Cryptographic Protocols logo

Beware of alleged "military grade secure" products. It is one thing to use AES-256 or RSA-4096, using it correctly is a different kettle of fish.
We can help you build innovative products that require any standard or advanced cryptographic tools, such as elliptic curves, identity-based encryption, anonymous signatures, e-cash, DRM, Pay-TV and many others.

Who can I contact?

Dr. Cécile Delerablée

Cécile Delerablée, PhD

Senior Security Expert


Dr. Thomas Baignères

Thomas Baignères, PhD

Senior Security Expert


Related service

Cryptographic Product Review

A fresh pair of eyes on your design.

The development of a cryptographic product, from a protocol on a whiteboard to an industrial grade implementation, is a long and complex process. Our experts will help you avoid common (and less common) pitfalls at any stage of the development.


Countless security products advocate the use of highly secure cryptographic algorithms, such as AES-256 or Curve25519. Saying so only disclose the tip of the iceberg. Indeed, one should wonder how those algorithms are actually used within the product. This is what cryptographic protocols are all about.

Cryptographic protocols are hard to get right

Designing a cryptographic protocol correctly is a hard task, and even cryptographic standard may be flawed. For example, the ISO/IEC 9798 standard for entity authentication has been revised many times due to the discovery of several weaknesses. But things can get even worse: assume your product requires two distinct protocols. Assume you choose two secure protocols. Are you safe? Not necessarily. The reason is that composing secure protocols does not necessarily lead to a secure system.

Changing a protocol along the way is painful

By nature, cryptographic protocols are at the heart of the products that make use of them. Changing protocol during the lifetime of a product is a very painful thing to do, inevitably causing loss in terms of customer trust.

Your product should use the right protocol, right from the start.

We can help

Do you have a concrete use-case? Are you building an innovative product that requires a secure cryptographic protocol but lack the required expertise? We can design the custom cryptographic protocol that best suits your requirements. Here is a list of some use cases we have encountered in the past:

  • Privacy-preserving access control protocols
  • Privacy-preserving e-ticketing schemes
  • Anonymous credential systems
  • Broadcast encryption schemes with traitor tracing capabilities for Pay-TV
  • Digital Right Management (DRM) systems with inherently supported features such as the identification of compromised keys
  • Identity-based encryption and signature schemes (a PKI-free cryptographic technology for corporate security applications)
  • Electronic voting (e-voting) schemes with provably secure features
  • Electronic cash (e-cash) systems with provably secure online/offline withdraw, spending and transfer protocols

Whenever possible, our security solutions come with appropriate cryptographic security proofs that can serve as a basis for security certification schemes (Common Criteria, FIPS, BSI, ANSSI, etc.) and submissions to standardization organizations (ISO/IEC, CEN, ETSI, etc).

Why choose us

We are worldwide experts in cryptography. All the members of the design team have a PhD. in cryptography and many years of industrial experience. Our cryptographic protocols are not only secure: they can fit your environment.

Related publications

  • 🇫🇷 Quatre millions d'échanges de clés par seconde.
    Carlos Aguilar-Melchor, Serge Guelton, Adrien Guinet, Tancrède Lepoint.
    In SSTIC 2015, 2015.
  • Integrating Anonymous Credentials with eIDs for Privacy-Respecting Online Authentication.
    Ronny Bjones, Ioannis Krontiris, portrait ofPascal Paillier, Kai Rannenberg.
    In APF 2012, pp. 111-124, 2012.
  • SPAKE: A Single-Party Public-Key Authenticated Key Exchange Protocol for Contact-Less Applications.
    Jean-Sébastien Coron, Aline Gouget, portrait ofPascal Paillier, Karine Villegas.
    In Financial Cryptography Workshops 2010, pp. 107-122, 2010.
  • Fair E-Cash: Be Compact, Spend Faster.
    Sébastien Canard, portrait ofCécile Delerablée, Aline Gouget, Emeline Hufschmitt, Fabien Laguillaumie, Hervé Sibert, Jacques Traoré, Damien Vergnaud.
    In ISC 2009, pp. 294-309, 2009.
  • Dynamic Threshold Public-Key Encryption.
    portrait ofCécile Delerablée, David Pointcheval.
    In CRYPTO 2008, pp. 317-334, 2008.
  • Expressive Subgroup Signatures.
    Xavier Boyen, portrait ofCécile Delerablée.
    In SCN 2008, pp. 185-200, 2008.
  • Identity-Based Broadcast Encryption with Constant Size Ciphertexts and Private Keys.
    portrait ofCécile Delerablée.
    In ASIACRYPT 2007, pp. 200-215, 2007.
  • Fully Collusion Secure Dynamic Broadcast Encryption with Constant-Size Ciphertexts or Decryption Keys.
    portrait ofCécile Delerablée, portrait ofPascal Paillier, David Pointcheval.
    In Pairing 2007, pp. 39-59, 2007.
  • Decryptable Searchable Encryption.
    Thomas Fuhr, portrait ofPascal Paillier.
    In ProvSec 2007, pp. 228-236, 2007.
  • Dynamic Fully Anonymous Short Group Signatures.
    portrait ofCécile Delerablée, David Pointcheval.
    In VIETCRYPT 2006, pp. 193-210, 2006.