|
|
|
|
|
|
|
Résumé.
For almost 10 years, the detection of a message hidden in an image has been mainly carried out by the computation of a Rich Model (RM), followed by a classification by an Ensemble Classifier (EC). In 2015, the first study using a convolutional neural network (CNN) allowed to obtain steganalysis results by "deep learning" approaching the results of two-step approaches (EC + RM). Therefore, since 2015, numerous publications have shown that it is possible to obtain better performances notably in spatial steganalysis, in JPEG steganalysis, in Selection-Channel-Aware steganalysis, in quantitative steganalysis, in stegananalysis with images of arbitrary size, etc.
In this presentation, we will discuss the infancy of CNNs in steganography / steganalysis. We will recall the steganography / steganalysis purposes, and the generic structure of a convolutional neural network. Then, we will present the best network (beginning of 2018) used for spatial steganalysis. Finally, if there is enough time, we will discuss steganography by GAN, and discuss the perspectives of the field.
Related book chapter : Marc Chaumont, "Deep Learning in steganography and steganalysis from 2015 to 2018", Elsevier Book chapter, draft version n1 (April 2019). This book chapter is a draft version that will be published as a book by ELSEVIER Inc. This chapter will appear in 2020 in the book titled: "Digital Media Steganography: Principles, Algorithms, Advances", Book Editor: M. Hassaballah. A revised version should be available before the end of 2019. 39 pages. http://www.lirmm.fr/~chaumont/publications/ELSEVIER-2020-CHAUMONT_BookChapter_DL_stega_2015-2018_v1.pdf
Résumé.
We describe how to perform a padding oracle attack against the GlobalPlatform SCP02 protocol. SCP02 is implemented in smart cards and used by transport companies, in the banking world and by mobile network operators (UICC/SIM cards). The attack allows an adversary to efficiently retrieve plaintext bytes from an encrypted data field. We provide results of our experiments done with 10 smart cards from six different card manufacturers, and show that, in our experimental setting, the attack is fully practical. Given that billions SIM cards are produced every year, the number of affected cards, although difficult to estimate, is potentially high.
Résumé.
Quantum cryptanalysis studies how to break cryptographic primitives using a quantum computer. Hidden shifts are a class of problems for which quantum algorithms are vastly more efficient than classical algorithms. In this talk, I will present some hidden shift quantum algorithms, and show how they can break various classically-safe cryptographic constructions.
Résumé.
En 1978, McEliece introduit un système de chiffrement basé sur l’utilisation des codes linéaires et propose d’utiliser les codes de Goppa classiques, ie: des sous-codes sur un sous-corps de codes algébriques (AG codes) construit sur une courbe de genre 0. Cette proposition reste sécurisé et dans le but d’introduire une généralisation de ces codes, en 1996, H. Janwa et O. Moreno proposent d’utiliser des sous-codes sur un sous corps de codes construits à partir de courbes de genre > 0 , on les appelle les SSAG codes (Subfield Subcode of AG codes). Cette proposition donne un plus grand choix de code puisqu’on peut faire varier la courbe, le genre, et les points rationnels du diviseur qui génère le code. Le principal obstacle à l’utilisation de ces codes en cryptographie reste le taille de la clé publique comparé aux autres systèmes à clé publique. Pour contourner cette limitation, on réduit la taille des clés en utilisant des codes qui admettent une matrice génératrice compacte. Un moyen d’obtenir des matrices compactes est de choisir des codes avec un groupe d’automorphismes non-trivial, par exemple on utilise des SSAG codes quasi-cycliques.
Résumé.
Un protocole de récupération confidentielle d'information (private information retrieval, PIR) permet d'extraire n'importe quelle entrée D_i d'une base de données D, sans révéler d'information sur i à l'entité qui détient D.
Dans cet exposé, nous donnerons un aperçu de quelques techniques existantes pour la construction de tels protocoles. Nous préciserons notamment des paramètres qui quantifient leur efficacité, tels que la complexité algorithmique des serveurs, la complexité de communication ou la redondance de stockage.
Nous présenterons enfin, par deux exemples, certaines tendances dans la construction de protocoles de PIR. Le premier exemple se concentre sur la complexité de communication du protocole, et se place dans le contexte d'une base de données encodée (à l'aide de codes MDS ou de codes régénérants optimaux). Le seconde qui atteint une complexité algorithmique optimale, peut être instancié grâce à des objets combinatoires appelés designs transversaux.
Résumé.
Differential attacks are one of the main ways to attack block ciphers. Hence, we need to evaluate the security of a given block cipher against these attacks. One way to do so is to determine the minimal number of active S-boxes, and use this number along with the maximal differential probability of the S-box to determine the minimal probability of any differential characteristic. Thus, if one wants to build a new block cipher, one should try to maximize the minimal number of active S-boxes. On the other hand, the related-key security model is now quite important, hence, we also need to study the security of block ciphers in this model. In this work, we search how one could design a key schedule to maximize the number of active S-boxes in the related-key model. However, we also want this key schedule to be efficient, and therefore choose to only consider permutations. Our target is AES, and along with a few generic results about the best reachable bounds, we found a permutation to replace the original key schedule that reaches a minimal number of active S-boxes of 20 over 6 rounds, while no differential characteristic with a probability larger than $2^{-128}$ exists. We also describe an algorithm which helped us to show that there is no permutation that can reach 18 or more active S-boxes in 5 rounds. Finally, we give several pairs $(P_s, P_k)$, replacing respectively the ShiftRows operation and the key schedule of the AES, reaching a minimum of 21 active S-boxes over 6 rounds, while again, there is no differential characteristic with a probability larger than $2^{-128}$. This article is a joint work with Patrick Derbez, Pierre-Alain Fouque and Jérémy Jean, and has been accepted at SAC 2018.
Résumé.
Elliptic curves play an important role in today's public key cryptographic systems. For example, Elliptic curve Diffie-Hellman key agreement scheme, elliptic curve integrated encryption scheme (ECIES), and elliptic curve digital signature algorithm (ECDSA) are among the standardized and widely deployed cryptographic schemes. Efficient and secure implementation of these cryptographic systems require carefully designed mathematical algorithms and their analysis. In the first part of my talk, I will motivate the use of elliptic curves in cryptography with a survey of some algorithms. Then, I will present some recent results on the design and implementation of elliptic curve based cryptographic algorithms in both classical and post-quantum settings.