KavachQ is a single platform for the full quantum-safe lifecycle — discovery, risk scoring, hybrid roll-out, supplier oversight, and assurance reporting against the DST L1–L4 framework.
KavachQ implements the full quantum-safe lifecycle defined in the DST Task Force report — discover, score, plan, migrate, prove.
Automated SBOM, HBOM, and CBOM generation across applications, infrastructure, and hardware. Quantum BOM (QBOM) where applicable. Connectors for code, traffic, and HSM/KMS.
Per-asset HNDL and TNFL exposure scoring, Mosca-inequality calculations, and prioritisation against the DST Persona framework (Urgent / Regular / Vendor).
Phased roadmap aligned to the DST milestones (CII 2027/28/29 · Enterprise 2028/30/33), broken down by system, owner, dependency, and supplier.
Crypto-agility layer for TLS, IPsec/IKEv2, SSH, PKI, and code signing. Hybrid (classical + PQC) by default, with telemetry on every handshake.
Continuous compliance reporting against DST assurance levels L1 / L2A,B,C / L3 / L4. Board-ready dashboards and regulator-facing exports.
CBOM submission gateway for suppliers, RFP-clause templates, and vendor attestations — the procurement spine the Task Force calls for.
Deployable on-prem, in private cloud, or as a managed service. The crypto-agility layer is the only path between your apps and your trust roots.
Hybrid (classical + PQC) is the default. Composite PQC–QKD supported where QKD infrastructure exists, per NQM's inter-city and satellite networks targeting 2,000 km reach.
Mapped one-to-one against the DST Task Force recommendations and Sub-Group I/II frameworks.
| Capability | DST reference | KavachQ module | Output |
|---|---|---|---|
| Cryptographic asset repository | Section 9.0 A — Short-term | Discovery + BOM Engine | SBOM / HBOM / CBOM |
| Quantum risk analysis | Sub-Group II — Phase 1 | Risk Scoring | Mosca-graded asset list |
| Crypto-agile design | Section 9.0 — Critical Principles | Agility Layer | Pluggable algorithm provider |
| Hybrid PQC pilots | Section 9.0 A.1 (sandbox pilots) | Pilot Workspace | Hybrid TLS / IKEv2 stacks |
| CBOM in procurement | Section 9.0 B (FY 27–28) | Supplier Gateway | RFP clause + vendor attestation |
| L1–L4 assurance reporting | Sub-Group I — Assurance Levels | Assurance Module | Tiered compliance dashboards |
| Crypto incident playbooks | Sub-Group II — Phase 2 | Runbooks | Algorithm-swap drill scripts |
| PQC-only trust chains | Sub-Group II — Phase 3 | PKI Bridge | Issue / validate PQC certs |
| Composite PQC–QKD support | Section 8.0 (national backbone) | QKD Connector | Composite-key feed to encryptors |
| Sectoral persona prioritisation | Sub-Group II — Personas | Persona Profile | Urgent / Regular / Vendor tagging |
Power, telecom, transport, defence, ISRO, DRDO, ONGC, banking core. Compressed CII timeline: foundations 2027, high-priority migration 2028, full PQC 2029.
Government, financial services, healthcare, insurance, IT services. Standard timeline: foundations 2028, high-priority 2030, full PQC 2033.
HSM and KMS makers, cloud providers, PKI operators, network equipment vendors. CBOM submissions mandatory from FY 2027–28.
KavachQ ships with the NIST finalised algorithms and the latest selections, plus classical algorithms for hybrid deployment.
Module-Lattice KEM (formerly Kyber). Sizes 512 / 768 / 1024.
Module-Lattice Signatures (formerly Dilithium). Sizes 44 / 65 / 87.
Stateless Hash-based Signatures (formerly SPHINCS+). Conservative.
FFT NTRU Signatures (formerly Falcon). Smallest lattice signatures.
Code-based KEM, selected March 2025 for algorithmic diversity.
Default hybrid key exchange during the transition window.
Hybrid signatures for code and certificate chains.
Doubled symmetric strength, hardened against Grover.
A 30-minute call to scope a KavachQ Discovery engagement — the first deliverable in any DST-aligned migration plan.