Post-Quantum Cryptography logo

One day, quantum computers will become a reality. When that day comes, RSA, Elliptic Curves and many other fundamental cryptographic primitives will become obsolete. Post-Quantum Cryptography offers secure alternatives and we can help you get ready.

Related technology

Homomorphic Encryption

Meet the Holy Grail of cryptography.

Homomorphic encryption is the ultimate cryptographic tool to build more secure cloud computing services that respect everybody's privacy. It allows to confidentialy share data, and the encrypted data can then be processed without ever needing to decrypt or reveal it. Homomorphic encryption is the future, and we can help you get there!


Related services


Security by design is not an abstract concept.

Beware of alleged "military grade secure" products. It is one thing to encrypt with AES-256 or to sign with CRYSTALS-Dilithium, doing it correctly is a different kettle of fish.
We can help you build innovative products that require any standard or advanced cryptographic tools, such as elliptic curves, identity-based encryption, post-quantum signatures, e-cash, and many others.



A fresh pair of eyes on your design.

The development of a cryptographic product, from a whiteboard protocol to an industrial grade implementation, is a long and complex process. Our experts will help you avoid common (and less common) pitfalls at any stage of the development.


Related research projects


A french regroupment for post-quantum cryptography.

The RISQ project brings together the french digital security community (academics and industry) in order to prepare the post-quantum revolution. Combining the strong skills of its actors, the RISQ project aims to take part in the development of standards and of new technologies. It also aims to set up processes of migration, so that french industry can be reactive to this technological change. Considering the paramount importance of this project, several major companies decided to get on board even on their own expense.



A crypto-calculus platform for the Cloud.

The principle of cloud computing is to allow users to outsource computation resources to the cloud by allowing a remote service to execute, in their name, some procedures on their private data. While many commercial services are growing fast, to this day, all require the client to place total trust in the service regarding the confidentiality of their data. The aim of CRYPTOCOMP is to develop an efficient cloud-based crypto-calculus platform which, using the latest advances in Fully Homomorphic Encryption, would make it impossible for the cloud service to learn anything whatsoever about the user's data, while still executing the procedures as intended.



Using Fully Homomorphic Encryption in Practice.

The HEAT project will develop advanced cryptographic technologies using Fully Homomorphic Encryption to process sensitive information in ecrypted form, without needing to compromise on the privacy and security of the citizens and organizations that provide the input data.


Traditional computers work with bits, simple binary values equal to 0 or 1. Quantum computers on the other hand work with qubits, quantum bits that can be a superposition of both 0 and 1 at the same time. Additional properties, such as the possibility of computing with entangled qubits, allow quantum computer to run specific algorithms that could not run on traditional computers.

A majority of modern cryptographic primitives relies on two problems: integer factorization and discrete logarithm. Both these problems happen to be efficiently solvable using a large enough quantum computer. Luckily, such large quantum computers do not exist yet. Still, most experts agree that at one point in the future, maybe in 5 years, 15 years, or more, they will exist. When that day comes, all security products will need to shift to so-called Post-Quantum Cryptographic primitives.

Many hard problems have been proposed for post-quantum cryptography, but the most trustworthy solutions can be grouped in four families:

  • Lattice-based cryptography
  • Code-based cryptography
  • Multivariate cryptography
  • Hash-based / MPC-based signatures

CryptoExperts’ team includes experts in each of these specific research topics, so we can tell you exactly which solution best fits your post-quantum cryptographic needs.

NIST Post-Quantum Process

NIST launched a competition in 2016 to select the future standards for post-quantum key encapsulation mechanisms, public key encryptions, and signatures. Many candidates were submitted and some of them were already selected for standardization in 2022. In 2023, NIST is launching a new process for the selection of new post-quantum signature candidates. Our team carefully follows and participate to the NIST process, by monitoring the research progresses on the already selected schemes and by proposing a signature scheme candidate.

Our offer

Our business offer aims at providing flexibility and trust to our customers. That is why we strongly commit on efficiency and security, while considering intellectual property issues and proposing flexible contracting options. In particular, our offer covers:

  • Migration to post-quantum schemes. While standard algorithms are threatened by the possible arrival of quantum computers, we offer our services to organize the migration of current services to post-quantum resistant ones, from personalized designs to concrete implementations.
  • Conception and secure implementations. CryptoExperts provides post-quantum specifications and implementations finely tuned to meet customer-specific requirements. Our products are secure by design against any known standard or post-quantum cryptanalysis technique. We design and develop unique instantiations on demand, taking into account the nature of the cryptographic algorithm in hand and the execution environment. CryptoExperts proposes flexible contracting options from the on-demand development of cryptographic software to the licensing of our home-made libraries.
  • Security evaluation. From our strong experience in the conception and analysis of cryptographic schemes, we provide security evaluation of post-quantum schemes from their design to their implementation regarding all known standard, post-quantum, and physical attacks.

