News
Nicolas Costes successfully defended his PhD thesis
Nicolas with flowers

Nicolas Costes successfully defended his PhD thesis

Published:

On Monday, 9 September 2024, Nicolas Costes successfully defended his PhD thesis, "Exploiting Redundant Designs with Side-Channel Attacks".

Main research findings


Cryptography is everywhere. It protects the ubiquitous data of private messages, family pictures, internet traffic and military communications against unwanted observers. To ensure its infallibility, cryptographic researchers are constantly mounting new and clever attacks to further prove the security of their schemes. We also took upon the role of attacker in this thesis, challenging recent protection schemes with Side-Channel Attacks (SCAs). SCAs are a class of attacks that exploits the physical leakage of an implementation, side-stepping the theoretical security, and requires dedicated countermeasures. Our goal, more than the security of the schemes we attacker, was epistemological: we believed that the design of a scheme could influence its vulnerability to SCAs and that the presence of redundant computations favored the attacker by creating more sources of leakage. Our beliefs proved to be true.


We investigated two different schemes. First, polynomial masking is ironically a countermeasure against SCA which makes use of redundancy to also protect against fault attacks. While a previous peer-reviewed work disproved the idea of redundancy bearing influence on its security we identified a mistake in their experiments and disproved their conclusions altogether. We empirically showed that for each extra fault prevented the security of the scheme against SCA degrades severely.


Second, SKINNY is a recent encryption scheme, designed for low-power embedded systems. We showed that the design paradigm of SKINNY, revolving around a slow diffusion, accidentally leads to high redundancy of leakage sources that an attacker can take advantage of— though it requires expertise. We crafted a new attack taking advantage of this particularity and broke SKINNY with a third of the effort expected for these schemes.


Our results highlight the risks of using redundancy and should influence future cryptographic designs. While redundancy might have been seen as costless in the past, designers of new schemes should definitely think twice if SCAs are in the picture.

Adjudication committee

  • Dr. Ileana Buhan, Assistant Professor, Radboud University, The Netherlands
  • Dr. Sylvain Guilley, Professor, TELECOM-ParisTech, France
  • Eirik Rosnes, Chief Research Scientist, Department of Information Theory, Simula UiB, Norway

Supervisors

  • Dr. Martijn Stam, Chief Research Scientist, Department of Cryptography, Simula UiB, Norway
  • Dr. Øyvind Ytrehus, Research Director, Simula UiB/University of Bergen, Norway

Read more at the UiB Department of Informatics web page.