Results 21-30 of 30.
Bookmark and Share    
Full Text
Peer Reviewed
See detailEfficient Indifferentiable Hashing into Ordinary Elliptic Curves
Brier, Eric; Coron, Jean-Sébastien UL; Icart, Thomas UL et al

in CRYPTO (2010)

Detailed reference viewed: 79 (0 UL)
Full Text
Peer Reviewed
See detailAn Efficient Method for Random Delay Generation in Embedded Software
Coron, Jean-Sébastien UL; Kizhvatov, Ilya UL

in Proceedings of CHES 2009 (2009)

Random delays are a countermeasure against a range of side channel and fault attacks that is often implemented in embedded software. We propose a new method for generation of random delays and a criterion ... [more ▼]

Random delays are a countermeasure against a range of side channel and fault attacks that is often implemented in embedded software. We propose a new method for generation of random delays and a criterion for measuring the efficiency of a random delay countermeasure. We implement this new method along with the existing ones on an 8-bit platform and mount practical side-channel attacks against the implementations. We show that the new method is significantly more secure in practice than the previously published solutions and also more lightweight. [less ▲]

Detailed reference viewed: 83 (0 UL)
Full Text
Peer Reviewed
See detailAnalysis of the split mask countermeasure for embedded systems
Coron, Jean-Sébastien UL; Kizhvatov, Ilya UL

in 4th Workshop on Embedded Systems Security (2009)

We analyze a countermeasure against differential power and electromagnetic attacks that was recently introduced under the name of split mask. We show a general weakness of the split mask countermeasure ... [more ▼]

We analyze a countermeasure against differential power and electromagnetic attacks that was recently introduced under the name of split mask. We show a general weakness of the split mask countermeasure that makes standard DPA attacks with a full key recovery applicable to masked AES and DES implementations. Complexity of the attacks is the same as for unmasked implementations. We implement the most efficient attack on an 8-bit AVR microcontroller. We also show that the strengthened variant of the countermeasure is susceptible to a second order DPA attack independently of the number of used mask tables. [less ▲]

Detailed reference viewed: 63 (0 UL)
Full Text
Peer Reviewed
See detailPSS Is Secure against Random Fault Attacks
Coron, Jean-Sébastien UL; Mandal, Avradip UL

in Proceedings of Asiacrypt 2009 (2009)

A fault attack consists in inducing hardware malfunctions in order to recover secrets from electronic devices. One of the most famous fault attack is Bellcore’s attack against RSA with CRT; it consists in ... [more ▼]

A fault attack consists in inducing hardware malfunctions in order to recover secrets from electronic devices. One of the most famous fault attack is Bellcore’s attack against RSA with CRT; it consists in inducing a fault modulo p but not modulo q at signature generation step; then by taking a gcd the attacker can recover the factorization of N?=?pq. The Bellcore attack applies to any encoding function that is deterministic, for example FDH. Recently, the attack was extended to randomized encodings based on the iso/iec 9796-2 signature standard. Extending the attack to other randomized encodings remains an open problem. In this paper, we show that the Bellcore attack cannot be applied to the PSS encoding; namely we show that PSS is provably secure against random fault attacks in the random oracle model, assuming that inverting RSA is hard. [less ▲]

Detailed reference viewed: 64 (0 UL)
Full Text
Peer Reviewed
See detailPractical Cryptanalysis of ISO/IEC 9796-2 and EMV Signatures
Coron, Jean-Sébastien UL; Naccache, David; Tibouchi, Mehdi UL et al

in Proceedings of CRYPTO 2009 (2009)

In 1999, Coron, Naccache and Stern discovered an existential signature forgery for two popular RSA signature standards, ISO/IEC 9796-1 and 2. Following this attack ISO/IEC 9796-1 was withdrawn. ISO/IEC ... [more ▼]

In 1999, Coron, Naccache and Stern discovered an existential signature forgery for two popular RSA signature standards, ISO/IEC 9796-1 and 2. Following this attack ISO/IEC 9796-1 was withdrawn. ISO/IEC 9796-2 was amended by increasing the message digest to at least 160 bits. Attacking this amended version required at least 2^{61} operations. In this paper, we exhibit algorithmic refinements allowing to attack the amended (currently valid) version of ISO/IEC 9796-2 for all modulus sizes. A practical forgery was computed in only two days using 19 servers on the Amazon EC2 grid for a total cost of $\simeq$ US$800. The forgery was implemented for e?= 2 but attacking odd exponents will not take longer. The forgery was computed for the RSA-2048 challenge modulus, whose factorization is still unknown. The new attack blends several theoretical tools. These do not change the asymptotic complexity of Coron et al.’s technique but significantly accelerate it for parameter values previously considered beyond reach. While less efficient (US$45,000), the acceleration also extends to EMV signatures. EMV is an ISO/IEC 9796-2-compliant format with extra redundancy. Luckily, this attack does not threaten any of the 730 million EMV payment cards in circulation for operational reasons. Costs are per modulus: after a first forgery for a given modulus, obtaining more forgeries is virtually immediate. [less ▲]

Detailed reference viewed: 106 (9 UL)
Full Text
Peer Reviewed
See detailFault Attacks on RSA Signatures with Partially Unknown Messages
Coron, Jean-Sébastien UL; Joux, Antoine; Kizhvatov, Ilya UL et al

in Proceedings of CHES 2009 (2009)

Fault attacks exploit hardware malfunctions to recover secrets from embedded electronic devices. In the late 90’s, Boneh, DeMillo and Lipton introduced fault-based attacks on CRt-RSA. These attacks factor ... [more ▼]

Fault attacks exploit hardware malfunctions to recover secrets from embedded electronic devices. In the late 90’s, Boneh, DeMillo and Lipton introduced fault-based attacks on CRt-RSA. These attacks factor the signer’s modulus when the message padding function is deterministic. However, the attack does not apply when the message is partially unknown, for example when messages contain some randomness which is recovered only when verifying a correct signature. In this paper we successfully extends rsa fault attacks to a large class of partially known message configurations. The new attacks rely on Coppersmith’s algorithm for finding small roots of multivariate polynomial equations. We illustrate the approach by successfully attacking several randomized versions of the ISO/IEC 9796-2 encoding standard. Practical experiments show that a 2048-bit modulus can be factored in less than a minute given one faulty signature containing 160 random bits and an unknown 160-bit message digest. [less ▲]

Detailed reference viewed: 80 (0 UL)
Peer Reviewed
See detailA New DPA Countermeasure Based on Permutation Tables
Coron, Jean-Sébastien UL

in Advances in Cryptography (2008)

Detailed reference viewed: 79 (1 UL)
Peer Reviewed
See detailThe Random Oracle Model and the Ideal Cipher Model Are Equivalent
Coron, Jean-Sébastien UL; Patarin, Jacques; Seurin, Yannick

in Advances in Cryptography (2008)

Detailed reference viewed: 79 (3 UL)
Peer Reviewed
See detailAttack and Improvement of a Secure S-Box Calculation Based on the Fourier Transform
Coron, Jean-Sébastien UL; Giraud, Christophe; Prouff, Emmanuel et al

in Advances in Cryptography (2008)

Detailed reference viewed: 64 (0 UL)
Peer Reviewed
See detailCryptanalysis of ISO/IEC 9796-1
Coppersmith, Don; Coron, Jean-Sébastien UL; Grieu, François et al

in Journal of Cryptology (2008), 21(1), 2751

Detailed reference viewed: 47 (0 UL)