Your search keyword '"Ingenico Group S.A."' showing total 13 results

1. Faulting original McEliece's implementations is possible: How to mitigate this risk?

Author

Giraud, Vincent, Bouffard, Guillaume, Département d'informatique - ENS Paris (DI-ENS), École normale supérieure - Paris (ENS-PSL), Université Paris sciences et lettres (PSL)-Université Paris sciences et lettres (PSL)-Institut National de Recherche en Informatique et en Automatique (Inria)-Centre National de la Recherche Scientifique (CNRS), Ingenico Group S.A., Agence nationale de la sécurité des systèmes d'information (ANSSI), Guillaume Hiet, and Jan Tobias Mühlberg

Subjects

[INFO.INFO-CR]Computer Science [cs]/Cryptography and Security [cs.CR], Binary Instrumentation, McEliece, White-box attack model, Post-quantum cryptography

Abstract

International audience; Private and public actors increasingly encounter use cases where they need to implement sensitive operations on mass-market peripherals for which they have little or no control. They are sometimes inclined to attempt this without using hardware-assisted equipment, such as secure elements. In this case, the white-box attack model is particularly relevant and includes access to every asset, retro-engineering, and binary instrumentation by attackers. At the same time, quantum attacks are becoming more and more of a threat and challenge traditional asymmetrical ciphers, which are treasured by private and public actors.The McEliece cryptosystem is a code-based public key algorithm introduced in 1978 that is not subject to wellknown quantum attacks and that could be implemented in an uncontrolled environment. During the NIST post-quantum cryptography standardization process [17], a derived candidate commonly refer to as classic McEliece was selected. This algorithm is however vulnerable to some fault injection attacks while a priori, this does not apply to the original McEliece. In this article, we thus focus on the original McEliece cryptosystem and we study its resilience against fault injection attacks on an ARM reference implementation [18]. We disclose the first fault injection based attack and we discuss on how to modify the original McEliece cryptosystem to make it resilient to fault injection attacks.

Published

2023

2. Security of Symmetric Primitives against Key-Correlated Attacks

Author

Connolly, Aisling, Farshim, Pooya, Fuchsbauer, Georg, Ingenico Group S.A., Département d'informatique de l'École normale supérieure (DI-ENS), École normale supérieure - Paris (ENS Paris), Université Paris sciences et lettres (PSL)-Université Paris sciences et lettres (PSL)-Institut National de Recherche en Informatique et en Automatique (Inria)-Centre National de la Recherche Scientifique (CNRS), Construction and Analysis of Systems for Confidentiality and Authenticity of Data and Entities (CASCADE), Université Paris sciences et lettres (PSL)-Université Paris sciences et lettres (PSL)-Institut National de Recherche en Informatique et en Automatique (Inria)-Centre National de la Recherche Scientifique (CNRS)-École normale supérieure - Paris (ENS Paris), Université Paris sciences et lettres (PSL)-Université Paris sciences et lettres (PSL)-Institut National de Recherche en Informatique et en Automatique (Inria)-Centre National de la Recherche Scientifique (CNRS)-Centre National de la Recherche Scientifique (CNRS)-Inria de Paris, Institut National de Recherche en Informatique et en Automatique (Inria), Farshim was supported by the European Research Council under the European Community’s Seventh Framework Programme (FP7/2007-2013 Grant Agreement no. 339563 - CryptoCloud). Fuchsbauer was supported by the MSR–Inria Joint Centre and the French ANR project EfTrEC (ANR-16-CE39-0002)., Département d'informatique - ENS Paris (DI-ENS), Centre National de la Recherche Scientifique (CNRS)-Institut National de Recherche en Informatique et en Automatique (Inria)-École normale supérieure - Paris (ENS Paris), Université Paris sciences et lettres (PSL)-Université Paris sciences et lettres (PSL), Université Paris sciences et lettres (PSL)-Université Paris sciences et lettres (PSL)-Centre National de la Recherche Scientifique (CNRS)-Institut National de Recherche en Informatique et en Automatique (Inria)-École normale supérieure - Paris (ENS Paris), Université Paris sciences et lettres (PSL)-Université Paris sciences et lettres (PSL)-Centre National de la Recherche Scientifique (CNRS)-Inria de Paris, École normale supérieure - Paris (ENS-PSL), Université Paris sciences et lettres (PSL)-Université Paris sciences et lettres (PSL)-Institut National de Recherche en Informatique et en Automatique (Inria)-Centre National de la Recherche Scientifique (CNRS)-École normale supérieure - Paris (ENS-PSL), and Fuchsbauer, Georg

