Quantum Threats to Indian National Security: Challenges and Strategies for a Resilient Bharat

Quantum Computing makes use of quantum mechanical phenomena to fundamentally change the approach to how we use computers to process complicated information at scale [1]. Instead of relying on ones and zeros, quantum computers rely on qubits. This approach entirely rethinks how problems, nearly impossible for classical computers that operate on binary code, are solved. Traditional banking security and secure military communications depend on mathematics that assumes that it is nearly impossible to crack encryption algorithms like RSA and ECDHE [2]. Quantum computers turn this assumption upside-down and provide a means to crack the uncrackable. Bharat is at the forefront of building software for problems uniquely relevant to domestic needs, such as a national identification system known as Aadhaar, the Unified Payments Interface, and the new biometric e-passport software stack [3][4]. A breach in Aadhaar’s encryption could cripple India’s digital economy, undermining trust in cashless transactions and welfare schemes like Direct Benefit Transfers, which serve millions daily. If quantum capabilities fell into the hands of non-state actors capable of violence and deception, then identities could be more easily forged, blurring the reality between fact and fiction. Additionally, these indigenous solutions need to be modular so future upgrades can be retrofitted into existing systems to combat the quantum threat. Proactive responses are desired to avoid the possibility of getting caught flat-footed.

These systems depend on quantum-insecure algorithms that are vulnerable when a powerful enough quantum computer is available. The strategy that most aspiring state actors could take is to record all encrypted communications of interest and decode them later when it becomes feasible to break the security of these electronic records. It is said that military technology is far ahead of the civilian landscape as a rule of thumb. So, it is possible that a quantum computer capable of cracking confidential military secrets is on the horizon. There are a few publicly known examples of advanced quantum computers at the bleeding edge, at least one of which has been used by Chinese researchers for cracking RSA security keys [5]. Adversarial interests on the Indian border, which potentially trigger the greatest threat perception, are China’s [7][8]. For instance, quantum computers could decrypt secure satellite communications used by the Indian Armed Forces to coordinate operations along the Line of Actual Control (LAC) with China, exposing troop movements and strategies to adversaries. The secondary threat perception in our neighbourhood can be attributed to Pakistan via its mission to build a 400-bit quantum computer, which faces challenges of brain drain and funding [9]. Quantum-enabled cyberattacks could also target India’s border surveillance drones, such as those deployed along the Line of Control (LoC) with Pakistan, rendering real-time intelligence vulnerable to manipulation by hostile forces.

Bharat’s push to further the initiative in this domain is primarily driven by the National Quantum Mission [10]. The focus of this is primarily streamed into four tracks or ‘T-Hubs’ of quantum computing, quantum communication, quantum sensing and metrology, and quantum materials and devices. These ‘T-Hubs’ are driven by IISc Bengaluru, IIT-M, IIT-B, and IIT-D, respectively [11]. On the military front, the Indian Army promises to make advances in post-quantum cryptography (PQC) at the Military College of Telecommunications Engineering, Mhow [12]. Private-sector companies like QNu Labs, Bengaluru, are also contributing to this effort while supporting commercial platforms for delivery to industry and military alike [13].

From a defensive posture, it is of paramount importance to note that the quantum threat is in cyberspace, where advanced persistent threats know no physical boundaries or borders. The race to build the first application-scale quantum computer could be seen as the current equivalent of the nuclear arms race. A quantum assault courtesy of a potential post-quantum capable adversary will be the first zero-day that may well go undetected for a very long time, as we may not even realise that a breach has occurred, because there may well be no clear signs of compromise. Digital signatures and encryption based on quantum-insecure technology will be trivially forged and broken when the day of an application-scale quantum computer arrives. It could be assumed that such an incursion could be used sparingly to avoid setting off alarms and alerts. To mitigate these threats, it is desirable to use internationally recognised algorithms resistant to quantum computers, such as CRYSTALS-Kyber for key exchange and CRYSTALS-Dilithium for digital signatures. These form the NIST Standard [14] released by the United States, which is the most likely to be integrated into the software supply chain due to American dominance in the software industry, especially at the operating system layer of a computer. Furthermore, quantum communication networks are another piece of this jigsaw puzzle. These kinds of networks will make it impossible or improbable for attackers to snoop on a connection. Often, the mechanism of action is driven by quantum mechanical effects called quantum entanglement, which Albert Einstein called “spooky action at a distance” [14]. If an adversary tried to snoop on a connection, the entanglement would break, causing intrusions to be detected. Many new materials and fabrication techniques are needed that will enable such innovations, and these are critical to Indian national security.

