Дисертації з теми "Cryptographie sur réseaux euclidiens"
Оформте джерело за APA, MLA, Chicago, Harvard та іншими стилями
Ознайомтеся з топ-36 дисертацій для дослідження на тему "Cryptographie sur réseaux euclidiens".
Біля кожної праці в переліку літератури доступна кнопка «Додати до бібліографії». Скористайтеся нею – і ми автоматично оформимо бібліографічне посилання на обрану працю в потрібному вам стилі цитування: APA, MLA, «Гарвард», «Чикаго», «Ванкувер» тощо.
Також ви можете завантажити повний текст наукової публікації у форматі «.pdf» та прочитати онлайн анотацію до роботи, якщо відповідні параметри наявні в метаданих.
Переглядайте дисертації для різних дисциплін та оформлюйте правильно вашу бібліографію.
Stehlé, Damien. "Réseaux Euclidiens : Algorithmes et Cryptographie." Habilitation à diriger des recherches, Ecole normale supérieure de lyon - ENS LYON, 2011. http://tel.archives-ouvertes.fr/tel-00645387.
Повний текст джерелаBert, Pauline. "Signatures reposant sur les réseaux euclidiens : de la construction à l'implémentation." Thesis, Rennes 1, 2019. http://www.theses.fr/2019REN1S126.
Повний текст джерелаLattice-based cryptography is one of the major line of research to build post-quantum public key primitives. In this thesis, we discuss about digital signatures constructions and their implementation. We first describe a Fiat-Shamir transformation from an identification scheme using rejection sampling to a digital signature secure in the random oracle model. Then we describe an identity-based encryption scheme and we prove its security in the standard model. An identity-based encryption scheme is like a classical public key where the public key is the identity of a user such as its email address or its social security number. A user contacts a third trusted party to get a secret key associated to its identity. In our construction, a secret key consists essentially in a signature of the identity of the user. We also describe this underlying digital signature scheme associated to our identity based encryption scheme. Finally, we present implementation results of these two schemes and how we choose concrete parameters
Ducas-Binda, Léo. "Signatures fondées sur les réseaux euclidiens : attaques, analyses et optimisations." Paris 7, 2013. http://www.theses.fr/2013PA077210.
Повний текст джерелаLattices have attracted a theoretical interest in the cryptographers' community those past years. They seem to offer a stronger foundation, but have also proved themselves very versatile. Nevertheless, efforts in the direction of the implementation and use of this innovative cryptography have remained very limited: essentially restricted to the ingenious yet premature cryptosystems of the NTRU company around the year 2000. This thesis joins this direction, in particular for the problems of digital signatures. We first present a new attack on the NTRUSign signature scheme: since its introduction, an information leakage has cast doubts about its practical security of that cryptosystem. Our work presents the first practical attack on that scheme despite the implementation of counterineasures. We then move our attention to an alternative countermeasure that is provably secure, yet not so efficient. We propose new algorithms that are adapted and efficient for this task, with or without usage of floating point. We conclude this thesis with the conception and implementation of a new signature scheme, BLISS, with two objectives: provable security and practical efficiency. We introduce the usage of Bimodal Gaussian, that surprisingly allow one to benefit ath the same time from progress on trapless signatures, and from an NTRU-like trap generation. Our implementation is Open-Source, and compete favorably with standardized primitives such as RSA or ECDSA
Ricosset, Thomas. "Signature électronique basée sur les réseaux euclidiens et échantillonnage selon une loi normale discrète." Thesis, Toulouse, INPT, 2018. http://www.theses.fr/2018INPT0106/document.
Повний текст джерелаLattice-based cryptography has generated considerable interest in the last two decades due toattractive features, including conjectured security against quantum attacks, strong securityguarantees from worst-case hardness assumptions and constructions of fully homomorphicencryption schemes. On the other hand, even though it is a crucial part of many lattice-basedschemes, Gaussian sampling is still lagging and continues to limit the effectiveness of this newcryptography. The first goal of this thesis is to improve the efficiency of Gaussian sampling forlattice-based hash-and-sign signature schemes. We propose a non-centered algorithm, with aflexible time-memory tradeoff, as fast as its centered variant for practicable size of precomputedtables. We also use the Rényi divergence to bound the precision requirement to the standarddouble precision. Our second objective is to construct Falcon, a new hash-and-sign signaturescheme, based on the theoretical framework of Gentry, Peikert and Vaikuntanathan for latticebasedsignatures. We instantiate that framework over NTRU lattices with a new trapdoor sampler
Prest, Thomas. "Gaussian sampling in lattice-based cryptography." Thesis, Paris, Ecole normale supérieure, 2015. http://www.theses.fr/2015ENSU0045/document.
Повний текст джерелаAlthough rather recent, lattice-based cryptography has stood out on numerous points, be it by the variety of constructions that it allows, by its expected resistance to quantum computers, of by its efficiency when instantiated on some classes of lattices. One of the most powerful tools of lattice-based cryptography is Gaussian sampling. At a high level, it allows to prove the knowledge of a particular lattice basis without disclosing any information about this basis. It allows to realize a wide array of cryptosystems. Somewhat surprisingly, few practical instantiations of such schemes are realized, and the algorithms which perform Gaussian sampling are seldom studied. The goal of this thesis is to fill the gap between the theory and practice of Gaussian sampling. First, we study and improve the existing algorithms, byboth a statistical analysis and a geometrical approach. We then exploit the structures underlying many classes of lattices and apply the ideas of the fast Fourier transform to a Gaussian sampler, allowing us to reach a quasilinearcomplexity instead of quadratic. Finally, we use Gaussian sampling in practice to instantiate a signature scheme and an identity-based encryption scheme. The first one yields signatures that are the most compact currently obtained in lattice-based cryptography, and the second one allows encryption and decryption that are about one thousand times faster than those obtained with a pairing-based counterpart on elliptic curves
Roux-Langlois, Adeline. "Lattice - Based Cryptography - Security Foundations and Constructions." Thesis, Lyon, École normale supérieure, 2014. http://www.theses.fr/2014ENSL0940/document.
