Patents by Inventor Emmanuel Prouff
Emmanuel Prouff has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Patent number: 11102012Abstract: A method for digital signing of a document using a predetermined secret key. An initial internal state is determined by application to a condensate of the document of a first white box implementation of generation of a main nonce; then a modular sum of the main nonce and of a predetermined constant. The method also determines a first internal state by application to the initial internal state of a first modular arithmetic operation, then of a modular product with exponentiation of the predetermined constant. The method then determines a second internal state by application to said condensate of a second white box implementation of generation of the main nonce; and a second modular arithmetic operation function of the first internal state, of the main signature nonce and of the secret key. It then generates a digital signature of the document from the first internal state and the second internal state.Type: GrantFiled: May 22, 2018Date of Patent: August 24, 2021Assignee: IDEMIA IDENTITY & SECURITY FRANCEInventors: Victor Servant, Emmanuel Prouff, Herve Chabanne
-
Patent number: 11003991Abstract: A method for secure learning of parameters of a convolution neural network, CNN, for data classification includes the implementation, by data processing of a first server, including receiving from a second server a base of already classified learning data, the learning data being homomorphically encrypted; learning in the encrypted domain, from the learning database, the parameters of a reference CNN including a non-linear layer (POLYNOMIAL) operating an at least two-degree polynomial function approximating an activation function; a batch normalization layer before each non-linear layer (POLYNOMIAL); and transmitting the learnt parameters to the second server, for decryption and use for classification.Type: GrantFiled: October 2, 2017Date of Patent: May 11, 2021Assignee: Idemia Identity & Security FranceInventors: Herve Chabanne, Jonathan Milgram, Constance Morel, Emmanuel Prouff
-
Patent number: 10938576Abstract: The present invention relates to a method for electronic signing of a document with a predetermined secret key (x), the method being characterized in that it comprises the implementation of steps of: (a) Drawing a pair formed by a first internal state (s1i) and a white-box implementation (WBi) of a modular arithmetic operation, from among a set of predetermined pairs ({(s1i,WBi)}i?[0,n-1]) each for one nonce (ki), said first internal state (s1i) being a function of the nonce (ki) and said modular arithmetic operation being a function of the first internal state (s1i), of the nonce (ki) and of the secret key (x); (b) Determining a second internal state (s2i) by application of said drawn white-box implementation (WBi) to a condensate of the document obtained via a given hash function; (c) Generating an electronic signature of the document from the first internal state (s1i) of the drawn pair and from the second determined internal state (s2i), and deleting the drawn pair of said set of pairs ({(s1i,WBi)}i?[0Type: GrantFiled: March 7, 2018Date of Patent: March 2, 2021Assignee: IDEMIA IDENTITY & SECURITY FRANCEInventors: Herve Chabanne, Emmanuel Prouff
-
Patent number: 10897345Abstract: A method for encrypting or decrypting a n-tuple of data ({ai}i?[[0,n-1]]) with a n-tuple of secret keys ({ki}i?[[0,n-1]]). The method uses a data-processor to perform the steps of: (a) for each element (ai), determining m>n first internal states ({yij}j?[[0,m-1]]) by application of m first operations, each: represented by a table (Tij), and defined as the combination of a single bijective internal encoding (Gij), of a non-linear sharing function (Di, Ei, Fi . . . ), and of a given non-linear permutation function (ƒ) parameterized with the secret key (ki), and (b) for each n-tuple of first internal states ({yij}i?[[0,n-1]]), determining a second internal state (zj) by application of a second operation: represented by a table (TLj), and defined as the combination of a second single bijective internal encoding (GLj), a linear multiplexing function (L), and the inverses of the first bijective internal encodings (Gij).Type: GrantFiled: January 9, 2018Date of Patent: January 19, 2021Assignee: IDEMIA IDENTITY & SECURITY FRANCEInventors: Emmanuel Prouff, Roch Olivier Lescuyer De Chaptal-Lamure, Victor Servant
-
Patent number: 10862669Abstract: The present invention relates to a method for encryption or decryption of a data block from a secret key, wherein the method comprises: generating a first round key kr dependent on the secret key, selecting each of a first mask (?br) and a second mask (?br+1) in a set consisting of a mask of bits all at one and a mask of all zero bits, calculating a first masked key kr? from the first round key kr and the first mask (?br) as follows: kr?=kr?(?br) wherein ? is an exclusive disjunction, executing a first encryption round applied to two first data dependent on the data block, by means of the first masked round key kr? so as to produce two second data, after producing the first masked key kr?, generating a second round key kr+1 dependent on the secret key, calculating a second masked key kr+1? from the second round key kr+1 and the second mask (?br+1) as follows: kr+1?=kr+1?(?br+1), calculating two third data Lrbr+1, Rrbr+1 as follows: Rrbr+1=Rrbr?(?br?1)?(?br) Lrbr+1=Lrbr?(?br?1)?(?br) and executing a seconType: GrantFiled: September 20, 2017Date of Patent: December 8, 2020Assignee: IDEMIA IDENTITY & SECURITY FRANCEInventors: Houssem Maghrebi, Guillaume Dabosville, Emmanuel Prouff