Subjects

lcsh:Computer engineering. Computer hardware, Applied Mathematics, related-key attack, lcsh:TK7885-7895, random-oracle model, Computer Science Applications, key-dependent-message attack, [INFO.INFO-CR]Computer Science [cs]/Cryptography and Security [cs.CR], Computational Mathematics, xkcd, ideal-cipher model, authenticated encryption, ComputingMilieux_MISCELLANEOUS, Software, [INFO.INFO-CR] Computer Science [cs]/Cryptography and Security [cs.CR], Key-correlated attack

Abstract

We study the security of symmetric primitives against key-correlated attacks (KCA), whereby an adversary can arbitrarily correlate keys, messages, and ciphertexts. Security against KCA is required whenever a primitive should securely encrypt key-dependent data, even when it is used under related keys. KCA is a strengthening of the previously considered notions of related-key attack (RKA) and key-dependent message (KDM) security. This strengthening is strict, as we show that 2-round Even–Mansour fails to be KCA secure even though it is both RKA and KDM secure. We provide feasibility results in the ideal-cipher model for KCAs and show that 3-round Even–Mansour is KCA secure under key offsets in the random-permutation model. We also give a natural transformation that converts any authenticated encryption scheme to a KCA-secure one in the random-oracle model. Conceptually, our results allow for a unified treatment of RKA and KDM security in idealized models of computation., IACR Transactions on Symmetric Cryptology, Volume 2019, Issue 3

Published

2019

3. How to Compartment Secrets

Author

David Naccache, Rémi Géraud-Stewart, Gaëlle Candel, Ingenico Group S.A., Département d'informatique - ENS Paris (DI-ENS), École normale supérieure - Paris (ENS-PSL), Université Paris sciences et lettres (PSL)-Université Paris sciences et lettres (PSL)-Institut National de Recherche en Informatique et en Automatique (Inria)-Centre National de la Recherche Scientifique (CNRS), Maryline Laurent, Thanassis Giannetsos, TC 11, WG 11.2, Département d'informatique de l'École normale supérieure (DI-ENS), and École normale supérieure - Paris (ENS Paris)

Subjects

Physics::Physics and Society, Combinatorics, Computer science, Computer Science::Multimedia, 0202 electrical engineering, electronic engineering, information engineering, [INFO]Computer Science [cs], 020206 networking & telecommunications, 020207 software engineering, 02 engineering and technology, Secret sharing, Computer Science::Cryptography and Security

Abstract

Part 1: Invited Paper; International audience; Secret sharing splits a secret s into $$\ell $$ shares in such a way that $$k\le \ell $$ shares suffice to reconstruct s. Let $$\rho _{i,j}$$ be the probability that shareholder i disclose their share to shareholder j, with $$0 \le i,j < n$$.Given $$k \le \ell \le n$$, to whom $$\ell $$ individuals should we hand shares, if we wish to minimize the probability that one of them reconstitutes s?

