Introduction
The European Telecommunications Standards Institute (ETSI) has introduced Covercrypt [2] [4] [8] [12], a cutting-edge quantum-safe encryption library developed by Cosmian. This initiative is part of ETSI’s efforts to establish robust post-quantum cybersecurity standards, ensuring the protection of sensitive data against both current and future quantum-based threats.
Description
The European Telecommunications Standards Institute (ETSI) has launched Covercrypt [2] [4] [12], a high-performance quantum-safe encryption library developed by Cosmian, a leading provider of next-generation cryptographic privacy solutions [5]. This powerful library is specifically designed to protect sensitive data against both current and future quantum-based threats, integrating seamlessly with existing commercial security offerings to help businesses proactively safeguard their information [5]. Covercrypt is a key feature of ETSI’s new post-quantum cybersecurity standard, specification TS 104 015 [7] [12], which aims to secure critical data and communications from the risks posed by large-scale quantum computers [12]. Since February 2023 [1] [5] [9] [10] [11], Cosmian has been an active member of the ETSI Cyber Quantum-Safe Cryptography (QSC) working group [5] [10], contributing significantly to the development of cryptographic security standards [5]. This collaboration culminated in the publication of the report “Efficient Quantum-Safe Hybrid Key Exchanges with Hidden Access Policies,” which was ratified as ETSI TS 104 015 in February 2025 [1] [5] [9] [10] [11].
Covercrypt employs a hybrid encryption strategy based on a Key Encapsulation Mechanism with Access Control (KEMAC) to establish a shared secret key and securely transmit it to authorized users based on specific user attributes, particularly within the context of Ciphertext-Policy Attribute-Based Encryption (CP-ABE) [7]. This method enhances data decryption controls within applications [2], ensuring that session keys can only be accessed when access rights are respected [1] [9]. By locking and anonymizing session keys according to a defined access policy, Covercrypt significantly improves data security, preventing unauthorized individuals from accessing information about the encapsulated session keys while maintaining user anonymity. For instance, an IT department can control application access [3], specifying who can decrypt data within those applications [3].
Notably, Covercrypt is recognized for its efficiency [3], with key encapsulation and decapsulation processes taking only a few hundred microseconds [12]. The system utilizes an “Encrypt now, decrypt later” strategy that bolsters long-term confidentiality and compliance with evolving cybersecurity standards [5] [9] [11]. Its hybrid architecture requires both conventional and post-quantum encryption layers to be compromised for data breaches [1] [11], significantly enhancing data protection [11]. The ETSI standard associated with Covercrypt includes practical features for dynamic access policy management [1] [5] [9] [11], such as efficient user revocation and rights updates [1] [5] [9] [11], marking a significant advancement towards scalable post-quantum security for enterprises globally [5] [9] [10]. Covercrypt also claims several security guarantees, including resilience against Chosen-Ciphertext Attacks (CCA) through a combination of pre-quantum ECDH and post-quantum ML-KEM KEMs [7], alongside features such as anonymity and traceability [7].
The ETSI working group on Quantum-Safe Cryptography emphasizes the importance of adopting quantum-resistant encryption to safeguard sensitive data and comply with evolving cryptographic requirements [4]. The development of Covercrypt represents a significant step forward in the transition to quantum-safe cryptography [4], empowering organizations to enhance their security infrastructure against emerging threats. ETSI [1] [2] [3] [4] [5] [6] [7] [8] [9] [10] [11] [12], recognized by the European Union as a European Standards Organization (ESO) [8], continues to support the development and testing of globally applicable IT standards [8]. An open-source library implementing this ETSI standard is also available in Rust [7], emphasizing high efficiency [7].
Conclusion
The introduction of Covercrypt by ETSI marks a pivotal advancement in the realm of quantum-safe cryptography. By addressing the imminent threats posed by quantum computing, Covercrypt not only fortifies current security measures but also sets a precedent for future cryptographic standards. As organizations transition to quantum-resistant solutions, the collaborative efforts of ETSI and Cosmian will play a crucial role in shaping a secure digital future.
References
[1] https://www.thespec.com/globenewswire/cosmian-covercrypt-achieves-etsi-standardization-for-data-protection-in-the-post-quantum-era/article_0e8eeaed-c09f-5038-aa26-9951693c68a6.html
[2] https://quantumcomputingreport.com/etsi-introduces-a-new-standard-for-hybrid-quantum-safe-key-encapsulation-mechanisms-kems/
[3] https://www.helpnetsecurity.com/2025/03/27/etsi-security-standard-post-quantum-encryption/
[4] https://thequantuminsider.com/2025/03/27/etsi-launches-new-security-standard-for-quantum-safe-hybrid-key-exchanges/
[5] https://www.globenewswire.com/news-release/2025/03/26/3049330/0/de/Cosmian-covercrypt-Wegweisender-Post-Quantum-Datenschutz-mit-ETSI-Standardisierung.html
[6] https://thenimblenerd.com/article/covercrypt-comedy-quantum-safe-encryption-to-outsmart-future-hackers/
[7] https://askcryp.to/t/resource-topic-2025-544-security-analysis-of-covercrypt-a-quantum-safe-hybrid-key-encapsulation-mechanism-for-hidden-access-policies/23847
[8] https://www.infosecurity-magazine.com/news/etsi-quantum-safe-encryption/
[9] https://web3wire.org/web3/cosmian-covercrypt-achieves-etsi-standardization-for-data-protection-in-the-post-quantum-era/
[10] https://itnewsonline.com/GlobeNewswire/Cosmian-covercrypt-achieves-ETSI-standardization-for-data-protection-in-the-post-quantum-era./95202
[11] https://www.globenewswire.com/news-release/2025/03/26/3049330/0/en/Cosmian-covercrypt-achieves-ETSI-standardization-for-data-protection-in-the-post-quantum-era.html
[12] https://www.computerweekly.com/news/366621214/ETSI-launches-first-post-quantum-encryption-standard