Повний текст джерелаLattice-based cryptography is a branch of cryptography exploiting the presumed hardness of some well-known problems on lattices. Its main advantages are its simplicity, efficiency, and apparent security against quantum computers. The principle of the security proofs in lattice-based cryptography is to show that attacking a given scheme is at least as hard as solving a particular problem, as the Learning with Errors problem (LWE) or the Small Integer Solution problem (SIS). Then, by showing that those two problems are at least as hard to solve than a hard problem on lattices, presumed polynomial time intractable, we conclude that the constructed scheme is secure.In this thesis, we improve the foundation of the security proofs and build new cryptographic schemes. We study the hardness of the SIS and LWE problems, and of some of their variants on integer rings of cyclotomic fields and on modules on those rings. We show that there is a classical hardness proof for the LWE problem (Regev's prior reduction was quantum), and that the module variants of SIS and LWE are also hard to solve. We also give two new lattice-based group signature schemes, with security based on SIS and LWE. One is the first lattice-based group signature with logarithmic signature size in the number of users. And the other construction allows another functionality, verifier-local revocation. Finally, we improve the size of some parameters in the work on cryptographic multilinear maps of Garg, Gentry and Halevi in 2013
Zijlstra, Timo. "Accélérateurs matériels sécurisés pour la cryptographie post-quantique." Thesis, Lorient, 2020. http://www.theses.fr/2020LORIS564.
Повний текст джерелаShor's quantum algorithm can be used to efficiently solve the integer factorisation problem and the discrete logarithm in certain groups. The security of the most commonly used public key cryptographic protocols relies on the conjectured hardness of exactly these mathematical problems. A sufficiently large quantum computer could therefore pose a threat to the confidentiality and authenticity of secure digital communication. Post quantum cryptography relies on mathematical problems that are computationally hard for quantum computers, such as Learning with Errors (LWE) and its variants RLWE and MLWE. In this thesis, we present and compare FPGA implementations of LWE, RLWE and MLWE based public key encryption algorithms. We discuss various trade-offs between security, computation time and hardware cost. The implementations are parallelized in order to obtain maximal speed-up. We show that MLWE has the best performance in terms of computation time and area utilization, and can be parallelized more efficiently than RLWE. We also discuss hardware security and propose countermeasures against side channel attacks for RLWE. We consider countermeasures from the state of the art, such as masking and blinding, and propose improvements to these algorithms. Moreover, we propose new countermeasures based on redundant number representation and the random shuffling of operations. All countermeasures are implemented on FPGA to compare their cost and computation time overhead. Our proposed protection based on redundant number representation is particularly flexible, in the sens that it can be implemented for various degrees of protection at various costs
Kharchenko, Natalia. "Lattice algorithms and lattice-based cryptography." Electronic Thesis or Diss., Sorbonne université, 2020. http://www.theses.fr/2020SORUS337.
Повний текст джерелаLattice-based cryptography is a field of research that studies the construction of tools for secure communication based on hard lattice problems. Lattice-based cryptography is one of the most promising candidates for secure post-quantum communication. This thesis studies algorithms for solving hard lattice problems and their application to the evaluation of the security of cryptosystems. In the first part, we introduce a new family of lattice sieving algorithms called cylindrical sieving. Heuristic sieving is currently the fastest approach to solve central lattice problems: SVP and CVP. We show that cylindrical sieving can outperform existing sieving algorithms in some cases, namely, that it is more efficient for solving SVP for lattices with small prime volume and for solving the closest vector problem with preprocessing (CVPP). In the second part of the thesis, we improve the dual attack originally used to estimate the security of the Fast Fully Homomorphic Encryption scheme over Torus (TFHE). We hybridize the dual attack with the search for the secret key part. As TFHE uses binary keys, the search part of the attack can be performed efficiently by exploiting the recursive structure of the search space. We compare our attack with other existing techniques for solving LWE and show that the security level of the TFHE scheme should be updated according to the new attack
Jeudy, Corentin. "Design of advanced post-quantum signature schemes." Electronic Thesis or Diss., Université de Rennes (2023-....), 2024. http://www.theses.fr/2024URENS018.
Повний текст джерелаThe transition to post-quantum cryptography has been an enormous effort for cryptographers over the last decade. In the meantime, cryptography for the protection of privacy, aiming at addressing the limitations inherent to basic cryptographic mechanisms in this domain, has also attracted a lot of attention. Nevertheless, despite the success of both individual branches, combining both aspects along with practicality turns out to be very challenging. The goal of this thesis then lies in proposing new constructions for practical post-quantum privacy, and more generally advanced authentication mechanisms. To this end, we first focus on the lower level by studying one of the fundamental mathematical assumptions used in lattice-based cryptography: Module Learning With Errors. We show that it does not get significantly easier when stretching the secret and error distributions. We then turn to optimizing preimage samplers which are used in advanced signature designs. Far from being limited to this use case, we show that it also leads to efficient designs of regular signatures. Finally, we use some of the previous contributions to construct so-called signatures with efficient protocols, a versatile building block in countless advanced applications. We showcase it by giving the first post-quantum anonymous credentials, which we implement to demonstrate a theoretical and practical efficiency
Georgieva, Mariya. "Analyse probabiliste de la réduction des réseaux euclidiens cryptographiques." Caen, 2013. http://www.theses.fr/2013CAEN2054.