Published

2020

4. Les nouveaux territoires stratégiques du cyberespace : le cas de la Russie

Author

Frédérick Douzet, Remi Geraud, Jérémy Robine, Romain Campigotto, Kevin Limonier, Kave Salamatian, Centre de recherches et d'analyses géopolitiques (CRAG), Université Paris 8 Vincennes-Saint-Denis (UP8), Laboratoire d'Informatique, Systèmes, Traitement de l'Information et de la Connaissance (LISTIC), Université Savoie Mont Blanc (USMB [Université de Savoie] [Université de Chambéry]), Ingenico Group S.A., Laboratoire d'analyse et modélisation de systèmes pour l'aide à la décision (LAMSADE), Université Paris Dauphine-PSL-Centre National de la Recherche Scientifique (CNRS), Université Paris Dauphine-PSL, Université Paris sciences et lettres (PSL)-Université Paris sciences et lettres (PSL)-Centre National de la Recherche Scientifique (CNRS), Institut français de géopolitique (IFG ), Centre d'études des mondes russe, caucasien et centre-européen (CERCEC), École des hautes études en sciences sociales (EHESS)-Centre National de la Recherche Scientifique (CNRS)-École des hautes études en sciences sociales (EHESS)-Centre National de la Recherche Scientifique (CNRS)-Centre d'études turques, ottomanes, balkaniques et centrasiatiques (CETOBAC), École des hautes études en sciences sociales (EHESS)-Collège de France (CdF)-Centre National de la Recherche Scientifique (CNRS)-Collège de France (CdF)-Centre National de la Recherche Scientifique (CNRS)-Centre de recherches et d'analyses géopolitiques (CRAG), Université Paris 8 Vincennes-Saint-Denis (UP8)-Université Paris 8 Vincennes-Saint-Denis (UP8), Laboratoire d'informatique de l'école normale supérieure (LIENS), École normale supérieure - Paris (ENS Paris)-Centre National de la Recherche Scientifique (CNRS), Centre National de la Recherche Scientifique (CNRS)-École des hautes études en sciences sociales (EHESS)-Centre National de la Recherche Scientifique (CNRS)-École des hautes études en sciences sociales (EHESS)-Centre d'études turques, ottomanes, balkaniques et centrasiatiques (CETOBaC), École des hautes études en sciences sociales (EHESS)-Collège de France (CdF (institution))-Centre National de la Recherche Scientifique (CNRS)-Collège de France (CdF (institution))-Centre National de la Recherche Scientifique (CNRS)-Centre de recherches et d'analyses géopolitiques (CRAG), Département d'informatique - ENS Paris (DI-ENS), École normale supérieure - Paris (ENS Paris), Université Paris sciences et lettres (PSL)-Université Paris sciences et lettres (PSL)-Institut National de Recherche en Informatique et en Automatique (Inria)-Centre National de la Recherche Scientifique (CNRS)-École normale supérieure - Paris (ENS Paris), Université Paris sciences et lettres (PSL)-Université Paris sciences et lettres (PSL)-Institut National de Recherche en Informatique et en Automatique (Inria)-Centre National de la Recherche Scientifique (CNRS), Kavé, Salamatian, Centre National de la Recherche Scientifique (CNRS)-Collège de France (CdF (institution))-École des hautes études en sciences sociales (EHESS)-Centre National de la Recherche Scientifique (CNRS)-Collège de France (CdF (institution))-Centre de recherches et d'analyses géopolitiques (CRAG), École des hautes études en sciences sociales (EHESS)-Centre National de la Recherche Scientifique (CNRS)-École des hautes études en sciences sociales (EHESS)-Centre National de la Recherche Scientifique (CNRS)-Centre d'études turques, ottomanes, balkaniques et centrasiatiques (CETOBaC), École normale supérieure - Paris (ENS-PSL), and Université Paris sciences et lettres (PSL)-Université Paris sciences et lettres (PSL)-Institut National de Recherche en Informatique et en Automatique (Inria)-Centre National de la Recherche Scientifique (CNRS)-École normale supérieure - Paris (ENS-PSL)

Subjects

[INFO.INFO-NI]Computer Science [cs]/Networking and Internet Architecture [cs.NI], [INFO.INFO-NI] Computer Science [cs]/Networking and Internet Architecture [cs.NI], [SHS.GEO] Humanities and Social Sciences/Geography, [SHS.GEO]Humanities and Social Sciences/Geography, ComputingMilieux_MISCELLANEOUS

Abstract

La cartographie du cyberespace represente un defi a la fois conceptuel et technique. La complexite et le caractere hautement dynamique de cet environnement necessitent le developpement de nouveaux outils intellec­tuels et cartographiques pour en representer les elements strategiques. Cet article, tire d’une etude exploratoire, propose un exemple d’approche cartogra­phique d’une des dimensions cyber d’un theâtre militaire classique et d’un adversaire etatique, a travers un cas precis : l’enjeu de la Siberie comme nouveau territoire strategique du cyberespace pour la Russie. La strategie russe de localisation des donnees s’inscrit dans une politique d’amenagement du territoire et traduit l’apprehension qu’ont les Russes de leur cyberespace : un vecteur de transmission d’informations devant etre soumis a un fort controle etatique.

