Home | Encryption Technologies


Encryption technologies or "cryptography"

In cryptography, encryption is the process of encoding a message or information in such a way that only authorised parties can access it and those who are not authorised cannot. Encryption does not itself prevent interference but denies the intelligible content to a would-be interceptor. In an encryption scheme, the intended information or message, referred to as plaintext, is encrypted using an encryption algorithm – a cypher – generating ciphertext that can be read only if decrypted. For technical reasons, an encryption scheme usually uses a pseudo-random encryption key generated by an algorithm. It is in principle possible to decrypt the message without possessing the key, but, for a well-designed encryption scheme, considerable computational resources and skills are required. An authorised recipient can easily decrypt the message with the key provided by the originator to recipients but not to unauthorised users.

Encryption has long been used by militaries and governments to facilitate secret communication. It is now commonly used in protecting information within many kinds of civilian systems. For example, the Computer Security Institute reported that in 2007, 71% of companies surveyed utilised encryption for some of their data in transit, and 53% utilised encoding for some of their data in storage. Encryption can be used to protect data "at rest", such as information stored on computers and storage devices (e.g. USB flash drives). In recent years, there have been numerous reports of confidential data, such as customers' personal records, being exposed through loss or theft of laptops or backup drives; encrypting such files at rest helps protect them if physical security measures fail. Digital rights management systems, which prevent unauthorised use or reproduction of copyrighted material and protect software against reverse engineering (see also copy protection), is another somewhat different example of using encryption on data at rest.


In response to the encryption of data at rest, cyber-adversaries have developed new types of attacks. These more recent threats to encryption of data at rest include cryptographic attacks, stolen ciphertext attacks, attacks on encryption keys, insider attacks, data corruption or integrity attacks, data destruction attacks, and ransomware attacks. Data fragmentation and active defence data protection technologies attempt to counter some of these attacks, by distributing, moving or mutating ciphertext, so it is more difficult to identify, steal, corrupt, or destroy.


Encryption is also used to protect data in transit, for example, data being transferred via networks (e.g. the Internet, e-commerce), mobile telephones, wireless microphones, wireless intercom systems, Bluetooth devices and bank automatic teller machines. There have been numerous reports of data in transit being intercepted in recent years. Data should also be encrypted when transmitted across networks in order to protect against eavesdropping of network traffic by unauthorised users.

Multiple Encrypted VPN by OTP Key

Virtual 128 secure VPN channels. Hardware encrypted, Quantum RNG OTP. And OTP session Certificate. Bulk key management. This secure any file transfer can be open only one time with a certificate valid One Time Only.

Separate master encryption delivers a bulk key to the next session, and a part of payload control fragmented data pattern to the multiple channels.

Hardware encryption

128 secure VPN channels. Hardware encrypted, Quantum RNG OTP. And OTP session Certificate. Bulk key management.

This secure any file transfer can be open only one time with a certificate valid One Time Only. If the file called for the certificate a second time it is used and a warning of tampering will be Noted to the user.

Cissco Quantum Cryptography Technology is significantly different from ordinary binary cypher.  

The standard binary encryption system for (classical) computers consist of binary bits or bytes.  

Currently, most binary encryption key lengths are at best between 256 to 1048 bits and origion from one or two primes.  A quantum computer cryptology system does not use bits or bytes but instead utilises qubits, whose properties are substantially and uniquely different from binary bits or bytes.  A quantum encryption key length is capable of 16 billion qubits, and because of the unique features of the qubits, standard or classical computers are unable to copy or read any qubit data, making it virtually impossible to hack or eavesdrop.  

Quantum Technology's quantum encryption is very advanced with not only a true quantum photon random number generator but also multiple OTP's, providing the ultimate protection against a cyber thief.  

You will have peace of mind knowing that the information on your phone, laptop, tablet or desktop computer are completely safe and secure from cyber hackers. As an added benefit, our quantum encryption system will compress your data to a lossless ratio between 50:1 and 200:1.  

Whether you are sending a large amount of data or streaming an 8k resolution video, your content is not only well protected but will be multiple packets at light speed without loss of quality or data. 

