India's first domestic quantum-safe algorithm gets DSCI recognition

For the first time in India's history, a domestically built quantum-safe algorithm has been independently evaluated and officially recognised by a national authority. The Data Security Council of India (DSCI) has awarded C-SAFE recognition - Certificate No. DSCI-CSAFE-01 - to Fortytwo Labs, an Indian deep-tech cybersecurity company building quantum-safe digital trust infrastructure, for its Ci2: Ring-LWE based quantum-safe key exchange algorithm - the cryptographic core of the p-Control platform, in continuous production deployment since 2018.

The recognition was announced at FINSEC 2026, the DSCI Financial Security Conclave held in Mumbai, where Fortytwo Labs participated as Quantum-Safe Infrastructure Partner. Vinayak Godse, CEO of DSCI, presented the recognition to Nilesh Dhande, Co-Founder and CEO, Fortytwo Labs.

The Rigorous C-SAFE Evaluation Process

C-SAFE - Cryptographic Security Assessment and Functional Evaluation - is India's first independent cryptographic evaluation programme, built from the ground up under DSCI leadership. The Ci2 evaluation was conducted by an expert panel of India's foremost cryptographers across multiple structured rounds covering mathematical correctness, quantum resilience, and implementation security.

The evaluation encompassed 13 named statistical security tests including formal IND-CPA security proof, lattice-attack resistance analysis, decryption failure probability modelling, adversarial scenario testing, and post-quantum security margin verification against NIST security category targets.

Any organisation can claim its algorithm is secure. C-SAFE recognition means someone independent, rigorous, and nationally authoritative has verified it.

A Milestone for India's Digital Sovereignty

An algorithm is critical infrastructure not merely a technical artefact. When the cryptographic primitives securing a nation's financial systems, government data, and communications are designed abroad, audited abroad, and controlled abroad, that nation's digital sovereignty is contingent on foreign goodwill. With C-SAFE recognition now awarded to India's only indigenously developed, deployed, and certified quantum-safe algorithm, India answers a question every nation must eventually face: whose cryptographic foundations secure your digital future?

While post-quantum cryptography remains a future roadmap item for most organisations globally, Fortytwo Labs has been operating at production scale already. The p-Control platform addresses the full spectrum of active threats facing India's critical sectors today: credential and identity attacks targeting banking workforces and customers, API-layer attacks, mobile application vulnerabilities, and the harvest-now-decrypt-later strategy through which adversaries are capturing encrypted financial records, KYC data, and communications today to decrypt once quantum computing matures.

Impact on Critical Sectors

What C-SAFE Recognition Means for Banking and Financial Services

India's banking sector faces simultaneous pressure from evolving RBI authentication mandates, rapid open banking API expansion, and long-term cryptographic vulnerability posed by quantum computing. C-SAFE recognition gives CISOs, CTOs, and boards independently validated, nationally authoritative evidence that their cryptographic foundation meets today's regulatory expectations and is certified resilient against the quantum threats.

For Indian Defence

Classified communications and sovereign data transfer cannot carry foreign cryptographic dependencies not in procurement, operations, or audit. Fortytwo Labs' Quantum-Safe Secured Data Transfer Appliance and Secured Communications platform are built on the only algorithm in India to hold C-SAFE recognition, protected by multiple granted patents in India and the United States, with zero foreign IP in the cryptographic trust layer. The company has previously received the SIDM Defence Champion Award 2023 and the BRIG SB Ghorpade Award for MSMEs in Defence Production 2026.

Key Statements on the Achievement

Speaking about the recognignition, Nilesh Dhande, Co-Founder and CEO, Fortytwo Labs said, "Cryptographic sovereignty is not a preference. It is a strategic imperative and for India, it is long overdue. India's critical infrastructure cannot be secured on algorithms we did not build, standards we did not set, and trust frameworks that answer to foreign authorities. An Atmanirbhar India cannot outsource its cryptographic foundation. That conviction drove us to build the quantum-safe algorithm from first principles Indian ingenuity, Indian cryptographers, Indian authority. Today, DSCI's C-SAFE programme recognised it and made that conviction official. Cryptographic sovereignty India doesn't need to adopt a standard. We built one."

Vinayak Godse, CEO, Data Security Council of India (DSCI) said, "With the rapid evolution of quantum technologies, it is important to establish credible alternative mechanisms for evaluating emerging cryptographic algorithms, being built in India. C-SAFE was created to provide a structured, expert and researcher led assessment framework at the national level that helps independently validate the mathematical design, security considerations of such innovations.\ The successful completion of the C-SAFE evaluation by Fortytwo Labs' Ci2 algorithm marks an important milestone for the programme and demonstrates the growing maturity of post-quantum cryptographic research and development in India. Fortytwo Labs' Ci2 is the first algorithm to earn that recognition."

About the Programme and Organisations

The Data Security Council of India (DSCI) is India's premier industry body for data protection and cybersecurity, established by NASSCOM. Under the leadership of Vinayak Godse, DSCI established C-SAFE: Cryptographic Security Assessment and Functional Evaluation India's first independent cryptographic evaluation programme. C-SAFE conducts formal threat modelling, rigorous mathematical scrutiny, and quantum resilience verification across multiple evaluation stages. A C-SAFE recognition tells user organisations and their auditors that an algorithm has been cleared for production use by the country's most credible cryptographers not by its creator. Certificate DSCI-CSAFE-01 is the first ever issued under the programme.

According to company information, Fortytwo Labs is a Pune based deep-tech cybersecurity company building quantum-safe digital trust infrastructure and India's first and only C-SAFE recognised organisation. Its p-Control platform delivers Identity Fabric, Mutual Authentication, Key Exchange, Encryption, and Access Control across web applications, mobile apps, APIs, and digital services on a single quantum-safe cryptographic foundation. The platform is protected by granted patents in India and the United States. In building India's first independently certified quantum-safe algorithm, Fortytwo Labs has established that India's digital future can rest on Indian cryptographic foundations.(ANI)