The quantum computer may not yet be available, but it is with a view to its development that cryptography has taken a quantum leap forward, started... some thirty years ago and leading to the advent of a new cryptography known as post-quantum.

Quantum computing, a new threat to data security

Flashback: in 1994, an American mathematician, Peter Shor, alerted the research world with his discovery of a technique capable of reducing the time needed to solve the difficult problems underlying the RSA cryptography initiated in the late 1970s (RSA for Ronald Rivest, Adi Shamir and Léonard Adleman, the basis of Internet security through the https protocol) or the cryptography based on elliptic curves that succeeded it in the 2000s.

What does this mean? It means that tomorrow, codes that we thought would take years to crack could be quickly broken if Shor's famous algorithm were programmed into a quantum computer. In other words, this would render obsolete commonly used cryptographic algorithms, exposing sensitive data to major risks of disclosure.

The threat was thus posed. Twenty years later, in 2016, the rapid progress of quantum technology led NIST to launch a call for projects on securing data. Of the 82 projects submitted in 2017, after 3 rounds, 7 were finalists and 8 outsiders in 2020, then 4 retained in 2022 as “future standards”.

Among them, two are the fruit of the work of Damien Stehlé, then professor at ENS de Lyon, member of the Laboratoire de l'informatique du parallélisme (Inria, CNRS, ENS de Lyon, Université Claude Bernard Lyon 1). In 2023, Damien Stehlé created the Lyon research center of the Korean start-up company CryptoLab.

Damien Stehlé's whole approach has been to develop algorithms capable of withstanding quantum attacks in terms of encryption and signature. One of the major difficulties he points out is that experimenting with quantum attacks is very difficult, since quantum computing is still in its infancy.

In an article published in Le Monde on July 7, 2022, Damien Stelhé explains: "To demonstrate the robustness of these algorithms, we have provided proof that they are indeed difficult to solve, including by quantum attacks. In the case of networks, researchers sometimes claim in pre-publications that they have found efficient algorithms. But so far, they all contain errors and the claims don't hold up." So, to prove the reliability of their algorithms, Damien Stehlé and his colleagues continue to try to attack them, while failing to make them more reliable!

In March 2025, NIST adopted a new key encapsulation code, named HQC for Hamming Quasi Cyclic, based on a mathematical foundation distinct from Kyber, an algorithm based on Euclidean networks, to improve overall cryptographic diversity. This KEM (key encapsulation mechanism) does not replace Kyber, which remains the main algorithm of choice.

How did Damien Stehlé get to where he is today?

In an interview with INRIA in 2022, Damien Stehlé explains that he first became interested in alternative algorithms to the tried-and-tested security mechanisms (RSA mechanisms) in 2005: "It wasn't a mainstream topic at the time, but then in the 2000s, there was some fundamental work on the subject, and it really started in 2005. At the time, I was finishing my PhD thesis and got interested when the big seminal results started coming out. It wasn't practical at all at the time, it only existed on paper, but there was a community that developed around it, the foundations were established."

In 2012, when he was awarded the CNRS bronze medal, the portrait dedicated to him by the CNRS summed up the significance of his work and his career path: "My work consists of designing algorithms and methods that enable certain calculations to be carried out as quickly as possible." More specifically, Damien Stehlé works on Euclidean lattices, i.e. regular arrangements of points in space. Examples include the arrangement of atoms in a crystal, or simply a tiled floor. The algorithms developed by this young researcher make it possible to quickly find a simple, usable mathematical representation of the networks. This work has numerous applications in fields such as telecommunications and computer arithmetic, as well as in cryptography, the scientist's area of specialization. After completing a PhD at the Université Nancy 1, Damien Stehlé joined the CNRS in 2006, at the Laboratoire de l'informatique du parallélisme. There, he developed his ideas and combined methods from several branches of mathematics – algebra, number theory, floating-point arithmetic – to study and develop network-based cryptography systems.

Potentially, these could become the most secure ever conceived. “It is often said that this cryptography would even withstand the quantum computer,” concludes Damien Stehlé.

Thirteen years later, the highly theoretical work has resulted in a NIST standard, which represents both the culmination of years of work and a collective international effort. While Lyon-based research is at the heart of these achievements, the CRYSTALS protocols are also the fruit of international cooperation between several teams, both academic and private: with ENS de Lyon, the University of Bochum in Germany, the University of Waterloo in Canada, Radboug University in Nijmegen in the Netherlands, ARM Limited, NXP semi conductors, IBM Research Zurich, CWI Amsterdam, the Max Plank Institute in Germany, Florida Atlantic University and SRI international. 
Paradoxically, while the quantum computer is still a long way from seeing the light of day, the threats it poses to computer security have led to the launch of applications in a number of very real fields. In a recent article in Le Monde, dated April 25, Damien Stehlé points out: “The advantage of these new algorithms is also that they bring new functionalities.” At his start-up CryptoLab, he is developing a so-called “homomorphic” encryption process that enables programs to be run on encrypted data. At a time when the protection of sensitive data, particularly that relating to privacy, is a crucial issue, this opens up new perspectives that are not only more secure, but also more reassuring for our personal data and the protection of individual rights.

Find out more about securing data in the quantum era: discover Damien Stelhé's lecture given in November 2024 at Maison Poincaré.