Cryptosphere — European Cryptographic Sovereignty
Post-quantum FPGA network encryptors for vital operators and critical European infrastructure.
A technological breakthrough, not incremental evolution
Cryptosphere was born from a simple observation: today's network encryptors will not survive quantum computing. We design and manufacture FPGA-accelerated post-quantum encryptors for vital operators and critical European infrastructure.
The network encryption market is dominated by American and Israeli vendors. European cryptographic sovereignty cannot rely on black boxes where neither the code, nor the keys, nor the supply chain are under our control. The quantum threat demands a technological breakthrough, not a patch on legacy systems.
That breakthrough is what we build from our Rouen laboratory: FPGA encryptors protecting from 1 Gbps to tens of Tbps of traffic, with quantum-resistant cryptography. 100% Rust code, ANSSI-recommended algorithms, certified in France.
From code to rack — the full cycle
Our Rouen laboratory covers the entire integration cycle, from firmware development to operational rack validation.
Development
Rust firmware and FPGA logic developed in parallel. Every commit triggers the test pipeline — static analysis, unit tests, ANSSI compliance. Code is reviewed before each merge.
Hardware Integration
FPGA accelerators assembled into their server chassis. Thermal and electrical validation, then line-rate testing at 800 Gbps per accelerator. Each unit gets an acceptance report before moving to staging.
Validation & Staging
Full IPsec test bench with end-to-end ML-KEM encrypted tunnels. We test load, failover, and emergency zeroization. The staging environment is an exact mirror of the configuration to be certified.
Pre-certification
Software and hardware configuration is frozen. The security target is drafted per ANSSI-CSPN-NOTE-09. Evaluation and cryptographic deliverables are prepared, then delivered to the CESTI for evaluation.
Performance and sovereignty
Compliant with CSPN and Common Criteria EAL4+ requirements
Our development and delivery process is designed from the ground up to meet ANSSI evaluation requirements. Every step — from source code to customer delivery — is documented, traceable, and reproducible.
Security Target
The evaluation scope, sensitive assets, threats, and security functions are described in a formal document per ANSSI-CSPN-NOTE-09. This is the starting point for any CSPN evaluation.
Evaluation Deliverables
The accredited CESTI receives the full set of deliverables: functional specifications, security architecture, installation and administration guides, test procedures and developer test report.
Cryptographic Deliverables
Compliant with ANSSI-CC-CRY-P-01, covering all 4 areas: algorithms (ML-KEM-1024, AES-256-GCM, ML-DSA-87), protocols (IKEv2/IPsec with PQ-hybrid key exchange), key management, and random number generation.
Development Environment
Physical and logical access control to source code. Development tools are identified and documented. The environment is ready for an ANSSI site visit (ANSSI-CC-NOTE-02).
Code Analysis
All code is Rust — no obfuscation, no dead code. Static analysis runs on every commit. Each security requirement is traceable from document to code to test. Compliant with ANSSI-CC-NOTE-26.
Vulnerability Management
Continuous CVE monitoring. Documented remediation process with committed timelines. Security advisories published as needed. Maintenance plan compliant with ANSSI-CC-MAI-P-01.
Configuration Management
Each version is identified and reproducible. SHA-256 integrity verification at every step of the build chain. The firmware delivered to CESTI is the same as production — bit for bit.
Delivery Procedure
Each delivered unit goes through: firmware integrity verification, signed acceptance report, tamper-evident seals on the chassis. The serial number is tied to the exact software configuration.
Engineering principles
Rust-only
All code is Rust — firmware, agents, PKI, orchestration. No C, no C++. Memory vulnerabilities are eliminated by construction.
Zero uncontrolled critical dependency
NIST-standardized, ANSSI-recommended algorithms: ML-KEM-1024, ML-DSA-87, AES-256-GCM. Auditable implementations, EUPL-1.2 license. Zero proprietary components in the cryptographic path.
Continuous testing
Every commit triggers ANSSI compliance tests, IPsec/PKI/zeroization regressions, and NIST KAT vectors for each algorithm.
Security domain separation
AllEyes architecture: the host CPU never sees the keys. The FPGA encrypts in complete hardware isolation. Zeroization < 1 second.
Leadership
Fabrice Langlois
20+ years in critical infrastructure, systems, and networks.
“The quantum threat is not science fiction for 2040. Data intercepted today will be decrypted as soon as a sufficiently powerful quantum computer exists. We build the shield now, not after.”
Sovereign value chain
Our partner ecosystem covers the entire value chain.
FPGA foundries
Hardware encryption accelerators
Server manufacturers
Certified reference platforms
Component distributors
Hardware security and connectivity
Sovereign hosting providers
SecNumCloud infrastructure
Evaluation laboratories
ANSSI CSPN / CC certification
Milestones and objectives
Legal structure, founding hires, R&D launch
Rust firmware, GARANCE PKI, PQC-WAN agent, continuous integration pipeline, staging environment
FPGA accelerators received, rack integration, IPsec test bench, 800 Gbps line-rate validation
Security target, evaluation deliverables, cryptographic deliverables, evaluation by an ANSSI-accredited laboratory
First OIV and telecom deployments, SecNumCloud sovereign cloud partnerships, EAL4+ Common Criteria trajectory, NIS2/DORA compliance support
Ready for the post-quantum era?
Audit, proof of concept or deployment — we adapt our approach to your readiness.