-
Patent number: 10819502Abstract: The present invention relates to a method for symmetrical encryption or decryption of a data block from a secret key (K), the method comprising steps of: permutation (100) of at least one portion of the secret key (K) by means of a first permutation table (PC1?) so as to produce initial data, execution of several iterations, an iteration comprising steps of: rotation (102) of data dependent on the initial data so as to produce shifted data, permutation (104) of the shifted data by means of a second permutation table (PC2?) so as to produce a round key, execution of a plurality of encryption rounds (200) from the data block, an encryption round (200) using one of the round keys, generation of at least one of the permutation tables (PC1?, PC2?), the generation comprising determination of at least one function (F, G) variable from one encryption or decryption to another, composition of said function (F, G) with a predetermined permutation table (PC1, PC2), application of the inverse of said function (F,Type: GrantFiled: September 26, 2017Date of Patent: October 27, 2020Assignee: IDEMIA IDENTITY & SECURITY FRANCEInventors: Houssem Maghrebi, Guillaume Dabosville, Emmanuel Prouff
-
Patent number: 10785036Abstract: The present invention relates to a method for generating an electronic signature of a document associated with a condensate obtained by a given hash function comprising performing by data-processing means (11b) of a server (10b) of steps of: (a) Receiving said condensate and a zero-knowledge proof of the fact that said condensate is indeed the result of application of said given hash function to said document; (b) Verifying that said zero-knowledge proof is valid; (c) Generating an electronic signature of the document from said condensate.Type: GrantFiled: December 6, 2017Date of Patent: September 22, 2020Assignee: IDEMIA IDENTITY & SECURITY FRANCEInventors: Julien Paul Keuffer, Herve Chabanne, Emmanuel Prouff, Olivier Clemot
-
Publication number: 20180343124Abstract: The present invention relates to a method for digital signing of a document using a predetermined secret key (x), comprising steps of: (a) determination of an initial internal state (s0) by application to a condensate of the document of a first white box implementation (WB0) of: generation of a main nonce (k); then a modular sum of the main nonce (k) and of a predetermined constant (K); (b) determination of a first internal state (s1) by application to the initial internal state (s0) of a first modular arithmetic operation, then of a modular product with exponentiation of the predetermined constant (K); (c) determination of a second internal state (s2) by application to said condensate of a second white box implementation (WBs2) of: generation of the main nonce (k); and a second modular arithmetic operation function of the first internal state (s1), of the main signature nonce (k) and of the secret key (x); (d) generation of a digital signature of the document from the first internal state (s1) and tType: ApplicationFiled: May 22, 2018Publication date: November 29, 2018Inventors: Victor SERVANT, Emmanuel PROUFF, Herve CHABANNE
-
Publication number: 20180262343Abstract: The present invention relates to a method for electronic signing of a document with a predetermined secret key (x), the method being characterized in that it comprises the implementation of steps of: (a) Drawing a pair formed by a first internal state (s1i) and a white-box implementation (WBi) of a modular arithmetic operation, from among a set of predetermined pairs ({(s1i,WBi)}i?[0,n-1]) each for one nonce (ki), said first internal state (s1i) being a function of the nonce (ki) and said modular arithmetic operation being a function of the first internal state (s1i), of the nonce (ki) and of the secret key (x); (b) Determining a second internal state (s2i) by application of said drawn white-box implementation (WBi) to a condensate of the document obtained via a given hash function; (c) Generating an electronic signature of the document from the first internal state (s1i) of the drawn pair and from the second determined internal state (s2i), and deleting the drawn pair of said set of pairs ({(s1i,WBi)}i?[0Type: ApplicationFiled: March 7, 2018Publication date: September 13, 2018Inventors: Herve CHABANNE, Emmanuel PROUFF
-