While Bharat should develop its own PQC military tech stack, there also must be more transparency, as cybersecurity through obscurity is not a widely accepted practice for maintaining a watertight encryption-decryption security system. The details about any progress achieved in the National Quantum Mission have largely been shared through press releases and official announcements. The pertinent question is whether any of these solutions is peer-reviewed and accepted for publication with enough specifics for researchers to replicate and confirm findings. From a policy perspective, the intellectual property generated by the National Quantum Mission in Bharat is funded by taxpayer money and thus directly or indirectly owned by the government and, hence, the public. While there have been a few publications from IITs, these seem to be the exception rather than the norm [15]. None of these indigenous solutions are accessible to the point that they can be integrated into open-source software for all to use or applied to the security stacks of the internet through libraries such as OpenSSL. For all the effort that has been put into this initiative, there is very little technical information available in the open-source public domain about where these initiatives stand and whether the Government of India intends to release any information upon request. Standard research practices encourage a publish-or-perish mindset, which reduces silos of work. This policy needs to be adopted by public research bodies so that the vision of a quantum self-reliant Bharat can be achieved.

India stands at a critical juncture as quantum computing reshapes global security landscapes, posing unprecedented threats to national defence systems like Aadhaar, biometric e-passports, and military communications. The potential for quantum computers to break encryption, coupled with adversarial breakthroughs in nations like China, and non-state actors’ eventual access to such technologies, underscores the urgency for robust countermeasures. Bharat’s National Quantum Mission and efforts in post-quantum cryptography (PQC) signal a proactive stance, yet challenges remain in transparency, peer-reviewed research, and open-source integration. Adopting NIST-standard algorithms like CRYSTALS-Kyber and leveraging quantum communication networks will be pivotal. To safeguard national security, India must accelerate R&D, foster public-private collaboration, and embrace open, peer-reviewed innovation. By doing so, Bharat can not only counter quantum threats but also emerge as a global leader in quantum resilience, contributing to a secure and self-reliant future for the nation.

References:

1. Rieffel, Eleanor, and Wolfgang Polak. “An introduction to quantum computing for non-physicists.” ACM Computing Surveys (CSUR) 32.3 (2000): 300-335.
2. Milanov, Evgeny. “The RSA algorithm.” RSA laboratories 1.11 (2009).
3. PIB: Union External Affairs Minister Dr S Jaishankar extends Passport Seva Divas wishes https://www.pib.gov.in/PressReleasePage.aspx?PRID=2139164.
4. ICAO E-Passport Standard: https://www.icao.int/Security/FAL/PKD/Pages/ePassport-Basics.aspx
5. Hong, Chunlei, et al. “Quantum attack on RSA by D-Wave Advantage: a first break of 80-bit RSA.” Science China Information Sciences 68.2 (2025): 129501.
6. Indian Express: https://indianexpress.com/article/technology/tech-news-technology/quantum-computers-crack-encryption-qubits-google-study-10036362/
7. How to factor 2048 bit RSA integers with less than a million noisy qubits: https://arxiv.org/html/2505.15917v1
8. Advanced persistent threats https://cloud.google.com/security/resources/insights/apt-groups#global-threats-china
9. Pakistan Quantum Quest: https://thediplomat.com/2024/06/pakistans-quantum-quest-hurdles-and-hopes/
10. India’s national quantum mission: https://dst.gov.in/national-quantum-mission-nqm
11. National Quantum Mission: India’s Quantum Leap: https://www.pib.gov.in/PressReleasePage.aspx?PRID=2111953
12. Significant leap with development of indigenous post-quantum cryptography applications, says Army https://ecoti.in/Me_wOZ
13. QNu Labs: https://dst.gov.in/quantum-startup-qnu-labs-working-build-and-deploy-worlds-first-end-end-quantum-safe-heterogeneous
14. PQC Nist.gov https://www.nist.gov/news-events/news/2024/08/nist-releases-first-3-finalized-post-quantum-encryption-standards
15. IITM National Quantum Mission https://sites.google.com/smail.iitm.ac.in/cquicc/projects