EUCLEAK
Illustration Romain Flamand – Flamingo Studio – flamandromain@gmail.com
We discovered a side-channel vulnerability in the YubiKey 5Ci. More precisely, we were able to extract the full long term ECDSA secret key linked to a FIDO account from the YubiKey. Furthermore our side-channel journey showed that the vulnerability applies to all YubiKey 5 Series and more generally to all Infineon security microcontrollers (including TPMs). Find more details and the full write-up of our work here.
Inspector Gadget
We are happy to share our last research work Inspector Gadget, co-authored by Camille Mutschler (former engineer and PhD student at NinjaLab and currently teaching and research fellow at the LIRMM / university of Montpellier), Laurent Imbert (research director at the CNRS / LIRMM) and Thomas Roche (co-founder and security expert at NinjaLab), published in the international Journal IACR Communications in Cryptology. This work introduces InspectorGadget, an Open-Source Python-based software for assessing and comparing the complexity of masking gadgets. We illustrate its advantages with a fair comparison of several masked versions of Kyber compression function. InspectorGadget is distributed under the GPL v.3 license. It is freely available here.
CHES 2023 Challenge
Our (former) ninja Valence Cristiani participated and won the CHES 2023 challenge, which consisted in proposing side-channel attacks on a masked implementation of the AES. Furthermore he also hacked the challenge rules and was able to propose a zero trace attack ! Find more details of his work here .
A Side Journey To Titan
Illustration made by Romain Flamand
We discovered a side-channel vulnerability in the Google Titan Security Key. More precisely, we were able to extract the full long term ECDSA secret key linked to a FIDO U2F account from the Google Titan Security Key. Furthermore our side journey showed that the vulnerability also applies on other products. Find more details and the full write-up of our work here .
CARDIS 2019
We are happy to share our last research work Side-channel Attacks on Blinded Scalar Multiplications Revisited, which has been presented at the conference CARDIS 2019 in November 11-13 2019 in Prague, Czech Republic. The preprint version of the article is available on the Cryptology ePrint Archive.
Ledger Challenge 2018
NinjaLab participated and won the Ledger challenge 2018. More precisely, we found a side-channel vulnerability in the ECC public-key generation operation of the cryptographic library of the Ledger Nano S, allowing us to extract the full long term ECC secret key linked to a Bitcoin account. More details are available here.