Post-quantum FPGA network encryptors for vital operators and critical European infrastructure.
Cryptosphere was born from a simple observation: today's network encryptors will not survive quantum computing. We design and manufacture FPGA-accelerated post-quantum encryptors for vital operators and critical European infrastructure.
The network encryption market is dominated by American and Israeli vendors. European cryptographic sovereignty cannot rely on black boxes where neither the code, nor the keys, nor the supply chain are under our control. The quantum threat demands a technological breakthrough, not a patch on legacy systems.
That breakthrough is what we build from our Rouen laboratory: FPGA encryptors protecting from 1 Gbps to tens of Tbps of traffic, with quantum-resistant cryptography. 100% Rust code, ANSSI-recommended algorithms, certified in France.
Our Rouen laboratory covers the entire integration cycle, from firmware development to operational rack validation.
Rust firmware and FPGA logic developed in parallel. Every commit triggers the test pipeline — static analysis, unit tests, ANSSI compliance. Code is reviewed before each merge.
FPGA accelerators assembled into their server chassis. Thermal and electrical validation, then line-rate testing at 800 Gbps per accelerator. Each unit gets an acceptance report before moving to staging.
Full IPsec test bench with end-to-end ML-KEM encrypted tunnels. We test load, failover, and emergency zeroization. The staging environment is an exact mirror of the configuration to be certified.
Software and hardware configuration is frozen. The security target is drafted per ANSSI-CSPN-NOTE-09. Evaluation and cryptographic deliverables are prepared, then delivered to the CESTI for evaluation.
Our development and delivery process is designed from the ground up to meet ANSSI evaluation requirements. Every step — from source code to customer delivery — is documented, traceable, and reproducible.
The evaluation scope, sensitive assets, threats, and security functions are described in a formal document per ANSSI-CSPN-NOTE-09. This is the starting point for any CSPN evaluation.
The accredited CESTI receives the full set of deliverables: functional specifications, security architecture, installation and administration guides, test procedures and developer test report.
Compliant with ANSSI-CC-CRY-P-01, covering all 4 areas: algorithms (ML-KEM-1024, AES-256-GCM, ML-DSA-87), protocols (IKEv2/IPsec with PQ-hybrid key exchange), key management, and random number generation.
Physical and logical access control to source code. Development tools are identified and documented. The environment is ready for an ANSSI site visit (ANSSI-CC-NOTE-02).
All code is Rust — no obfuscation, no dead code. Static analysis runs on every commit. Each security requirement is traceable from document to code to test. Compliant with ANSSI-CC-NOTE-26.
Continuous CVE monitoring. Documented remediation process with committed timelines. Security advisories published as needed. Maintenance plan compliant with ANSSI-CC-MAI-P-01.
Each version is identified and reproducible. SHA-256 integrity verification at every step of the build chain. The firmware delivered to CESTI is the same as production — bit for bit.
Each delivered unit goes through: firmware integrity verification, signed acceptance report, tamper-evident seals on the chassis. The serial number is tied to the exact software configuration.
All code is Rust — firmware, agents, PKI, orchestration. No C, no C++. Memory vulnerabilities are eliminated by construction.
NIST-standardized, ANSSI-recommended algorithms: ML-KEM-1024, ML-DSA-87, AES-256-GCM. Auditable implementations, EUPL-1.2 license. Zero proprietary components in the cryptographic path.
Every commit triggers ANSSI compliance tests, IPsec/PKI/zeroization regressions, and NIST KAT vectors for each algorithm.
AllEyes architecture: the host CPU never sees the keys. The FPGA encrypts in complete hardware isolation. Zeroization < 1 second.
20+ years in critical infrastructure, systems, and networks.
“The quantum threat is not science fiction for 2040. Data intercepted today will be decrypted as soon as a sufficiently powerful quantum computer exists. We build the shield now, not after.”
Our partner ecosystem covers the entire value chain.
Hardware encryption accelerators
Certified reference platforms
Hardware security and connectivity
SecNumCloud infrastructure
ANSSI CSPN / CC certification
Audit, proof of concept or deployment — we adapt our approach to your readiness.