État académique
Thèse en cours...
Sujet: Théorie des corps finis et cryptographie symétrique
Direction de thèse:
Ellipse bleue: doctorant, ellipse jaune: docteur, rectangle vert: permanent, rectangle jaune: HDR. Trait vert: encadrant de thèse, trait bleu: directeur de thèse, pointillé: jury d'évaluation à mi-parcours ou jury de thèse.
Productions scientifiques
Attaques exploitant les représentations équivalentes des LFSR filtrés
National audience
Journées codage et cryptographie 2015 https://hal.inria.fr/hal-01240743 Journées codage et cryptographie 2015, Oct 2015, La Londe-les-Maures, France. 〈http://imath.univ-tln.fr/C2/〉 http://imath.univ-tln.fr/C2/ARRAY(0x7fedcd372070) 2015-10-05
Cryptanalysis of the FLIP Family of Stream Ciphers
International audience
At Eurocrypt 2016, Méaux et al. proposed FLIP, a new family of stream ciphers intended for use in Fully Homomorphic Encryption systems. Unlike its competitors which either have a low initial noise that grows at each successive encryption, or a high constant noise, the FLIP family of ciphers achieves a low constant noise thanks to a new construction called filter permutator. In this paper, we present an attack on the early version of FLIP that exploits the structure of the filter function and the constant internal state of the cipher. Applying this attack to the two instantiations proposed by Méaux et al. allows for a key recovery in 2 54 basic operations (resp. 2 68), compared to the claimed security of 2 80 (resp. 2 128).
Crypto 2016 - 36th Annual International Cryptology Conference https://hal.inria.fr/hal-01404145 Matthew Robshaw; Jonathan Katz. Crypto 2016 - 36th Annual International Cryptology Conference, Aug 2016, Santa Barbara, United States. Springer, 9814, pp.457 - 475, 2016, LNCS - Lecture Notes in Computer Science. 〈10.1007/978-3-662-53018-4_17〉ARRAY(0x7fedcd8a6730) 2016-08-14
Attacks Against Filter Generators Exploiting Monomial Mappings
International audience
Filter generators are vulnerable to several attacks which have led to well-known design criteria on the Boolean filtering function. However , Rønjom and Cid have observed that a change of the primitive root defining the LFSR leads to several equivalent generators. They usually offer different security levels since they involve filtering functions of the form F (x k) where k is coprime to (2 n − 1) and n denotes the LFSR length. It is proved here that this monomial equivalence does not affect the resistance of the generator against algebraic attacks, while it usually impacts the resistance to correlation attacks. Most importantly, a more efficient attack can often be mounted by considering non-bijective mono-mial mappings. In this setting, a divide-and-conquer strategy applies based on a search within a multiplicative subgroup of F * 2 n. Moreover, if the LFSR length n is not a prime, a fast correlation involving a shorter LFSR can be performed.
Fast Software Encrytion - FSE 2016 https://hal.inria.fr/hal-01401009 Fast Software Encrytion - FSE 2016, Mar 2016, Bochum, Germany. Springer, 9783, pp.78 - 98, 2016, Lecture Notes in Computer Science. 〈10.1007/978-3-662-52993-5_5〉ARRAY(0x7fedcd37fbe8) 2016-03-20
Proving Resistance Against Invariant Attacks: How to Choose the Round Constants.
International audience
Many lightweight block ciphers apply a very simple key schedule in which the round keys only differ by addition of a round-specific constant. Generally, there is not much theory on how to choose appropriate constants. In fact, several of those schemes were recently broken using invariant attacks, i.e., invariant subspace or nonlinear invariant attacks. This work analyzes the resistance of such ciphers against invariant attacks and reveals the precise mathematical properties that render those attacks applicable. As a first practical consequence, we prove that some ciphers including Prince, Skinny-64 and Mantis 7 are not vulnerable to invariant attacks. Also, we show that the invariant factors of the linear layer have a major impact on the resistance against those attacks. Most notably, if the number of invariant factors of the linear layer is small (e.g., if its minimal polynomial has a high degree), we can easily find round constants which guarantee the resistance to all types of invariant attacks, independently of the choice of the S-box layer. We also explain how to construct optimal round constants for a given, but arbitrary, linear layer.
Crypto 2017 - 37th Annual International Cryptology Conference https://hal.inria.fr/hal-01631130 Jonathan Katz; Hovav Shacham. Crypto 2017 - 37th Annual International Cryptology Conference, Aug 2017, Santa Barbara, United States. Springer, 10402, pp.647 - 678, 2017, LNCS - Lecture Notes in Computer Science. 〈https://www.iacr.org/conferences/crypto2017/index.html〉. 〈10.1007/978-3-319-63715-0_22〉 https://www.iacr.org/conferences/crypto2017/index.htmlARRAY(0x7fedcd376400) 2017-08-20
Boolean functions with restricted input and their robustness; application to the FLIP cipher
International audience
We study the main cryptographic features of Boolean functions (balanced-ness, nonlinearity, algebraic immunity) when, for a given number n of variables, the input to these functions is restricted to some subset E of F n 2. We study in particular the case when E equals the set of vectors of fixed Hamming weight, which plays a role in the FLIP stream cipher and we study the robustness of the Boolean function in this cipher.
ISSN: 2519-173X IACR Transactions on Symmetric Cryptology https://hal.inria.fr/hal-01633506 IACR Transactions on Symmetric Cryptology, Ruhr Universität Bochum, 2017, 2017 (3), pp.192 - 227. 〈10.13154/tosc.v2017.i3.192-227〉ARRAY(0x7fedcd373d20) 2017
Attaques par invariant : comment s'en protéger?
National audience
Journées codage et cryptographie https://hal.inria.fr/hal-01633519 Journées codage et cryptographie, Apr 2017, La Bresse, France. 2017, 〈https://jc2-2017.inria.fr/〉 https://jc2-2017.inria.fr/ARRAY(0x7fedcd388ed0) 2017-04-23