Publication number: 20180198611Abstract: The present invention relates to a method for encrypting or decrypting a n-tuple of data with a n-tuple of secret keys , the method being characterized in that it comprises data-processing means (11a) of equipment (10a) implementing steps of: (a) For each element (ai), determination of m>n first internal states by application of m first operations, each being: represented by a stored table (Tij), and defined as the combination of a single bijective internal encoding (Gij), of a non-linear splitting function (Di, Ei, Fi . . . ), and of a given non-linear permutation function (ƒ) parameterized with the secret key (ki) corresponding; (b) For each n-tuple of first internal states , determination of a second internal state (zj) by application of a second operation being: represented by a table (TLj) stored, and defined as the combination of a second single bijective internal encoding (GLj), a linear multiplexing function (L), and the inverses of said first bijective internal encodings (Gij).Type: ApplicationFiled: January 9, 2018Publication date: July 12, 2018Inventors: Emmanuel PROUFF, Roch Olivier LESCUYER DE CHAPTAL-LAMURE, Victor SERVANT
-
Publication number: 20180159689Abstract: The present invention relates to a method for generating an electronic signature of a document associated with a condensate obtained by a given hash function comprising performing by data-processing means (11b) of a server (10b) of steps of: (a) Receiving said condensate and a zero-knowledge proof of the fact that said condensate is indeed the result of application of said given hash function to said document; (b) Verifying that said zero-knowledge proof is valid; (c) Generating an electronic signature of the document from said condensate.Type: ApplicationFiled: December 6, 2017Publication date: June 7, 2018Inventors: Julien Paul KEUFFER, Herve CHABANNE, Emmanuel PROUFF, Olivier CLEMOT
-
Publication number: 20180096248Abstract: A method for secure learning of parameters of a convolution neural network, CNN, for data classification includes the implementation, by data processing of a first server, including receiving from a second server a base of already classified learning data, the learning data being homomorphically encrypted; learning in the encrypted domain, from the learning database, the parameters of a reference CNN including a non-linear layer (POLYNOMIAL) operating an at least two-degree polynomial function approximating an activation function; a batch normalization layer before each non-linear layer (POLYNOMIAL); and transmitting the learnt parameters to the second server, for decryption and use for classification.Type: ApplicationFiled: October 2, 2017Publication date: April 5, 2018Applicant: Safran Identity & SecurityInventors: Herve CHABANNE, Jonathan MILGRAM, Constance MOREL, Emmanuel PROUFF
-
Publication number: 20180091297Abstract: The present invention relates to a method for symmetrical encryption or decryption of a data block from a secret key (K), the method comprising steps of: permutation (100) of at least one portion of the secret key (K) by means of a first permutation table (PC1?) so as to produce initial data, execution of several iterations, an iteration comprising steps of: rotation (102) of data dependent on the initial data so as to produce shifted data, permutation (104) of the shifted data by means of a second permutation table (PC2?) so as to produce a round key, execution of a plurality of encryption rounds (200) from the data block, an encryption round (200) using one of the round keys, generation of at least one of the permutation tables (PC1?, PC2?), the generation comprising determination of at least one function (F, G) variable from one encryption or decryption to another, composition of said function (F, G) with a predetermined permutation table (PC1, PC2), application of the inverse of said function (F,Type: ApplicationFiled: September 26, 2017Publication date: March 29, 2018Inventors: Houssem MAGHREBI, Guillaume DABOSVILLE, Emmanuel PROUFF
-
Publication number: 20180083769Abstract: The present invention relates to a method for encryption or decryption of a data block from a secret key, wherein the method comprises: generating a first round key kr dependent on the secret key, selecting each of a first mask (?br) and a second mask (?br+1) in a set consisting of a mask of bits all at one and a mask of all zero bits, calculating a first masked key kr? from the first round key kr and the first mask (?br) as follows: k?=kr?(?br) wherein ? is an exclusive disjunction, executing a first encryption round applied to two first data dependent on the data block, by means of the first masked round key kr? so as to produce two second data, after producing the first masked key kr?, generating a second round key kr+i dependent on the secret key, calculating a second masked key kr+1? from the second round key kr+i and the second mask (?br+1) as follows: kr+1? =kr+1 ED (?br+1), calculating two third data Lrbr+1, Rrbr+1 as follows: Rrbr+1=Rrbr?(?br?1)?(?br) Lrbr+1=Lrbr?(?br?1)?(?br) and executingType: ApplicationFiled: September 20, 2017Publication date: March 22, 2018Inventors: Houssem MAGHREBI, Guillaume DABOSVILLE, Emmanuel PROUFF
-