Protocol Encryption Technologies



Cipher Suite k-Cipher Suites (SSL)






True Random Quantum Random Number Generator (QRNG)

General Description
True hardware random number generator (RNG)
Uses quantum optics process to create true quantum randomness (passes all randomness tests)
Allows live status verification
Highly resilient to environmental perturbations
High bit rate up to 10 Gbits/sec.
Compatible with all major operating systems
Application with graphical user interface.
Easy integration using the (QRNG) library

(QRNG) certifications:
NIST SP800-22 Compliance
METAS Certification
CTL Certification
BSI AIS 31-compliance Certificate
(FIPS) Publication 140-2 Annex C

General Description
True random number generation platform based on Quantum Photonic QRNG, 
Quantum Key platform is dedicated to the creation of truly random encryption keys and unique digital tokens for secure crypto operations.
The random numbers generated by the True Random Quantum Random Number Generator (QRNG) are used for different applications: to generate high-quality cryptographic keys for encryption or authentication; to seed deterministic PRNGs and provide additional randomness for commercial; or to provide entropy for online mathematical simulations

The Quantis Appliance serves as a hardware source of trust for cloud or distributed environments, with both Linux and Windows operating systems. It provides secure keys for Virtual Machines (VMs), Virtual Private Networks (VPNs), HSMs and remote desktops. It is also used in Randomness-as- a-Service (RaaS) or Security as a Service (SaaS) environments.

The Quantum Key Factory is based on the internationally tested and certified Quantis Random Number Generator, but also allows for a combination of multiple sources of randomness (entropy) to guarantee secure key generation at the highest level of trust. In particular, it can be connected to the Quantis Appliance, which provides true quantum randomness over a network.Randomness based on natural quantum mechanics, robust to external environmental changes. Live verification of the core QRNG to ensure ongoing trust in the entropy source

Worldwide government certifications, including Swiss METAS certification and German BSI validation according to AIS 31.
Best practices in key scheduling, key mixing, key storage, key auditing. Can be integrated with the

Allows input of external third-party entropy source for additional trust, Quantum Key Factory platform underlies the creation of encryption keys and unique digital tokens for highly secure crypto operations and is based on the True Random Quantum Random Number Generator (QRNG).

Quantum Photonic QRNG has been certified by numerous governments worldwide, holds the certification and has been validated in the German BSI’s AIS 31 testing.
The true random generator core implements true random number generation. The core passes the American NIST Special Publication 800-22 and Diehard Random Tests Suites. It is compliant with FIPS 140-2 Annex C. 

Basic core is very small and contains the random seed source and a PRNGQ1,PRNGQ4, PRNGQ8 cryptographically secure Photonic Quantum-random generator. Satisfies Federal Information Processing Standard (FIPS) Publication 140-2 Annex C (“approved” random number generator) from the US National Institute of Standards and Technology (NIST). Passes the requirements of the NIST SP 800-22. 
The design is fully synchronous, with the exception of the seed part, and available in both source and netlist form. 

IT Security Applications
Hardware Security Modules
Entropy seeding for Linux servers
Entropy generation for data centers
VPN encryption
Password & PIN Number Generation
Random seed generation
Secure wireless communications, including IEEE 802.16 WiMAX, 802.11 Wi-Fi WLAN, 802.15.3, 802.15.4 (ZigBee), MBOA, 802.16e 
Electronic financial transactions, smart cards 
Content protection, digital rights management (DRM), set-top boxes 
Secure video surveillance systems 
Military communication systems 
Encrypted data storage
Secure RFID

3GPP Cipher

Ultra-Compact Advanced Encryption Standard (AES, FIPS-197)/NIST AES Key Wrap/Unwrap

General Description
Implements the NIST standard AES key wrap and unwrap. Core contains the base AES core AES1 and is available for immediate licensing.
The design is fully synchronous and available in both as source and netlist form.

The AES implements Rijndael cipher encoding and decoding in compliance with the NIST Advanced Encryption Standard. It processes 128-bit data blocks with 128-bit key (a 256-bit key version is available). 

Basic it is designed only for encryption and is the smallest available on the market (less than 3,000 gates). Enhanced versions are available that support encryption and decryption for various NIST cipher modes (ECB,CBC, OFB, CFB, CTR), as well as different datapath widths for size/performance tradeoff. The core includes the key expansion logic. 
Optional data integrity and differential power attack resistance features. AES-CMAC-96, AES-XCBC-96, AES-CMAC-PRF-128, AES-XCBC-PRF-128, IPsec, TLS.

