Secured Implementations for Cryptography

Teaching goals

The goal of this course is to give students an idea of the complexity of implementing operational cryptographic services as well as give them good habits for implementation and methodology. Students will approach problems by starting from setting up a high level system (PKI, system architectures and product, secured API) then looking at implementation problems such as bugs and remote and local attacks. The course includes practical work on attacks on an API and its bugged implementation, verifying a PIN code and an AES DPA and DFA attack.

Course description

This course starts with the specification of systems and products (secret management, implementation, API security). It then explores implantations starting with classic vulnerabilities not related to cryptography but which present great risk in codes manipulating secrets (e.g. Heartbleed).

The vulnerabilities related to cryptography are studied :

  • first by vulnerabilities which can be exploited by a remote attacker (e.g. attacks on execution time) ;
  • then local non-invasive (e.g. DPA) ;
  • finally local (seminvasif (e.g. faults attacks).


Cryptography, implementation, vulnerabilities, side-channels.


  • Basic concepts in cryptography (integrity, confidentiality, public keys…)
  • Reading C++ and coding in C/C++ or Python. C++ prerequisites are the basics  for class use, not recent advanced concepts

Course materials

The slides, practical work and compiled and complete version of the slides are available in French and English on the course web page :


  • On the (in)security of IPsec in MAC-then-encrypt configurations, by Jean Paul Degabriele and Kenneth G. Paterson, 2010
  • Remote Timing Attacks Are Still Practical, by Billy Bob Brumley and Nicola Tuveri, 2011.
  • Hello from the Other Side: SSH over Robust Cache Covert Channels in the Cloud, by Michael Schwarz and Manuel Weber, 2017
  • Differential Power Analysis, Paul Kocher, Joshua Jaffe and Benjamin Jun, 1999.
  • Simple Key Enumeration (and Rank Estimation) Using Histograms: An Integrated Approach, by Romain Poussier, François-Xavier Standaert and Vincent Grosso, 2016.
  • Resistance against differential power analysis for elliptic curve cryptosystems, by Jean-Sébastien Coron, 1999


Benoît Gérard holds a PhD on statistical cryptanalyses. He was a  member of the UCL CryptoGroup as post-doc for almost two years working on side-channel attacks. He now works for DGA-MI and is an associate researcher at IRISA.

This site uses cookies to improve your user experience and to achieve audience statistics.
I acceptI refuseKnow more