Published

2017

5. Legally Fair Contract Signing Without Keystones

Author

Diana Maimuț, David Pointcheval, David Naccache, Rémi Géraud, Houda Ferradi, Laboratoire d'informatique de l'école normale supérieure (LIENS), Département d'informatique - ENS Paris (DI-ENS), Centre National de la Recherche Scientifique (CNRS)-Institut National de Recherche en Informatique et en Automatique (Inria)-École normale supérieure - Paris (ENS Paris), Université Paris sciences et lettres (PSL)-Université Paris sciences et lettres (PSL)-Centre National de la Recherche Scientifique (CNRS)-Institut National de Recherche en Informatique et en Automatique (Inria)-École normale supérieure - Paris (ENS Paris), Université Paris sciences et lettres (PSL)-Université Paris sciences et lettres (PSL), Ingenico Group S.A., Construction and Analysis of Systems for Confidentiality and Authenticity of Data and Entities (CASCADE), Université Paris sciences et lettres (PSL)-Université Paris sciences et lettres (PSL)-Inria Paris-Rocquencourt, Institut National de Recherche en Informatique et en Automatique (Inria)-Centre National de la Recherche Scientifique (CNRS), Mark Manulis, Ahmad-Reza Sadeghi, Steve Schneider, ANR-12-INSE-0014,SIMPATIC,SIM et théorie des couplages pour la sécurité de l'information et des communications(2012), École normale supérieure - Paris (ENS-PSL), Université Paris sciences et lettres (PSL)-Université Paris sciences et lettres (PSL)-Institut National de Recherche en Informatique et en Automatique (Inria)-Centre National de la Recherche Scientifique (CNRS)-École normale supérieure - Paris (ENS-PSL), Université Paris sciences et lettres (PSL)-Université Paris sciences et lettres (PSL)-Institut National de Recherche en Informatique et en Automatique (Inria)-Centre National de la Recherche Scientifique (CNRS), Université Paris sciences et lettres (PSL)-Université Paris sciences et lettres (PSL)-Institut National de Recherche en Informatique et en Automatique (Inria)-Centre National de la Recherche Scientifique (CNRS)-Inria Paris-Rocquencourt, École normale supérieure - Paris (ENS Paris), Université Paris sciences et lettres (PSL)-Université Paris sciences et lettres (PSL)-Centre National de la Recherche Scientifique (CNRS), Département d'informatique de l'École normale supérieure (DI-ENS), and Université Paris sciences et lettres (PSL)-Université Paris sciences et lettres (PSL)-Institut National de Recherche en Informatique et en Automatique (Inria)-Centre National de la Recherche Scientifique (CNRS)-École normale supérieure - Paris (ENS Paris)

Subjects

Computer science, business.industry, Internet privacy, 0102 computer and information sciences, 02 engineering and technology, Computer security model, Trusted third party, 16. Peace & justice, Computer security, computer.software_genre, 01 natural sciences, Cheque, Random oracle, [INFO.INFO-CR]Computer Science [cs]/Cryptography and Security [cs.CR], Digital signature, 010201 computation theory & mathematics, Discrete logarithm, 0202 electrical engineering, electronic engineering, information engineering, 020201 artificial intelligence & image processing, business, computer

Abstract

International audience; In two-party computation, achieving both fairness and guaranteed output delivery is well known to be impossible. Despite this limitation , many approaches provide solutions of practical interest by weakening somewhat the fairness requirement. Such approaches fall roughly in three categories: " gradual release " schemes assume that the aggrieved party can eventually reconstruct the missing information; " optimistic schemes " assume a trusted third party arbitrator that can restore fairness in case of litigation; and " concurrent " or " legally fair " schemes in which a breach of fairness is compensated by the aggrieved party having a digitally signed cheque from the other party (called the keystone). In this paper we describe and analyse a new contract signing paradigm that doesn't require keystones to achieve legal fairness, and give a concrete construction based on Schnorr signatures which is compatible with standard Schnorr signatures and provably secure.

Published

2016

6. A First DFA on PRIDE: from Theory to Practice

Author

Lac, Benjamin, Beunardeau, Marc, Canteaut, Anne, Fournier, Jacques Jean-Alain, Sirdey, Renaud, Lac, Benjamin, Département Systèmes et Architectures Sécurisés (SAS-ENSMSE), École des Mines de Saint-Étienne (Mines Saint-Étienne MSE), Institut Mines-Télécom [Paris] (IMT)-Institut Mines-Télécom [Paris] (IMT)-CMP-GC, DPACA [Gardanne], CEA Tech PACA, CEA Tech en régions (CEA-TECH-Reg), Direction de Recherche Technologique (CEA) (DRT (CEA)), Commissariat à l'énergie atomique et aux énergies alternatives (CEA)-Commissariat à l'énergie atomique et aux énergies alternatives (CEA)-Direction de Recherche Technologique (CEA) (DRT (CEA)), Commissariat à l'énergie atomique et aux énergies alternatives (CEA)-Commissariat à l'énergie atomique et aux énergies alternatives (CEA)-CEA Tech en régions (CEA-TECH-Reg), Commissariat à l'énergie atomique et aux énergies alternatives (CEA)-Commissariat à l'énergie atomique et aux énergies alternatives (CEA), École normale supérieure - Paris (ENS Paris), Université Paris sciences et lettres (PSL), Ingenico Group S.A., Security, Cryptology and Transmissions (SECRET), Inria de Paris, Institut National de Recherche en Informatique et en Automatique (Inria)-Institut National de Recherche en Informatique et en Automatique (Inria), Commissariat à l'énergie atomique et aux énergies alternatives - Laboratoire d'Electronique et de Technologie de l'Information (CEA-LETI), Laboratoire d'Intégration des Systèmes et des Technologies (LIST), Benjamin Lac's research work is partly supported by the French DGA-MRIS scholarship, CEA Tech en région Sud (DSUD), École normale supérieure - Paris (ENS-PSL), and Laboratoire d'Intégration des Systèmes et des Technologies (LIST (CEA))

