I have defended my habilitation thesis entitled "On the provable security of cryptographic implementations" on Tuesday, June 21, 2022, at École normale supérieure (Paris).

Manuscript (pre-defense version / final version to come soon)
Defense slides

Jury

Rapporteurs: Examinateurs:

Abstract

We live in a world in which cryptography has become ubiquitous. Devices around us are constantly processing cryptographic computations to ensure the confidentiality and the authenticity of our communications. Over the last forty years, the scientific community and the industry have converged towards the paradigm of provable security for cryptographic algorithms and protocols: they should come with a security proof formally stating their security under well-studied computational hardness assumptions. Such a proof is usually stated in the black-box model in which the adversary is assumed to have an input-output access to the cryptographic mechanism.

Unfortunately, this black-box model was shown insufficient in the late 1990's with the discovery of side-channel attacks. These attacks exploit the physical leakage of a cryptographic implementation (e.g. its execution time, power consumption, or electromagnetic emanation) to practically break it, although the underlying mechanism might achieve strong black-box security. While a lot of progress was made over the last decades to design practical countermeasures against side-channel attacks, achieving provable security for cryptographic implementations under this threat is still largely a work in progress.

This thesis presents some contributions toward the provable security of cryptographic implementations in the presence of side-channel leakage. Our approach relies on masking whose principle is to apply secret sharing at the computation level. Our results have contributed to the formalization of masking security, the construction of efficient masking schemes, the formalization of practically-relevant side-channel leakage models, and the construction of masking schemes achieving provable security under these models.