Embedded Cryptographic Libraries logo

We have more than 16 years of experience in developing and delivering cycle-accurate optimized cryptographic libraries. Our software can be declined on a variety of hardware platforms and support standard and advanced cryptographic algorithms.

Who can I contact?

Dr. Matthieu Rivain

Matthieu Rivain, PhD

Senior Security Expert


Dr. Pascal Paillier

Pascal Paillier, PhD

CEO, Senior Security Expert


Related technology

White-Box Cryptography

Use white-box software in lieu of a secure element.

White-box cryptography turns a keyed cryptographic algorithm into an unintelligible program with the same functionality. The white-box secure program can then be executed in an untrusted environment without fear of exposing the underlying keys. The code itself is tamper-proof, just as a secure element.


Related service

Cryptographic Product Review

A fresh pair of eyes on your design.

The development of a cryptographic product, from a protocol on a whiteboard to an industrial grade implementation, is a long and complex process. Our experts will help you avoid common (and less common) pitfalls at any stage of the development.


Related research projects


Exploring the reverse-engineering taboo.

The goal of the MARSHAL project is to design and realize a mobile security object that withstands all known reverse-engineering attacks by means of software and hardware countermeasures.



Boosting Elliptic Curves in the Embedded World.

Many business cases and user experiences could be improved or made more profitable if specific ECC-supporting hardware existed that would speedup security protocols by an order of magnitude at minimal cost. The main purpose of Eclipses is to accelerate progress towards such hardware solutions and subsequently boost low-cost public-key and pairing-based cryptography in embedded secure applications.



Towards trustworthy and privacy-respecting authentication.

ABC4Trust is an EU-funded research initiative that uses cryptographic technologies to provide better protection of privacy and identity on the Internet.


Our humanly developed low-level APIs rely on finely tuned arithmetic algorithms designed to best suit the given microarchitecture and its hardware computational features at the assembly level. Our libraries are faster by orders of magnitude than C code compiled with general-purpose compilers. Challenge us and compare!

Available crypto libraries

Our portfolio of cryptographic libraries includes:

  • ECC (Elliptic Curve Cryptography): ECDSA signature (FIPS PUB 186-3), ECDH key agreement (NIST SP 800-56), ECIES encryption scheme (ISO/IEC 18033), various elliptic curves supported (NIST, Brainpool, ANSSI, BSI, Curve25519, any other elliptic curve)

  • RSA: signature/decryption in standard and CRT mode, verification/encryption in standard mode, RSA paddings (ISO/IEC 9796-3, PKCS#1 v1.5, v2.0/2.1)

  • RSA OBKG (On-Board Key Generation): random prime number generation, incremental (ISO/IEC 18032) or modular search sequences (Joye-Paillier), strong primes (ANSI X9.31), Rabin-Williams primes (ISO/IEC 9796-3), generation of RSA key pairs in standard or CRT formats

  • AES (Advanced Encryption Standard): 128/192/256-bit encryption and decryption (FIPS PUB 197, ISO/IEC 18033-3), various mode of operations (ECB, CBC, OFB, CTR, GCM)

  • DES (Data Encryption Standard): DES/3DES encryption and decryption (FIPS PUB 46, NIST SP 800-67, ISO/IEC 18033), various mode of operations (ECB, CBC, OFB, CTR, GCM)

  • Telecom Authentication and Key Generation Algorithms: all 2G algorithms (COMP128-v1, v2/3, v4), all 3G algorithms (Milenage, etc.), CDMA voice encryption (CAVE), any custom algorithm

  • Hash Functions: SHA-1, SHA-224/256/384/512, SHA-3 (FIPS PUB 180), MD5 (RFC 1321)

  • MAC (Message Authentication Code): AES-based and DES-based MAC, CBC-MAC (FIPS PUB 113), CMAC, GMAC (NIST SP 800-38), hash-based MAC, NMAC, HMAC (ISO/IEC 9797-2, FIPS PUB 198, MD5/RFC 6151)

