PEPR Quantique
Post-quantum padlock for web browser

About The project

What is PQ-TLS?

PQ-TLS is a 5-year research project funded by the French National Research Agency (ANR) and the France 2030 strategy under the frameworks of the Priority Research Programs and Equiments (PEPR). In order to find Post-quantum padlock for web browser.


The famous « padlock » appearing in browsers when one visits websites whose address is preceded by « https » relies on cryptographic primitives that would not withstand a quantum computer. This integrated project aims to develop in 5 years post-quantum primitives in a prototype of « post-quantum lock » that will be implemented in an open source browser. The evolution of cryptographic standards has already started, the choice of new primitives will be made quickly, and the transition will be made in the next few years. The objective is to play a driving role in this evolution and to make sure that the French actors of post-quantum cryptography, already strongly involved, are able to influence the cryptographic standards of the decades to come.

Work package 1.

Cryptography based on Euclidean lattices.

Leaders: CNRS (Adeline Roux-Langlois)
Participants: CNRS, ENS Lyon, University of Rennes Capsule, University of Bordeaux, PQShield SAS, ANSSI, Inria Paris Cascade, Inria Capsule

Work package 2.

Code-based cryptography

Leaders : Inria Saclay Grace (Alain Couvreur), Université de Limoges (Philippe Gaborit)
Participants : Inria Paris Cosmiq, Inria Saclay Grace, Université de Limoges, Université de Rouen, Université de Bordeaux.
The difficult problems in the theory of corrective codes allow the design of cryptographic schemes cryptographic schemes for encryption and signature.

Work package 3.

Cryptography based on isogenies.

Leaders : Inria Saclay Grace (Benjamin Smith) et CNRS (Benjamin Wesolowski)
Participants: CNRS, Inria Saclay Grace, Inria Nancy Caramba, Université de Bordeaux, ANSSI.

Among the post-quantum candidates, cryptosystems based on isogenies benefit from the smallest keys, and build the shortest the smallest keys, and build the shortest signatures. On the other hand, they require intensive algebraic computations, resulting in longer execution times. Thus their small key size makes these cryptosystems very attractive for internet protocols and the internet of things (IoT), but of things (IoT), but their relatively high latency remains an important challenge in this project.

Work package 4.

Multivariate cryptography.

Leader : Université de Versailles Saint-Quentin (Louis Goubin et Jacques Patarin)
Participants : Université de Versailles Saint-Quentin, Université de Rouen, CryptoNext

The PoSSo problem (« Polynomial System SOlving »), consists in finding – if it exists – a common root of a set of polynomials. The PoSSo problem is NP-hard and its difficulty is not, a priori, called into question by the emergence of a quantum computer. The problem PoSSo is a fundamental problem in mathematics with applications in many fields many fields, including cryptography.

Work package 5.

Quantum Cryptanalysis.

Leaders : Inria Paris Cosmiq (André Chailloux) et Inria Nancy Caramba (Xavier Bonnetain)
Participants : Inria Paris Cosmiq, Inria Nancy Caramba, Inria Paris Cascade, ENS de Lyon.

The work of cryptanalysis, which consists of studying the best algorithmic attacks on cryptographic schemes, is essential to maintain the trust necessary to use the cryptographic schemes, is essential to maintain the confidence necessary for the use of cryptography: it is the cryptography: it is the very foundation of security and confidence in new primitives. It is important here to study the security of these new primitives both with respect to a classical computer but also quantum computer. It is only through a sustained effort on the problems on which the new post-quantum primitives are based that the community will have confidence will have confidence in the cryptosystems to be deployed in the future.

Work package 6.

design and formal security.

Leader : Inria Paris Prosecco (Bruno Blanchet)
Participants : Inria Paris Prosecco, Université de Rennes 1, Université de Limoges, LIP.

Work package 7.

Secure and verified implementation of primitives.

Leader : Université de Rennes 1 (Pierre-Alain Fouque)
Participants : Inria Paris Prosecco, Université de Rennes 1, LMV, PQShield SAS, CryptoExperts, CryptoNext.

Work package 8.

Hardware implementation and physical attacks.

Leaders : CNRS (Arnaud Tisserand)
Participants : CNRS, CEA-LETI, Université de Saint-Etienne, Université de Rennes 1, Université de Limoges, Inria Grace, CryptoExperts.

The selected algorithms should be theoretically secure (based on proven mathematical problems) but their mathematical problems) but their software or hardware implementation must be efficient but also resistant to physical attacks. Indeed, the attacks by auxiliary channels (computation time, energy  consumption, electromagnetic radiation) and attacks by perturbation (fault injection) are important threats for embedded devices because the the attacker can be very close to the device (connected objects, mobile telephony, transportation etc.).

Work package 9.

Coordination and integration with TLS.

Leader : Université de Limoges (Cristina Onete)
Participants : All

The objective of this WP is to implement a verified and interoperable post-quantum extension of the TLS protocol in C and/or Rust. For this, we will coordinate the work of WP1 to 4 on the choice of the primitives to implement, and will integrate the work of WP7 and 8 which will provide the primitives and WP6 which will provide the PQ-TLS protocol.

Work package 10.


Participants : All

This last WP is dedicated to the standardization of post-quantum encryption solutions. This is an essential an essential task to influence the solutions that will ultimately be adopted. This will include responses to responses to NIST calls for papers and related events, as well as participation and participation in IETF working groups and writing technical contributions.

Retour en haut