Base Core Features
Starts from less than 8,000 ASIC gates
Completely self-contained: does not require external memory
Supports both encryption (wrap) and decryption (unwrap). Encryption-only and decryption only versions available.
Includes AES key expansion
256 bit AES key encryption keys (KEK) supported.
Flow-through design
Test bench provided

AES key wrap per NIST key wrap specification and RFC 3394 
General Description
The cipher in compliance with the 3GPP Confidentiality and Integrity Algorithms 128-EEA3 & 128-EIA3 version 1.6. It produces the keystream that consists of 32-bit blocks using 128-bit key and IV. 
Multiple configurations are the number after dash indicates the throughput in bits per clock, 32 version is 4 times faster than 8. Enhanced –E3 version is available that supports both EEA3 and EIA3 confidentiality and integrity algorithms. Compact E3 core is very small (12K gates). 
The design is fully synchronous and available in both source and netlist form. Test bench includes the ETSI/SAGE test vectors.

SHA1, SHA2 Cryptographic Hash Cores

General Description

The SHA cores provide implementation of cryptographic hashes SHA-1 (core SHA1), SHA-2 (cores SHA2-256 and SHA2-512). 
The data via the D input and outputs the hash result via its Q output. Data bus widths for both D and Q are parameterized.
The SHA1 supports SHA-1 per FIPS 180-1, SHA2-256 and SHA2-512 support SHA-2 per FIPS 180-2.  SHA algorithms process data in 512-bit blocks (SHA1, SHA2-256) or 1024-bit blocks (SHA2-512) and produce message digests consisting of 160 (SHA1), 256 (SHA2-256), and 512 bits (SHA2-512). 
The Secure Hash Standard (SHA) is a message digest standard as defined in the FIPS-180-2 publication 

Cipher Suite k-Cipher Suites

k-Key Exchange Names:

Secure TLS Cipher Suite switch key_exchange
TLS Cipher Suite Allowed By HTTP2

VPN Encryption

Private Internet Access uses the open source, industry standard OpenVPN to provide you with a single and multiple secure VPN tunnels. OpenVPN has many options when it comes to encryption. Our users are able to choose what level of encryption you want on the VPN sessions. We provide the most reasonable defaults and we recommend most people choose the best. That said, we like to inform our users and give them the freedom to make their own choices. Choose to run 4 or more OpenVPN instances on the same machine, you will need a separate virtual TUN/TAP adapter and a separate port (using the port directive) for each instance. Make sure each TUN/TAP adapter has a unique, non-overlapping subnet using server, server-bridge, or ifconfig.

CISSCO VPN uses AES (Advanced Encryption Standard) with multiple channel of 256 bit-keys. In fact, it was used by the U.S. government to secure classified information and by the NSA to protect national security data, before it became the most frequently used algorithm in symmetric key cryptography. Now it is an ideal option for software applications, hardware, and firmware that require either high throughput or low latency.

Furthermore, CISSCO VPN recommends two different security protocols that provide strong VPN encryption between your device and the server you have connected to. Usually, when you connect to one of the CISSCO VPN apps, it select your own encryption settings most suitable for your speed and security circumstances.

Here you will find more detailed information about each security protocol and CISSCO VPN recommendations for choosing between different VPN encryption types.

AES (Advanced Encryption Standard) is a symmetrical block-cipher algorithm with a 128-bit block size, and key sizes of 128, 192 or 256 bits.

Data encryption:

This is the symmetric cipher algorithm with which all of your data is encrypted and decrypted. The symmetric cipher is used with an ephemeral secret key shared between you and the server. This secret key is exchanged with the Handshake Encryption.


Advanced Encryption Standard (128-bit) in CBC mode. 
This is the fastest encryption mode.


Advanced Encryption Standard (256-bit) in CBC mode.

The Advanced Encryption Standard (AES), the symmetric block cipher ratified as a standard by National Institute of Standards and Technology of the United States (NIST), was chosen using a process lasting from 1997 to 2000 that was markedly more open and transparent than its predecessor, the Data Encryption Standard (DES). This process won praise from the open cryptographic community, and helped to increase confidence in the security of the winning algorithm from those who were suspicious of backdoors in the predecessor, DES.

RSA an asymmetric (e.g. public-key) cryptosystem, based on modular exponentiation with big exponents and modulus. RSA can be used both for signature and encryption.

Handshake Encryption

This is the encryption used to establish a secure connection and verify you are really talking to a Private Internet Access VPN server and not being tricked into connecting to an attacker's server. We use TLS to establish this connection. All our certificates use SHA512 for signing.


2048bit Ephemeral Diffie-Hellman (DH) key exchange and 2048-bit RSA certificate for verification that the key exchange really happened with a Private Internet Access server.


Like RSA-2048 but 3072-bit for both key exchange and certificate.


Like RSA-2048 but 4096-bit for both key exchange and certificate.