Subjects

[INFO.INFO-CR]Computer Science [cs]/Cryptography and Security [cs.CR], DFA, PRIDE, EM fault attacks, [SPI.NANO] Engineering Sciences [physics]/Micro and nanotechnologies/Microelectronics, lightweight cryptography, [SPI.NANO]Engineering Sciences [physics]/Micro and nanotechnologies/Microelectronics, [INFO.INFO-CR] Computer Science [cs]/Cryptography and Security [cs.CR]

Abstract

International audience; PRIDE is one of the most efficient lightweight block cipher proposed so far for connected objects with high performance and low-resource constraints. In this paper we describe the first ever complete Differential Fault Analysis against PRIDE. We describe how fault attacks can be used against implementations of PRIDE to recover the entire encryption key. Our attack has been validated first through simulations, and then in practice on a software implementation of PRIDE running on a device that could typically be used in IoT devices. Faults have been injected using electromagnetic pulses during the PRIDE execution and the faulty ciphertexts have been used to recover the key bits. We also discuss some countermeasures that could be used to thwart such attacks.

Published

2016

7. How to Sign Paper Contracts? Conjectures & Evidence Related to Equitable & Efficient Collaborative Task Scheduling

Author

Brier, Eric, Naccache, David, Xia, Li-Yao, Ingenico Group S.A., Laboratoire d'informatique de l'école normale supérieure (LIENS), Département d'informatique - ENS Paris (DI-ENS), École normale supérieure - Paris (ENS-PSL), Université Paris sciences et lettres (PSL)-Université Paris sciences et lettres (PSL)-Institut National de Recherche en Informatique et en Automatique (Inria)-Centre National de la Recherche Scientifique (CNRS)-École normale supérieure - Paris (ENS-PSL), Université Paris sciences et lettres (PSL)-Université Paris sciences et lettres (PSL)-Institut National de Recherche en Informatique et en Automatique (Inria)-Centre National de la Recherche Scientifique (CNRS), Construction and Analysis of Systems for Confidentiality and Authenticity of Data and Entities (CASCADE), Université Paris sciences et lettres (PSL)-Université Paris sciences et lettres (PSL)-Institut National de Recherche en Informatique et en Automatique (Inria)-Centre National de la Recherche Scientifique (CNRS)-Inria Paris-Rocquencourt, Institut National de Recherche en Informatique et en Automatique (Inria)-Centre National de la Recherche Scientifique (CNRS), Equipe de recherche sur les marches, l'emploi et la simulation (ERMES), Université Panthéon-Assas (UP2)-Centre National de la Recherche Scientifique (CNRS), Centre National de la Recherche Scientifique (CNRS)-Institut National de Recherche en Informatique et en Automatique (Inria)-École normale supérieure - Paris (ENS Paris), Université Paris sciences et lettres (PSL)-Université Paris sciences et lettres (PSL)-Centre National de la Recherche Scientifique (CNRS)-Institut National de Recherche en Informatique et en Automatique (Inria)-École normale supérieure - Paris (ENS Paris), Université Paris sciences et lettres (PSL)-Université Paris sciences et lettres (PSL), Université Paris sciences et lettres (PSL)-Université Paris sciences et lettres (PSL)-Inria Paris-Rocquencourt, École normale supérieure - Paris (ENS Paris), Université Paris sciences et lettres (PSL)-Université Paris sciences et lettres (PSL)-Centre National de la Recherche Scientifique (CNRS), Département d'informatique de l'École normale supérieure (DI-ENS), Université Paris sciences et lettres (PSL)-Université Paris sciences et lettres (PSL)-Institut National de Recherche en Informatique et en Automatique (Inria)-Centre National de la Recherche Scientifique (CNRS)-École normale supérieure - Paris (ENS Paris), and Naccache, David

Subjects

TheoryofComputation_MISCELLANEOUS, [INFO.INFO-CR]Computer Science [cs]/Cryptography and Security [cs.CR], traffic analysis, encrypted containers, protocols, foundations, ComputingMilieux_MISCELLANEOUS, [INFO.INFO-CR] Computer Science [cs]/Cryptography and Security [cs.CR], Computer Science::Cryptography and Security

Abstract

This paper explores ways of performing commutative tasks by $N$ parties. Tasks are defined as {\sl commutative} if the order at which parties perform tasks can be freely changed without affecting the final result. It is easy to see that arbitrary $N$-party commutative tasks cannot be completed in less than $N-1$ basic time units. We conjecture that arbitrary $N$-party commutative tasks cannot be performed in $N-1$ time units by exchanging less than $4N-6$ messages and provide computational evidence in favor this conjecture. We also explore the most equitable commutative task protocols.

