Cloudproof Encryption

Access & search encryption for your data in the cloud

In complex, scalable infrastructures, encryption must abstract physical implementations and must provide a way to securely and quickly find and extract discrete data across the entire encrypted repository.

You need application-level encryption with encrypted search.

Cloudproof Encryption brings improved security, high performance at the application level.

And it’s open source.

Adapts to your business organization

Application level encryption with freely defined attributes along multiple axes and user decryption keys embedding access policies, simply defined as boolean expressions over the attributes.

The cloud learns nothing

Everything is encrypted: the data, the indexes, the search queries, and their response. Data is kept encrypted at all times and only decrypted on the end user’s device.

Designed for big data repositories

Encrypted data partitioning facilitates feeding data from multiple sources, the management of ciphertext rotations, and defining policies for extractions. Encrypted search provides a secure mechanism to quickly find encrypted data across the partitions.

Cryptographic Technology

Cloudproof Encryption is based on 2 open source cryptographic stacks: CoverCrypt and Findex. They respectively provide a fast version of access control encryption and searchable encryption.

These stacks are actively designed by Cosmian cryptographers in collaboration with the ENS/CNRS/INRIA cryptographic lab headed by Pr. David Pointcheval. The reference implementation of the stacks is developed in Rust according to the ANSSI guidelines and is submitted for their review.


Annual license based on the number of encrypting servers.


Cloudproof Encryption is packaged in open-source libraries, and directly available on [GitHub] in multiple languages, including Java, Javascript, Python, and Rust. They expose APIs meant for developers who are not cryptographers.

Libraries run on all operating systems, including Android and IOS, as well as inside browsers (using Javascript and Web Assembly).Plugins are available for Spark and Denodo, with examples in Java for Kafka and the Hadoop ecosystem

Improved security model

Using application layer encryption limits the attack surface. Ciphertext partitioning limits the consequences of key leakage. Post-quantum hybridization provides security against future threats.


Hybridization with post quantum cryptography provides security against future threats (following ANSSI recommendation).

Easier to deploy

Encrypting systems do not need to be secured since they only use the public key. Decryption keys are only created when needed.


Everything but private keys is in the cloud. Everything in the cloud is encrypted.

Latest News

Our latest news, updates, topics of interest, food for thoughts.

Cosmian makes no tracking for advertising and does not collect any personal data. Cookies are used for statistical or operational purposes, as well as for analysis, allowing for continuous improvement of the website. Cosmian uses the Matomo Analytics tool, an audience measurement solution that uses cookies with a configuration that complies with the data protection legislation and the recommendations of the CNIL (Commission Nationale de l'Informatique et des Libertés). This configuration allows to anonymise visitor's data and to limit the storage period of this data to a maximum of 13 months. With this configuration, the prior consent to the deposit of Matomo Analytics cookies is not required. However, you can still choose not to allow these cookies (by clicking here ) or at any time by consulting our Privacy Policy.

For more information please consult our Privacy Policy