627 results
-
Learning Strikes Again: the Case of the DRS Signature Scheme
Speaker : Yu Yang - CWI Amsterdam
Lattice signature schemes generally require particular care when it comes to preventing secret information from leaking through signature transcript. For example, the Goldreich-Goldwasser-Halevi (GGH) signature scheme and the NTRUSign scheme were completely broken by the parallelepiped-learning attack of Nguyen and Regev (Eurocrypt 2006). Several heuristic countermeasures were also shown[…] -
Practical Strategy-Resistant Privacy-Preserving Elections
Speaker : Quentin Santos - Orange
Recent advances in cryptography promise to let us run com- plex algorithms in the encrypted domain. However, these results are still mostly theoretical since the running times are still much larger than their equivalents in the plaintext domain. In this context, Majority Judgment is a recent proposal for a new voting system with several interesting practical advantages, but which implies a more[…] -
Zero-Knowledge Argument for Matrix-Vector Relations and Lattice-Based Group Encryption
Speaker : Fabrice Mouhartem - ENS Lyon
Group encryption (GE) is the natural encryption analogue of group signatures in that it allows verifiably encrypting messages for some anonymous member of a group while providing evidence that the receiver is a properly certified group member. Should the need arise, an opening authority is capable of identifying the receiver of any ciphertext. As intro- duced by Kiayias, Tsiounis and Yung […] -
Schindler-Itoh/Wiemers revisited: recovering full RSA/ECC private key from noisy side-channel observations
Speaker : Victor Lomné et Thomas Roche
Side-channel attacks on public-key cryptography (i.e. modular exponentiation for RSA or scalar multiplication for ECC) often boils down to distinguishing the 0s from the 1s in the binary representation of the secret exponent (resp. secret scalar).When state-of-the-art countermeasures are implemented, this detection must be errorless: thanks to masking techniques, erroneous masked exponents (resp.[…] -
Binary Edwards Curves for intrinsically secure ECC implementations for the IoT
Speaker : Antoine Loiseau (CEA)
Even if recent advances in public key cryptography tend to focus on algorithms able to survive the post quantum era, at present, there is a urgent need to propose fast, low power and securely implemented cryptography to address the immediate security challenges of the IoT. In this talk, we present a new set of Binary Edwards Curves which have been defined to achieve the highest security levels (up[…] -
How to decrypt without keys with GlobalPlatform SCP02 protocol
Speaker : par Loic Ferreira (Orange Labs, IRISA)
The GlobalPlatform SCP02 protocol is a security protocol implemented in smart cards, and used by transport companies, in the banking world and by mobile network operators (UICC/SIM cards). We describe how to perform a padding oracle attack against SCP02. The attack allows an adversary to efficiently retrieve plaintext bytes from an encrypted data field. We provide results of our experiments done[…]