Papers by Christophe Giraud
Http Www Theses Fr, 2007
... Ciet, Claude Delpha, Pierre Duhamel, Jean-Bernard Fischer, Wieland Fischer, Caroline Fontaine... more ... Ciet, Claude Delpha, Pierre Duhamel, Jean-Bernard Fischer, Wieland Fischer, Caroline Fontaine, Erik Knudsen, Alain Le Guyader, Patrice Martin ... et toute l'équipe d'Olivier Chamley : Stéphane Arzur, Matthieu Boisde, Nicolas Bousquet, Marc Dubuisson, Hugo Greneche, Vincent ...
Lecture Notes in Computer Science, 2014
ABSTRACT Since the end of the nineties, cryptographic developers must not only provide fast imple... more ABSTRACT Since the end of the nineties, cryptographic developers must not only provide fast implementations but they must also take Side-Channel Analysis and Fault Injection into account. From that time, many side-channel and fault countermeasures have been proposed to reach a double goal: provide a high level of security while having the smallest impact on performance and memory consumption. In the particular case of RSA, the knowledge of the public exponent has been used to propose the most efficient fault countermeasure in terms of security and performance. However so far no study has been published which exploits such a variable to improve RSA efficiency and side-channel resistance. In this paper, we fill this gap by proposing an original CRT-RSA implementation which makes use of the knowledge of the public exponent. In particular, we investigate an efficient method using only 4 private key parameters out of 5 and we also propose a free message blinding method to reinforce side-channel resistance.
2015 Workshop on Fault Diagnosis and Tolerance in Cryptography (FDTC), 2015
In this paper we describe two different DFA attacks on the AES. The first one uses a theoretical ... more In this paper we describe two different DFA attacks on the AES. The first one uses a theoretical fault model that induces a fault on only one bit of an intermediate result, hence allowing us to obtain the key by using 50 faulty ciphertexts for an AES-128. The second attack uses a more realistic fault model: we assume that we may induce a fault on a whole byte. For an AES-128, this second attack provides the key by using less than 250 faulty ciphertexts.
2010 Workshop on Fault Diagnosis and Tolerance in Cryptography, 2010
At CHES 2008, Vigilant proposed an efficient way of implementing a CRT-RSA resistant against Faul... more At CHES 2008, Vigilant proposed an efficient way of implementing a CRT-RSA resistant against Fault Analysis. In this paper, we investigate the faultresistance of this scheme and we show that it is not immune to fault injection. Indeed, we highlight two weaknesses which can lead an attacker to recover the whole private key by using only one faulty signature. We also suggest some modifications with a negligible cost to improve the fault-resistance of Vigilant's scheme. Therefore the scheme including modifications remains suited to embedded device constraints.
Lecture Notes in Computer Science, 2003
We explain how a differential fault analysis (DFA) works on AES 128, 192 or 256 bits.
2013 Workshop on Fault Diagnosis and Tolerance in Cryptography, 2013
Fault attacks are a common threat for embedded secure implementations. Among the various kinds of... more Fault attacks are a common threat for embedded secure implementations. Among the various kinds of countermeasures proposed so far, the principle of infective computation seems to be one of the most efficient ways to counteract this threat. However, each and every original infective countermeasure suggested for asymmetric cryptosystems has been broken. Nowadays only two propositions for symmetric ciphers are still believed to be secure. Our paper presents the first attacks on both infective symmetric implementations, thus proving that these propositions rely on incomplete security analyses. By breaking the two last surviving infective methods, this paper shows once again that it is very difficult to design a secure infective countermeasure.
IEEE Transactions on Computers, 2000
Nowadays, Side Channel Attacks allow an attacker to recover secrets stored in embedded devices mo... more Nowadays, Side Channel Attacks allow an attacker to recover secrets stored in embedded devices more efficiently than any other kind of attack. Among the former, Fault Attacks (FA) and Single Power Analysis (SPA) are probably the most effective: When applied to straightforward implementations of the RSA cryptosystem, only one execution of the algorithm is required to recover the secret key. Over recent years, many countermeasures have been proposed to prevent Side Channel Attacks on RSA. Regarding Fault Attacks, only one countermeasure offers effective protection and it can be very costly. In this paper, we focus on a means to counteract Fault Attacks by presenting a new way of implementing exponentiation algorithms. This method can be used to obtain fast FA-resistant RSA signature generations in both the Straightforward Method and Chinese Remainder Theorem modes. Moreover, as it has been shown that Fault Attacks can benefit from the weaknesses introduced by some SPA countermeasures, we ensure that our method resists SPA and, thus, does not require supplementary SPA countermeasures.
Uploads
Papers by Christophe Giraud