Embrace Crypto Agility

Implement Long-term Resilient Cryptography

Unlike traditional public-key cryptosystems based on a single standard, post-quantum cryptosystems are based on a family of algorithms depending on function, use case or country-based regulations. This family is likely to expand or adapt to meet further standards in the coming years. On-going updates regarding availability and configurability are therefore critical. CryptoNext’s solutions are natively crypto-agile.

Quantum Safe Library



The CryptoNext Quantum Safe Library contains CryptoNext’s core technology for all of its products. It’s a high performance, fully functional, crypto-agile library layer that: 

- Provides the most comprehensive set of post-quantum cryptography algorithms (NIST selection + EU National Agencies additional recommendations)

- Is developped in both C & ASM to run and be optimized for the most common processing units and OS platforms

- Brings a full set of functional modules and API’s to upgrade IT equipment, applications and security infrastructures to pure or hybrid quantum safe security adapted to each use case.

Algorithms

Key Exchange Mechanism: Key generation, encapsulation, decapsulation: ML-KEM (KYBER)/ FrodoKEM.

Digital Signature: Key pair generation, signature generation, signature verification: ML-DSA (Dilithium), SLH-DSA (SPHINCS+), Falcon (future FN-DSA). XMSS for stateful digital signature.

Language Wrappers

Go, Rust, Python, Java

Random Number Generator

Includes DRBG (Deterministic Random Bit Generator) and access to randomness source. Produces unpredictable bits sequence from secret initial value (not known seed).

Physical Security and Side Channels Protection

Side Channels Protection: Constant-time (Default), Power Attacks (Masking countermeasures)

Linux OS, AIX, Open BSD, Windows 32/64, Android, MacOS, iOS, Webassembly, RaspberryPI, noOS (Firmware)

Processing HW Platforms

ARM (Cortex M3/M4/M7, v7/v8, Apple M1, B13), IntelCore (incl. AVX2, SGX), IBM (PowerPC)

Quantum-Safe Embedded Solutions



Our technology is specifically designed for embedded systems operating in constrained environments. It features a lightweight version of our Quantum-Safe Library, complemented by a suite of embedded applications and plugins.

Embedded Library

CryptoNext’s Quantum-safe Library comes in an Embedded version with a low memory footprint. Although optimized in size, in retains a very high
level of performance.

Embedded Applications

CryptoNext has developed an Embedded TLS application designed to provide quantum-safe security for communications in embedded systems. Support pure post-quantum and hybrid schemes.

Quantum-Safe Applications



CryptoNext Quantum Safe products include PQC implementations for Secured Communications, System, Network and Security Infrastructure.

Secured Communications

PQ Secured Instant Messaging, PQ Email Messaging

Network Infrastructure

StrongSwan PQ VPN IPSec, PQ/Hybrid, PQ/Hybrid TLS Server

Security infrastructure

CryptoNext OpenSSL & EJBCA EC based PQ PKI, HSM Luna7 Network Appliance-based PQ FM, HSM Luna7 PCI Board-based PQ FM.

Crypto-Agile Management

The Quantum threat has shed a light on the necessity to better manage cryptography in Corporate IT infrastructures. CryptoNext Security offers a suite of solutions to inventory crypto assets and orchestrate crypto policies edition and distribution in an application portfolio.

Discovery Framework

CryptoNext’s Discovery Framework provides an open and scalable management tool for inventorying and visualizing cryptographic assets within your infrastructure. It seamlessly integrates with various monitoring tools—such as network probes, binary scanners, source code analyzers, and server scanners—allowing them to feed data into our CBOM database. This enables a comprehensive understanding of cryptographic usage across your systems.

Crypto-Agility Framework

Built upon CryptoNext’s agile quantum-safe providers and Quantum-safe Library, the Crypto-Agility Framework allows for efficient and secure management of cryptographic policies processed by your applications.

Post-Quantum Remediation Services



CryptoNext supports clients at each stage of their quantum transition action plan with service options that meet expected Customer Service Level Agreements (SLAs).

Training & Awareness

Base Quantum threat and quantum transition: global awareness for general and IT management.

Advanced Technical Post Quantum Cryptography training (algorithms, state of the Art for secured implementation, standardization, crypto-agility…).

Project Management & Expert Consulting

Custom integration development,

Workshops Management for Customer’s PQ Migration enablement for self design, integration & testing,

CryptoNext’s support for a third party to perform the integration.

Maintenance & Support

CryptoNext Technical Remote Assistance 9am/5pm 5x8 HelpDesk for Technical assistance & corrective maintenance,

Software Updates Subscription includes SW updates and associated documentation

Extended Security

Today’s classic Public-Key Cryptosystems are mostly based on the standard Rivest, Shamir and Adleman (RSA) encryption algorithm. A few systems have migrated to Elliptic Curve Cryptopgraphy (ECC) a key- based technique for encrypting data. 

The Quantum threat requires the implementation of new Post-Quantum Cryptography algorithms and technologies. 

Updating physical protection against physical (side-channel) attacks is also critical, especially in the IoT space.