Повний текст джерелаThe topics addressed in this thesis belong to the interface between cryptography, algorithmics, and analysis of algorithms. They focus to a particular area, the geometry of numbers, in particular lattice reduction. Given the difficulty of an exact analysis of the LLL algorithm, we proposed a class of simplified models for the execution of the algorithm, ranging from the simplest one, already proposed by Madrisch and Vallée, to the most complex, which is the LLL algorithm itself. We first returned to the analysis of the simplest model and adopted there the perspective of the ``chip firing game''. From this perspective, we also described models for the different inputs of interest, corresponding to cryptographic systems. We were then led to three families of ``cryptographic lattices'': Ajtai's lattices give rise to sandpiles, whose piles are all ``full'' ; Knapsack or NTRU lattices give rise to sandpiles ``with only one pile''; finally Coppersmith's lattices give rise to sandpiles with ``holes''. Then we studied a model for the execution which was less simplified, but probably more realistic. We performed a detailed analysis of this model: a complete analysis in the two dimensional case, which corresponds to three-dimensional lattices, where the analysis of the exact LLL algorithm is not yet known, together with a partial analysis in general dimensions. Finally, we conducted experiments, in order to obtain an experimental validation of the assumptions that lead to simplified models
Lepoint, Tancrède. "Conception and implémentation de cryptographie à base de réseaux." Phd thesis, Ecole Normale Supérieure de Paris - ENS Paris, 2014. http://tel.archives-ouvertes.fr/tel-01069864.
Повний текст джерелаRossi, Mélissa. "Extended security of lattice-based cryptography." Electronic Thesis or Diss., Université Paris sciences et lettres, 2020. http://www.theses.fr/2020UPSLE050.
Повний текст джерелаLattice-based cryptography is considered as a quantum-safe alternative for the replacement of currently deployed schemes based on RSA and discrete logarithm on prime fields or elliptic curves. It offers strong theoretical security guarantees, a large array of achievable primitives, and a competitive level of efficiency. Nowadays, in the context of the NIST post-quantum standardization process, future standards may ultimately be chosen and several new lattice-based schemes are high-profile candidates. The cryptographic research has been encouraged to analyze lattice-based cryptosystems, with a particular focus on practical aspects. This thesis is rooted in this effort. In addition to black-box cryptanalysis with classical computing resources, we investigate the extended security of these new lattice-based cryptosystems, employing a broad spectrum of attack models e.g. quantum, misuse, timing or physical attacks. Accounting that these models have already been applied to a large variety of pre-quantum asymmetric and symmetric schemes before, we concentrate our efforts on leveraging and addressing the new features introduced by lattice structures. Our contribution is twofold: defensive, i.e. countermeasures for implementations of lattice-based schemes and offensive, i.e. cryptanalysis. On the defensive side, in view of the numerous recent timing and physical attacks, we wear our designer's hat and investigate algorithmic protections. We introduce some new algorithmic and mathematical tools to construct provable algorithmic countermeasures in order to systematically prevent all timing and physical attacks. We thus participate in the actual provable protection of the GLP, BLISS, qTesla and Falcon lattice-based signatures schemes. On the offensive side, we estimate the applicability and complexity of novel attacks leveraging the lack of perfect correctness introduced in certain lattice-based encryption schemes to improve their performance. We show that such a compromise may enable decryption failures attacks in a misuse or quantum model. We finally introduce an algorithmic cryptanalysis tool that assesses the security of the mathematical problem underlying lattice-based schemes when partial knowledge of the secret is available. The usefulness of this new framework is demonstrated with the improvement and automation of several known classical, decryption-failure, and side-channel attacks
Eynard, Julien. "Approche arithmétique RNS de la cryptographie asymétrique." Thesis, Paris 6, 2015. http://www.theses.fr/2015PA066107/document.
Повний текст джерелаThis thesis is at the crossroads between cryptography and computer arithmetic. It deals with enhancement of cryptographic primitives with regard to computation acceleration and protection against fault injections through the use of residue number systems (RNS) and their associated arithmetic. So as to contribute to secure the modular multiplication, which is a core operation for many asymmetric cryptographic primitives, a new modular reduction algorithm supplied with fault detection capability is presented. A formal proof guarantees that faults affecting one or more residues during a modular reduction are well detected. Furthermore, this approach is generalized to an arithmetic dedicated to non-prime finite fields Fps . Afterwards, RNS are used in lattice-based cryptography area. The aim is to exploit acceleration properties enabled by RNS, as it is widely done for finite field arithmetic. As first result, a new version of Babai’s round-off algorithm based on hybrid RNS-MRS representation is presented. Then, a new and specific acceleration technique enables to create a full RNS algorithm computing a close lattice vector
Eynard, Julien. "Approche arithmétique RNS de la cryptographie asymétrique." Electronic Thesis or Diss., Paris 6, 2015. http://www.theses.fr/2015PA066107.
Повний текст джерелаThis thesis is at the crossroads between cryptography and computer arithmetic. It deals with enhancement of cryptographic primitives with regard to computation acceleration and protection against fault injections through the use of residue number systems (RNS) and their associated arithmetic. So as to contribute to secure the modular multiplication, which is a core operation for many asymmetric cryptographic primitives, a new modular reduction algorithm supplied with fault detection capability is presented. A formal proof guarantees that faults affecting one or more residues during a modular reduction are well detected. Furthermore, this approach is generalized to an arithmetic dedicated to non-prime finite fields Fps . Afterwards, RNS are used in lattice-based cryptography area. The aim is to exploit acceleration properties enabled by RNS, as it is widely done for finite field arithmetic. As first result, a new version of Babai’s round-off algorithm based on hybrid RNS-MRS representation is presented. Then, a new and specific acceleration technique enables to create a full RNS algorithm computing a close lattice vector
Boudguiga, Aymen. "Authentification dans les réseaux maillés sans fils avec la cryptographie basée sur l'identité." Phd thesis, Institut National des Télécommunications, 2012. http://tel.archives-ouvertes.fr/tel-00762635.
Повний текст джерелаPino, Rafaël del. "Efficient lattice-based zero-knowledge proofs and applications." Thesis, Paris Sciences et Lettres (ComUE), 2018. http://www.theses.fr/2018PSLEE055/document.
