logo

The VERISICC project aims to build automatic tools to verify and generate proven masked cryptographic implementations. These tools will allow industrial people to develop secure and efficient implementations and to certification bodies to quickly and accurately verify the implementations submitted to an evaluation.

Who can I contact?

Dr. Sonia Belaïd

Sonia Belaïd , PhD

Senior Cryptography Expert

 

Dr. Matthieu Rivain

Matthieu Rivain , PhD

CEO, Senior Cryptography Expert

 

5 Partners

Related technology

Cryptographic Libraries

Give us the instruction set of your microcontroller and we do the rest.

We have more than 20 years of experience in developing and delivering cycle-accurate optimized cryptographic libraries. Our software is available on a variety of hardware platforms and supports standard and advanced cryptographic algorithms.

Details

Related services

Certification

Let us help to get your security certificate.

Are you really sure that your security solution is ready to cope with the real world? Are you certain that your in-house design will survive the scrutiny of expert cryptographers?
CryptoExperts offers externalized R&D and consulting services in a wide variety of security areas. We can perform an in-depth design and security analysis of your application, spot the cryptographic misconceptions, propose appropriate alternatives and help you to achieve a successful security certification.

Details

Evaluation

A fresh pair of eyes on your design.

The development of a cryptographic product, from a whiteboard protocol to an industrial grade implementation, is a long and complex process. Our experts will help you avoid common (and less common) pitfalls at any stage of the development.

Details

Implementation

We deliver highly-optimised bulletproof cryptographic software.

We have more than 20 years of experience in developing and delivering cycle-accurate optimized cryptographic implementations. We support standard and advanced cryptographic algorithms on a variety of software and hardware platforms.

Details

Related research project

Prince

Formally proving that your crypto libs are side-channel resistant.

The PRINCE research project addresses the challenge of building leakage-resilient primitives and leakage-resilient implementations for standard algorithms. Through an appropriate security modelling, the embedded security industry has never been closer to fill in the gap between empirically secure cryptographic implementations and built-in, provably perfect resistance against side-channels.

Details

Motivation

Cryptographic implementations are often vulnerable to side-channel attacks, which exploit the physical emanations of the underlying component to retrieve the manipulated secrets. They are very powerful and easy to implement. The most widely used countermeasure today is masking, which aims to randomize the manipulated data.

The VERISICC project aims to build new methods to automatically verify and generate proven masked cryptographic implementations. VERISICC relies on the multidisciplinarity of its consortium, ranging from researchers specializing in formal methods and side-channel attacks (INRIA, University of Luxembourg) to end-users (IDEMIA), to design innovative software tools with the support of SMEs (CryptoExperts and NinjaLab). These tools will allow on the one hand industrial people to develop safe and effective protected implementations by reaching a high level of certification and on the other hand to certification bodies (represented in the consortium by ANSSI) to quickly and accurately verify the implementations submitted to an evaluation. In particular, the project will focus on the evaluation of existing techniques, the choice of more efficient techniques, and the design of tools dedicated to equipment actually used on the market.”

Objectives and expected outcomes

The VERISICC project involves the development of the following tools:

  • Characterization method: a systematic method for characterizing the components on which implementations (e.g., smart card) are performed to determine a concrete leakage model.
  • Verification tool: an embedded code verification tool with countermeasures, implemented at the assembly level, based on a dedicated leakage model (corresponding to the final component and generated by the characterization method), bringing security guarantees, less conservative than the existing tools and with competitive performances.
  • Generation tool: a code generation tool (assembly) with countermeasures also based on a dedicated leakage model and achieving a high security level and competitive performances.

The two verification and countermeasure generation software packages will be able to rely on the consortium’s proofs of concept: maskVerif [Eurocrypt,BBD+15], CheckMasks [ACNS,Cor17b], and tightPROVE [Asiacrypt,BGR18] for verification and maskComp [CCS,BBD+16] for generation. Indeed, in addition to being carried out in part by the consortium, most of the innovative techniques used by these four prototypes are public and published.

To compare the VERISICC tools with real use cases and validate them in a pre-competitive context, the work plan also includes:

  • Demonstrators validating the whole approach and tested directly by an end user.
  • Feedback and accurate characterization of performances for end users.
  • A parallel reflection on the certification of tools in the sense of the Common Criteria.
  • A bidirectional link with the relevant international standardization working groups (ISO SC27) to provide feedback and technical inputs on emerging standards for formal methods for embedded code security.