Monday, March 19, 2018

OSINT on the TOR Foundation (Update)

At this date (on March 18th, 2018), we would like to make an update about The TOR Project Inc. As we shown on our paper OSINT Analysis of the TORFoundation, we worked on the funds and proved that the US government is deeply involve with arpproximatly 85% of the funds in 2015. 

But since this year, we do not have any data to study. Be searching information, we found that the Form 990 which is mandatory for every 501(c)(3) research-education nonprofit organization as The TOR Project Inc is, is not available. This form need to be released the 15th of the 5th month after the fiscal year with a possible extension of 3 month according to several sources ( for example). Even with this extension, the form 990 of the fiscal year of 2016 of The TOR Project Inc. is supposed to be due on August 15th 2017. However, we are still not able to find it. It is neither present on the website of The TOR Project Inc. unlike all others form 990 and neither on diverse sources like GuideStar ( or ProPublica (

Furthermore, by doing some complementary OSINT work, we found that Andrew Lewman was part of the CyAN (Cybersecurity and cybercrime Advisors Network) organization. Just a few reminders: first, Andrew Lewmann was the former Executive Director of The TOR Project Inc. Secondly, we had some reasons to believe that the US government has strong links with The TOR Project Inc. via Roger Dingledine who made an internship in NSA and with some presentations in front of high authorities like the White House and the FBI. 

On the CyAN website, we have found the profile of Andrew Lewman and a link to his Linkedin page. On both sources, he claims to have connections with the US government such as several intelligence agencies, NSA or the Department of Homeland Security. We do not know since when he has these connection but doubt is allowed. 

To summarize, since the beginning of The TOR Project Inc. in 2006, both of the creator (Roger Dingledine) and the Executive Director (Andrew Lewman) had connections to the US government. Andrew Lewman quit the board in 2015, such as Roger Dingledine in 2016. 

Monday, October 16, 2017

List of TOR Relays for Optimal Correlation Attack

Following our study whose preliminary results have been published here, we have obtained additional results as far as correlation attack and partial anonymity removing are concerned. People who have made feedbacks on our study were interested in the consequences of possible attacks that could be performed on the TOR network. 

We will not give data on relay bridges but as far as simple ORs are concerned, here is the list of the most sensitive ORs (preeminent weight in the three-OR circuits) that could be targeted to
  • correlate aproximatively 40 % of the traffic
  • remove anonymity of approximatively 9 % of the traffic
These ORs should have a boosted/strengthened security.

By the way, we give here the Maltego graph of the authorities with respect to the version evolution. Detailed explanation is contained in a paper recently submitted in an international conference.

Monday, September 4, 2017

Preliminary Results on TOR Routing Protocol Statistical and Combinatorial Analysis

Preliminary Results on TOR Routing Protocol Statistical and Combinatorial Analysis

In the present document, we share the preliminary results of a 4-month study about the TOR routing protocol from a statistical and combinatorial point of view. For the moment we only give the final data not the algorithms and technical/mathematical approaches (to be fair with conferences where we will present them first).

We have modeled exhaustively all possible routes while taking di fferent parameters into account with the data provided by the TOR foundation only. We have then confronted our theoretical model with the reality on the ground. To do this, we generated thousands of roads on the TOR network and compared the results obtained with those predicted by the theory. A last step of combinatorial analysis has enabled us to identify critical subsets of Onion routers (ORs). We have also managed to extract most of the relay bridges and give an initial list of nearly 2500 relays bridges.

Important notice: we do not claim to have broken TOR in any way. These results are just  preliminary results data that will be presented in two parts, each in an international security event. Right after those events, this paper will be extended to provide most of technical details, algorithms, protocols we have set up and used. From those results anyone can figure out the interest, the impact and consequences of them.