Patent number: 9722773Abstract: A method for determining a representation of a product of a first element and a second element is disclosed comprising, picking a random value for each pair of a first integer between 1 and d and a second integer greater than the first integer, adding the random value to the product of a first value and a second value, and adding the result of the first addition and the product of the first value and the second value. Then summing, for each integer between 1 and d, a product of the first and second values associated with the integer, the random values associated with the pairs of which the first integer is the integer concerned, and the values obtained for the pairs of which the second integer is the integer concerned.Type: GrantFiled: May 26, 2011Date of Patent: August 1, 2017Assignee: OBERTHUR TECHNOLOGIESInventors: Emmanuel Prouff, Matthieu Rivain
-
Patent number: 9559838Abstract: A method of cryptographic processing of data (X), in particular a method protected against fault injection attacks, and an associated device. The processing includes at least one transformation (100, 1001-1006) of an input data item (s) into a result data item (s?). In this case the method includes a step (E204) of verifying the transformation including the following steps: obtaining (E206) a first data item (DV(s?)) that is compressed by applying a compression operation (110, MDV, ADV) to the result data item (s?); obtaining (E208) a second compressed data item (DV(s)) that is compressed by applying the compression operation (110, MDV, ADV) to the input data item (s); determining (E210) a verification data item (DV(s)?) by applying the transformation (100, 1001-1006) to the second compressed data item (DV(s)) and; comparing (E212) the verification data item and the first compressed data item.Type: GrantFiled: July 30, 2010Date of Patent: January 31, 2017Assignee: OBERTHUR TECHNOLOGIESInventors: Laurie Genelle, Christophe Giraud, Emmanuel Prouff
-
Patent number: 8805913Abstract: A method for evaluating a function of a finite field of characteristic p into itself, for an element x of the field, uses an evaluation, for the element x, of a polynomial formed by a plurality of monomials. The evaluation of the polynomial includes the following steps: determining monomials the degree of which is an integer power of the characteristic p by successive raisings of the element x to the power p; and determining monomials the degree of which is different from an integer power of the characteristic p on the basis of the determined monomials, the degree of which is an integer power of the characteristic p, and by at least one multiplication. An evaluating device is also provided.Type: GrantFiled: May 26, 2011Date of Patent: August 12, 2014Assignee: Oberthur TechnologiesInventors: Emmanuel Prouff, Matthieu Rivain
-
Patent number: 8661251Abstract: A method for creating a group signature of a message to be implemented by a member of a group in a system, the system including a trust authority, the group including at least the member provided with a secure portable electronic entity including storage elements and computing elements wherein are implanted a cryptographic algorithm. The method includes the following steps: generating via the computing elements a signature of the message using a private key common to the members of the group and integrating a data identifying the group member and a temporal data representing a temporal information of the member's membership to the group and of the date of the signature of the message, the private key common to the members of the group, the identifying data and the temporal data being stored in the storage elements.Type: GrantFiled: October 12, 2006Date of Patent: February 25, 2014Assignee: Oberthur TechnologiesInventors: Emmanuel Prouff, Jean-Bernard Fischer, Théophane Lumineau
-
Patent number: 8577025Abstract: A method of executing an algorithm includes protecting an electronic device by affine masking. The electronic device executes operations on secret variables x, the secret variables x being binary vectors of a given size N other than zero. The method further includes replacing the secret variables x using an affine masking operation, by the following affine function: m(x)=R.x+r, where R is a random invertible binary matrix with N rows and N columns and r is a random binary vector of size N.Type: GrantFiled: September 28, 2010Date of Patent: November 5, 2013Assignee: ThalesInventors: Guillaume Fumaroli, Sylvain Lachartre, Jean Martinelli, Emmanuel Prouff, Mathieu Rivain
-
Patent number: 8473751Abstract: A method for data cryptographic processing, that is implemented by an electronic entity and includes the conversion of input data (M?i?1), masked by an input mask (X), into output data, the conversion using a conversion table (S), and the method including the following steps: for at least one plurality of possible values (A) for the input mask (X), transferring the output value of the conversion table (S) corresponding to the masked input data (M?i?1) converted by the application of an unmasking operation using the possible value (A), into a table (T) at a position corresponding to a determined value (0) masked by the input mask (X) and converted by the application of an unmasking operation using the possible value (A); determining the output data using the value located in the table (T) at the position corresponding to the determined value (0).Type: GrantFiled: December 13, 2007Date of Patent: June 25, 2013Assignee: Oberthur TechnologiesInventors: Matthieu Rivain, Emmanuel Prouff