  • DRNG (Deterministic Random Number Generation): ANSI X9.31, X9.17 based on an approved block cipher, ISO/IEC 18031 random bit generators, NIST SP 800-90 random bit generation (EC DRBG), AIS20/31 compliant DRNG

  • Advanced Cryptographic Primitives: pairings (aka bilinear maps), IBE (Identity-Based Encryption), anonymous signatures/credentials, post-quantum cryptography, lattice-based cryptography

Security countermeasures

Embedded systems are subject to physical attacks such as power and electromagnetic attacks (SPA/SEMA, DPA/DEMA, CPA, HO-DPA, MIA, template attacks, etc.), fault-injection attacks (FA, DFA, safe-error attacks, etc.), or cache and timing attacks. Our research team evaluates the latest advances in side-channel analysis and fault-based attacks, attending major security related scientific conferences and workshops (CHES, COSADE, FDTC, CARDIS, etc.). We ensure that our libraries embed the most efficient countermeasures so that our software keeps a beyond-state-of-the-art security level.

Our offer

Our business offer aims at providing flexibility and trust to our customers. That is why we strongly commit on efficiency and security, while considering intellectual property issues and proposing flexible contracting options. In particular, our offer covers:

  • Certification readiness. Our cryptographic libraries are guaranteed to successfully pass in-lab security evaluations (FIPS 140-2, CC EAL 4+, CAST, EMVco, etc.).

  • Fine-tuning of the intellectual property. We customize the selection of algorithmic techniques and security countermeasures in order to avoid unnecessary patents.

  • Flexible contracting options. We propose flexible contracting options from the on-demand development of cryptographic software to the licensing of our home-made libraries.

Contact us and get a precise quotation.

Why choose CryptoExperts

CryptoExperts was co-founded by internationally recognized experts in the field of embedded cryptography. Our R&D staff of 8 PhDs totalizes more than 60 patents and 100 scientific publications, and maintains a beyond-state-of-the-art knowledge to secure smart card products. Let word-class experts develop or evaluate your embedded cryptographic libraries.

Related publications

  • On Double Exponentiation for Securing RSA against Fault Analysis.
    Duc-Phong Le, portrait ofMatthieu Rivain, Chik How Tan.
    In CT-RSA 2014, pp. 152-168, 2014.
  • Formal verification of a CRT-RSA implementation against fault attacks.
    Maria Christofi, Boutheina Chetali, portrait ofLouis Goubin, David Vigilant.
    In J. Cryptographic Engineering, 2013.
  • Generating Provable Primes Efficiently on Embedded Devices.
    Christophe Clavier, Benoit Feix, Loïc Thierry, portrait ofPascal Paillier.
    In Public Key Cryptography 2012, pp. 372-389, 2012.
  • Provably Secure Higher-Order Masking of AES.
    portrait ofMatthieu Rivain, Emmanuel Prouff.
    In CHES 2010, pp. 413-427, 2010.
  • Fault Attacks on RSA Signatures with Partially Unknown Messages.
    Jean-Sébastien Coron, portrait ofAntoine Joux, Ilya Kizhvatov, David Naccache, portrait ofPascal Paillier.
    In CHES 2009, pp. 444-456, 2009.
  • Differential Fault Analysis on DES Middle Rounds.
    In CHES 2009, pp. 457-469, 2009.
  • On Second-Order Differential Power Analysis.
    Marc Joye, portrait ofPascal Paillier, Berry Schoenmakers.
    In CHES 2005, pp. 293-308, 2005.
  • A Refined Power-Analysis Attack on Elliptic Curve Cryptosystems.
    In Public Key Cryptography 2003, pp. 199-210, 2003.
  • DES and Differential Power Analysis (The "Duplication" Method).
    portrait ofLouis Goubin, Jacques Patarin.
    In CHES 1999, pp. 158-172, 1999.