Повний текст джерелаLattice based cryptography has developed greatly in the last two decades, both with new and stimulating results such as fully-homomorphic encryption, and with great progress in the efficiency of existing cryptographic primitives like encryption and signatures which are becoming competitive with their number theoretic counterparts. On the other hand, even though they are a crucial part of many privacy-based protocols, zero-knowledge proofs of knowledge are still lagging behind in expressiveness and efficiency. The first goal of this thesis is to improve the quality of lattice-based proofs of knowledge. We construct new zero-knowledge proofs of knowledge such as a subset membership proof with size independent of the subset. We also work towards making zero-knowledge proofs more practical, by introducing a new amortized proof of knowledge that subsumes all previous results. Our second objective will be to use the proofs of knowledge we designed to construct novel and efficient cryptographic primitives. We build a group signature whose size does not depend on the size of the group, as well as a practical and highly scalable lattice-based e-voting scheme
Shou, Yanbo. "Cryptographie sur les courbes elliptiques et tolérance aux pannes dans les réseaux de capteurs." Thesis, Besançon, 2014. http://www.theses.fr/2014BESA2015/document.
Повний текст джерелаThe emergence of embedded systems has enabled the development of wireless sensor networks indifferent domains. However, the security remains an open problem. The vulnerability of sensor nodesis mainly due to the lack of resources. In fact, the processing unit doesn’t have enough power ormemory to handle complex security mechanisms.Cryptography is a widely used solution to secure networks. Compared with symmetric cryptography,the asymmetric cryptography requires more complicated computations, but it offers moresophisticated key distribution schemes and digital signature.In this thesis, we try to optimize the performance of ECC. An asymmetric cryptosystem which isknown for its robustness and the use of shorter keys than RSA. We propose to use parallelismtechniques to accelerate the computation of scalar multiplications, which is recognized as the mostcomputationally expensive operation on elliptic curves. The test results have shown that our solutionprovides a significant gain despite an increase in energy consumption.The 2nd part of our contribution is the application of fault tolerance in our parallelism architecture.We use redundant nodes for fault detection and computation recovery. Thus, by using ECC and faulttolerance, we propose an efficient and reliable security solution for embedded systems
Mrabet, Amine. "Implémentation efficace de primitive cryptographique pour le couplage sur carte FPGA." Thesis, Paris 8, 2017. http://www.theses.fr/2017PA080112/document.
Повний текст джерелаThe primary challenge in the hardware development of the modern cryptography is to make an optimal implementations in resources and speed, with guaranteeing a resistance against attacks. This research focuses on practical implementations of cryptographic operations based on public key cryptography in finite fields. During this thesis we proposed basic hardware components. Finite field arithmetic is the core of public key cryptography such as RSA, ECC, or pairing-based cryptography. We proposed in this thesis a high-performance architectures of arithmetic calculation to implement asymmetric cryptographic primitives. The components described in this thesis have been implemented in Xlinx Field Programmable Gate Array Platforms (FPGAs). We used the VHDL to devolve our components and architectures. Our results show a performance and speed never presented before in the literature on this type of technology. The particularity of these architectures is the use of systolic architecture to develop a modular multiplication. This thesis deals with the effective physical implementation of the Coarsely Integrated Operand Scanning (CIOS) method of Montgomery's modular multiplication combined with an effective systolic architecture. According to our knowledge, this is the first implementation of such a design. Our architectures were aimed at reducing the number of clock cycles of modular multiplication. The implementation results of the CIOS algorithms focus on different levels of security useful in cryptography. This architecture was designed to use the flexible DSP48 on Xilinx FPGAs. Our architectures are scalable and depend only on the number and size of the words. For instance, we provide implementation results for 8, 16, 32, and 64 bit long words in 33, 66, 132, and 264 clock cycles. We describe also a design to compute an inversion in Fp as well as division. Inversion can be used in Elliptic Curve Cryptography systems and pairing-based cryptography
Siad, Amar. "Protocoles de génération des clés pour le chiffrement basé sur de l'identité." Paris 8, 2012. http://www.theses.fr/2012PA083660.
Повний текст джерелаIdentity-Based Encryption suffers from the problem of trust in the key generation authority PKG (Private Key Generator), which results in the ability of this authority to produce and distribute, without the knowledge a genuine user, multiple private-keys or multiple copies of a single key. This problem makes the deployment of these systems limited to areas where trust in the PKG must have a fairly high level. An important and natural question is to ask how can we reduce the trust one should have in the PKG. In this thesis, after conducting a development of the state of the art on the subject, we answer this question by studying this problem in its theoretical and practical aspects. On the theoretical stage, we present constructions of distributed cryptographic protocols that reduce the trust to its lowest level never reached before. We develop protocols for private-key generation in different security models while presenting real-world applications using these new protocols in the setting of searchable encryption. Furthermore, we develop necessary infrastructures needed for the deployment of our protocols. In practical terms, we implement KGLib: the first complete, efficient and modular library which brings together the most known techniques for private-key generation for identity-based cryptosystems. This library aims at providing robust tools designed in a modular and reusable way to allow easy implementation and rapid prototyping of the latest results coming from theoretical cryptography
Bettaieb, Slim. "Signature et identification pour l'anonymat basées sur les réseaux." Thesis, Limoges, 2014. http://www.theses.fr/2014LIMO0021/document.
Повний текст джерелаLattice-based cryptography has known during the last decade rapid develop- ments thanks to stronger security properties. In fact, there exist lattice-based cryp- tographic systems whose security is stronger than those based on the conventional number theory approach. The hard problems of lattices, for example the problem of finding short non-zero vectors, seems to resist quantum computers attacks. Mo- reover, the best existing algorithms solving them are exponential in time. The pur- pose of this thesis is the construction of public key cryptographic primitives for anonymity, whose security is based on the latter.In particular, we are interested in ring signature schemes. First, we propose a new formal definition of anonymity and we present a new ring signature scheme. Second, we give a rigorous study of security, following two definitions of unfor- geability. The first of which is unforgeability against chosen-subring attacks and the other one is unforgeability with respect to insider corruption.Afterwards, we present a new ring identification scheme and we develop a full analysis of its security. Finally, we show that the techniques used to build this scheme, can be used to construct a threshold ring identification scheme
Laganier, Julien. "Architecture de sécurité décentralisée basée sur l'identification cryptographique." Lyon, École normale supérieure (sciences), 2005. http://www.theses.fr/2005ENSL0354.