RSA (Rivest–Shamir–Adleman) is one of the first public-key cryptosystems and is widely used for secure data transmission. In such a cryptosystem, the encryption key is public and it is different from the decryption key which is kept secret (private). In RSA, this asymmetry is based on the practical difficulty of the factorization of the product of two large prime numbers, the "factoring problem". The acronym RSA is made of the initial letters of the surnames of Ron Rivest, Adi Shamir, and Leonard Adleman, who first publicly described the algorithm in 1978. Clifford Cocks, an English mathematician working for the British intelligence agency Government Communications Headquarters (GCHQ), had developed an equivalent system in 1973, but this was not declassified until 1997.

A user of RSA creates and then publishes a public key based on two large prime numbers, along with an auxiliary value. The prime numbers must be kept secret. Anyone can use the public key to encrypt a message, but with currently published methods, and if the public key is large enough, only someone with knowledge of the prime numbers can decode the message feasibly.[2] Breaking RSA encryption is known as the RSA problem. Whether it is as difficult as the factoring problem remains an open question.

RSA is a relatively slow algorithm, and because of this, it is less commonly used to directly encrypt user data. More often, RSA passes encrypted shared keys for symmetric key cryptography which in turn can perform bulk encryption-decryption operations at much higher speed.

Data authentication:

This is the message authentication algorithm with which all of your data is authenticated. This is only used to protect you from active attacks. If you are not worried about active attackers you can turn off Data Authentication.


HMAC using Secure Hash Algorithm (160-bit).
This is the fastest authentication mode.


HMAC using Secure Hash Algorithm (256-bit).


HMAC using Secure Hash Algorithm (384-bit).


HMAC using Secure Hash Algorithm (256-bit). All our certificates use SHA512 for signing.

Handshake Encryption

This is the encryption used to establish a secure connection and verify you are really talking to a Private Internet Access VPN server and not being tricked into connecting to an attacker's server. We use TLS to establish this connection. All our certificates use SHA512 for signing.

A Virtual Private Network (VPN

VPN allows you to connect to the Internet via a remote server run by a VPN service provider. All the data traveling from your computer, tablet or phone is transferred via an encrypted connection, also known as a VPN tunnel. That means all the traffic coming from your device is encrypted, so that it is no longer visible to your Internet Service Provider (ISP).

Standard OpenVPN

OpenVPN is a mature and robust piece of open-source software, which provides reliability, online security, and fast VPN experience. It is a versatile protocol and can be used for both TCP and UDP ports. Choose the TCP port as a more reliable option for accessing the web and UDP for faster online gaming and live streaming experience.

OpenVPN supports a high number of strong encryption algorithms and ciphers – to guarantee the protection of your sensitive data, we use AES-256-CBC with a 2048-bit DH key. It is currently used by default for Windows, macOS, and Android.


The new VPN security protocol family is IKEv2/IPsec. It encrypts and secures users’ traffic by employing high-level cryptographic algorithms and keys. In addition to this, VPN utilizes NGE (Next Generation Encryption) in IKEv2/IPsec.

At the moment the IKEv2/IPsec security protocol cannot be cracked even by the strongest computers. Therefore, it provides military-grade encryption standards, stability, and high-performance speed. For these reasons, it is highly recommended to use, and has been adopted as a default in the VPN.

IKEv1 or IKEv2

In computing, Internet Key Exchange (IKE, sometimes IKEv1 or IKEv2, depending on version) is the protocol used to set up a security association (SA) in the IPsec protocol suite. IKE builds upon the Oakley protocol and ISAKMP. IKE uses X.509 certificates for authentication ‒ either pre-shared or distributed using DNS (preferably with DNSSEC) and a Diffie–Hellman key exchange ‒ to set up a shared session secret from which cryptographic keys are derived. In addition, a security policy for every peer which will connect must be manually maintained.

Transport Layer Security (TLS)

TSL and its predecessor, Secure Sockets Layer (SSL), which is now deprecated by the Internet Engineering Task Force (IETF) – are cryptographic protocols that provide communications security over a computer network. Several versions of the protocols find widespread use in applications such as web browsing, email, instant messaging, and voice over IP (VoIP). Websites are able to use TLS to secure all communications between their servers and web browsers.











The TLS protocol aims primarily to provide privacy and data integrity between two or more communicating computer applications.:

When secured by TLS, connections between a client and a server have one or more of the following properties:

The connection is private (or secure) because symmetric cryptography is used to encrypt the data transmitted. The keys for this symmetric encryption are generated uniquely for each connection and are based on a shared secret negotiated at the start of the session (see § TLS handshake). The server and client negotiate the details of which encryption algorithm and cryptographic keys to use before the first byte of data is transmitted (see § Algorithm below). The negotiation of a shared secret is both secure (the negotiated secret is unavailable to eavesdroppers and cannot be obtained, even by an attacker who places themselves in the middle of the connection) and reliable (no attacker can modify the communications during the negotiation without being detected).