Thursday, December 22, 2016

Mathematical Backdoors in Symmetric Encryption Systems - Presentation at ForSE 2017

Arnaud Bannier and I have designed a full symmetric encryption algorithm containing an exploitable backdoor. Our paper which presents the algorithm has just been accepted for presentation at the First International Conference of FORmal Methods in Security Engineering (ForSE) 2017 in Porto, Portugal in February. Here is the abstract of our talk

The algorithm proposed in this paper is a first humble step in a long research work and we hope that it will incite research in an aera which is quite never addressed.
The solution on how to exploit this backdoor operationnally will be presented in exclusivity at the RusKrypto 2017 conference in Moscow.

Thursday, January 1, 2015

The New GOST Standard from the Russian Federation: GOST Grasshopper

The Russian Federation has recently published the project of new standard for block encryption algorithm. This is still a project which has not been formally validated and approved yet.
This algorithm called Gost - Grasshopper intends to supersede (in the future) the current GOST 28147-89 algorithm (64-bit block and 256-bit key, Feistel structure).

I have translated the text from Russian which relates to the Grasshopper algorithm and implemented this new algorithm in C language, using the test vectors sets provided in the reference document. The translation is available here while the source code (under GPLv3) is given here.

I have performed a first quick analysis of the new GOST Grasshopper algorithm and here are the first observations I have made (of course this analysis needs to be pushed on further):
  • Contrary to the GOST 28147-89 algorithm, GOST Grasshopper belongs to the SPN family (Substitution Permutation Network), an block encryption algorithm family which contains the AES (Rijndael).
  • The main features are: 128-bit blocks (plaintext, ciphertext), a 256-bit master key from which 10 128-bit subkeys are derived according to highly nonlinear process, 10 rounds. The general structure is then very common to SPN and is sketched as follows

  •  The statistical analysis of the cipher does not reveal any statistical bias and has passed all the tests (performed with NIST STS SP800-22 revision 1 and L'ecuyer & Simard's TESTU01 suite). Gost Grasshopper seems to have far better algebraic and combinatorial complexities that the existing SPN and especially than the AES (whose relatively weak algebraic complexity has been pinpointed by several cryptographers [see Harris Nover 2009 for a summary]). Further analyses have to be conducted to confirm this initial result.
Gost Grasshopper seems to be a very promising algorithm both for its speed encryption and for its high cryptogaphic security. Upon confirmation, it should be included soon in the Gostcrypt suite with the same approach and settings (variable S-Box [Substitution S in the reference document], S-Box mutation based on the user's master key, 512-byte cluster ID used as salt value). 

Have a nice day.


Saturday, September 20, 2014

Focus on my situation with EICAR

A number of authors who have submitted to the EICAR conference have recently contacted because the relevant conference website still mention me as the Scientific Director of EICAR and as the EICAR conference Program Chair. The issue is that they absolutely go no notification regarding their paper. I am sorry for that situation but I am no longer the Scientific Director nor the EICAR Conference Chair since the end of 2013. I have officially announced that in October 2013

I have held these two positions on a strict voluntary basis. This was a great experience which have provided a lot of intellectual satisfaction. I tried to increase the scientific level of the EICAR conference and had the occasion to meet nice people, authors and attendees. After six years I decided to stop because first I think that no one should occupy the same positions too longer in order to remain efficient and second I was disagreeing with the lack of real and total independence withe respect to the Antivirus vendors community. Moreover, being myself in charge of developping the sovereign antimalware products for France (called DAVFI and commercially available unde rthe brand Uhuru), staying with EICAR would have been a contradiction with my own principles.

So I am very sorry for the authors who have been misled by seeing my name as the EICAR Program Chair. I am no longer involved in this conference. For any claims, please contact this address.

Have a nice week end

E. F.

Tuesday, June 24, 2014

LibPerseus 1.4 Available

LibPerseus has been updated to version 1.4.1. The new changes are
  • Code optimization for 32 and 64 bits
  • Code portability for 32 and 64 bits
  • Better management of random number generation (used for encoder and noise generators) improved and sanitized
 The source code of the archive is available here.