Повний текст джерелаThis thesis studies the problem of securing large scale and dynamic communication, execution and storage infrastructures. The majority of existing security solutions relies on the existence of a global public key infrastructure. The deployment of such a global infrastructure is problematic at technical, administrative and political levels. In order to relieve solutions from this constraint, we propose a decentralized security approach based on cryptographic identifiers (CBID, CGA, HBA and HIP) and delegation (SPKI certificates). We show that this security approach fits better to the intrinsical decentralized nature of the large scale, shared and open systems like Internet or grid computing. To validate the approach, we instantiate it into several security solutions for existing protocols using the IP security (IPsec) and host identity (HIP) protocols. In particular, security solutions for the IPv6 (Internet Protocol version 6) network layer and its ND (Neighbor Discovery) component, as well as for virtualization of the execution, communication and storage infrastructure of grid computing (Supernet, HIPernet and Internet Backplane Protocol) are presented and analysed
Boudguiga, Aymen. "Authentification in wireless mesh networks with identity-based cryptography." Electronic Thesis or Diss., Evry, Institut national des télécommunications, 2012. http://www.theses.fr/2012TELE0029.
Повний текст джерелаNowadays, authentication in Wireless Mesh Networks (WMNs) refers to IEEE802.1X standard authentication methods or a pre-shared key authentication, and makes use of certificates or shared secrets. In wireless environments, management of certificates is disadvantageous. Certificates require deploying a Public Key Infrastructure (PKI) and a Certification Authority (CA). The CA defines a certificate management policy to control the generation, transmission and revocation of certificates. Management of certificates is a cumbersome task and does not match the limited (power and memory) resources available at wireless nodes. Moreover, it does not match the non permanent connectivity to the CA. In order to get rid of PKI disadvantages, we investigate in this thesis; the use of ID-Based Cryptography (IBC) for authentication in WMNs. IBC proposes to derive an entity public key from its identity directly. As such, IBC avoids the deployment of the PKI and the CA. IBC relies on a Private Key Generator (PKG) for the computation of stations private keys. As such, the PKG is able to impersonate as any station by illegally generating signature or deciphering encrypted traffic. For mitigating that Key Escrow Attack (KEA), a strong assumption is usually made necessary that the PKG is a trustworthy entity. In this thesis, we first present an ID-Based Password Authentication Protocol (IBPAP) that relies on IBC and a shared secret to authenticate mesh station to the network Authentication Server (AS). We propose to use the AS as a PKG. As such, the AS generates the ID-based private key of the supplicant station at the end of a successful authentication. Meanwhile, the supplicant station uses the shared secret to authenticate the AS and its ID-based public parameters. The latter are needed for the good usage of ID-based signature and encryption algorithms. Second, we propose a Key Escrow Resistant ID-Based Authentication Protocol (KERIBAP). That is, we make each supplicant station participate to the generation of its ID-based private key. We show how to change the existing ID-based signature and encryption algorithms to take into consideration the new format of private keys. We discuss also the possibility of distributing the private key generation between a set of ASs in order to avoid the key escrow attack. We verify that our authentication protocols are all secure in the formal model using the protocol verification tool ProVerif. In addition, we discuss their security resistance to some well-known attacks such as replay, collision and denial of service attacks. Finally, we propose some implementation results to confirm IBC advantages compared to PKI. We show how IBC usage reduces the memory consumption of stations
Renault, Éric. "Étude de l'impact de la sécurité sur les performances dans les grappes de PC." Versailles-St Quentin en Yvelines, 2000. http://www.theses.fr/2000VERS0016.
Повний текст джерелаBoudguiga, Aymen. "Authentification in wireless mesh networks with identity-based cryptography." Thesis, Evry, Institut national des télécommunications, 2012. http://www.theses.fr/2012TELE0029.
Повний текст джерелаNowadays, authentication in Wireless Mesh Networks (WMNs) refers to IEEE802.1X standard authentication methods or a pre-shared key authentication, and makes use of certificates or shared secrets. In wireless environments, management of certificates is disadvantageous. Certificates require deploying a Public Key Infrastructure (PKI) and a Certification Authority (CA). The CA defines a certificate management policy to control the generation, transmission and revocation of certificates. Management of certificates is a cumbersome task and does not match the limited (power and memory) resources available at wireless nodes. Moreover, it does not match the non permanent connectivity to the CA. In order to get rid of PKI disadvantages, we investigate in this thesis; the use of ID-Based Cryptography (IBC) for authentication in WMNs. IBC proposes to derive an entity public key from its identity directly. As such, IBC avoids the deployment of the PKI and the CA. IBC relies on a Private Key Generator (PKG) for the computation of stations private keys. As such, the PKG is able to impersonate as any station by illegally generating signature or deciphering encrypted traffic. For mitigating that Key Escrow Attack (KEA), a strong assumption is usually made necessary that the PKG is a trustworthy entity. In this thesis, we first present an ID-Based Password Authentication Protocol (IBPAP) that relies on IBC and a shared secret to authenticate mesh station to the network Authentication Server (AS). We propose to use the AS as a PKG. As such, the AS generates the ID-based private key of the supplicant station at the end of a successful authentication. Meanwhile, the supplicant station uses the shared secret to authenticate the AS and its ID-based public parameters. The latter are needed for the good usage of ID-based signature and encryption algorithms. Second, we propose a Key Escrow Resistant ID-Based Authentication Protocol (KERIBAP). That is, we make each supplicant station participate to the generation of its ID-based private key. We show how to change the existing ID-based signature and encryption algorithms to take into consideration the new format of private keys. We discuss also the possibility of distributing the private key generation between a set of ASs in order to avoid the key escrow attack. We verify that our authentication protocols are all secure in the formal model using the protocol verification tool ProVerif. In addition, we discuss their security resistance to some well-known attacks such as replay, collision and denial of service attacks. Finally, we propose some implementation results to confirm IBC advantages compared to PKI. We show how IBC usage reduces the memory consumption of stations
Abid, Mohamed. "Des mécanismes d’authentification basés sur l’identité de l’utilisateur pour renforcer la sécurité des réseaux." Electronic Thesis or Diss., Evry, Institut national des télécommunications, 2011. http://www.theses.fr/2011TELE0005.
