Revisiting PACD-based Attacks on RSA-CRT

In this work, we use some recent developments in lattice-based cryptanalytic tools to revisit a fault attack on RSA-CRT signatures based on the Partial Approximate Common Divisor (PACD) problem. By reducing the PACD to a Hidden Number Problem (HNP) instance, we decrease the number of required faulted bits from 32 to 7 in the case of a 1024-bit RSA. We successfully apply the attack to RSA instances up to 8192-bit and present an enhanced analysis of the error-tolerance in the Bounded Distance Decoding (BDD) with predicate approach. Finally, evaluating the impact of standard side-channel and fault countermeasures, we show that merely verifying the signature before output is not an adequate protection against this attack. The reduction from PACD to HNP might be of independent interest

A Privacy-Preserving Contactless Transport Service for NFC Smartphones

International audienceThe development of NFC-enabled smartphones has paved the way to new applications such as mobile payment (m-payment) and mobile ticketing (m-ticketing). However, often the privacy of users of such services is either not taken into account or based on simple pseudonyms, which does not offer strong privacy properties such as the unlinkability of transactions and minimal information leakage. In this paper, we introduce a lightweight privacy-preserving contactless transport service that uses the SIM card as a secure element. Our implementation of this service uses a group signature protocol in which costly cryptographic operations are delegated to the mobile phone

Biometric Systems Private by Design: Reasoning about privacy properties of biometric system architectures

International audienceThe goal of the work presented in this paper is to show the applicability of the privacyby design approach to biometric systems and the benefit of using formal methods to this end. Webuild on a general framework for the definition and verification of privacy architectures introducedat STM 2014 and show how it can be adapted to biometrics. The choice of particular techniques andthe role of the components (central server, secure module, biometric terminal, smart card, etc.) in thearchitecture have a strong impact on the privacy guarantees provided by a biometric system. Somearchitectures have already been analysed but on a case by case basis, which makes it difficult to drawcomparisons and to provide a rationale for the choice of specific options. In this paper, we describethe application of a general privacy architecture framework to specify different design options forbiometric systems and to reason about them in a formal way

Protection de la vie privée dès la phase de conception: application à la vérification de propriétés d'architectures de systèmes biométriques

The goal of the work presented in this paper is to show the applicability of the privacy by design approach to biometric systems and the benefit of using formal methods to this end. We build on a general framework for the definition and verification of privacy architectures introduced at STM 2014 and show how it can be adapted to biometrics. The choice of particular techniques and the role of the components (central server, secure module, biometric terminal, smart card, etc.) in the architecture have a strong impact on the privacy guarantees provided by a biometric system. Some architectures have already been analysed but on a case by case basis, which makes it dicult to draw comparisons and to provide a rationale for the choice of specific options. In this paper, we describe the application of a general privacy architecture framework to specify di↵erent design options for biometric systems and to reason about them in a formal way

Anonymat et révocation des certificats

National audienc

Accréditations anonymes et signatures rectifiables

National audienc

Protecting privacy by sanitizing personal data: a new approach to anonymous credentials

International audienceAnonymous credential systems allow users to obtain certified credentials from organizations and use them later without being traced. For instance, a student will be able to prove, using his student card certified by the University, that he is a student living e.g. in Hangzhou without revealing other information given by the student card, such as his name or studies. Besides, sanitizable signatures enable a designated person, called the sanitizer, to modify some parts of a signed message in a controlled way, such that the message can still be verified w.r.t. the original signer. We propose in this paper to formalize the following new idea. A user gets from the organization a signed document certifying personal data (e.g. name, address, studies, etc.) and plays the role of the sanitizer. When showing his credential, he uses sanitization techniques to hide the information he does not want to reveal (e.g. name, studies or complete address), and shows the resulting document, which is still seen as a document certified by the organization. Unfortunately, existing sanitizable signatures can not directly be used for this purpose. We thus seek for generic conditions on them to be used as anonymous credentials. We also provide a concrete construction based on standard assumptions and secure in the random oracle model

Delegating Biometric Authentication with the Sumcheck Protocol

Part 5: Short PapersInternational audienceIn this paper, we apply the Sumcheck protocol to verify the Euclidean (resp. Hamming) distance computation in the case of facial (resp. iris) recognition. In particular, we consider a border crossing use case where, thanks to an interactive protocol, we delegate the authentication to the traveller. Verifiable computation aims to give the result of a computation and a proof of its correctness. In our case, the traveller takes over the authentication process and makes a proof that he did it correctly leaving to the authorities to check its validity. We integrate privacy preserving techniques to avoid that an eavesdropper gets information about the biometric data of the traveller during his interactions with the authorities. We provide implementation figures for our proposal showing that it is practical

Outils cryptographiques pour les accrédations anonymes

L'un des rôles de la cryptographie moderne est d'assurer l'authentification pour l'accès aux services numériques. Dans ce contexte, la traçabilité des personnes constitue bien souvent l'envers de la médaille. Afin de répondre à cette problématique majeure du respect de la vie privée, tout en maintenant des politiques de droits d'accès, il serait ainsi souhaitable de concilier authentification et anonymat. Parmi les outils que la cryptographie propose pour répondre à ce besoin, les accréditations anonymes permettent un usage anonyme d'attributs certifiés pour accéder à un service de façon authentifiée. Ce mémoire présente plusieurs contributions au domaine des accréditations anonymes. Nous proposons dans un premier temps d'utiliser le concept de signatures rectifiables dans le cadre des accréditations anonymes. Ces signatures permettent la modification contrôlée, par une personne habilitée, d'un document signé après la génération de la signature. Nous proposons ici de contrôler les données personnelles certifiées qui sont données au fournisseur de service lors du protocole d'authentification, grâce à l'usage de ces signatures rectifiables. Nous proposons dans un deuxième temps d'utiliser le concept de signatures agrégeables dans le cadre des accréditations anonymes. Les signatures agrégeables permettent la réunion de plusieurs signatures individuelles en un agrégat de taille constante. Leur utilisation dans les accréditations anonymes permet ainsi de simplifier l'utilisation de plusieurs accréditations au sein d'un même protocole d'authentification. Nous répondons dans un dernier temps par la positive à un problème ouvert en exhibant une construction multi-usage d'un système d'accréditation anonyme dans lequel les attributs certifiés sont chiffrés.Modern cryptography aims among others to provide authentification means for access to digital services. In this context, the users'traceability is often the flipside of the coin. To address this major issue of privacy, while maintaining access rights policies, it may be desirable to combine authentification and anonymity. From among the tools offered by cryptography, anonymous credentials allow anonymous use of certified attributes to access services. This thesis presents several contributions to the field of anonymous credential. Firstly, we propose to use sanitizable signatures in the context of anonymous credentials. Sanitizable signatures allow the modification, by an authorized person, of a signed document after the signature generation. We propose to control the certified personal data that are revealed to the service provider during an authentification protocol through the use of these sanitizable signaturers. We then propose to use aggregate signatures within anonymous credential systems. Aggregate signatures allow to combine several individual signatures into an aggregate of constant size. Their use in an anonymous credential system allows to simplify the use of multiple accreditations within the same authentification protocol. Finally, we answer positively to an open problem by showing a construction of a multi-show anonymous credential system in which certified attributes are encrypted.PARIS7-Bibliothèque centrale (751132105) / SudocSudocFranceF

Efficient and Strongly Secure Dynamic Domain-Specific Pseudonymous Signatures for ID Documents

International audienc