An FPGA-based 4Mbps Secret Key Distillation Engine for Quantum Key Distribution Systems

A new paper, entitled “An FPGA-based 4Mbps Secret Key Distillation Engine for Quantum Key Distribution Systems” and co-authored with Jeremy Constantin, Nicholas Preyss and Andreas Burg (EPFL), Raphaël Houlmann and Hugo Zbinden (University of Geneva), Nino Walenta (Batelle) and myself has been accepted for publication in Springer’s Journal of Signal Processing Systems.

Here is its abstract:

Quantum key distribution (QKD) enables provably secure communication between two parties over an optical fiber that arguably withstands any form of attack. Besides the need for a suitable physical signalling scheme and the corresponding devices, QKD also requires a secret key distillation protocol. This protocol and the involved signal processing handle the reliable key agreement process over the fragile quantum channel, as well as the necessary post-processing of key bits to avoid leakage of secret key information to an eavesdropper. In this paper we present in detail an implementation of a key distillation engine for a QKD system based on the coherent one-way (COW) protocol. The processing of key bits by the key distillation engine includes agreement on quantum bit detections (sifting), information reconciliation with forward error correction coding, parameter estimation, and privacy amplification over an authenticated channel. We detail the system architecture combining all these processing steps, and discuss the design trade-offs for each individual system module. We also assess the performance and efficiency of our key distillation implementation in terms of throughput, error correction capabilities, and resource utilization. On a single-FPGA (Xilinx Virtex-6 LX240T) platform, the system supports distilled key rates of up to 4 Mbps.

Ciphertext-Policy Attribute-Based Broadcast Encryption with Small Keys

Co-authored with Benjamin Wesoloswki, now a Ph.D. student at EPFL, a new paper entitled Ciphertext-Policy Attribute-Based Broadcast Encryption with Small Keys has been made available on the IACR E-print archive. Here is its abstract:

Broadcasting is a very efficient way to securely transmit information to a large set of geographically scattered receivers, and in practice, it is often the case that these receivers can be grouped in sets sharing common characteristics (or attributes). We describe in this paper an efficient ciphertext-policy attribute-based broadcast encryption scheme (CP-ABBE) supporting negative attributes and able to handle access policies in conjunctive normal form (CNF). Essentially, our scheme is a combination of the Boneh-Gentry-Waters broadcast encryption and of the Lewko-Sahai-Waters revocation schemes; the former is used to express attribute-based access policies while the latter is dedicated to the revocation of individual receivers. Our scheme is the first one that involves a public key and private keys having a size that is independent of the number of receivers registered in the system. Its selective security is proven with respect to the Generalized Diffie-Hellman Exponent (GDHE) problem on bilinear groups.

About Obfuscator-LLVM, Dual-Use Tools and Academic Ethics

On November 25th, my team has announced the release for Christmas of Obfuscator-LLVM, an open-source obfuscation tool based on the LLVM compilation suite. Why Christmas? Because version 3.4 of LLVM was planned to be released on the 23rd of December, and we wished to port our code to the latest version of the compiler before publishing it.

On December 18th, I have been privately contacted by pod2g, a French security researcher active in the Apple jailbreaking scene, kindly asking me whether his team, the evad3rs, could get an early access to our tool. Without thinking too much about the possible consequences, and naively seeing it as an easy way to get some publicity  for our research project, my collaborators and I have accepted to send them the source code of Obfuscator-LLVM one week earlier than the planned release. In exchange, we only asked to be credited on their website; I would like to clearly state that we never spoke about financial compensation, or about any other kind of reward.

The evasi0n jailbreak was released on December 23rd, taking the jailbreak community by surprise, and instantly generating a controversy. Indeed, the jailbreaking software arrived bundled with a Chinese app store apparently delivering pirated apps and/or malware.

Providing a version of Obfuscator-LLVM to the evad3rs one week in advance on our planned release was a mistake, and we regret this turn of events, as our academic research project is now somehow linked to the murkier side of ITsec.

But more importantly, this controversy raises deep questions about the release of “dual-use” academic tools. Obfuscation techniques, i.e. software techniques aiming at increasing the cost of reverse-engineering, have in practice been so far used by malware writers as well as in the domain of Digital Right Management. Although there has been academic research on the subject  for more than a decade, only a handful of tools are freely available as open-source software, and few of them are able to obfuscate C/C++/Objective-C code in an effective way (Kryptonite being an example). Moreover, I am aware of only a handful of vendors selling commercial tools of this kind; those include Arxan, Whitecryption or Morpher, and their products are expensive.

With that said, is it ethical to release a tool like Obfuscator-LLVM?

Our feeling is that publishing an open-source C/C++ obfuscating tool makes sense for several reasons:

  • While it is a “dual-use” tool, I see no reason why obfuscation and software protection tools should be in a different position than, say, encryption tools, fuzzers, network scanners, exploitation frameworks or butcher knives. All of them can be used with ethical goals in mind, or with malicious intents. Even jailbreaking software can be used as much to install pirated software on an device, as by authorities for forensic purposes or pen-testers for auditing goals.
  • The fact that Obfuscator-LLVM will be open-source will make it easier to audit its code base, ensuring that it is backdoor-insertion free.
  • With an available open-source obfuscating tool, academic security researchers will  have access to a free tool when studying and designing new automated de-obfuscation engines and reverse-engineering processes aiming at helping malware analysts.
  • Code obfuscation can also bring  lesser-known security benefits for our digital ecosystem as a by-product. For instance, obfuscation brings software diversity, since an obfuscation process can typically be heavily randomized. This can be considered as a first defense against mass software attacks.

Those considerations are only preliminary. My team still plans to release Obfuscator-LLVM in the coming days. I hope that this blog post will contribute in clarifying our intentions with regard to the goals of Obfuscator-LLVM.

In the meanwhile, Merry Christmas to everybody!

Credits: thunderstorm picture from