Published

2013

8. How to Scatter a Secret?

Author

Wenjie Fang, David Naccache, Eric Brier, Ingenico Group S.A., École normale supérieure - Paris (ENS Paris), Université Paris sciences et lettres (PSL), Construction and Analysis of Systems for Confidentiality and Authenticity of Data and Entities (CASCADE), Département d'informatique de l'École normale supérieure (DI-ENS), Université Paris sciences et lettres (PSL)-Université Paris sciences et lettres (PSL)-Institut National de Recherche en Informatique et en Automatique (Inria)-Centre National de la Recherche Scientifique (CNRS)-École normale supérieure - Paris (ENS Paris), Université Paris sciences et lettres (PSL)-Université Paris sciences et lettres (PSL)-Institut National de Recherche en Informatique et en Automatique (Inria)-Centre National de la Recherche Scientifique (CNRS)-Inria Paris-Rocquencourt, Institut National de Recherche en Informatique et en Automatique (Inria)-Centre National de la Recherche Scientifique (CNRS), Laboratoire d'informatique de l'école normale supérieure (LIENS), Université Paris sciences et lettres (PSL)-Université Paris sciences et lettres (PSL)-Centre National de la Recherche Scientifique (CNRS), Département d'informatique - ENS Paris (DI-ENS), Centre National de la Recherche Scientifique (CNRS)-Institut National de Recherche en Informatique et en Automatique (Inria)-École normale supérieure - Paris (ENS Paris), Université Paris sciences et lettres (PSL)-Université Paris sciences et lettres (PSL)-Centre National de la Recherche Scientifique (CNRS)-Institut National de Recherche en Informatique et en Automatique (Inria)-École normale supérieure - Paris (ENS Paris), Université Paris sciences et lettres (PSL)-Université Paris sciences et lettres (PSL)-Inria Paris-Rocquencourt, Université Paris sciences et lettres (PSL)-Université Paris sciences et lettres (PSL), École normale supérieure - Paris (ENS-PSL), Université Paris sciences et lettres (PSL)-Université Paris sciences et lettres (PSL)-Institut National de Recherche en Informatique et en Automatique (Inria)-Centre National de la Recherche Scientifique (CNRS)-École normale supérieure - Paris (ENS-PSL), and Université Paris sciences et lettres (PSL)-Université Paris sciences et lettres (PSL)-Institut National de Recherche en Informatique et en Automatique (Inria)-Centre National de la Recherche Scientifique (CNRS)

Subjects

Discrete mathematics, Surface (mathematics), 021110 strategic, defence & security studies, Scattering, Computer science, Applied Mathematics, 05 social sciences, 0211 other engineering and technologies, Structure (category theory), 02 engineering and technology, Function (mathematics), Chip, Upper and lower bounds, 050601 international relations, 0506 political science, Computer Science Applications, Matrix (mathematics), [INFO.INFO-CR]Computer Science [cs]/Cryptography and Security [cs.CR], Mechanical probe station, Algorithm

Abstract

International audience; A mechanical probe station is a laboratory device used to physically acquire signals from the internal nodes of a chip. The station allows positioning of thin probing needles on the chip's surface, either using humanly operated manipulators or automatically.To protect a bit k against probing, one usually encodes k as ℓ bit-shares {s j }0≤j≤ℓ−1 where {s j }0≤j≤ℓ−2 are random and s ℓ−1 = k ⊕ s 0⊕, … ⊕s ℓ−2. If each s i is stored at a different RAM location, the opponent needs to probe all the ℓ cells to learn k.Let k = {k 0, …, k n−1} be an n-bit key recorded in an n × ℓ matrix as {s i, j }0 ≤ i ≤ n − 1, 0 ≤ j ≤ ℓ−1. To force the attacker to probe scattered data, we look for a function f mapping {i, j} to geometrical {x, y} coordinates such that, for u ≠ v, the minimal distance between r i,u and r i,v is as large as possible.This paper solves this problem by exploiting the module structure of . We infer a theoretical lower bound on f's scattering capacity and compare the algorithm's performance with an approximate upper bound. The result is quite satisfying.

