compliance attestation, and architectural recommendations. Air-gap delivery available.
Ongoing advisory access, the monthly QTI-05 briefing bundled, vendor-change alerts, and quarterly posture review. For organisations that want named-advisor continuity beyond a single engagement.
Share the estate scope and decision timeline. We will come back within one working day with a scoping note and a written-deliverable proposal under NDA.
Request a quantum readiness brief