Both sides previous revision Previous revision Next revision | Previous revision |
public:research:main [2024-01-18 12:26] – [Cryptanalysis of elliptic curves and other algebraic methods] x451866 | public:research:main [2024-01-18 15:50] (current) – [Open-source security tools] xjancar |
---|
We systematically analyze the security of cryptographic implementations, including the blackbox ones with no access to a source code (e.g., cryptographic smartcards). Typically, a large number of cryptographic operations is executed with observed data and various side-channel information recorded and statistically analyzed. The approach leads to several high-profile discoveries, including the practical factorization of RSA keys from Infineon chips ([[https://roca.crocs.fi.muni.cz/|ROCA attack CVE-2017-15361]]) or EC private key extraction from timing of ECDSA signatures ([[https://minerva.crocs.fi.muni.cz/|Minerva attack CVE-2019-15809]]). The goal is not only to find an attack but also to provide open-source verification tools. | We systematically analyze the security of cryptographic implementations, including the blackbox ones with no access to a source code (e.g., cryptographic smartcards). Typically, a large number of cryptographic operations is executed with observed data and various side-channel information recorded and statistically analyzed. The approach leads to several high-profile discoveries, including the practical factorization of RSA keys from Infineon chips ([[https://roca.crocs.fi.muni.cz/|ROCA attack CVE-2017-15361]]) or EC private key extraction from timing of ECDSA signatures ([[https://minerva.crocs.fi.muni.cz/|Minerva attack CVE-2019-15809]]). The goal is not only to find an attack but also to provide open-source verification tools. |
| |
<button collapse="cryptoimplementations">Find out more</button> | <button icon="fa fa-caret-down" collapse="cryptoimplementations">Find out more</button> |
<button icon="fa fa-file-text-o">[[:publications:keywords:cryptoimplementations|Publications]]</button> | <button icon="fa fa-file-text-o">[[:publications:keywords:cryptoimplementations|Publications]]</button> |
| |
We also develop tools and libraries helping open-source developers to create open, faster, and more secure JavaCard applets. | We also develop tools and libraries helping open-source developers to create open, faster, and more secure JavaCard applets. |
| |
<button collapse="smartcards">Find out more</button> | <button icon="fa fa-caret-down" collapse="smartcards">Find out more</button> |
<button icon="fa fa-file-text-o">[[:publications:keywords:smartcards|Publications]]</button> | <button icon="fa fa-file-text-o">[[:publications:keywords:smartcards|Publications]]</button> |
| |
<collapse id="smartcards" collapsed="true"> | <collapse id="smartcards" collapsed="true"> |
In the past, we were systematically analyzing standardized elliptic curves. Lately, we have been mainly focusing on ECC with respect to side-channel attacks and the involvement of elliptic curves in the Bitcoin protocol. | In the past, we were systematically analyzing standardized elliptic curves. Lately, we have been mainly focusing on ECC with respect to side-channel attacks and the involvement of elliptic curves in the Bitcoin protocol. |
| |
<button collapse="ecc">Find out more</button> | <button icon="fa fa-caret-down" collapse="ecc">Find out more</button> |
<button icon="fa fa-file-text-o">[[:publications:keywords:ecc|Publications]]</button> | <button icon="fa fa-file-text-o">[[:publications:keywords:ecc|Publications]]</button> |
| |
| |
| |
<button collapse="randomness">Find out more</button> | <button icon="fa fa-caret-down" collapse="randomness">Find out more</button> |
<button icon="fa fa-file-text-o">[[:publications:keywords:randomness|Publications]]</button> | <button icon="fa fa-file-text-o">[[:publications:keywords:randomness|Publications]]</button> |
| |
With the use of secure multi-party computation, the risk of vulnerable implementations can be mitigated. Secure multi-party computation allows for splitting of the secret key among multiple devices, which partake in an interactive protocol to perform cryptographic operations. The complete secret key is never reconstructed during this protocol, so if at least one of the devices remains uncorrupted, the secret key is not exposed. Our research focuses on secure multi-party computation executed on the specialized cryptographic devices, which bring interesting constraints to protocol design and implementation. | With the use of secure multi-party computation, the risk of vulnerable implementations can be mitigated. Secure multi-party computation allows for splitting of the secret key among multiple devices, which partake in an interactive protocol to perform cryptographic operations. The complete secret key is never reconstructed during this protocol, so if at least one of the devices remains uncorrupted, the secret key is not exposed. Our research focuses on secure multi-party computation executed on the specialized cryptographic devices, which bring interesting constraints to protocol design and implementation. |
| |
<button collapse="smpc">Find out more</button> | <button icon="fa fa-caret-down" collapse="smpc">Find out more</button> |
<button icon="fa fa-file-text-o">[[:publications:keywords:smpc|Publications]]</button> | <button icon="fa fa-file-text-o">[[:publications:keywords:smpc|Publications]]</button> |
| |
The work leverages our expertise in the side-channel analysis of cryptographic hardware (especially relevant for the hardware wallets), scrutiny of cryptographic implementations (both builder's and attacker's perspective), and randomness testing (crucial to have non-biased private keys and non-leaking signatures). | The work leverages our expertise in the side-channel analysis of cryptographic hardware (especially relevant for the hardware wallets), scrutiny of cryptographic implementations (both builder's and attacker's perspective), and randomness testing (crucial to have non-biased private keys and non-leaking signatures). |
| |
<button collapse="cryptocurrencies">Find out more</button> | <button icon="fa fa-caret-down" collapse="cryptocurrencies">Find out more</button> |
<button icon="fa fa-file-text-o">[[:publications:keywords:cryptocurrencies|Publications]]</button> | <button icon="fa fa-file-text-o">[[:publications:keywords:cryptocurrencies|Publications]]</button> |
| |
| |
| |
<button collapse="opentools">Find out more</button> | <button icon="fa fa-caret-down" collapse="opentools">Find out more</button> |
<button icon="fa fa-file-text-o">[[:publications:keywords:opentools|Publications]]</button> | <button icon="fa fa-file-text-o">[[:publications:keywords:opentools|Publications]]</button> |
| |