International Association for Cryptologic Research

Ph.D. Database

The aim of the IACR Ph.D. database is twofold. On the first hand, we want to offer an overview of Ph.D. already completed in the domain of cryptology. Where possible, this should also include a subject classification, an abstract, and access to the full text. On the second hand, it deals with Ph.D. subjects currently under investigation. This way, we provide a timely map of contemporary research in cryptology. All entries or changes need to be approved by an editor. You can contact them via phds (at)


Francois Koeune (#590)
Name Francois Koeune
Topic of his/her doctorate. Careful design and integration of cryptographic primitives with contributions to timing attack, padding schemes and random number generators
Ph.D. Supervisor(s) Jean-Jacques Quisquater
Year of completion 2001
Abstract Using strong cryptographic primitives is not sufficient to obtain a secure system; the way these components are integrated into an actual application must also be studied with great care, at the risk of losing all the benefit of these strong components.

This thesis focuses on the weak links that may appear during this integration process. Rather than trying to break cryptographic primitives themselves, we will try to identify and exploit potential weaknesses appearing at various levels of the process, from protocol design to physical implementation. Countermeasures to these attacks, as well as some secure integration methods, are also proposed.

The first part considers physical attacks, with most attention devoted to timing attacks. We show how it is possible to recover an RSA secret key on the sole basis of running times. Through successive improvements of the model, we build an attack capable of recovering 512-bit RSA keys using only 5000-10000 time measurements. A timing attack against the future Advanced Encryption Standard (Rijndael), capable of recovering secret keys using roughly 3000 measurements per key byte, is also developed.

Part 2 discusses some cryptographic primitives. We propose a provably secure way of extending a fixed length RSA padding method into a general scheme processing arbitrary long input. The problem of true random number generation is then discussed, with special attention paid to practical entropy estimation methods, and we build a skeleton of random number generator aimed at producing very sensitive numbers on a general-purpose personal computer.

Part 3 deals with protocols. We first show how dangerous it can be to rely too much on an apparently unbreakable identification method such as biometrics, by presenting some ways of dodging the biometric device if it is not carefully integrated into a complete protocol. Finally, we bring to the fore a preliminary step of watermarking schemes (the vector extraction step) that, although always implicitly performed, seems to be often neglected, and therefore badly secured. A codemarking scheme is then proposed.

E-Mail Address francois.koeune (at)
Last Change 2011-06-09 13:57:47
To provide an update on this entry, please click .

Contact: phds (at)

[ IACR home page ] [ IACR PhDs page ] © IACR