At a time when digital resilience is no longer optional but essential, the Indian Institute of Technology Hyderabad has positioned itself at the cutting edge of secure computing through its Centre for Cryptography and Cybersecurity (CCS). Envisioned as a premier national hub for advanced research and talent development, the Centre brings together rigorous theory and real-world application across domains such as theoretical and applied cryptography, symmetric key cryptography and cryptanalysis, network security, privacy-preserving mechanisms, post-quantum cryptography and quantum cryptography. Functioning as both a research powerhouse and a training ground, the centre conducts work in emerging and cutting-edge technologies while nurturing the next generation of cybersecurity scholars and practitioners. It offers long- and short-term research opportunities at the postdoctoral, PhD, MTech (Research Assistant), pre-doctoral and internship levels. In addition, it runs specialised workshops, boot camps and structured training programmes for industry professionals, as well as undergraduate and postgraduate students, strengthening India’s technical depth in this critical sector. In its ongoing efforts to contextualise research and academic inquiry, CCS is led by faculty members including Prof M V Panduranga Rao, Prof Maria Francis, Prof Antony Franklin, Prof Saurabh Kumar, Prof Subrahmanyam Kalyanasundaram, and Prof Bheemarjuna Reddy and CE interacts with them to better understand evolving research challenges, emerging technological directions and the broader academic vision driving the centre’s work in cryptography and cybersecurity.
Excerpts
What gap in India’s cybersecurity and cryptography ecosystem prompted you to establish this centre?
The fact that there is a huge gap between industry and academia, and generally everywhere, in terms of available manpower has been recognised for a long time. This gap exists at all levels — from basic education and training to high-end technical manpower. Over the last five to ten years, there has also been a clear uptick in cybersecurity incidents and cyber crimes. Academia should contribute to bridging both gaps — in technology development and in manpower training and upskilling, from undergraduates to PhDs, interns and postdocs. There are also interesting research directions that often go unaddressed. Most people focus on cryptography, encryption and digital signatures, but areas like privacy-preserving mechanisms, federated learning, anonymous credentials and zero-knowledge proofs need more exposure in India. These areas have gained startup interest in Europe and America, but not as much here. Privacy preservation in general is something India has not been proactive about. The centre aims to explore these interdisciplinary directions, combining mathematics and computer science.
How do you ensure research translates into real-world security solutions?
The mathematical aspects of cryptography have largely been confined to academia. However, cryptographic primitives are widely deployed across sectors — from e-commerce to banking and beyond. Blockchains are a popular example. There are other places in India working on cryptography, and we wanted to begin that exercise here as well. The disconnect between theory and practice is not as large as it may seem. Successful cryptographic primitives eventually get deployed and used widely.
With focus ranging from symmetric to quantum cryptography, how do you decide strategic emphasis?
We are laying emphasis across all these areas. We have faculty members, postdoctoral fellows and scientific officers who are experts in symmetric cryptography, quantum cryptography and other domains. At a broad level, we are giving equal importance to all these areas.
Post-quantum cryptography is gaining urgency globally. How prepared is India for this transition?
There is a lot to be done. We foresee challenges and opportunities, especially in deployment and migration. As a centre, we are looking to publish white papers in addition to academic research. As a country, we are aware of standardisation techniques, so we are not far behind, but more work is required. We are collaborating with payment systems and private sectors to address real-world questions in this space.
Privacy-preserving mechanisms are increasingly critical. What does ethical security mean in this context?
Ideally, we want to reveal only the bare minimum private data and prevent surveillance profiling, but this comes with costs and challenges. Medical and genomic data are highly sensitive. In the West, the privacy of medical data is prioritised, and we want to explore similar directions. There is also interest in learning from private patient data without revealing identities — using federated learning and AI techniques. At the same time, blockchains can ensure data integrity. The challenge is balancing anonymity with accountability. Ideally, we want systems where conclusions can be drawn from encrypted data without revealing sensitive information, and where authentication does not enable profiling. Many solutions exist academically, but deployment remains a challenge.
How do you balance theoretical research with applied outcomes?
The disconnect between theory and application is not as deep as it seems. Cryptographic techniques developed academically often get deployed widely. We intend to work on projects that directly impact society and the nation. Techniques developed on the cryptography side will be deployed in cybersecurity and network security applications, affecting financial security, privacy and more.
There is still a lack of cybersecurity awareness in India. How is the centre addressing this?
There is limited awareness in India, and awareness programmes are essential. As part of the centre, there is a project (titled Information Security Education and Awareness or ISEA) funded by the Ministry of Electronics and Information Technology (MeitY) for conducting training and awareness programmes. We organise boot camps and hands-on training for students and professionals, particularly from Telangana and nearby regions. These programmes bridge the gap between theory and application and have been well received.
What skills are missing in today’s cybersecurity workforce?
Cryptography requires strong foundations in number theory, algebra and theoretical computer science. While software and systems development skills exist, acute attention to security aspects is often missing. Government agencies and startups require cybersecurity expertise, but the necessary skillset is not always available. The centre aims to train manpower through a Master’s programme in Network and Information Security, training 30–40 students annually. We also offer short-term certificate courses and organise practical hackathons like Capture the Flag (CTF), focusing on offensive and defensive security. Many institutes emphasise theory without practical exposure; we emphasise real-world scenarios.
How do you see quantum cryptography reshaping national security and digital trust in the next decade?
We have a team working on quantum key distribution (QKD). When implemented properly, QKD can provide unconditionally secure communication. Institutions like IIT Madras, IISc Bengaluru and IIT Hyderabad are involved in building a secure quantum network, potentially for strategic or financial applications. The technology is still in its infancy. Standardisation and interoperability are ongoing efforts. We hope to have a basic working QKD network within the next couple of years. While widespread secure quantum channels may take time, strategic and financial applications could adopt it sooner.
What has been the biggest challenge in building this research-driven centre?
It is a chicken-and-egg problem. There is a manpower gap, and expertise in all required domains is not readily available. Finding individuals who are creative, mathematically inclined and theoretically strong has been challenging. The idea for this centre has existed for six to seven years. Before formally establishing it, we started a Master’s programme and built activities to demonstrate potential. Gradually, we convinced institutions and partners of our capabilities. As the team grows, activities expand, and support increases.
How open is the centre to global collaborations and industry partnerships? What lies ahead?
The short answer is yes — we are open to collaborations with industry and global institutions. Strengthening the ecosystem is one of our objectives. We have initiated discussions with payment systems and private companies. The centre has been operational for about a year, focusing on setup and hiring. We recently held a conclave inviting cryptographers from across the country to exchange ideas. We are also interested in enabling a startup ecosystem in security and cryptography. While awareness exists, there are not many security-focused startups in India. We hope to support that ecosystem as the centre grows.