Cryptographic Libraries logo

We have more than 20 years of experience in developing and delivering cycle-accurate optimized cryptographic libraries. Our software is available on a variety of hardware platforms and supports standard and advanced cryptographic algorithms.

Related technology

White-Box Cryptography

Use white-box software in lieu of a secure element.

White-box cryptography turns a keyed cryptographic algorithm into an unintelligible program with the same functionality. The white-box secure program can then be executed in an untrusted environment without fear of exposing the underlying keys. The code itself is tamper-proof, just as a secure element.


Related services


Let us help to get your security certificate.

Are you really sure that your security solution is ready to cope with the real world? Are you certain that your in-house design will survive the scrutiny of expert cryptographers?
CryptoExperts offers externalized R&D and consulting services in a wide variety of security areas. We can perform an in-depth design and security analysis of your application, spot the cryptographic misconceptions, propose appropriate alternatives and help you to achieve a successful security certification.



We deliver highly-optimised bulletproof cryptographic software.

We have more than 20 years of experience in developing and delivering cycle-accurate optimized cryptographic implementations. We support standard and advanced cryptographic algorithms on a variety of software and hardware platforms.


Related research projects


Verifying side-channel countermeasures with automatic tools.

The VERISICC project aims to build automatic tools to verify and generate proven masked cryptographic implementations. These tools will allow industrial people to develop secure and efficient implementations and to certification bodies to quickly and accurately verify the implementations submitted to an evaluation.



We are already late, using cryptographic implementations in our daily life that are vulnerable to side-channel attacks. Provably secure cryptographic implementations are not practically secure and evaluations on concrete devices are not sufficient to achieve a reasonable security level. The ERC AMAskZONE project offers a solution that brings together all the links in the chain: provable security and practical security verified on concrete devices.



Formally proving that your crypto libs are side-channel resistant.

The PRINCE research project addresses the challenge of building leakage-resilient primitives and leakage-resilient implementations for standard algorithms. Through an appropriate security modelling, the embedded security industry has never been closer to fill in the gap between empirically secure cryptographic implementations and built-in, provably perfect resistance against side-channels.



Towards trustworthy and privacy-respecting authentication.

ABC4Trust is an EU-funded research initiative that uses cryptographic technologies to provide better protection of privacy and identity on the Internet.



Boosting Elliptic Curves in the Embedded World.

Many business cases and user experiences could be improved or made more profitable if specific ECC-supporting hardware existed that would speedup security protocols by an order of magnitude at minimal cost. The main purpose of Eclipses is to accelerate progress towards such hardware solutions and subsequently boost low-cost public-key and pairing-based cryptography in embedded secure applications.



Exploring the reverse-engineering taboo.

The goal of the MARSHAL project is to design and realize a mobile security object that withstands all known reverse-engineering attacks by means of software and hardware countermeasures.


Our humanly developed low-level APIs rely on finely tuned arithmetic algorithms designed to best suit the given microarchitecture and its hardware computational features at the assembly level. Our libraries are faster by orders of magnitude than C code compiled with general-purpose compilers. Challenge us and compare!

Available crypto libraries

Our portfolio of cryptographic libraries includes:

  • ECC (Elliptic Curve Cryptography): ECDSA signature (FIPS PUB 186-3), ECDH key agreement (NIST SP 800-56), ECIES encryption scheme (ISO/IEC 18033), various elliptic curves supported (e.g., NIST, Brainpool, ANSSI, BSI, Curve25519)

  • RSA: signature/decryption in standard and CRT modes, verification/encryption in standard mode, RSA paddings (ISO/IEC 9796-3, PKCS#1 v1.5, v2.0/2.1)

  • RSA OBKG (On-Board Key Generation): random prime number generation, incremental (ISO/IEC 18032) or modular search sequences (Joye-Paillier), strong primes (ANSI X9.31), Rabin-Williams primes (ISO/IEC 9796-3), generation of RSA key pairs in standard or CRT formats

  • AES (Advanced Encryption Standard): 128/192/256-bit encryption and decryption (FIPS PUB 197, ISO/IEC 18033-3), various mode of operations (ECB, CBC, OFB, CTR, GCM)

  • DES (Data Encryption Standard): DES/3DES encryption and decryption (FIPS PUB 46, NIST SP 800-67, ISO/IEC 18033), various mode of operations (ECB, CBC, OFB, CTR, GCM)

  • Hash Functions: SHA-1, SHA-224/256/384/512, SHA-3 (FIPS PUB 180), Ascon, Poseidon

  • MAC (Message Authentication Code): AES-based and DES-based MAC, CBC-MAC (FIPS PUB 113), CMAC, GMAC (NIST SP 800-38), hash-based MAC, NMAC, HMAC (ISO/IEC 9797-2, FIPS PUB 198, MD5/RFC 6151)

