CRQC

A Cryptographically Relevant Quantum Computer (CRQC) is a quantum computer capable of breaking widely-deployed classical asymmetric cryptographic algorithms — RSA, Elliptic Curve Cryptography (ECC), and Diffie-Hellman key exchange — in polynomial time using Shor's Algorithm (1994). The term is used by NIST, NSA, GCHQ, and other security agencies to denote the threshold at which the current internet's security architecture breaks. Consensus arrival estimate is 2030-2040, though the exact timeline depends on advances in qubit count, error correction, and coherence time. Importantly, the threat is not future-only — the 'harvest-now-decrypt-later' (HNDL) attack model means adversaries are already collecting encrypted data today, to decrypt once a CRQC matures. This makes post-quantum cryptography (PQC) migration urgent for data with long shelf life (Aadhaar biometrics, defence plans, IP). NIST published the first three PQC standards in August 2024: FIPS 203 (ML-KEM/Kyber), FIPS 204 (ML-DSA/Dilithium), and FIPS 205 (SLH-DSA/SPHINCS+). India's DST Task Force on Post-Quantum Cryptography released its roadmap in May 2026.

• 1 Arrival estimate: 2030-2040 (NIST, NSA, GCHQ converge)
• 2 Breaks: RSA, ECC, Diffie-Hellman (via Shor's Algorithm, 1994)
• 3 Symmetric crypto (AES-256) remains broadly safe (Grover's halves key strength)
• 4 Threat is present via Harvest-Now-Decrypt-Later (HNDL)
• 5 NIST PQC standards (Aug 2024): FIPS 203, 204, 205
• 6 India's DST PQC Task Force roadmap: May 2026
• 7 India's National Quantum Mission: ₹6,003 crore (April 2023), 4 Thematic Hubs
• 8 CNSA 2.0 (US NSA) mandates PQC migration by 2030

The DST PQC Task Force's roadmap (May 2026) maps a 2026-2035 migration window for India's critical digital infrastructure — banking, Aadhaar, defence — to NIST PQC standards before a CRQC arrives.