Full PQC Library

CryptoNext’s technology is based on its Quantum Safe Library which contains both Key Exchange Mechanism (KEM) and Digital Signature (DS) algorithms:

KEM: Crystals-Kyber, FrodoKEM

DS: Crystals-Dilithium, Falcon, Sphincs+

This library is constantly updated to meet new security compliance standards and national agency guidelines. 

Side-Channels Counter-measures

A side-channel attack (SCA) is a security exploit that attempts to extract secrets from a chip or a system. This can be achieved by measuring or analyzing various physical parameters.

CryptoNext has developed specific countermeasures on top of its library to protect against SCA, such as time, electro-magnetic or power masking

Platforms & Performance

Post-Quantum remediation is essential for the vast majority of systems and applications. Implementation challenges may be significant in certain environments.

CryptoNext C-QSR  is widely available and ensures the performance and optimization of  remediation technology. It enables organizations to acquire knowledge and gain global control of their PQ management and implementation plan.

OS Platforms

The C-QSR Solution supports the most popular operating systems including Linux, OpenBSD, Windows 32/64, Android, MacOS, iOS, Webassembly, RaspberryPI and no OS (Firmware).

CPU Platforms

The C-QSR Solution supports the most popular processing units including ARM (Cortex M3/M4/M7, v7/8, Apple M1, B13), Intel (Core2/i7, AVX, SGX), IBM (PowerPC).

Languages Wrappers

Developed at C and Assembler level for optimal performance, the QS Library also has adaptation wrappers for languages such as Go, Rust, Python and Java.

Remediation & Hybridization

PQC Remediation

The transition to quantum-safe Systems & applications goes far beyond defining new cryptographic algorithms that can resist quantum computer attacks.

If post-quantum remediation is not implemented in the right way, it will be open to vulnerabilities. That’s why CryptoNext has developed a global Quantum Safe multi-layer approach encompassing a crypto library, protocols and objects, development tools and applications plugins. The CryptoNext quantum safe framework is the foundation for the CryptoNext quantum safe remediation solution.

PQC Hybridization

Rising to the protection vs quantum threat is a must, but new PQC algorithms are still immature and updates are likely. Quantum Safe Solutions cannot risk decreasing the existing level of protection, they have to add new long-term security. This is the purpose of hybridization. CryptoNext’s solutions implement both hybrid RSA/Elliptic Curves/PQC and pure PQC, including upper layers such as protocols and various initiatives for digital certificates.

Standards & Compliance

Standards are critical for a trusted and interoperable Post-Quantum ecosystem. Regulation bodies such as the NIST, IETF or National US and EU Agencies have achieved major milestones preparing these PQ standards, best practices and certification processes.

NIST PQC Standardization

In 2016, the NIST declared that “the Quantum risk is now simply too high and can no longer be ignored” and launched a competition to identify future PQ Cryptography standards with the following goal: “We do not expect to ‘pick a winner’. Ideally, several algorithms will emerge as ‘good choices’.”  CryptoNext participated with signature algorithms that reached Round 3. On August 13th, 2024, the NIST released three standards drafts for Key Exchange Mechanisms (KEM) and Digital Signature (DS) algorithms.

See More

In 2022, the NIST launched the National Cryptography Center of Excellence (NCCoE) and selected CryptoNext alongside 15 other companies including big players like Microsoft, AWS, IBM, VMWare and Sandbox.

See More

Protocols Standardization

Among all the standardization bodies working on the future impact of PQC, whether it’s on crypto-agility or hybridization, the IETF is one of the most influential. Its expertise is centred on a wide variety of upper layer technologies that need to be upgraded, such as pure PQ, hybrid PQ communication protocols or X509 certificates.

CryptoNext is an active member of several IETF work groups focused on initiatives for protocols standardization.

National Cyber Security Agencies

National Cyber Security Agencies such as the White House in the USA, ANSSI in France or BSI in Germany, have released memorandums and PQC migration guidelines. White House: In January 2022, President Biden signed a National Security Memorandum to improve the cybersecurity of National Security, the Department of Defense and Intelligence Community Systems, giving the first clear directive for quantum-resilient cryptography in history. On 21 August 2023, the Cybersecurity and Infrastructure Security Agency (CISA), NIST and NSA released recommendations on “How to prepare now” for PQC.

See here.

ANSSI: On 4 January, 2022, the French National Agency for Security of Information Systems published its views on the PQC transition: “ANSSI recommends introducing post-quantum defense-in-depth as soon as possible for security products aimed at offering a long-lasting protection of information (until after 2030) or that will potentially be used after 2030 without updates.”

It defines 3 stages for PQ transition with PQC hybridization, which may become mandatory for critical infrastructures by 2025.

See Report

BSI: In May 2022, the German Bundesamt fur Sicherheit in der Informationstechnik released a report with recommendations for the transition to PQC: “For national security systems, the BSI is acting according to the hypothesis that cryptographically relevant quantum computers will be available in the early 2030s”. These include crypto-agility, hybridization, NIST algorithms with FrodoKEM addition, adaptation of protocols and PQC addition in case of QKD…

See report

Copyright © 2023 CryptoNext, inc.

C-QSR, C-QSL, C-QST, C-QSA, C-QSS, C-QS-MSS, C-QS-PCS, C-QS Partner and associated logos are CryptoNext trademarks.