  • DRNG (Deterministic Random Number Generation): ANSI X9.31, X9.17 based on an approved block cipher, ISO/IEC 18031 random bit generators, NIST SP 800-90A (Rev. 1) random bit generation, AIS20/31 compliant DRNG

  • Post-quantum cryptography: lattice-based schemes (CRYSTALS-Kyber, CRYSTALS-Dilithium, FALCON), code-based schemes (Classic McEliece, Bike, HQC), multivariate schemes (UoV), hash-based schemes (SPHINCS+, XMSS, LMS)

  • Advanced Cryptographic Primitives: pairings (aka bilinear maps), IBE (Identity-Based Encryption), anonymous signatures/credentials, ABE (Attribute-Based Encryption), FHE (Functional Homomorphic Encryption), SNARKs (Succinct Non-interactive Arguments of Knowledge)

Security countermeasures

Our implementations feature the best crypto coding practice such as being constant-time and free of data-dependent memory access to avoid pitfalls such as microarchitectural attacks (cache attacks, flush+reload, Spectre, …) and timing attacks. Embedded cryptographic implementations are further subject to physical attacks such as power and electromagnetic attacks (SPA, (HO-)DPA, CPA, MIA, template attacks, horizontal attacks, deep-learning based attacks, etc.), fault-injection attacks (FA, DFA, IFA, safe-error attacks, etc.). Our research team evaluates the latest advances in side-channel analysis and fault-based attacks, attending and contributing to major security related scientific conferences and workshops (CHES, COSADE, FDTC, CARDIS, etc.). Our team members are among the main actors of this field authoring several provably-secure countermeasures and widely deployed formal verification tools that automatically check the security of cryptographic implementations. With this expertise, we ensure that our libraries embed the most efficient countermeasures keeping them at a beyond-state-of-the-art security level.

Our offer

Our business offer aims at providing flexibility and trust to our customers. That is why we strongly commit on efficiency and security, while considering intellectual property issues and proposing flexible contracting options. In particular, our offer covers:

  • Certification readiness. Our cryptographic libraries are guaranteed to successfully pass in-lab security evaluations (FIPS 140-2, CC EAL 4+, CAST, EMVco, etc.).

  • Fine-tuning of the intellectual property. We customize the selection of algorithmic techniques and security countermeasures in order to avoid unnecessary patents.

  • Flexible contracting options. We propose flexible contracting options from the on-demand development of cryptographic software to the licensing of our home-made libraries.

Contact us and get a precise quotation.

Why choose CryptoExperts

CryptoExperts was co-founded by internationally recognized experts in the field of embedded cryptography. Our R&D staff of PhDs totalizes 60+ patents and 300+ scientific publications, and maintains a beyond-state-of-the-art knowledge to secure smart card products. Four senior members of our staff are former program chairs of CHES, the prime scientific event on secure cryptographic implementations. We coordinated the innovative VeriSiCC project and we now host the AMAskZONE ERC project which both aim to automatically generate and verify practical side-channel countermeasures. Let world-class experts develop or evaluate your embedded cryptographic libraries.

Related publications

  • On Double Exponentiation for Securing RSA against Fault Analysis.
    Duc-Phong Le, portrait ofMatthieu Rivain, Chik How Tan.
    In CT-RSA 2014, pp. 152-168, 2014.
  • Formal verification of a CRT-RSA implementation against fault attacks.
    Maria Christofi, Boutheina Chetali, portrait ofLouis Goubin, David Vigilant.
    In J. Cryptogr. Eng., 2013.
  • Generating Provable Primes Efficiently on Embedded Devices.
    Christophe Clavier, Benoit Feix, Loïc Thierry, portrait ofPascal Paillier.
    In Public Key Cryptography 2012, pp. 372-389, 2012.
  • Provably Secure Higher-Order Masking of AES.
    portrait ofMatthieu Rivain, Emmanuel Prouff.
    In CHES 2010, pp. 413-427, 2010.
  • Fault Attacks on RSA Signatures with Partially Unknown Messages.
    Jean-Sébastien Coron, portrait ofAntoine Joux, Ilya Kizhvatov, David Naccache, portrait ofPascal Paillier.
    In CHES 2009, pp. 444-456, 2009.
  • Differential Fault Analysis on DES Middle Rounds.
    In CHES 2009, pp. 457-469, 2009.
  • On Second-Order Differential Power Analysis.
    Marc Joye, portrait ofPascal Paillier, Berry Schoenmakers.
    In CHES 2005, pp. 293-308, 2005.
  • A Refined Power-Analysis Attack on Elliptic Curve Cryptosystems.
    In Public Key Cryptography 2003, pp. 199-210, 2003.
  • DES and Differential Power Analysis (The "Duplication" Method).
    portrait ofLouis Goubin, Jacques Patarin.
    In CHES 1999, pp. 158-172, 1999.