Повний текст джерелаIn this thesis, we design three new authentication mechanisms based on user identity. Therefore, we bring improvements in access control for different classes of networks such as Home Network, Governmental Network and Cellular Network. The identity can be biometric public features, simple strings (email addresses, login...), etc. The first solution concerns the use of biometric in Home Network' authentication mechanisms. In the Home Network (HN) case study, we aim at personalizing the access of each user in the HN and preventing illegitimate users (passing by the Home Gateway (HG)) to have any access. We propose a new biometric authentication method which respects the constraint of the non storage of the users' Biometric Template (BT) in the HG. To satisfy this constraint, we propose using the fuzzy vault method to hide a secret that should be used for authentication. A software generates a revocable biometric identity (BioID) using a functional transformation. This BioID is used in the fuzzy vault mechanisms to hide a secret session key. The second solution proposes e-Passport authentication mechanisms. The cryptographic parameters are generated using the biometric templates and hence, personalized for the user. In travel document case study, we present our proposal which introduces a new e-Passport authentication mechanisms based on the Elliptic Curve Diffie-Hellman (ECDH) Key Agreement protocol. This protocol is needed to generate a session key used to authenticate the traveler and the Inspection System (IS) to exchange secure data. Our protocol is defined using minutiae data (fingerprint) and iris code of the e-Passport holder. In the third solution, we worked on the Cellular Network and we used a simple string, like email addresses, as identifier to access to services. We choose the IP Multimedia Subsystem (IMS) which is an overlay architecture for the provision of multimedia services. We design a new service authentication mechanism relying on Identity Based Cryptography (IBC) for the IMS architecture. The goal was to authenticate the users using their public and private identifiers to overcome known weaknesses in the Authentication and Key Agreement (AKA) protocol. We focused on the eavesdropping and impersonation attacks that can take place in classical IMS scenario and we showed how our proposed solution can prevent against these attacks. We, then, proposed to add a Batch Verification on the Bootstrapping Server Function (BSF) to decrease signature verification delay and the authentication response time
Gallin, Gabriel. "Unités arithmétiques et cryptoprocesseurs matériels pour la cryptographie sur courbe hyperelliptique." Thesis, Rennes 1, 2018. http://www.theses.fr/2018REN1S071/document.
Повний текст джерелаMany digital systems require primitives for asymmetric cryptography that are more and more efficient but also robust to attacks and inexpensive for embedded applications. In this perspective, and thanks to smaller finite fields, hyperelliptic curve cryptography (HECC) has been proposed as an interesting alternative to current techniques. We have studied efficient and flexible hardware HECC cryptoprocessors that are also robust against certain physical attacks. First, we proposed a new operator architecture able to compute, in parallel, several modular multiplications (A × B) mod P, where P is a generic prime of a few hundred bits and configurable at run time. It allows the computation of the vast majority of operations required for HECC. We have developed an operator generator, distributed in free software, for the exploration of many variants of our architecture. Our best operators are up to 2 times smaller and twice as fast as the best state-of-the-art solutions. They are also flexible in the choice of P and reach the maximum frequencies of the FPGA. In a second step, we developed modeling and simulation tools to explore, evaluate and validate different hardware architectures for scalar multiplication in HECC on Kummer surfaces. We have implemented, validated and evaluated the best architectures on various FPGA. They reach speeds similar to the best comparable solutions of the state of the art, but for halved surfaces. The flexibility obtained makes it possible to modify the parameters of the curves used during execution
Fourati, Alia. "Approches de sécurisation pour le commerce électronique sur les réseaux mobiles." Toulouse 3, 2005. http://www.theses.fr/2005TOU30166.
Повний текст джерелаIn a typical m-commerce (mobile commerce) transaction, a mobile client connects to a merchant server in order to carry out purchases. Securing these transactions is a fundamental task since they transmit critical data, such as the client credit card number. Therefore, the development of the m-commerce becomes closely related to the security level offered by their networks support. This thesis aims to study the security requirements, and then to offer suitable securing schemes to m-commerce applications conducted in various contexts of propagation. In the first works, we have focused on the context of m-commerce over WAP1. X. We have then proposed a protocol, WSET, securing the m-commerce payment over the WAP1. X mobile networks. This protocol is inspired from the SET and WTLS protocols, and avoids two security flaws: the well known “WAP Gap” flaw; and a new identified security flaw which we have named the “the dishonest merchant”. WSET offers an end to end security to the payment data between the client and the payment gateway. In the following works, we have focused on the deployment of auctions over ad hoc networks. In fact, this new kind of WLAN represents an attractive deployment support for this application, due to the new possibilities that it offers (absence of infrastructure, rapidity and low cost of deployment, ubiquity, and self-management). However, these radio networks present many vulnerabilities. .
Grémy, Laurent. "Algorithmes de crible pour le logarithme discret dans les corps finis de moyenne caractéristique." Thesis, Université de Lorraine, 2017. http://www.theses.fr/2017LORR0141/document.
Повний текст джерелаThe security of public-key cryptography relies mainly on the difficulty to solve some mathematical problems, among which the discrete logarithm problem on finite fields GF(p^n). In this thesis, we study the variants of the number field sieve (NFS) algorithm, which solve the most efficiently this problem, in the case where the characteristic of the field is medium. The NFS algorithm can be divided into four main steps: the polynomial selection, the relation collection, the linear algebra and the computation of an individual logarithm. We describe these steps and focus on the relation collection, one of the most costly steps. A way to perform it efficiently is to make use of sieve algorithms. Contrary to the classical case for which the relation collection takes place in a two-dimensional space, the finite fields we target require the enumeration of elements in a higher-dimensional space to reach the best theoretical complexity. There exist efficient sieve algorithms in two dimensions, but only a few in higher dimensions. We propose and study two new sieve algorithms allowing us to treat any dimensions, with an emphasis on the three-dimensional case. We have provided a complete implementation of the relation collection for some variants of the NFS in three dimensions. This implementation relies on our new sieve algorithms and is distributed in the CADO-NFS software. We validated its performances by comparing with examples from the literature. We also establish two new discrete logarithm record computations, one in a 324-bit GF(p^5) and one in a 422-bit GF(p^6)
Grémy, Laurent. "Algorithmes de crible pour le logarithme discret dans les corps finis de moyenne caractéristique." Electronic Thesis or Diss., Université de Lorraine, 2017. http://www.theses.fr/2017LORR0141.