Published

2012

9. Modulus Fault Attacks against RSA-CRT Signatures

Author

Mehdi Tibouchi, Eric Brier, David Naccache, Phong Q. Nguyen, Ingenico Group S.A., Construction and Analysis of Systems for Confidentiality and Authenticity of Data and Entities (CASCADE), Département d'informatique - ENS Paris (DI-ENS), Centre National de la Recherche Scientifique (CNRS)-Institut National de Recherche en Informatique et en Automatique (Inria)-École normale supérieure - Paris (ENS Paris), Université Paris sciences et lettres (PSL)-Université Paris sciences et lettres (PSL)-Centre National de la Recherche Scientifique (CNRS)-Institut National de Recherche en Informatique et en Automatique (Inria)-École normale supérieure - Paris (ENS Paris), Université Paris sciences et lettres (PSL)-Université Paris sciences et lettres (PSL)-Inria Paris-Rocquencourt, Institut National de Recherche en Informatique et en Automatique (Inria)-Centre National de la Recherche Scientifique (CNRS), Laboratoire d'informatique de l'école normale supérieure (LIENS), Université Paris sciences et lettres (PSL)-Université Paris sciences et lettres (PSL), Bart Preneel, Tsuyoshi Takagi, École normale supérieure - Paris (ENS Paris), Université Paris sciences et lettres (PSL)-Université Paris sciences et lettres (PSL)-Centre National de la Recherche Scientifique (CNRS), Département d'informatique de l'École normale supérieure (DI-ENS), Université Paris sciences et lettres (PSL)-Université Paris sciences et lettres (PSL)-Institut National de Recherche en Informatique et en Automatique (Inria)-Centre National de la Recherche Scientifique (CNRS)-École normale supérieure - Paris (ENS Paris), Université Paris sciences et lettres (PSL)-Université Paris sciences et lettres (PSL)-Institut National de Recherche en Informatique et en Automatique (Inria)-Centre National de la Recherche Scientifique (CNRS)-Inria Paris-Rocquencourt, École normale supérieure - Paris (ENS-PSL), Université Paris sciences et lettres (PSL)-Université Paris sciences et lettres (PSL)-Institut National de Recherche en Informatique et en Automatique (Inria)-Centre National de la Recherche Scientifique (CNRS)-École normale supérieure - Paris (ENS-PSL), Université Paris sciences et lettres (PSL)-Université Paris sciences et lettres (PSL)-Institut National de Recherche en Informatique et en Automatique (Inria)-Centre National de la Recherche Scientifique (CNRS), and Briot, Brigitte

Subjects

Digital Signatures, Fault Attacks, Modulus, 02 engineering and technology, Lattices, Fault (power engineering), 020202 computer hardware & architecture, [INFO.INFO-CR]Computer Science [cs]/Cryptography and Security [cs.CR], Digital signature, Factorization, RSA, 0202 electrical engineering, electronic engineering, information engineering, CRT, 020201 artificial intelligence & image processing, Fault model, Hardware_ARITHMETICANDLOGICSTRUCTURES, Algorithm, ComputingMilieux_MISCELLANEOUS, [INFO.INFO-CR] Computer Science [cs]/Cryptography and Security [cs.CR], Mathematics, Interpolation

Abstract

International audience; RSA-CRT fault attacks have been an active research area since their discovery by Boneh, DeMillo and Lipton in 1997. We present alternative key-recovery attacks on RSA-CRT signatures: instead of targeting one of the sub-exponentiations in RSA-CRT, we inject faults into the public modulus before CRT interpolation, which makes a number of countermeasures against Boneh et al.’s attack ineffective.Our attacks are based on orthogonal lattice techniques and are very efficient in practice: depending on the fault model, between 5 to 45 faults suffice to recover the RSA factorization within a few seconds. Our simplest attack requires that the adversary knows the faulty moduli, but more sophisticated variants work even if the moduli are unknown, under reasonable fault models. All our attacks have been fully validated experimentally with fault-injection laser techniques.

Published

2011

10. Why One Should Also Secure RSA Public Key Elements

Author

Benoit Chevallier-Mames, Christophe Clavier, Mathieu Ciet, Eric Brier, Ingenico Group S.A., Laboratoire des Technologies de l'Information (DCSSI/SDS/LTI), SGDN, DMI, XLIM (XLIM), and Université de Limoges (UNILIM)-Centre National de la Recherche Scientifique (CNRS)-Université de Limoges (UNILIM)-Centre National de la Recherche Scientifique (CNRS)

Subjects

business.industry, Computer science, Cryptography, 02 engineering and technology, Fault (power engineering), Computer security, computer.software_genre, Signature (logic), 020202 computer hardware & architecture, Public-key cryptography, [INFO.INFO-CR]Computer Science [cs]/Cryptography and Security [cs.CR], Mode (computer interface), Pre-play attack, 0202 electrical engineering, electronic engineering, information engineering, 020201 artificial intelligence & image processing, Fault model, business, computer, Randomness, ComputingMilieux_MISCELLANEOUS

