**Are you an EPFL student looking for a semester project?**

Work with us on data science and visualisation projects, and deploy your project as an app on top of GraphSearch.

Unit# Laboratory of algorithmic cryptology

Laboratory

This page is automatically generated and may contain information that is not correct, complete, up-to-date, or relevant to your search query. The same applies to every other page on this website. Please make sure to verify the information with EPFL's official sources.

Related people

Loading

Units doing similar research

Loading

Related research domains

Loading

Related publications

Loading

Related people (32)

Related publications (89)

Loading

Loading

Loading

Related research domains (88)

Discrete logarithm

In mathematics, for given real numbers a and b, the logarithm logb a is a number x such that bx = a. Analogously, in any group G, powers bk can be defined for all i

Finite field

In mathematics, a finite field or Galois field (so-named in honor of Évariste Galois) is a field that contains a finite number of elements. As with any field, a finite field is a set on which the op

Elliptic curve

In mathematics, an elliptic curve is a smooth, projective, algebraic curve of genus one, on which there is a specified point O. An elliptic curve is defined over a field K

Units doing similar research (103)

We performed magnetic resonance spectroscopy (MRS) on healthy individuals with tinnitus and no hearing loss (n = 16) vs. a matched control group (n = 17) to further elucidate the role of excitatory and inhibitory neurotransmitters in tinnitus. Two-dimensional J-resolved spectroscopy (2D-JPRESS) was applied to disentangle Glutamate (Glu) from Glutamine and to estimate GABA levels in two bilateral voxels in the primary auditory cortex. Results indicated a lower Glu concentration (large effect) in right auditory cortex and lower GABA concentration (medium effect) in the left auditory cortex of the tinnitus group. Within the tinnitus group, Glu levels positively correlated with tinnitus loudness measures. While the GABA difference between groups is in line with former findings and theories about a dysfunctional auditory inhibition system in tinnitus, the novel finding of reduced Glu levels came as a surprise and is discussed in the context of a putative framework of inhibitory mechanisms related to Glu throughout the auditory pathway. Longitudinal or interventional studies could shed more light on interactions and causality of Glu and GABA in tinnitus neurochemistry.

2022Marguerite Marie Nathalie Delcourt, Jean-Yves Le Boudec

Time-synchronization attacks on phasor measurement units (PMUs) pose a real threat to smart grids; it was shown that they are feasible in practice and that they can have a nonnegligible negative impact on state estimation, without triggering the bad data detection mechanisms. Previous works identified vulnerability conditions when targeted PMUs measure a single phasor. Yet, PMUs are capable of measuring several quantities. We present novel vulnerability conditions in the general case, where PMUs measure any number of phasors and can share the same time reference. One is a sufficient condition that does not depend on the measurement values. We propose a security requirement that prevents it and provide a greedy offline algorithm that enforces it. If this security requirement is satisfied, there is still a possibility that the grid can be attacked, although we conjecture that it is very unlikely. We identify two sufficient and necessary vulnerability conditions, which depend on the measurement values. For each, we provide a metric that shows the distance between the observed and vulnerability conditions. We recommend their monitoring for security. Numerical results on the IEEE-39 bus benchmark with real load profiles show that the measurements of a grid satisfying our security requirement are far from vulnerable.

Post-quantum cryptography is a branch of cryptography which deals with cryptographic algorithms whose hardness assumptions are not based on problems known to be solvable by a quantum computer, such as the RSA problem, factoring or discrete logarithms.This thesis treats two such algorithms and provides theoretical and practical attacks against them.The first protocol is the generalised Legendre pseudorandom function - a random bit generator computed as the Legendre symbol of the evaluation of a secret polynomial at an element of a finite field. We introduce a new point of view on the protocol by analysing the action of the group of Möbius transformations on the set of secret keys (secret polynomials).We provide a key extraction attack by creating a table which is cubic in the number of the function queries, an improvement over the previous algorithms which only provided a quadratic yield. Furthermore we provide an ever stronger attack for a new set of particularly weak keys.The second protocol that we cover is SIKE - supersingular isogeny key encapsulation.In 2017 the American National Institute of Standards and Technology (NIST) opened a call for standardisation of post-quantum cryptographic algorithms. One of the candidates, currently listed as an alternative key encapsulation candidate in the third round of the standardisation process, is SIKE.We provide three practical side-channel attacks on the 32-bit ARM Cortex-M4 implementation of SIKE.The first attack targets the elliptic curve scalar multiplication, implemented as a three-point ladder in SIKE. The lack of coordinate randomisation is observed, and used to attack the ladder by means of a differential power analysis algorithm.This allows us to extract the full secret key of the target party with only one power trace.The second attack assumes coordinate randomisation is implemented and provides a zero-value attack - the target party is forced to compute the field element zero, which cannot be protected by randomisation. In particular we target both the three-point ladder and isogeny computation in two separate attacks by providing maliciously generated public keys made of elliptic curve points of irregular order.We show that an order-checking countermeasure is effective, but comes at a price of 10% computational overhead. Furthermore we show how to modify the implementation so that it can be protected from all zero-value attacks, i.e., a zero-value is never computed during the execution of the algorithm.Finally, the last attack targets a point swapping procedure which is a subroutine of the three-point ladder. The attack successfully extracts the full secret key with only one power trace even if the implementation is protected with coordinate randomisation or order-checking. We provide an effective countermeasure --- an improved point swapping algorithm which protects the implementation from our attack.