Ján Jančár

I do stuff with ECC, sometimes with smart-cards.
Now with side-channels.

Education

Currently a PhD student at the Centre for Research on Cryptography and Security at Masaryk University, focusing on constant-time cryptographic implementations and side-channels. Co-sponsored by Red Hat Research.
Master's degree in IT Security from Faculty of Informatics at Masaryk University, thesis titled PYECSCA: Reverse-engineering black-box Elliptic Curve Cryptography implementations via side-channels, [pdf].
Received the Dean's award [2020] for an outstanding final thesis.
ERASMUS+ study mobility at Radboud University in Nijmegen and Eindhoven University of Technology, attending the TRU/e Master in Cyber Security programme.
Bachelor's degree from Faculty of Informatics at Masaryk University in Brno, thesis on
Security considerations for elliptic curve domain parameters selection, [pdf].
Received the Dean's award [2018] for an outstanding final thesis.

Experience

Was part of the Artifact Review Committee for CHES 2021, CHES 2022, CHES 2023 and EUROCRYPT 2024.
Worked as a research intern during my Master's at the Centre for Research on Cryptography and Security on research on elliptic curve cryptography, smart-card security and side-channel attacks.
Participated in Google Summer of Code 2017, for the full period of 3 months. Worked for the Python Software Foundation org, on the Mailman subproject. I designed and implemented a new plugin API for the Mailman 3 mailing list server. This API was then used to build a plugin that adds support for PGP encrypted mailing lists.

Publications

Jan Jancar, Vojtech Suchanek, Petr Svenda, Vladimir Sedlacek, Lukasz Chmielewski: pyecsca: Reverse engineering black-box elliptic curve cryptography via side-channel analysis, CHES 2024.
Adam Janovsky, Lukasz Chmielewski, Petr Svenda, Jan Jancar, Vashek Matyas: Chain of trust: Unraveling the references among Common Criteria certified products, IFIP SEC 2024.
Adam Janovsky, Jan Jancar, Petr Svenda, Łukasz Chmielewski, Jiri Michalik, Vashek Matyas: sec-certs: Examining the security certification practice for better vulnerability mitigation, Computers & Security Journal.
Marcel Fourné, Daniel De Almeida Braga, Jan Jancar, Mohamed Sabt, Peter Schwabe, Gilles Barthe, Pierre-Alain Fouque, Yasemin Acar: “These results must be false”: A usability evaluation of constant-time analysis tools, 33rd USENIX Security Symposium 2024.
Jan Jancar, Marcel Fourné, Daniel De Almeida Braga, Mohamed Sabt, Peter Schwabe, Gilles Barthe, Pierre-Alain Fouque, Yasemin Acar: “They’re not that hard to mitigate”: What Cryptographic Library Developers Think About Timing Attacks, 43rd IEEE Symposium on Security and Privacy (S&P) 2022.
Vladimir Sedlacek, Jesús-Javier Chi-Domínguez, Jan Jancar, Billy Bob Brumley: A formula for disaster: a unified approach to elliptic curve special-point-based attacks, Advances in Cryptology (ASIACRYPT) 2021.
Jan Jancar, Vladimir Sedlacek, Petr Svenda, Marek Sys: Minerva: The curse of ECDSA nonces, CHES 2020
Received the CHES 2020 Best Paper Award.
Vladimir Sedlacek, Jan Jancar, Petr Svenda: Fooling primality tests on smartcards, ESORICS 2020.

Projects

sec-certs.org: A project analysing the security certifications (Common Criteria and FIPS 140) landscape.
Minerva: A group of side-channel vulnerabilities in implementations of ECDSA in programmable smart cards and cryptographic software libraries.
ecgen: A tool for generating elliptic curve domain parameters.
ECTester: A toolkit for testing elliptic curve cryptography implementations on the JavaCard platform and in software libraries.
pyecsca: A toolkit for reverse engineering of black-box elliptic curve cryptography implementations using side-channel analysis.
std: A database of standard curves.
This website. Running on Flask on ArchLinuxARM on ~~a Raspberry Pi~~ DigitalOcean.
Some more-or-less working Ludum Dare game jam entries: Sphaera, Transmuto [play] and World Factory.