| Both sides previous revision Previous revision Next revision | Previous revision |
| public:research:main [2024-01-18 12:21] – [Cryptanalysis of elliptic curves and other algebraic methods] x451866 | public:research:main [2024-01-18 15:50] (current) – [Open-source security tools] xjancar |
|---|
| We systematically analyze the security of cryptographic implementations, including the blackbox ones with no access to a source code (e.g., cryptographic smartcards). Typically, a large number of cryptographic operations is executed with observed data and various side-channel information recorded and statistically analyzed. The approach leads to several high-profile discoveries, including the practical factorization of RSA keys from Infineon chips ([[https://roca.crocs.fi.muni.cz/|ROCA attack CVE-2017-15361]]) or EC private key extraction from timing of ECDSA signatures ([[https://minerva.crocs.fi.muni.cz/|Minerva attack CVE-2019-15809]]). The goal is not only to find an attack but also to provide open-source verification tools. | We systematically analyze the security of cryptographic implementations, including the blackbox ones with no access to a source code (e.g., cryptographic smartcards). Typically, a large number of cryptographic operations is executed with observed data and various side-channel information recorded and statistically analyzed. The approach leads to several high-profile discoveries, including the practical factorization of RSA keys from Infineon chips ([[https://roca.crocs.fi.muni.cz/|ROCA attack CVE-2017-15361]]) or EC private key extraction from timing of ECDSA signatures ([[https://minerva.crocs.fi.muni.cz/|Minerva attack CVE-2019-15809]]). The goal is not only to find an attack but also to provide open-source verification tools. |
| |
| <button collapse="cryptoimplementations">Find out more</button> | <button icon="fa fa-caret-down" collapse="cryptoimplementations">Find out more</button> |
| <button icon="fa fa-file-text-o">[[:publications:keywords:cryptoimplementations|Publications]]</button> | <button icon="fa fa-file-text-o">[[:publications:keywords:cryptoimplementations|Publications]]</button> |
| |
| We also develop tools and libraries helping open-source developers to create open, faster, and more secure JavaCard applets. | We also develop tools and libraries helping open-source developers to create open, faster, and more secure JavaCard applets. |
| |
| <button collapse="smartcards">Find out more</button> | <button icon="fa fa-caret-down" collapse="smartcards">Find out more</button> |
| <button icon="fa fa-file-text-o">[[:publications:keywords:smartcards|Publications]]</button> | <button icon="fa fa-file-text-o">[[:publications:keywords:smartcards|Publications]]</button> |
| |
| <collapse id="smartcards" collapsed="true"> | <collapse id="smartcards" collapsed="true"> |
| ===== Cryptanalysis of elliptic curves and other algebraic methods ===== | ===== Cryptanalysis of elliptic curves and other algebraic methods ===== |
| |
| {{ :public:research:std.png?nolink&200|}} | {{ :public:research:curves.png?nolink&120|}} |
| |
| Likely the most theoretical and math-heavy research we do, though still with real-world consequences in mind. We approach elliptic curves from many different directions: we study ECC implementations, problems with ECC formulas, ECC key datasets and in general diverse mathematical ideas involving elliptic curves. Sometimes, this requires us to dive into lattice methods as well. | Likely the most theoretical and math-heavy research we do, though still with real-world consequences in mind. We approach elliptic curves from many different directions: we study ECC implementations, problems with ECC formulas, ECC key datasets and in general diverse mathematical ideas involving elliptic curves. Sometimes, this requires us to dive into lattice methods as well. |
| In the past, we were systematically analyzing standardized elliptic curves. Lately, we have been mainly focusing on ECC with respect to side-channel attacks and the involvement of elliptic curves in the Bitcoin protocol. | In the past, we were systematically analyzing standardized elliptic curves. Lately, we have been mainly focusing on ECC with respect to side-channel attacks and the involvement of elliptic curves in the Bitcoin protocol. |
| |
| <button collapse="ecc">Find out more</button> | <button icon="fa fa-caret-down" collapse="ecc">Find out more</button> |
| <button icon="fa fa-file-text-o">[[:publications:keywords:ecc|Publications]]</button> | <button icon="fa fa-file-text-o">[[:publications:keywords:ecc|Publications]]</button> |
| |
| ** Selected publications: ** | ** Selected publications: ** |
| * [2022] [[https://dissect.crocs.fi.muni.cz/| Sedláček, V.; Suchánek, V.; Dufka A.; Sýs, M.; Matyáš, V.: DiSSECT: Distinguisher of Standard and Simulated Elliptic Curves via Traits]], In Progress in Cryptology - AFRICACRYPT 2022. | * [2022] [[https://dissect.crocs.fi.muni.cz/| Sedláček, V.; Suchánek, V.; Dufka A.; Sýs, M.; Matyáš, V.: DiSSECT: Distinguisher of Standard and Simulated Elliptic Curves via Traits]], In Progress in Cryptology - AFRICACRYPT 2022. |