Abstract

It is well known that a malicious adversary can try to retrieve secret information by inducing a fault during cryptographic operations. Following the work of Seifert on fault inductions during RSA signature verification, we consider in this paper the signature counterpart. Our article introduces the first fault attack applied on RSA in standard mode. By only corrupting one public key element, one can recover the private exponent. Indeed, similarly to Seifert’s attack, our attack is done by modifying the modulus. One of the strong points of our attack is that the assumptions on the induced faults’ effects are relaxed. In one mode, absolutely no knowledge of the fault’s behavior is needed to achieve the full recovery of the private exponent. In another mode, based on a fault model defining what is called dictionary, the attack’s efficiency is improved and the number of faults is dramatically reduced. All our attacks are very practical. Note that those attacks do work even against implementations with deterministic (e.g., RSA-FDH) or random (e.g., RSA-PFDH) paddings, except for cases where we have signatures with randomness recovery (such as RSA-PSS). The results finally presented on this paper lead us to conclude that it is also mandatory to protect RSA’s public parameters against fault attacks.

Published

2006

11. Correlation Power Analysis with a Leakage Model

Author

Francis Olivier, Eric Brier, Christophe Clavier, Ingenico Group S.A., DMI, XLIM (XLIM), Université de Limoges (UNILIM)-Centre National de la Recherche Scientifique (CNRS)-Université de Limoges (UNILIM)-Centre National de la Recherche Scientifique (CNRS), and Thales Alenia Space

Subjects

business.industry, Circuit design, 020206 networking & telecommunications, Hamming distance, Cryptography, 02 engineering and technology, Energy consumption, 16. Peace & justice, Computer security, computer.software_genre, Topology, 020202 computer hardware & architecture, law.invention, [INFO.INFO-CR]Computer Science [cs]/Cryptography and Security [cs.CR], Power analysis, law, 0202 electrical engineering, electronic engineering, information engineering, Side channel attack, Cryptanalysis, business, computer, ComputingMilieux_MISCELLANEOUS, Leakage (electronics), Mathematics

Abstract

A classical model is used for the power consumption of cryptographic devices. It is based on the Hamming distance of the data handled with regard to an unknown but constant reference state. Once validated experimentally it allows an optimal attack to be derived called Correlation Power Analysis. It also explains the defects of former approaches such as Differential Power Analysis.

Published

2004

12. The classification of boolean cubics of nine variables

Author

Brier, Eric, Langevin, Philippe, Ingenico Group S.A., Institut de Mathématiques de Toulon - EA 2134 (IMATH), and Université de Toulon (UTLN)

Subjects

[INFO.INFO-DM]Computer Science [cs]/Discrete Mathematics [cs.DM], ComputingMilieux_MISCELLANEOUS

Abstract

International audience; no abstract

Published

2003

13. Cryptanalysis of RSA Signatures with Fixed-Pattern Padding

Author

Christophe Clavier, Jean-Sébastien Coron, Eric Brier, David Naccache, Ingenico Group S.A., DMI, XLIM (XLIM), Université de Limoges (UNILIM)-Centre National de la Recherche Scientifique (CNRS)-Université de Limoges (UNILIM)-Centre National de la Recherche Scientifique (CNRS), Faculty of Science, Technology and Communication [Luxembourg] (FSTC), University of Luxembourg [Luxembourg], Département d'informatique de l'École normale supérieure (DI-ENS), École normale supérieure - Paris (ENS Paris)-Institut National de Recherche en Informatique et en Automatique (Inria)-Centre National de la Recherche Scientifique (CNRS), Département d'informatique - ENS Paris (DI-ENS), École normale supérieure - Paris (ENS-PSL), Université Paris sciences et lettres (PSL)-Université Paris sciences et lettres (PSL)-Institut National de Recherche en Informatique et en Automatique (Inria)-Centre National de la Recherche Scientifique (CNRS), and École normale supérieure - Paris (ENS Paris)

Subjects

Discrete mathematics, business.industry, 020206 networking & telecommunications, Cryptography, 02 engineering and technology, Padding, Signature (logic), law.invention, Public-key cryptography, [INFO.INFO-CR]Computer Science [cs]/Cryptography and Security [cs.CR], Digital signature, law, 020204 information systems, 0202 electrical engineering, electronic engineering, information engineering, Exponent, Arithmetic, business, Cryptanalysis, ComputingMilieux_MISCELLANEOUS, Mathematics

Abstract

A fixed-pattern padding consists in concatenating to the message m a fixed pattern P. The RSA signature is then obtained by computing (P\m)d mod N where d is the private exponent and N the modulus. In Eurocrypt '97, Girault and Misarsky showed that the size of P must be at least half the size of N (in other words the parameter configurations |P| |N|/2. In this paper we show that the size of P must be at least two-thirds of the size of N, i.e. we show that |P| < 2|N|/3 is insecure.

Published

2001