India Marks Cybersecurity Milestone With First C-SAFE Recognition For Quantum-Safe Algorithm

India has recorded a milestone in cybersecurity with the recognition of a homegrown quantum-safe cryptographic algorithm under the country's newly established independent evaluation framework. The Data Security Council of India (DSCI) has awarded the first-ever C-SAFE certificate, numbered DSCI-CSAFE-01, to Pune-based cybersecurity firm Fortytwo Labs for its Ci2 quantum-safe key exchange algorithm.

The announcement was made during FINSEC 2026, DSCI's Financial Security Conclave held in Mumbai. Fortytwo Labs participated in the event as the Quantum-Safe Infrastructure Partner. The recognition was presented by DSCI CEO, Vinayak Godse to Nilesh Dhande, Co-Founder and CEO of Fortytwo Labs.

Independent Evaluation Under India's C-SAFE Programme

C-SAFE, short for Cryptographic Security Assessment and Functional Evaluation, is India's first independent programme dedicated to assessing cryptographic technologies. Developed under the leadership of DSCI, the framework is designed to evaluate the security, resilience, and implementation of cryptographic algorithms through expert review.

Fortytwo Labs' Ci2 algorithm underwent 13 named statistical security tests by a panel of Indian cryptography experts. The evaluation included IND-CPA security proof, analysis of quantum resistance, implementation security reviews, adversarial scenario testing, lattice-attack resistance assessments, decryption failure probability modelling, and verification against post-quantum security benchmarks aligned with NIST security categories.

According to DSCI, the certification signifies that an algorithm's security claims have been independently examined and validated through a structured assessment process.

Focus on Digital Sovereignty and Critical Infrastructure

The recognition highlights growing efforts to strengthen India's digital sovereignty through indigenous cybersecurity technologies. Fortytwo Labs stated that its Ci2 algorithm forms the cryptographic foundation of its π-Control platform, which has been deployed in production environments since 2018.

The company says its platform addresses several cybersecurity challenges, including identity-based attacks, API security risks, mobile application vulnerabilities, and threats associated with the "harvest-now-decrypt-later" approach, where encrypted data is collected today with the intention of decrypting it once quantum computing capabilities advance.

The development comes as organisations worldwide begin preparing for the impact of quantum computing on existing cryptographic systems.

Relevance for Banking and Defence Sectors

DSCI's recognition is expected to have implications for sectors where long-term data security is critical, including banking, financial services, and defence. The certification provides independent validation of the algorithm's security credentials at a time when institutions are adapting to evolving regulatory requirements and preparing for future quantum-related risks.

Fortytwo Labs also noted that its secure communications and data transfer solutions for defence applications are built on the Ci2 algorithm. The company holds multiple patents in India and the United States related to its technology.

Industry Leaders on the Recognition

“Cryptographic sovereignty is not a preference. It is a strategic imperative, and for India, it is long overdue. India's critical infrastructure cannot be secured on algorithms we did not build, standards we did not set, and trust frameworks that answer to foreign authorities. An Atmanirbhar India cannot outsource its cryptographic foundation. That conviction drove us to build the quantum-safe algorithm from first principles, Indian ingenuity, Indian cryptographers, and Indian authority. Today, DSCI's C-SAFE programme recognised it, making that conviction official. Cryptographic sovereignty, India doesn't need to adopt a standard. We built one.”

Nilesh Dhande, Co-Founder and CEO, Fortytwo Labs

“Cryptographic sovereignty is not a preference. It is a strategic imperative, and for India, it is long overdue. India's critical infrastructure cannot be secured on algorithms we did not build, standards we did not set, and trust frameworks that answer to foreign authorities. An Atmanirbhar India cannot outsource its cryptographic foundation. That conviction drove us to build the quantum-safe algorithm from first principles, Indian ingenuity, Indian cryptographers, and Indian authority. Today, DSCI's C-SAFE programme recognised it, making that conviction official. Cryptographic sovereignty, India doesn't need to adopt a standard. We built one.”

Vinayak Godse, CEO, Data Security Council of India (DSCI)

India's digital infrastructure requires cryptographic foundations that India controls. C-SAFE was built to create a rigorous, independent, and nationally authoritative evaluation framework - one that holds Indian algorithms to the same standard the world demands of foreign ones. Fortytwo Labs' Ci2 is the first algorithm to earn that recognition. That is not just a milestone for one company. It is a milestone for India's cryptographic sovereignty.

About C-SAFE and DSCI

The Data Security Council of India (DSCI) is India's premier industry body for data protection and cybersecurity, established by NASSCOM. C-SAFE (Cryptographic Security Assessment and Functional Evaluation) is India's first independent cryptographic evaluation programme, established under DSCI. It conducts formal threat modelling, rigorous mathematical scrutiny, and quantum resilience verification across multiple evaluation stages. A C-SAFE recognition signals to user organisations and their auditors that an algorithm has been cleared by India's most credible cryptographers and not by its creator. Certificate No. DSCI-CSAFE-01 is the first ever issued under the programme.

About Fortytwo Labs

Fortytwo Labs is a Pune-based deep-tech cybersecurity company building a quantum-safe digital trust infrastructure and India's first and only C-SAFE recognised organisation. Its π-Control platform delivers Identity Fabric, Mutual Authentication, Key Exchange, Encryption, and Access Control across web applications, mobile apps, APIs, and digital services on a single quantum-safe cryptographic foundation. The platform is protected by granted patents in India and the United States. In building India's first independently certified quantum-safe algorithm, Fortytwo Labs has established that India's digital future can rest on Indian cryptographic foundations.

(This copy has been produced by the Infotainment Desk)