Повний текст джерелаThe security of public-key cryptography relies mainly on the difficulty to solve some mathematical problems, among which the discrete logarithm problem on finite fields GF(p^n). In this thesis, we study the variants of the number field sieve (NFS) algorithm, which solve the most efficiently this problem, in the case where the characteristic of the field is medium. The NFS algorithm can be divided into four main steps: the polynomial selection, the relation collection, the linear algebra and the computation of an individual logarithm. We describe these steps and focus on the relation collection, one of the most costly steps. A way to perform it efficiently is to make use of sieve algorithms. Contrary to the classical case for which the relation collection takes place in a two-dimensional space, the finite fields we target require the enumeration of elements in a higher-dimensional space to reach the best theoretical complexity. There exist efficient sieve algorithms in two dimensions, but only a few in higher dimensions. We propose and study two new sieve algorithms allowing us to treat any dimensions, with an emphasis on the three-dimensional case. We have provided a complete implementation of the relation collection for some variants of the NFS in three dimensions. This implementation relies on our new sieve algorithms and is distributed in the CADO-NFS software. We validated its performances by comparing with examples from the literature. We also establish two new discrete logarithm record computations, one in a 324-bit GF(p^5) and one in a 422-bit GF(p^6)
Abid, Mohamed. "Des mécanismes d’authentification basés sur l’identité de l’utilisateur pour renforcer la sécurité des réseaux." Thesis, Evry, Institut national des télécommunications, 2011. http://www.theses.fr/2011TELE0005/document.
Повний текст джерелаIn this thesis, we design three new authentication mechanisms based on user identity. Therefore, we bring improvements in access control for different classes of networks such as Home Network, Governmental Network and Cellular Network. The identity can be biometric public features, simple strings (email addresses, login...), etc. The first solution concerns the use of biometric in Home Network' authentication mechanisms. In the Home Network (HN) case study, we aim at personalizing the access of each user in the HN and preventing illegitimate users (passing by the Home Gateway (HG)) to have any access. We propose a new biometric authentication method which respects the constraint of the non storage of the users' Biometric Template (BT) in the HG. To satisfy this constraint, we propose using the fuzzy vault method to hide a secret that should be used for authentication. A software generates a revocable biometric identity (BioID) using a functional transformation. This BioID is used in the fuzzy vault mechanisms to hide a secret session key. The second solution proposes e-Passport authentication mechanisms. The cryptographic parameters are generated using the biometric templates and hence, personalized for the user. In travel document case study, we present our proposal which introduces a new e-Passport authentication mechanisms based on the Elliptic Curve Diffie-Hellman (ECDH) Key Agreement protocol. This protocol is needed to generate a session key used to authenticate the traveler and the Inspection System (IS) to exchange secure data. Our protocol is defined using minutiae data (fingerprint) and iris code of the e-Passport holder. In the third solution, we worked on the Cellular Network and we used a simple string, like email addresses, as identifier to access to services. We choose the IP Multimedia Subsystem (IMS) which is an overlay architecture for the provision of multimedia services. We design a new service authentication mechanism relying on Identity Based Cryptography (IBC) for the IMS architecture. The goal was to authenticate the users using their public and private identifiers to overcome known weaknesses in the Authentication and Key Agreement (AKA) protocol. We focused on the eavesdropping and impersonation attacks that can take place in classical IMS scenario and we showed how our proposed solution can prevent against these attacks. We, then, proposed to add a Batch Verification on the Bootstrapping Server Function (BSF) to decrease signature verification delay and the authentication response time
Kamel, Sarah. "Sécurité pour les réseaux sans fil." Thesis, Paris, ENST, 2017. http://www.theses.fr/2017ENST0011/document.
Повний текст джерелаToday, there is a real need to strengthen the communication security to anticipate the development of quantum computing and the eventual attacks arising from it. This work explores two complementary techniques that provide confidentiality to data transmitted over wireless networks. In the first part, we focus on lattice-based public-key cryptography, which is one of the most promising techniques for the post-quantum cryptography systems. In particular, we focus on the Goldreich-Goldwasser-Halevi (GGH) cryptosystem, for which we propose a new scheme using GLD lattices. In the second part of this work, we study the security of multi-user cache-aided wiretap broadcast channels (BCs) against an external eavesdropper under two secrecy constraints: individual secrecy constraint and joint secrecy constraint. We compute upper and lower bounds on secure capacity-memory tradeoff considering different cache distributions. To obtain the lower bound, we propose different coding schemes that combine wiretap coding, superposition coding and piggyback coding. We prove that allocation of the cache memory to the weaker receivers is the most beneficial cache distribution scenario
Kamel, Sarah. "Sécurité pour les réseaux sans fil." Electronic Thesis or Diss., Paris, ENST, 2017. http://www.theses.fr/2017ENST0011.
Повний текст джерелаToday, there is a real need to strengthen the communication security to anticipate the development of quantum computing and the eventual attacks arising from it. This work explores two complementary techniques that provide confidentiality to data transmitted over wireless networks. In the first part, we focus on lattice-based public-key cryptography, which is one of the most promising techniques for the post-quantum cryptography systems. In particular, we focus on the Goldreich-Goldwasser-Halevi (GGH) cryptosystem, for which we propose a new scheme using GLD lattices. In the second part of this work, we study the security of multi-user cache-aided wiretap broadcast channels (BCs) against an external eavesdropper under two secrecy constraints: individual secrecy constraint and joint secrecy constraint. We compute upper and lower bounds on secure capacity-memory tradeoff considering different cache distributions. To obtain the lower bound, we propose different coding schemes that combine wiretap coding, superposition coding and piggyback coding. We prove that allocation of the cache memory to the weaker receivers is the most beneficial cache distribution scenario
Chinthamani, Dwarakanath Nagarjun. "Theoretical and practical contributions to homomorphic encryption." Electronic Thesis or Diss., université Paris-Saclay, 2021. http://www.theses.fr/2021UPASG103.