The identity of the communicating parties can be authenticated using public-key cryptography. This authentication can be made optional, but is generally required for at least one of the parties. The connection is reliable because each message transmitted includes a message integrity check using a message authentication code to prevent undetected loss or alteration of the data during transmission.

In addition to the properties above, careful configuration of TLS can provide additional privacy-related properties such as forward secrecy, ensuring that any future disclosure of encryption keys cannot be used to decrypt any TLS communications recorded in the past.

TLS supports many different methods for exchanging keys, encrypting data, and authenticating message integrity (see § Algorithm below). As a result, secure configuration of TLS involves many configurable parameters, and not all choices provide all of the privacy-related properties described in the list above (see the § Key exchange (authentication), § Cipher security, and § Data integrity tables).

Attempts have been made to subvert aspects of the communications security that TLS seeks to provide, and the protocol has been revised several times to address these security threats (see § Security). Developers of web browsers have also revised their products to defend against potential security weaknesses after these were discovered (see TLS/SSL support history of web browsers).

The TLS protocol comprises two layers: the TLS record and the TLS handshake protocols.

Quantum cryptography describes the use of quantum mechanical effects to perform cryptographic tasks, this method is alternatively known as quantum communication. These terms are interchangeable in most literature. This is not to be confused with quantum computing.

Quantum random properties QRNG

There are two fundamental sources of practical quantum mechanical physical randomness: quantum mechanics at the atomic or sub-atomic level and thermal noise (some of which is quantum mechanical in origin). Quantum mechanics predicts that certain physical phenomena, such as the nuclear decay of atoms, are fundamentally random and cannot, in principle, be predicted (for a discussion of empirical verification of quantum unpredictability, see Bell test experiments). And, because we live at a temperature above absolute zero, every system has some random variation in its state; for instance, molecules of gases composing air are constantly bouncing off each other in a random way (see statistical mechanics.) This randomness is a quantum phenomenon as well (see phonon).

Because the outcome of quantum-mechanical events cannot in principle be predicted, they are the ‘gold standard’ for random number generation. Some quantum phenomena used for random number generation include:

Shot noise, a quantum mechanical noise source in electronic circuits. A simple example is a lamp shining on a photodiode. Due to the uncertainty principle, arriving photons create noise in the circuit. Collecting the noise for use poses some problems, but this is an especially simple random noise source. However, shot noise energy is not always well distributed throughout the bandwidth of interest. Gas diode and thyratron electron tubes in a crosswise magnetic field can generate substantial noise energy but have a very peaked energy distribution and require careful filtering to achieve flatness across a broad spectrum.

Photons travelling through a semi-transparent mirror. The mutually exclusive events (reflection/transmission) are detected and associated to ‘0’ or ‘1’ bit values respectively.

Amplification of the signal produced on the base of a reverse-biased transistor. The emitter is saturated with electrons and occasionally they will tunnel through the band gap and exit via the base. This signal is then amplified through a few more transistors and the result fed into a Schmitt trigger.

Spontaneous parametric down-conversion leading to binary phase state selection in a degenerate optical parametric oscillator.

Fluctuations in vacuum energy measured through homodyne detection.

Looking at TLS is a good start, there's different problems solved by different algorithms. These are considered secure enough, the brute forcing of large enough keys becomes impracticablethis answer has the whole "how strong in terms of millions of years" answer.

For protection against quantum attacks this answer is a good overview, for example the theory right now is for symmetric encryption you just double the key size and your are good to go. Quantum computers can be a concern in the future, but the biggest number arguably factorized so far is 16 bits, until they can do the x bits used in an RSA implementation there isn't much worry.

Of course if you want the most secure you should use a key as big as the message (a one time pad), as this provides perfect secrecy in a method that is simple to implement and understand. This has been known since at least the 1940s.

  • ssl-encryption-icon-png-23.png
  • fips-crypt.png
  • CISAcbt_images_cgeit1.jpg
  • CISAcbt__images_crisc.jpg
  • CISAcbt_images_cism2.jpg

Globally we are 55 employe, Most of us has been active since 1980, in Computer security and Computer sience- and working in defence and security, we can ensure that contacting us, you will get a reliable partner, focused on providing high actions to secure your projects.

We present you the various topics of secure consultations, from which you can choose the one that interests you.