Ph.D defense

My PhD defense entitled « Extended Security of Lattice-based Cryptography » took place on September 10th [recorded defense] [thesis].


Vidéo explicative en Français


Jury

Martin Albrecht, Royal Holloway, University of London (examiner),
Pierre-Alain Fouque, Université de Rennes 1 (examiner),
Louis Goubin, Université de Versailles-Saint-Quentin-en-Yvelines (reviewer),
Helena Handschuh, Rambus, San Francisco (examiner),
Daniele Micciancio, University of California, San Diego (examiner),
Damien Stehlé, École normale supérieure de Lyon (reviewer),

Michel F. Abdalla, École normale supérieure de Paris (director),
Henri Gilbert, ANSSI, Paris (co-director)
Sonia Belaïd, CryptoExperts, Paris (co-supervisor)
Ange Martinelli, Thales, ANSSI, Paris (co-supervisor)
Thomas Prest, PQShield, Oxford (co-supervisor)
Guénaël Renault, École polytechnique, Palaiseau (co-supervisor)


Abstract

Lattice-based cryptography is considered as a quantum-safe alternative for the replacement of currently deployed schemes based on RSA and discrete logarithm on prime fields or elliptic curves. It offers strong theoretical security guarantees, a large array of achievable primitives, and a competitive level of efficiency. Nowadays, in the context of the NIST post-quantum standardization process, future standards may ultimately be chosen and several new lattice-based schemes are high-profile candidates. The cryptographic research has been encouraged to analyze lattice-based cryptosystems, with a particular focus on practical aspects. This thesis is rooted in this effort.

In addition to black-box cryptanalysis with classical computing resources, we investigate the extended security of these new lattice-based cryptosystems, employing a broad spectrum of attack models, e.g. quantum, misuse, timing or physical attacks. Accounting that these models have already been applied to a large variety of pre-quantum asymmetric and symmetric schemes before, we concentrate our efforts on leveraging and addressing the new features introduced by lattice structures. Our contribution is twofold: defensive, i.e. countermeasures for implementations of lattice-based schemes and offensive, i.e. cryptanalysis.

On the defensive side, in view of the numerous recent timing and physical attacks, we wear our designer’s hat and investigate algorithmic protections. We introduce some new algorithmic and mathematical tools to construct provable algorithmic countermeasures in order to systematically prevent all timing and physical attacks. We thus participate in the actual provable protection of the GLP, BLISS, qTesla and Falcon lattice-based signatures schemes.

On the offensive side, we estimate the applicability and complexity of novel attacks leveraging the lack of perfect correctness introduced in certain lattice-based encryption schemes to improve their performance. We show that such a compromise may enable decryption failures attacks in a misuse or quantum model. We finally introduce an algorithmic cryptanalysis tool that assesses the security of the mathematical problem underlying lattice-based schemes when partial knowledge of the secret is available. The usefulness of this new framework is demonstrated with the improvement and automation of several known classical, decryption-failure, and side-channel attacks.