Thales Develops Globally Recognized Algorithm for Post-Quantum Cryptography

Thales booth

An algorithm co-developed by Thales becomes part of the first U.S. and international standard for post-quantum cryptography. The goal of this standard is to protect against cyberattacks using quantum computers. The algorithm was developed in a laboratory established in 2013 and emerged as the winner after a five-year competition hosted by the National Institute of Standards and Technology (NIST).

Quantum computers may represent a future threat to our cybersecurity. The new algorithm Falcon, despite its English name, is a partially French invention. It was developed by Thales and the University of Rennes 1 in collaboration with partners in Canada, UK, and the United States (IBM, NCC Group and Qualcomm). Falcon will be part of the first U.S. and international standard for post-quantum cryptography. In mid-July, the National Institute of Standards and Technology (NIST) selected the algorithm after a five-year competition. The standard is expected to be fully defined by 2024.

NIST launched the competition in 2017 with the goal of developing a new standard for post-quantum cryptography. Of the 82 entries, only four security protocols made it to the finish line after demonstrating to withstand attacks with quantum computers. The winning algorithms have since been published on the Internet and are available royalty-free. Although developed in the United States, Thales expects the standard to serve as a global benchmark.

Falcon is an algorithm around digital signatures. Eric Brier, Chief Technology Officer Cyber Defense Solutions at Thales explains: “A digital signature provides evidence of the authenticity of a message. It provides assurance that the message came from a known user and that it has not been tampered with. It would thus form an indispensable part of any modern communication protocol.”

Digital signatures can be used, among other things, for the exchange of encryption keys for encrypted communications or the authentication of machines within industrial networks.

Quantum Apocalypse

Although quantum computers are currently mostly prototypes, the risk of a ‘quantum apocalypse’ is certainly real, stated Pierre-Yves Jolivet, vice president of Cyber Defense Solutions at Thales.

“It’s about time we started treating this issue seriously,” said Pierre-Yves Jolivet. “In ten years, some of the data that is currently being transferred will be vulnerable to quantum attacks. This information might be intercepted right now and later decrypted.”

In order to provide defenses against this cyber danger, Thales established a special laboratory on the Paris-Saclay campus south of Paris in 2013.

“Almost all current security protocols are vulnerable. That’s because they solve mathematical problems,” added Mr. Brier. “That might include, for example, decomposing integers or calculating discrete logarithms. If a functioning quantum computer were to fall into the hands of state hackers or a criminal organization, our existing cybersecurity systems would be useless overnight. Our solution was to look for other mathematical problems, which even a quantum computer cannot crack and would take thousands of years to solve. At the same time, the algorithm had to provide watertight protection against non-quantum attacks.”

Embedded Security Systems

 Eric Brier, CTO Cyber Defense Solutions at Thales
“Almost all current security protocols are vulnerable. That’s because they solve mathematical problems,” said Eric Brier, CTO Cyber Defense Solutions at Thales.

Mr. Brier asserts that selecting the appropriate mathematical problem – in this case, ‘Euclidean lattice reduction’ – and creating a successful method are two entirely different things. “The mathematical problem is obviously critical, but it takes an enormous amount of work to develop an unbreakable algorithm that can withstand physical attacks and is not too cumbersome to be of practical use to Thales customers.”

The researchers were particularly interested in making the algorithm as compact as possible and compatible with embedded security systems without adversely affecting computer performance. This objective was achieved.

“We have obtained proof of the effectiveness of Falcon’s security. This means that cracking the algorithm is as difficult as solving the underlying mathematical problem,” added Mr. Brier. “To test the robustness of all the submitted algorithms, they were exposed to targeted attacks by the other teams. Falcon made it to the finish line because no one could crack it. After beating the competition, it’s entirely possible that Falcon will show up in IT security systems around the world in the coming years.”


The French National Agency for Information Security (ANSSI) warns organizations that they must take immediate action to protect themselves from cyberattacks using quantum computers.

The introduction of the new standards by the NIST would also have far-reaching effects outside of the United States. In a personal report that was released on July 18th, ANSSI acknowledged the global significance of the competition. He examined the NIST’s academic choice and stated that “the four algorithms now must be considered as the default options for the majority of post-quantum security solutions.”

“A number of our existing cipher systems use versions of post-quantum algorithms and/or were developed with their easy implementation in mind,” added Mr. Jolivet. “With the ANSSI recommending that organizations make their IT security systems ready for post-quantum cryptography by 2030, Thales is positioning itself as a provider of a security solution that will soon be indispensable. During this competition by NIST, we did leave behind all our direct competitors in the field of civilian encryption and military cybersecurity.”