| * [2021] [[:public:papers:formulas_asiacrypt21| Sedláček, V.; Chi-Domínguez J.J.; Jančár, J.; Brumley B.B.: A formula for disaster: a unified approach to elliptic curve special-point-based attacks]], In Advances in Cryptology – ASIACRYPT 2021. | * [2021] [[:public:papers:formulas_asiacrypt21| Sedláček, V.; Chi-Domínguez, J.J.; Jančár, J.; Brumley, B.B.: A formula for disaster: a unified approach to elliptic curve special-point-based attacks]], In Advances in Cryptology – ASIACRYPT 2021. |
| * [2020] [[https://minerva.crocs.fi.muni.cz/| Jančár, J.; Sedláček, V.; Sýs, M.; Švenda, P.: Minerva: The curse of ECDSA nonces; Systematic analysis of lattice attacks on noisy leakage of bit-length of ECDSA nonces]], In IACR Transactions on Cryptographic Hardware and Embedded Systems (CHES) 2020. **Received Best Paper Award** | * [2020] [[https://minerva.crocs.fi.muni.cz/| Jančár, J.; Sedláček, V.; Sýs, M.; Švenda, P.: Minerva: The curse of ECDSA nonces; Systematic analysis of lattice attacks on noisy leakage of bit-length of ECDSA nonces]], In IACR Transactions on Cryptographic Hardware and Embedded Systems (CHES) 2020. **Received Best Paper Award** |
| * [2020] [[:public:papers:primality_esorics20| Sedláček, V.; Jančár, J.; Švenda, P.: Fooling primality tests on smartcards]], In 25th European Symposium on Research in Computer Security (ESORICS) 2020 | * [2020] [[:public:papers:primality_esorics20| Sedláček, V.; Jančár, J.; Švenda, P.: Fooling primality tests on smartcards]], In 25th European Symposium on Research in Computer Security (ESORICS) 2020 |
| |
| | |
| <button collapse="randomness">Find out more</button> | <button icon="fa fa-caret-down" collapse="randomness">Find out more</button> |
| <button icon="fa fa-file-text-o">[[:publications:keywords:randomness|Publications]]</button> | <button icon="fa fa-file-text-o">[[:publications:keywords:randomness|Publications]]</button> |
| |
| With the use of secure multi-party computation, the risk of vulnerable implementations can be mitigated. Secure multi-party computation allows for splitting of the secret key among multiple devices, which partake in an interactive protocol to perform cryptographic operations. The complete secret key is never reconstructed during this protocol, so if at least one of the devices remains uncorrupted, the secret key is not exposed. Our research focuses on secure multi-party computation executed on the specialized cryptographic devices, which bring interesting constraints to protocol design and implementation. | With the use of secure multi-party computation, the risk of vulnerable implementations can be mitigated. Secure multi-party computation allows for splitting of the secret key among multiple devices, which partake in an interactive protocol to perform cryptographic operations. The complete secret key is never reconstructed during this protocol, so if at least one of the devices remains uncorrupted, the secret key is not exposed. Our research focuses on secure multi-party computation executed on the specialized cryptographic devices, which bring interesting constraints to protocol design and implementation. |
| |
| <button collapse="smpc">Find out more</button> | <button icon="fa fa-caret-down" collapse="smpc">Find out more</button> |
| <button icon="fa fa-file-text-o">[[:publications:keywords:smpc|Publications]]</button> | <button icon="fa fa-file-text-o">[[:publications:keywords:smpc|Publications]]</button> |
| |
| The work leverages our expertise in the side-channel analysis of cryptographic hardware (especially relevant for the hardware wallets), scrutiny of cryptographic implementations (both builder's and attacker's perspective), and randomness testing (crucial to have non-biased private keys and non-leaking signatures). | The work leverages our expertise in the side-channel analysis of cryptographic hardware (especially relevant for the hardware wallets), scrutiny of cryptographic implementations (both builder's and attacker's perspective), and randomness testing (crucial to have non-biased private keys and non-leaking signatures). |
| |
| <button collapse="cryptocurrencies">Find out more</button> | <button icon="fa fa-caret-down" collapse="cryptocurrencies">Find out more</button> |
| <button icon="fa fa-file-text-o">[[:publications:keywords:cryptocurrencies|Publications]]</button> | <button icon="fa fa-file-text-o">[[:publications:keywords:cryptocurrencies|Publications]]</button> |
| |
| |
| |
| <button collapse="opentools">Find out more</button> | <button icon="fa fa-caret-down" collapse="opentools">Find out more</button> |
| <button icon="fa fa-file-text-o">[[:publications:keywords:opentools|Publications]]</button> | <button icon="fa fa-file-text-o">[[:publications:keywords:opentools|Publications]]</button> |
| |