About

I am a cryptographer working within CryptoExperts, a solution provider in the area of cryptography.

My research interests include cryptographic implementations, emebedded system security, elliptic curve cryptography, and white-box cryptography.

Before joining CryptoExperts in 2010, I have been a cryptography engineer at Oberthur Technologies (smart card manufacturer) and PhD student at University of Luxembourg (2006-2009) focusing on cryptographic implementations and side-channel attacks.

This webpage contains information about my publications, my PhD thesis, and some talks I have given.

News:

Oct 4, 2016: Keynote about white-box crypto at PHISIC 2016  
Sep 16, 2016: Announcing wr0ng, Ecrypt workshop on random number generation, 30 Apr 2017 in Paris (organized by CryptoExperts, affiliated to EUROCRYPT 2017)
Aug 14, 2016: Invited talk about security notions for white-box cryptography at WhibOx 2016  
Aug 12, 2016: Presentation at SAC 2016 about lattice attacks on protected implementations of ECC  
Mar 8, 2016: ePrint paper on (very) efficient higher-order masking in software  
Feb 14, 2016: The Million Dollar Curve has been generated!  







I am member of the International Association for Cryptologic Research (IACR) since 2007.

I have served as a program committee member of the following events:
TIs 2016   SPACE 2016   CHES 2016   EUROCRYPT 2016   COSADE 2016   GREHACK 2015   CHES 2015   COSADE 2015   CHES 2014   FDTC 2014   COSADE 2014   CARDIS 2013   CHES 2013   FDTC 2013   COSADE 2013   CARDIS 2012   CHES 2012   FDTC 2012   HOST 2012   CARDIS 2011   HOST 2011   HOST 2010  

I am currently supervising the PhD thesis of Dahmun Goudarzi (co-supervision with Damien Vergnaud)







The past year, I have co-organized CHES 2015 with Emmanuel Prouff and Guénaël Renault.

The conference CHES (Cryptographic Hardware and Embedded System) is a prime scientific event in the area of applied cryptography with a strong focus on implementation and hardware security. It has occurred every year since 1999 in different countries (USA, France, Germany, Japan, Korea, ...) and it is has become the event with highest attendance among IACR conferences.

For the 2015 edition (13-16 Sep 2015), we chose Saint-Malo (France) as venue. The event has been supported by 32 industrial sponsors and exhibitors. It has gathered 445 registered members (a new record) from more than 30 countries, a few dozens of exhibitors, and a staff of 20 volonteer students.

See also: Les rois du cryptage à Saint-Malo (French press paper on the event)

Publications

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

Preprints

Thesis


On the Physical Security of Cryptographic Implementations


Thesis defended on September 22nd 2009 at University of Luxembourg.

PhD advisor: Jean-Sébastien Coron

PhD committee: Alex Biryukov, Jean-Sébastien Coron, Louis Goubin, Marc Joye, Franck Leprévost, François-Xavier Standaert

Abstract: In modern cryptography, an encryption system is usually studied in the so-called black-box model. In this model, the cryptosystem is seen as an oracle replying to message encryption (and/or decryption) queries according to a secret value: the key. The security of the cryptosystem is then defined following a simple game. An adversary questions the oracle about the encryption (and/or decryption) of messages of its choice and, depending on the answers, attempts to recover the value of the secret key (or to encrypt/decrypt a message for which he did not query the oracle). If by following an optimal strategy the adversary only has a negligible chance of winning, the system is considered as secure. Several cryptosystems have been proved secure in the black-box model. However, this model is not always sufficient to ensure the security of a cryptosystem in practice. Let us consider the example of smart cards which are used as platforms for cryptosystems in various applications such as banking, access control, mobile telephony, pay TV, or electronic passport. By the very nature of these applications, a cryptosystem embedded on a smart card is physically accessible to potential attackers. This physical access invalidates the modeling of the cryptosystem as a simple encryption oracle since it allows the adversary to observe and disrupt its physical behavior. New attacks then become possible which are known as physical cryptanalysis.

Physical cryptanalysis includes two main families of attacks: side channel attacks and fault attacks. The purpose of side channel attacks is to analyze the different physical leakages of a cryptographic implementation during its computation. Chief among these rank timing, power consumption, and electromagnetic radiation. Observing these so-called side channels provides sensitive information about the cryptographic computation. The secret key value can then be easily recovered by statistical treatment although the cryptosystem is secure in the black-box model. The access to a cryptographic implementation enables more than a simple observation of its physical behavior; it is also possible to disrupt its computation. Working on this assumption, fault attacks consist in corrupting cryptographic computations so that they produce erroneous results. Surprisingly, these results can be used in order to recover information about the secret key.

This thesis focuses on physical cryptanalysis as well as on the secure implementation of cryptographic primitives. We examine in the first part side channel attacks from a theoretical viewpoint. Various techniques of attack based on different statistical tools are addressed. We analyze their success rate, we compare their efficiency and we propose some improvements. Our analyses are illustrated by results of simulated attacks as well as practical attacks on smart cards. The second part of this thesis is devoted to one of the most widely used countermeasures to side channel attacks: data masking. Our investigations concentrate on generic masking schemes for block ciphers such as the encryption standards DES and AES. We analyze existing schemes, exhibiting some attacks against certain of them and we propose new designs. The third and last part of this thesis deals with fault attacks. First, we describe a new attack on the DES cipher which exhibits some requirements to its secure implementation. We then provide a case study based on the RSA cryptosystem where we propose a new countermeasure which can also be applied to secure any exponentiation algorithm. We finally address an important issue for practical security: the implementation of coherence checks.

  pdf file

Talks

Contact information

If you wish to contact me, send me an email: