Karine Villegas

Power analysis for secret recovering and reverse engineering of public key algorithms

Power Analysis has been deeply studied since 1998 in order to improve the security of tamper resistant products such as Trusted Platform Module (TPM). The study has evolved from initial basic techniques like simple and differential power analysis to more complex models such as correlation. However, works on correlation techniques have essentially been focused on symmetric cryptography. We analyze here the interests of this technique when applied to different smartcard coprocessors dedicated to asymmetric cryptography implementations. This study leads us to discover and realize new attacks on RSA and ECC type algorithms with fewer curves than classical attacks. We also present how correlation analysis is a powerful tool to reverse engineer asymmetric implementations.

A new payment protocol over the Internet

We propose in this paper to reuse the existing payment infrastructure to introduce a proof of transaction genuineness computed by a smart card chip. The idea is to divide the amount of the transaction into several sub-amounts, which added together give the total amount. The sub-amounts are function of a secret shared with the bank, which can verify that the split is correct, thus proving that the transaction is authentic. We provide here a description of the algorithm and its implementation in a .NET card.

SPAKE: a single-party public-key authenticated key exchange protocol for contact-less applications

SPAKE is a cryptographic protocol that provides lightweight transactions in contact-less applications. In this protocol a verifier (a reader or terminal) authenticates a prover (a contact-less card) relative to a certification authority. Additionally, the prover and the verifier must establish a session key for secure messaging. Contrarily to previous solutions such as MIFARE, the protocol is asymmetric in order to allow SAM1-less, low cost readers. Because contact-less transactions are subject to very strong time limitations, the protocol also achieves high-speed computations while providing a customizable security level.