Security Assessment of OpenVPN

Quarkslab was hired by OSTIF to perform a security assessment of OpenVPN 2.4.0. We focused on code and cryptography assessment. Results are briefly described in this blog post, and full report is available at its end.

more ...

Differential Fault Analysis on White-box AES Implementations

With the Differential Computation Analysis (DCA) presented at CHES 2016, we have shown that side-channel techniques developed to break hardware cryptographic implementations can be adapted successfully to break white-box implementations. In this post, we will explore another class of hardware attacks: fault injections and how to apply them on white-box implementations.

more ...

Security Assessment of VeraCrypt: fixes and evolutions from TrueCrypt

Quarkslab made a security assessment of VeraCrypt 1.18. The audit was funded by OSTIF and was performed by two Quarkslab engineers between Aug. 16 and Sep. 14, 2016 for a total of 32 man-days of study. A critical vulnerability, related to cryptography, has been identified. It has been introduced in version 1.18, and will be fixed in version 1.19.

more ...

A brief survey of Fully Homomorphic Encryption, computing on encrypted data

When appointing computation of private data to a third party, privacy is an issue. How can one delegate computation without giving up one's secrets? This gets trickier when multiple parties are involved. Several works on Multi-Party Computation (MPC) addressed this issue, but a new approach has started to emerge: Fully Homomorphic Encryption (FHE).

more ...

Reversing a Finite Field Multiplication Optimization

An optimization for the finite field multiplication on 128-bit elements for AES-GCM exists whose explanation was not published, preventing any further application with different parameters. We reverse engineered the result to 1) get the explanation and 2) be able to apply it with other parameters.

more ...

A glimpse of ext4 filesystem-level encryption

Linux 4.1 has arrived with a new feature for its popular ext4 filesystem: filesystem-level encryption!

more ...