[Focus on] Research activities of the CRYPTO Team of Institut Fourier

By Philippe Elbaz-Vincent (Institut Fourier)
Research activities of the CRYPTO Team of Institut Fourier are focused on cryptology of asymmetric ciphers (including post-quantum cryptography); design and security models of cryptographic mechanisms; analysis of random number generators (in particular hardware RNGs); secure implementations and arithmetics of cryptographic mechanisms; tools for software protections and whitebox cryptography (e.g., code obfuscation); analysis of security/cryptographic architectures; mathematical foundations for cryptography. Most of our research projects are in partnership with small and large companies, in which we provide cryptographic specifications, and help in the generation of cryptographic parameters or the design of security/cryptographic architectures.
 

Elliptic Curve Cryptography (ECC)

Cryptographic mechanisms based on elliptic curves are widespread in the industry, in particular for embedded systems and IoT due to their small fingerprints and low-bandwith requirements. We have contributed to several works on both the cryptanalysis, the designs of arithmetics and security models for ECC. Secure, and if possible fast, implementations, both in software and hardware, are not easy to design. We have proposed a new open source (LGPLv3 licensing) versatile, secure and fast library for the arithmetic of ECC, called MPHELL which runs on ARM 32bits, STM32 platforms and x86 (32 and 64 bits). Based on unified arithmetics, this library provides robustness against SPA attacks and has been designed to facilitate integration with hardware components and easy customization of the fields' arithmetics. It integrates by default a large number of standardized curves (NIST v1, ANSSI, BSI, Ed25519) as well that some (robust) curves generated by our team. The analysis of several of our implementations in hardware has been studied in collaboration with the TIMA lab, and early implementations have been studied in the PIA ARAMIS project with CEA LETI.
 
This work has been supported by several projects and in particular the LabEx PERSYVAL-Lab, ANR ARRAND, the FUI SECURIOT-2 and the PIA ARAMIS. In the framework of the project ARRAND, we are currently working on the randomization of arithmetics as a counter-measure against several types of attacks.

Post-Quantum Cryptography (PQC)


The progress in Quantum computing and the design of Quantum computers (see. the Quantum Engineering project from Univ. Grenoble Alpes) have been tremendous during the past years. If large-scale quantum computers are ever built, they will be able to break many of the public-key cryptosystems currently in use and even tamper the security levels of other ciphers. In 2017, the NIST has initiated a "process to solicit, evaluate, and standardize one or more quantum-resistant public-key cryptographic algorithms". The 26 "Round 2 candidates" were announced January 30, 2019.
Within this framework we work on both the mathematical tools for PQC and the evaluation of several Round 2 candidates. We currently focus on lattices based cryptography, and in particular problems related to ideal lattices with applications to MIMO and the cryptanalysis of PQC schemes. In order to extend the current framework, we have developped an hermitian version of the tool fpLLL which has been presented recently to WRAC'H. Those works are supported by the FUI SECURIOT-2 and a partnership with BULL/ATOS.

True Random Number Generators (TRNGs)

Having a source of randomness is a key issue when building cryptographic primitives as one will require entropy in order to generate keys and nonces. It is also often a crucial issue when implementing countermeasures against Side Channel Attacks. Random numbers with bad properties can disable security measures against potential attacks by invalidating security proofs of cryptographic algorithms or disabling countermeasures, leading to disastrous consequences. The high number of weak RSA certificates (with broken RSA moduli) present on the web, on firewalls, routers and other network components are both a consequence of entropy failure and/or bad generation of cryptographic parameters. As a core brick of cryptographic implementations, RNGs are likely to be targeted by attackers. More precisely each of their subparts can be attacked.
The first focus is the entropy production itself. For Physical TRNG, electro-magnetic fault injection can efficiently decrease the overall entropy leading to a fully predictable RNG. Perturbing the noise source with temperature and combining it with laser beam, leads to the appearance of specific patterns more likely than others.
The second target can be the post-processing. Our work focus on both the analysis of design of TRNGs and the studies of anomalous behavior (part of this work has been done with CEA LETI) under physical constraints (high or very low temperatures). The following image show the variations of entropy on a CPU incorporating a TRNG and how laser beam could perturbate the entropy level.
and below the distribution of 1-byte word on a chip when combining laser beam and temperature
We currently focus on helping the design and analysis of PTRNG, in particular evaluation criteria and also the anomalies induced in the generation of cryptographic parameters. Our work on this topic has been partially supported by DGA and LabEx AMIES

Published on June 29, 2020