Category: Cryptography

25 articles
Date Fri 21 March 2025
Authors Célian Glénaz, Dahmun Goudarzi, Julio Loayza Meneses
Category Cryptography

Following the introduction of crypto-condor and differential fuzzing in earlier blogposts, we showcase a use case where Quarsklab's automated test suite for cryptographic implementations allowed us to improve the reference implementation of the recently standardized HQC scheme.

Date Thu 03 October 2024
Author Célian Glénaz
Category Cryptography

Following a brief introduction to differential fuzzing, this blog post reviews the leading tools that leverage it for testing cryptographic primitives. In the second half, we present a method for creating a differential fuzzer along with the results we obtained.

Date Tue 24 September 2024
Author Julio Loayza Meneses
Category Cryptography

In this blog post we present crypto-condor, an open-source test suite for compliance testing of implementations of cryptographic primitives.

Date Tue 20 August 2024
Author Philippe Teuwen
Category Cryptography

We studied the most secure static encrypted nonce variant of "MIFARE Classic compatible" cards -- meant to resist all known card-only attacks -- and developed new attacks defeating it, uncovering a hardware backdoor in the process. And that's only the beginning...

Date Thu 25 April 2024
Author Angèle Bossuat
Category Cryptography

In cryptography audits, we often find vulnerabilities labeled as low or informational, usually for "non-compliance"... So, what should we do with them?

Date Wed 17 April 2024
Author Philippe Teuwen
Category Cryptography

Passbolt, an Open Source Password Manager, is using the Pwned Passwords service from HaveIBeenPwned to alert users if their password is present in a previous data breach. Pwned Passwords API is based on a mathematical property known as k-Anonymity guaranteeing that it never gains enough information about a non-breached password hash to be able to breach it later. Sounds good, right?

Date Fri 22 March 2024
Author Dahmun Goudarzi
Category Cryptography

In March 2024, SandboxAQ proposed a CTF around Post-Quantum Cryptography (and more specifically Kyber's key exchange) for the RWPQC workshop. Here is our write-up of the solutions to the challenges.

Date Thu 29 February 2024
Authors Nicolas Surbayrole, Philippe Teuwen
Category Cryptography

We announce the release of a new version of Blue Galaxy Energy, our white-box cryptanalysis tool implementing the BGE attack against AES. This version addresses the main limitations of the previous version.

Date Thu 21 December 2023
Authors Nicolas Surbayrole, Philippe Teuwen
Category Cryptography

We introduce a new white-box cryptanalysis tool based on the pioneering BGE paper but without known open source public implementation so far.

Date Tue 28 February 2023
Authors Nicolas Surbayrole, Philippe Teuwen
Category Cryptography

We are releasing a new cryptanalysis tool based on a known paper but without known open source public implementation so far.