Encryption Suite

Our Encryption Suite includes the six essential parts of privacy-by-design


Key Management
System (KMS)

A cloud-based Key Management System for your encryption keys and certificates remains accessible to you alone.


Verifiable Confidential Virtual Machine (VM)

We reinforce your data protection with a verifiability agent that verifies the integrity of each data environment, be it hardware, applications, or others.


Confidential AI

We protect your data while fine-tuning your GenAI model, ensuring the security of your data while unlocking a wide range of possibilities.


Client-side encryption

We start with a high-performance, client-side encryption library with post-quantum resistance and access control.


Searchable Encryption

Need to find files with full confidentiality? Our encrypted index allows you to search your information and keeps all queries and results readable for your eyes only.

Secure Enclave

Intel® Trust Domain Extensions (TDX) offers hardware-based memory encryption that isolates specific application code and data in memory. Intel TDX (Trust Domain Extensions) allows user-level code to allocate private regions of memory, called enclaves, which are designed to be protected from processes running at higher privilege levels.

the details
of encryption

The technology used in our Encryption Suite is based on the latest innovations in cryptography. If you’re interested in the details of data security, take a look at our Documentation page for our published academic papers.


Support any critical application with a 200 to 350 microseconds response time.

Post-quantum Hybridization

AES 256 coupled with CRYSTALS-Kyber & Elliptic curves encryption to ensure the most resilient model, following NIST & National Cyber Security Agency recommendations.

User Access Policies

Asymmetric encryption with multiple decryption keys that contain specific access rights.

Key Management System
Stay protected by securing your keys on-premises or in the cloud
Searchable Encryption
Encrypted Index on KVS, encrypted queries, and encrypted results. Never worry about searches being viewed by others.
Key Fingerprinting
A unique fingerprint signature on each key guarantees improved traceability.

Got a few minutes to spare?

We can give you an interactive view of how our technology works.

Dig deeper in Cosmian Data Encryption


Access Control

In key-policy Attributes-Based Encryption, an access policy is encoded into the user’s secret key and ciphertexts are associated with a set of attributes. In ciphertext policy ABE, the secret key is associated with a set of attributes, and the access policy is encoded in the ciphertext.~~


Searchable Encryption

Usually, it is not sufficient to encrypt a large database and outsource it to the cloud. As the encrypted data looks like completely random, it is for example, impossible to distinguish the documents related to the project you are working on from the others in the entire database.
Even if you remember the last (encrypted) files you pushed, you do not know the added files by your colleagues.

We’re constantly in search of world-class partners

Whether with expertise in advanced cryptography, GenAI or Confidential Computing, consider a partnership with Cosmian. Together, we can create a more secure environment for users worldwide.

We proudly work with world-renown academic and technology partners










— There are no limits

Find us on
the Marketplaces

Regain control now on your data and applications in the cloud, subscribe to our cloud marketplaces offering on AWS, Azure and Google Cloud.

Cosmian makes no tracking for advertising and does not collect any personal data. Cookies are used for statistical or operational purposes, as well as for analysis, allowing for continuous improvement of the website. Cosmian uses the Matomo Analytics tool, an audience measurement solution that uses cookies with a configuration that complies with the data protection legislation and the recommendations of the CNIL (Commission Nationale de l'Informatique et des Libertés). This configuration allows to anonymise visitor's data and to limit the storage period of this data to a maximum of 13 months. With this configuration, the prior consent to the deposit of Matomo Analytics cookies is not required. However, you can still choose not to allow these cookies by clicking below or at any time by consulting our Privacy Policy.

You may choose to prevent this website from aggregating and analyzing the actions you take here. Doing so will protect your privacy, but will also prevent the owner from learning from your actions and creating a better experience for you and other users.

This opt out feature requires JavaScript.