Повний текст джерелаIn conventional encryption schemes, the primary aim of the scheme is to ensure confidentiality of the data. Fully Homomorphic Encryption (FHE), a variant first realized by Gentry, is an encryption scheme which also allows for computation over the encrypted data, without ever needing to decrypt it. Using this, any untrusted third party with the relevant key material can perform homomorphic computations, leading to many applications where an untrusted party can still be allowed to compute over encryptions of sensitive data (cloud computing), or where the trust needs to be decentralized (multi-party computation).This thesis consists of two main contributions to Fully Homomorphic Encryption. In the first part, we take an FHE based on Fermat numbers and extend it to work with multi-bit numbers. We also add the ability to homomorphically evaluate small functions, with which we can compute additions and multiplication with only a few bootstrappings, and these can be used as building blocks for larger computations. Some newer results on sub-Gaussian random variables are adapted to give a better error analysis.One of the obstacles in bringing FHE to the mainstream remains its large computational complexity, and optimized architectures to accelerate FHE computations on reconfigurable hardware have been proposed. The second part of our thesis proposes an architecture for the polynomial arithmetic used in FV-like cryptosystems. This can be used to compute the sum and product of ring polynomials, using a pair of NTT algorithms which avoids the use of bit reversal, and subsumes the need for multiplication by weight vectors. For the cost of storing twiddle factors in a ROM, we avoid twiddle updates leading to a much smaller cycle count
Druyer, Rémy. "Réseau sur puce sécurisé pour applications cryptographiques sur FPGA." Thesis, Montpellier, 2017. http://www.theses.fr/2017MONTS023/document.
Повний текст джерелаWhether through smartphones, portable game consoles, or high performances computing, Systems-on-Chip (SoC) have seen their use widely spread over the last two decades. This can be explained by the low power consumption of these circuits with the regard of the performances they are able to deliver, and the numerous function they can integrate. Since SoC are improving every day, they require better performances from interconnects that support their communications. In order to address this issue Network-on-Chip have emerged.In addition to ASICs, FPGA circuits are one of the possible choices when conceiving a SoC. Our first contribution was therefore to perform and study the performance of Hermes NoC initially designed for ASIC, on reconfigurable circuit. This allowed us to confirm that the architecture of the interconnection system must be adapted to that of the circuit in order to achieve the best possible performances. Thus, our second contribution was to design TrustNoC, an optimized NoC for FPGA platform, with low latency, high operating frequency, and a moderate quantity of logical resources required for implementation.Security is also a primordial aspect of systems-on-chip, and more generally, of all digital systems. Our latest contribution was to study the threats that target SoCs during all their life cycle, then to develop and integrate hardware security mechanisms to TrustNoC in order to counter IP hijacking, and software attacks. During the design of security mechanisms, we tried to limit as much as possible the overhead on NoC performances
Minelli, Michele. "Fully homomorphic encryption for machine learning." Thesis, Paris Sciences et Lettres (ComUE), 2018. http://www.theses.fr/2018PSLEE056/document.
Повний текст джерелаFully homomorphic encryption enables computation on encrypted data without leaking any information about the underlying data. In short, a party can encrypt some input data, while another party, that does not have access to the decryption key, can blindly perform some computation on this encrypted input. The final result is also encrypted, and it can be recovered only by the party that possesses the secret key. In this thesis, we present new techniques/designs for FHE that are motivated by applications to machine learning, with a particular attention to the problem of homomorphic inference, i.e., the evaluation of already trained cognitive models on encrypted data. First, we propose a novel FHE scheme that is tailored to evaluating neural networks on encrypted inputs. Our scheme achieves complexity that is essentially independent of the number of layers in the network, whereas the efficiency of previously proposed schemes strongly depends on the topology of the network. Second, we present a new technique for achieving circuit privacy for FHE. This allows us to hide the computation that is performed on the encrypted data, as is necessary to protect proprietary machine learning algorithms. Our mechanism incurs very small computational overhead while keeping the same security parameters. Together, these results strengthen the foundations of efficient FHE for machine learning, and pave the way towards practical privacy-preserving deep learning. Finally, we present and implement a protocol based on homomorphic encryption for the problem of private information retrieval, i.e., the scenario where a party wants to query a database held by another party without revealing the query itself
Cornelie, Marie-Angela. "Implantations et protections de mécanismes cryptographiques logiciels et matériels." Thesis, Université Grenoble Alpes (ComUE), 2016. http://www.theses.fr/2016GREAM029/document.
Повний текст джерелаThe protection of cryptographic mechanisms is an important challenge while developing a system of information because they allow to ensure the security of processed data. Since both hardware and software supports are used, the protection techniques have to be adapted depending on the context.For a software target, legal means can be used to limit the exploitation or the use. Nevertheless, it is in general difficult to assert the rights of the owner and prove that an unlawful act had occurred. Another alternative consists in using technical means, such as code obfuscation, which make the reverse engineering strategies more complex, modifying directly the parts that need to be protected.Concerning hardware implementations, the attacks can be passive (observation of physical properties) or active (which are destructive). It is possible to implement mathematical or hardware countermeasures in order to reduce the information leakage during the execution of the code, and thus protect the module against some side channel attacks.In this thesis, we present our contributions on theses subjects. We study and present the software and hardware implementations realised for supporting elliptic curves given in Jacobi Quartic form. Then, we discuss issues linked to the generation of curves which can be used in cryptography, and we propose an adaptation to the Jacobi Quartic form and its implementation. In a second part, we address the notion of code obfuscation. We detail the techniques that we have implemented in order to complete an existing tool, and the complexity module which has been developed