The Hidden Risk in Every Foreign Encryption Tool
When a defence agency adopts a communication platform built by a foreign company, they are not just buying software. They are trusting that another nation's government will never compel that company to insert a backdoor, weaken its algorithms, or hand over encryption keys.
This is not a theoretical concern. The history of signals intelligence is filled with examples of compromised cryptographic systems. From the CRYPTO AG revelations to ongoing debates about lawful access mandates, the pattern is clear: encryption controlled by foreign entities is encryption you do not truly control.
What Makes Encryption "Sovereign"
Sovereign encryption means three things:
-
The cryptographic code is written and audited domestically. No black boxes. No compiled binaries from overseas vendors. Every line of code can be inspected by national security teams.
-
The key infrastructure stays within national borders. Key generation, distribution, rotation, and revocation all happen on infrastructure that the sovereign nation physically controls.
-
No foreign jurisdiction can compel access. The legal entity that controls the encryption is subject only to domestic law. No foreign court order can force key disclosure.
This is the foundation on which SANKET is built. Every cryptographic operation in SANKET runs on code that Indian security teams can audit, on servers that Indian defence forces control, with keys that never leave sovereign infrastructure.
The Signal Protocol Is Not Enough
Many defence agencies look at Signal Protocol and assume it solves their encryption problem. Signal Protocol is excellent cryptography. But cryptography is only one layer of the stack.
Consider what else matters:
| Layer | Question |
|---|---|
| Protocol | Who wrote the encryption protocol? Can you audit it? |
| Implementation | Who compiled the binary you are running? |
| Key Management | Where are keys generated and stored? |
| Server Infrastructure | Which country hosts your metadata? |
| Update Pipeline | Who pushes updates to your devices? Could an update weaken security? |
| Legal Jurisdiction | Which government can compel the vendor to act? |
Signal Protocol answers only the first row. Sovereign encryption answers all of them.
The Real-World Consequence
In 2020, several governments discovered that their "secure" communication platforms were routing metadata through servers in jurisdictions with mutual legal assistance treaties (MLATs) that allowed foreign intelligence access. The messages were encrypted. The metadata was not sovereign.
Metadata reveals who is talking to whom, when, how often, and from where. For military operations, metadata can be more valuable than message content. An adversary who knows which commanders are communicating before an operation does not need to read the messages.
Building Sovereign Encryption in India
India has the engineering talent, the cryptographic research community, and now the policy framework (with data localisation requirements) to build sovereign encryption at scale.
What was missing was the product engineering: taking world-class cryptography and packaging it into platforms that military users would actually adopt. That is what we set out to build with SANKET.
SANKET uses Signal Protocol for its end-to-end encryption, but everything else in the stack is sovereign:
- Self-hosted key infrastructure with hardware security module (HSM) integration
- On-premise or air-gap deployment with zero internet dependency
- Full source code access for sovereign security audit
- Indian legal jurisdiction with no foreign entity in the chain of trust
The Path Forward
Every sovereign nation will eventually need to control its own encryption infrastructure. The question is whether they build it proactively or are forced to build it reactively after a compromise.
For India's defence forces, the answer should be clear. Sovereign encryption is not a feature. It is a requirement.
SANKET is Tosh Defence's sovereign encrypted communication platform for armed forces, intelligence agencies, and government officials. Learn more about SANKET.