By delivering unrivaled power, quantum computing is set to “disrupt” a number of use cases. On the positive side, computers making this “quantum leap” could, for example, speed up the discovery of molecules in the pharmaceutical sector or refine weather forecasts.

On the negative side, quantum power is likely to call into question current encryption technologies that are used to secure our web browsing and transactions. Asymmetric public-key cryptography algorithms, such as RSA, would then be “cracked” and symmetric AES cryptography algorithms weakened.

The worst is therefore to be feared when this quantum power falls into the wrong hands, whether of cyber-criminal groups or rogue states.

What will this post-quantum world look like? Experts are counting on the advent of quantum computers within the next ten years at the earliest.  A large number of physical challenges remain to be overcome in terms of energy requirements, power and stability,” notes Pierre-Jean Leca, CTO at PRIM’X. These quantum computers will have a colossal impact on IT security in general, and on the world of cryptography in particular, calling into question the very notion of confidentiality. “

In the mean time, the quantum threat is already active. Based on the principle of “harvest now, decrypt later“, “states or organizations are in a position to capture large quantities of data that they can’t decrypt now, but that they intend to decrypt when the time comes,” explains José Lavancier, Project Director at PRIM’X. That could be, for example, the blueprints for future aircraft carriers or nuclear power plants. “

PRIM’X is already taking this quantum threat into account. Following a call for projects by Bpifrance, the publisher of encryption software solutions, it has, since September 2023, been part of the Hyperform consortium which has brought together leading French players in the cybersecurity and post-quantum sectors.

Around the coordinator, Idemia, a leader in digital identity and a major producer of security devices, are another publisher, Atempo, a provider of data backup solutions, and CryptoNext, specialized in the development of post-quantum cryptographic libraries. It also includes Synacktiv, an offensive security company and accredited testing laboratory (ITSEF).

On the public research front, CEA-Leti (Electronics and information technology laboratory) and Inria (French national science and digital technology research institute) are also involved. Finally, the French Cybersecurity Agency (ANSSI) oversees the project’s security and performance assessment.

Funded by France 2030 and the European Union, Hyperform intends to develop solutions capable of protecting sensitive data from potential attacks originating from or using quantum computers.

The consortium will explore several use cases, such as protecting access to sensitive data using a smart card, or the long-term archiving of sensitive information. After a first year spent on drafting the project specifications, the first demonstrators will be unveiled in September 2025, before finalized versions in September 2026.

PRIM’X, a specialist in data confidentiality and encryption, is in charge of developing two demonstrators to validate the architecture choices for its two solutions: ZONECENTRAL – encryption of workstations and sensitive data networks – and ZED!  – encryption of exchanges between users.

Following the hybridization principle advocated by the ANSSI, the demonstrators will combine conventional algorithms and so-called post-quantum algorithms, to provide a high level of security against current attacks while also guaranteeing long-term security.

The National Institute of Standards and Technology (NIST), the U.S. standards body, recently selected three post-quantum cryptographic technologies: Crystals-Kyber (ML-KEM), Crystals-Dilithium (ML-DSA) and Sphincs+ (SHL-DSA). On their side, the French and German cyber authorities recommend the FrodoKEM algorithm family, which is not standardized by the NIST.

Another principle adopted by Hyperform is “crypto agility“. “This approach means that if a post-quantum algorithm is compromised, we can quickly switch to another family of algorithms,” explains Pierre-Jean Leca. If an algorithm is “cracked”, how can it be swiftly replaced in products?”.

For PRIM’X, the Hyperform project will have very real impacts. It will give the publisher demonstrators that have been validated in terms of architecture and security, so that they can be converted into finished products that are ready for ANSSI certification and market launch.

PRIM’X has made certification the cornerstone of its strategy, and intends to continue doing so in the face of the quantum threat. “In the long term, certifications will require hybridization and built-in post-quantum algorithms,” anticipates Pierre-Jean Leca. PRIM’X will already be quantum ready.“

PRIM’X can therefore give its customers, both current and future, the guarantee that post-quantum encryption will be included in its products within a few years. More broadly, businesses are urged to be aware of the quantum threat, and to question their other suppliers to make sure the post-quantum response is part of their R&D road map. 

“We also advise businesses to make an in-house inventory of all the products they use that contain cryptography, in order to prepare to migrate them,” adds José Lavancier. Such migrations can be particularly long and costly when it comes to upgrading or changing algorithms embedded in equipment or vehicles. It is in the interests of defense and industry players to start the process as early as possible.