The CryptOps
Product Suite
Seven products across three categories — FPGA hardware encryptors, software PQC agents, and sovereign services — designed to work seamlessly together.
AllEyes Resilient Encryptors
Post-quantum network encryption at 800 Gbps per card. CPU-Blind architecture — the host processor never sees plaintext data. ANSSI CSPN Encryptor certification target Q3 2026.
AllEyes Resilient 4U
Sovereign Datacenter
800 Gbps per card, stackable up to 6.4 Tbps per server. Dual FPGA partition: certified crypto fabric alongside custom business IP. Designed for sovereign datacenter and OIV deployments.
AllEyes Resilient 2U
Regional Backbone
Same 800 Gbps performance in a compact 2U form factor. Ideal for PoPs, regional sites, and backbone interconnects where rack space is at a premium.
PQC-WAN Agents
Software-based post-quantum encryption for remote sites, branches, and industrial environments. ANSSI CSPN Agent certification target Q4 2026.
PQC-WAN Agent 1U
Telecom / PoP
Software PQC encryption for remote telecom sites. 1U NEBS Level 3 compliant for carrier-grade deployments.
PQC-WAN Agent Compact
Micro-PoP / Branches
Ultra-compact (249 mm), ideal for bank branches, small offices, and micro-PoP locations with limited space.
PQC-WAN Edge
SCADA / Industrial
3.4 kg, wall-mount, −40°C to +70°C operating range. Designed for substations, industrial control systems, and harsh environments.
Sovereign Services
Post-quantum PKI and VPN mesh services that tie the entire CryptOps ecosystem together. Fully sovereign, on-premise deployment.
GARANCE PKI
Sovereign Post-Quantum PKI
Sovereign Certificate Authority with native ML-DSA-87 signatures. Immutable audit trail, CRL/OCSP revocation (RFC 5280 / RFC 6960), and NIS2/DORA/RGS compliance built in.
GLUON
PQC VPN Mesh
Post-quantum VPN mesh controller. Auto-configured ML-KEM-1024 tunnels with zero-touch provisioning, fleet controller for large-scale deployments, and real-time monitoring.
Memory-safe by design
No C in production. Application code 100 % Rust, crypto primitives in constant-time assembly, 800 Gbps fabric in Verilog/VHDL. The only low-level dependencies we accept are formally verified.
Rust · 100 % memory-safe
Backend, control plane, agents, firmware — all Rust, with
#![deny(unsafe_code)]
and #![deny(clippy::unwrap_used)].
Secrets zeroized systematically in memory.
ASM · constant-time primitives
Low-level primitives hand-written in AVX2/AVX-512 assembly to eliminate timing side-channels. Static constant-time verification via ctgrind in CI.
RTL · 800 Gbps fabric
AES-256-GCM implemented as pipelined Verilog in the AMD FPGA. Keys confined to an isolated crypto zone inside the FPGA — never exposed to the host CPU. CPU-Blind architecture verifiable via hardware attestation.
Formal verification
ML-KEM-1024 and AES-256-GCM extracted from HACL* (F* proofs), ML-DSA from Fiat-Crypto (Coq). IKEv2+ML-KEM protocol modelled in ProVerif (secrecy, auth, forward secrecy).
Hardened supply chain — bit-level traceability
Audited dependencies (cargo-deny, cargo-audit), ML-DSA-87 signed SPDX SBOM shipped with every release, reproducible builds (Yocto + cargo --locked), binaries signed by the GARANCE PKI, hardened CLIP-OS rootfs mounted read-only with dm-verity.
Enterprise Licensing
CryptOps products are available under perpetual hardware licenses with annual software maintenance. Contact our team for a tailored deployment plan.