The development of a cryptographic product, from a protocol on a whiteboard to an industrial grade implementation, is a long and complex process. Our experts will help you avoid common (and less common) pitfalls at any stage of the development.
Give us the instruction set of your microcontroller and we do the rest.
We have more than 16 years of experience in developing and delivering cycle-accurate optimized cryptographic libraries. Our software can be declined on a variety of hardware platforms and support standard and advanced cryptographic algorithms.
Don't give bad randomness a chance.
Any cryptographic algorithm requires randomness at some point. And it's better be good! Even the most advanced cryptosystem will eventually fail if associated with a bad TRNG or PRNG, putting at risk the full stack of security measures you carefully crafted. Hopefully, we've got you covered.
Security by design is not an abstract concept.
Beware of alleged "military grade secure" products. It is one thing to use AES-256 or RSA-4096, using it correctly is a different kettle of fish.
We can help you build innovative products that require any standard or advanced cryptographic tools, such as elliptic curves, identity-based encryption, anonymous signatures, e-cash, DRM, Pay-TV and many others.
« Certification Sécuritaire de Premier Niveau »
The French information security agency (ANSSI) developed the CSPN certification as a lightweight alternative to CC certifications. If CC/EMVco certification is too long or too expensive for your product, CSPN might be just what you are looking for.
Opening the way to mid-term cryptography revolutions.
ISO/IEC SC 27 is the arena where international crypto standards are conceived. We work within ISO for a world that offers better security and better privacy to the global industry, gov-related institutions and above all, to users.
Related research projects
How (in)secure are mobile phones?
The main goal of the Tisphanie project is to propose a systematic and structured methodology, together with the related tools and evaluation process enabling the concerned users (MNOs, application developers, police laboratories, civil security operators) to efficiently assess the security of all major components embedded in personal devices (mobile handsets, PDAs, netbooks, PMR terminals) for critical or value-added applications.
Verifying side-channel countermeasures with automatic tools.
Cryptographic implementations are often vulnerable to side-channel attacks, which exploit the physical emanations of the underlying component to retrieve the manipulated secrets. They are very powerful and easy to implement. The most widely used countermeasure today is masking, which aims to randomize the manipulated data. The VERISICC project aims to build new methods to automatically verify and generate proven masked cryptographic implementations. VERISICC relies on the multidisciplinarity of its consortium, ranging from researchers specializing in formal methods and side-channel attacks (INRIA, University of Luxembourg) to end-users (IDEMIA), to design innovative software tools with the support of SMEs (CryptoExperts and NinjaLab). These tools will allow on the one hand industrial people to develop safe and effective protected implementations by reaching a high level of certification and on the other hand to certification bodies (represented in the consortium by ANSSI) to quickly and accurately verify the implementations submitted to an evaluation. In particular, the project will focus on the evaluation of existing techniques, the choice of more efficient techniques, and the design of tools dedicated to equipment actually used on the market.
Cryptographic Algorithms and Protocols Analysis
Are you aware of all the latest cryptography advances? We certainly are. And we put our expertise at your service to evaluate any cryptographic algorithm or protocol your engineers chose to include in your product. Does it require one of those new lightweight block ciphers? Or perhaps, a lightning fast signature algorithm? You name it.
We extract a cryptographic model from the specifications of the applicative architecture and identify the threat model that best captures your security expectations. Based on the latest advances of cryptanalysis techniques and/or using security proving, we then provide a quantitative security level assessment (aka. number of bits of security) as to how well the security solution effectively resists the identified security threats.
We provide a quantitative security level assessment
Cryptographic algorithms and protocols are the heart of your security product, so you should choose them wisely. We can help you make the right choice, confirm that you did, or suggest (tailor-made) alternatives.
Source Code Review
Writing code is hard. Writing secure code is even harder. Writing secure cryptographic code is an art. Our experts can help you review your code to make sure it is bullet proof. Whether it is high level Java code for your Android app, Swift or Objective-C code for your iOS app, Python, C, or assembly code on dedicated hardware, we can help.
We do not restrict to bug finding. We provide recommendation concerning the architecture, APIs and style. We let you know whether the implementation really conforms to the security requirements you aim for.
Are you compliant with the SEI CERT Coding Standards? Want to find out? Contact us now!
Side Channel Analysis
Given the low-level specifications and/or software code, we let you know whether the implementation really conforms to the identified security requirements or not. Security-related or cryptographic code often leaves the door open to a number of practical attacks that are hardly taken into account at the specification level (timing attacks, physical attacks enabling key recovery such as side channels and fault injection, security-impacting bugs, internal trapdoors and kleptographic hacks).
Find out whether your security product, application or architecture is worth your investments.