Project Vajra

The Transparent
Shield.

A software-defined Post-Quantum Cryptographic gateway that wraps any legacy system in quantum-safe encryption — without touching hardware or application code.

The Problem

Harvest Now,
Decrypt Later.

Adversarial state actors are intercepting and archiving India's encrypted communications today — storing them for decryption once quantum computers become powerful enough. This HNDL strategy is passive, undetectable, and already underway.

2026
Data intercepted
2030
Quantum research matures
2033
CRQC arrives
2035
Secrets exposed
How Vajra Works

Three Steps.
Zero Disruption.

Step_01

Legacy Device Sends

Tactical radio, banking switch, or satellite terminal sends data exactly as it does today. Zero configuration changes on the protected device.

Step_02

Vajra Wraps Traffic

The sidecar intercepts the connection, runs hybrid PQ-TLS handshake, and wraps all data in an AES-256-GCM encrypted tunnel to the receiving Vajra instance.

Step_03

Backend Receives Safely

Receiving Vajra decrypts and delivers plaintext to the backend on localhost. Backend has zero awareness of the encryption layer.

Security Guarantee

Two Locks.
Neither Enough Alone.

Vajra combines two independent algorithms. Breaking one gives an attacker zero information about the session key — they must simultaneously break both.

Classical — X25519
Elliptic Curve Diffie-Hellman. Computationally hard for classical computers.
Post-Quantum — ML-KEM-768
Lattice-based KEM per NIST FIPS 203. Computationally hard even for quantum computers.
Key Derivation Formula
master_secret =
  HKDF-SHA384(
    ss_classical || ss_pq
  )
ss_classicalX25519 ECDH result
ss_pqML-KEM-768 result
DerivationHKDF-SHA384
Session cipherAES-256-GCM
Key lifecycleEphemeral — zeroized on drop
Deployment Profiles

One Product.
Three Theatres.

Profile_01

Tactical Edge

ARM/RISC-V static binary for SDRs, satellite terminals, and field communications.

RAM footprint< 64MB
Air-gapCapable
Key provisionUSB Token
Target HWBharat-Pi
Binary typeStatic musl
Profile_02

Enterprise Core

OCI containers for banking switches, payment gateways, and data centres.

Throughput2000+ TPS
ScalingHorizontal
ReloadZero downtime
FrameworkRBI Aligned
DeployOCI containers
Profile_03

Sovereign Cloud

MeitY-compliant G2G gateway for ministry and inter-agency communication.

ComplianceMeitY
Key storeOn-Prem HSM
IP100% Indian
Key jurisdictionIndia only
External dataZero
Compliance Targets

Built for
Certification.

NIST FIPS 203
ML-KEM-768 — August 2024 final standard
NIST FIPS 204
ML-DSA Dilithium — quantum-safe signatures
STQC Certification
Target Milestone 7 — documentation from M1
Common Criteria EAL 4+
Target evaluation assurance level for defence-grade
RBI Cyber Security Framework
Enterprise Core profile — BFSI alignment
NCIIPC Guidelines
Critical infrastructure alignment