Ján Jančár

Education

• Currently, a PhD student at the Centre for Research on Cryptography and Security at Masaryk University, thesis on:
  Cryptographic implementations in the dark forest: Attacks, tools and impact , .
  Co-sponsored by Red Hat Research.
• Master's degree in IT Security from Faculty of Informatics at Masaryk University, thesis on:
  PYECSCA: Reverse-engineering black-box Elliptic Curve Cryptography implementations via side-channels, .
  Received the Dean's award [2020] for an outstanding final thesis.
• ERASMUS+ study mobility at Radboud University in Nijmegen and Eindhoven University of Technology, attending the TRU/e Master in Cyber Security programme.
• Bachelor's degree from Faculty of Informatics at Masaryk University in Brno, thesis on:
  Security considerations for elliptic curve domain parameters selection, .
  Received the Dean's award [2018] for an outstanding final thesis.

Experience

• Was part of the Artifact Review Committee for CHES 2021, CHES 2022, CHES 2023, EUROCRYPT 2024, NDSS 2025, CHES 2025, and NDSS 2026.
• Worked as a research intern during my Master's at the Centre for Research on Cryptography and Security on research on elliptic curve cryptography, smart-card security and side-channel attacks.
• Participated in Google Summer of Code 2017, for the full period of 3 months. Worked for the Python Software Foundation org, on the Mailman subproject. I designed and implemented a new plugin API for the Mailman 3 mailing list server. This API was then used to build a plugin that adds support for PGP encrypted mailing lists.

Publications

Minor contributions are hidden.

• ECTester: Reverse-engineering side-channel countermeasures of ECC implementations,
  Vojtech Suchanek, Jan Jancar, Jan Kvapil, Petr Svenda, Lukasz Chmielewski, CHES 2025.
  SCAREECC
• Let’s DOIT: Using Intel’s Extended HW/SW Contract for Secure Compilation of Crypto Code,
  Santiago Arranz-Olmos, Gilles Barthe, Benjamin Grégoire, Jan Jancar, Vincent Laporte, Tiago Oliveira, Peter Schwabe, CHES 2025.
  CTtiming attacks
• Revisiting the analysis of references among Common Criteria certified products,
  Adam Janovsky, Lukasz Chmielewski, Petr Svenda, Jan Jancar, Vashek Matyas, Computers & Security Journal.
  CCFIPS-140security certifications
• pyecsca: Reverse engineering black-box elliptic curve cryptography via side-channel analysis,
  Jan Jancar, Vojtech Suchanek, Petr Svenda, Vladimir Sedlacek, Lukasz Chmielewski, CHES 2024
  Received the CHES 2024 Honorable Mention and Best Artifact Award.
  SCAREECC
• Chain of trust: Unraveling the references among Common Criteria certified products,
  Adam Janovsky, Lukasz Chmielewski, Petr Svenda, Jan Jancar, Vashek Matyas, IFIP SEC 2024.
  CCFIPS-140security certifications
• sec-certs: Examining the security certification practice for better vulnerability mitigation,
  Adam Janovsky, Jan Jancar, Petr Svenda, Łukasz Chmielewski, Jiri Michalik, Vashek Matyas, Computers & Security Journal.
  CCFIPS-140security certifications
• “These results must be false”: A usability evaluation of constant-time analysis tools,
  Marcel Fourné, Daniel De Almeida Braga, Jan Jancar, Mohamed Sabt, Peter Schwabe, Gilles Barthe, Pierre-Alain Fouque, Yasemin Acar, 33rd USENIX Security Symposium 2024.
  CTtiming attacksusable security
• Optical Cryptanalysis: Recovering Cryptographic Keys from Power LED Light Fluctuations,
  Ben Nassi, Ofek Vayner, Etay Iluz, Dudi Nassi, Jan Jancar, Daniel Genkin, Eran Tromer, Boris Zadov, Yuval Elovici, 30th ACM Conference on Computer and Communications Security (CCS) 2023.
  ECCtiming attacks
• “They’re not that hard to mitigate”: What Cryptographic Library Developers Think About Timing Attacks,
  Jan Jancar, Marcel Fourné, Daniel De Almeida Braga, Mohamed Sabt, Peter Schwabe, Gilles Barthe, Pierre-Alain Fouque, Yasemin Acar, 43rd IEEE Symposium on Security and Privacy (S&P) 2022.
  CTtiming attacksusable security
• A formula for disaster: a unified approach to elliptic curve special-point-based attacks,
  Vladimir Sedlacek, Jesús-Javier Chi-Domínguez, Jan Jancar, Billy Bob Brumley, ASIACRYPT 2021.
  SCAECC
• Minerva: The curse of ECDSA nonces,
  Jan Jancar, Vladimir Sedlacek, Petr Svenda, Marek Sys, CHES 2020
  Received the CHES 2020 Best Paper Award.
  ECCtiming attacks
• Fooling primality tests on smartcards,
  Vladimir Sedlacek, Jan Jancar, Petr Svenda, ESORICS 2020.
  ECCprimality testing

Projects

• sec-certs: A project analysing the security certifications (Common Criteria and FIPS 140) landscape.
• Minerva: A group of side-channel vulnerabilities in implementations of ECDSA in programmable smart cards and cryptographic software libraries.
• ecgen: A tool for generating elliptic curve domain parameters.
• ECTester: A toolkit for testing elliptic curve cryptography implementations on the JavaCard platform and in software libraries.
• pyecsca: A toolkit for reverse engineering of black-box elliptic curve cryptography implementations using side-channel analysis.
• std: A database of standard curves used in cryptography.
• covid notifikácie: A site for timely notifications of free spots during the COVID vaccination effort in Slovakia.
• This website. Running on Flask on DigitalOcean.
• Some more-or-less working Ludum Dare game jam entries: Sphaera, Transmuto [play] and World Factory.

Logos

I like making logos.