Contact us and get a precise quotation.

Why Choose CryptoExperts

CryptoExperts regroups internationally recognized experts in the field of cryptography with multi-expertise in the different areas of post-quantum cryptography. CryptoExperts was a member of the RISQ project which brought together the French digital security community (academics and industry) to prepare the post-quantum revolution. We are currently taking part to the RESQUE project with several industry leaders to go one step further in the post-quantum transition. Our team maintains up-to-date skills in post-quantum cryptography through the continuous supervision of PhD theses on this particular topic.

Related publications

  • NFLlib: NTT-based Fast Lattice Library.
    Carlos Aguilar-Melchor, Joris Barrier, Serge Guelton, Adrien Guinet, Marc-Olivier Killijian, Tancrède Lepoint.
    In CT-RSA 2016, 2016.
  • Improved security proofs in lattice-based cryptography: using the Rényi divergence rather than the statistical distance.
    Shi Bai, Adeline Langlois, Tancrède Lepoint, Damien Stehlé, Ron Steinfeld.
    In ASIACRYPT (1) 2015, 2015. Best Paper Award
  • 🇫🇷 Quatre millions d'échanges de clés par seconde.
    Carlos Aguilar-Melchor, Serge Guelton, Adrien Guinet, Tancrède Lepoint.
    In SSTIC 2015, 2015.
  • Lattice Signatures and Bimodal Gaussians.
    Léo Ducas, Alain Durmus, Tancrède Lepoint, Vadim Lyubashevsky.
    In CRYPTO (1) 2013, pp. 40-56, 2013.
  • A family of weak keys in HFE and the corresponding practical key-recovery.
    Charles Bouillaguet, Pierre-Alain Fouque, portrait ofAntoine Joux, Joana Treger.
    In J. Math. Cryptol., 2012.
  • Toward a Rigorous Variation of Coppersmith's Algorithm on Three Variables.
    Aurélie Bauer, portrait ofAntoine Joux.
    In EUROCRYPT 2007, pp. 361-378, 2007.
  • Inverting HFE Is Quasipolynomial.
    Louis Granboulan, portrait ofAntoine Joux, Jacques Stern.
    In CRYPTO 2006, pp. 345-356, 2006.
  • Algebraic Cryptanalysis of Hidden Field Equation (HFE) Cryptosystems Using Gröbner Bases.
    Jean-Charles Faugère, portrait ofAntoine Joux.
    In CRYPTO 2003, pp. 44-60, 2003.
  • Solving Underdefined Systems of Multivariate Quadratic Equations.
    Nicolas T. Courtois, portrait ofLouis Goubin, Willi Meier, Jean-Daniel Tacier.
    In Public Key Cryptography 2002, pp. 211-227, 2002.
  • FLASH, a Fast Multivariate Signature Algorithm.
    Jacques Patarin, Nicolas T. Courtois, portrait ofLouis Goubin.
    In CT-RSA 2001, pp. 298-307, 2001.
  • QUARTZ, 128-Bit Long Digital Signatures.
    Jacques Patarin, Nicolas T. Courtois, portrait ofLouis Goubin.
    In CT-RSA 2001, pp. 282-297, 2001.
  • A Chosen-Ciphertext Attack against NTRU.
    Éliane Jaulmes, portrait ofAntoine Joux.
    In CRYPTO 2000, pp. 20-35, 2000.
  • Cryptanalysis of the TTM Cryptosystem.
    portrait ofLouis Goubin, Nicolas T. Courtois.
    In ASIACRYPT 2000, pp. 44-57, 2000.
  • Unbalanced Oil and Vinegar Signature Schemes.
    Aviad Kipnis, Jacques Patarin, portrait ofLouis Goubin.
    In EUROCRYPT 1999, pp. 206-222, 1999.
  • Lattice Reduction: A Toolbox for the Cryptanalyst.
    portrait ofAntoine Joux, Jacques Stern.
    In J. Cryptol., 1998.
  • C*-+ and HM: Variations Around Two Schemes of T. Matsumoto and H. Imai.
    Jacques Patarin, portrait ofLouis Goubin, Nicolas T. Courtois.
    In ASIACRYPT 1998, pp. 35-49, 1998.
  • Improved Algorithms for Isomorphisms of Polynomials.
    Jacques Patarin, portrait ofLouis Goubin, Nicolas T. Courtois.
    In EUROCRYPT 1998, pp. 184-200, 1998.
  • Trapdoor one-way permutations and multivariate polynominals.
    Jacques Patarin, portrait ofLouis Goubin.
    In ICICS 1997, pp. 356-368, 1997.