Bulens, Philippe
[UCL]
(eng)
Every security design involves choosing adequate parameters. When dealing with cryptography, one of the most important choices is the length of the key to be used. Such emphasis comes from Kerckhoffs' principle stating that ``the security must only rely on the key'' while the system should be considered public knowledge. This is indeed the case for our public standards, anyone can access their specifications. However, in those standards, no information is given about how to choose the key length given an application's security requirements.
Using overwhelming large keys in order to work on the safe side is not the way to go as it crushes performances, especially for asymmetric schemes. A commonly used solution is to use recommendations from known and famous organizations, like the NIST or ECRYPT. Another option is to use the mathematical model proposed by Lenstra and Verheul to derive a key length corresponding to a desired security margin.
Questions related to the appropriate selection of keys are at the basis of the work contained in this dissertation. First, we made the proposal of Lenstra and Verheul available on www.keylength.com, together with other recommendations.
Afterwards, we pointed out that Lenstra and Verheul's analysis is based on software data points only. Therefore, we decided to introduce a new data point for hardware in order to compare it with software. For this purpose, we mounted an attack against an elliptic curve discrete logarithm problem using a cluster of low-cost FPGAs.
Then, we noted that only mathematical attacks were considered, that is without taking into account any implementation defect of which an attacker could take advantage. Such a defect led to the now largely studied side-channel and fault attacks. We explored the potential threatd fault attacks really represent and dealt with the more pernicious kinds of fault attacks that aim at disturbing the public elements used in discrete logarithm based schemes.
Finally, we studied how keys can be generated, but from a novel perspective: fuzzy extractors. This recently introduced tool allows building reproducible keys usable in cryptography from physics where measurements are error prone. Using them, we built a system to strongly link information to its medium, using secure paper and low-cost hardware. This shows that physics cannot only be used to break security systems but also to build them.
Bibliographic reference |
Bulens, Philippe. Mathematical and physical concerns regarding cryptographic key length. Prom. : Quisquater, Jean-Jacques |
Permanent URL |
http://hdl.handle.net/2078.1/28567 |