Frequently Asked Questions

Post-quantum cryptography (PQC) encompasses algorithms resistant to quantum computer attacks. Unlike RSA and ECC, these algorithms rely on mathematical problems (lattices, error-correcting codes) considered resistant even against Shor's algorithm. NIST standardized ML-KEM and ML-DSA in August 2024.

The “Harvest Now, Decrypt Later” threat is real today: state actors intercept and store encrypted communications to decrypt them later. Sensitive data with long lifespans (trade secrets, defense data, medical records) is already exposed. Starting migration now protects your current data against this future threat.

NIST finalized three standards in August 2024: ML-KEM (FIPS 203) for key exchange, ML-DSA (FIPS 204) for digital signatures, and SLH-DSA (FIPS 205) as an alternative hash-based signature. A fourth standard, FN-DSA, is being finalized. Our PQC encryptors implement ML-KEM-1024 in hybrid mode.

Our PQC encryptors combine a classical algorithm (AES-256) with a post-quantum algorithm (ML-KEM-1024) in a hybrid encapsulation. If either algorithm is compromised, the other maintains confidentiality. This hybrid mode is recommended by ANSSI and BSI during the transition period.

Software encryption eats CPU cycles and adds variable latency — fine for a VPN client, problematic for 800 Gbps datacenter links. FPGA encryptors process packets at wire speed with under 5 µs added latency. They also allow algorithm updates via firmware reconfiguration, which matters because the PQC landscape is still evolving.

Each FPGA handles up to 100 Gbps per port at wire speed, with under 5 microseconds of added latency. A single 2U chassis with one FPGA delivers 800 Gbps; with eight FPGAs in a 4U chassis, you reach 6.4 Tbps. Multiple streams are processed in parallel with no contention — throughput stays constant regardless of traffic patterns.

Yes. The NIS 2 directive, applicable since October 2024, requires encryption measures for essential and important entities. Our encryptors meet the requirements of Article 21 (cyber risk management measures) and Article 23 (incident notification). Our zero-knowledge approach ensures that even the provider cannot access data in transit.

The DORA regulation imposes strict requirements on financial entities regarding digital operational resilience, including encryption of data in transit. Our PQC encryptors address Articles 6 (ICT risk management) and 9 (protection and prevention), with redundant architecture and automatic failover.

Not yet — certification takes time and we are transparent about where we stand. The architecture is designed specifically for ANSSI evaluation at the DR (Diffusion Restreinte) level, and our hybrid PQC approach aligns with ANSSI’s post-quantum migration framework published in January 2025. We are targeting qualification in 2026. In the meantime, our products carry the “CSPN Ready” designation to signal readiness for evaluation.

A standard deployment runs 8 to 12 weeks in four phases: cryptographic audit of your existing infrastructure (2 weeks), architecture design adapted to your network topology (2-3 weeks), pilot then production rollout (3-4 weeks), and hands-on training for your operations team (1-2 weeks). Larger deployments — multi-site, multi-country — follow the same phases but with extended timelines and dedicated project management.

PQC encryptors operate in transparent Layer 2/Layer 3 mode, without modifying existing network infrastructure. They integrate with MPLS, SD-WAN, and dedicated link environments. Configuration is done via a secure administration interface with strong authentication.

Key management relies on an integrated KMS with automatic distribution of hybrid keys (classical + post-quantum). Keys are generated locally on each encryptor via a hardware TRNG (True Random Number Generator). Key rotation is automatic and configurable, with a recommended interval of 1 hour for session keys.

This is precisely why we use hybrid encryption and FPGA architecture. If a post-quantum algorithm is compromised, the classical layer (AES-256) maintains protection. The FPGA enables algorithm updates through remote reconfiguration, without hardware replacement or service interruption.

Support runs 24/7 with a 4-hour SLA for critical incidents. Concretely, that means proactive monitoring via GARANCE, firmware and algorithm updates, regular threat intelligence on the PQC landscape, and a named technical contact who knows your deployment. The Rouen engineering team handles escalations directly — no outsourced L1/L2 triage.

Our R&D team in Rouen follows NIST working groups and ANSSI publications as part of their daily work. When NIST finalized ML-KEM in August 2024, we had a working FPGA implementation within the quarter. Algorithm updates ship as firmware — no truck roll, no hardware swap. If ANSSI changes its recommended parameter set tomorrow, we can push an update across the fleet via GARANCE.