Ján Jančár

Education

• Currently, a PhD student at the Centre for Research on Cryptography and Security at Masaryk University, focusing on constant-time cryptographic implementations and side-channels. Co-sponsored by Red Hat Research.
• Master's degree in IT Security from Faculty of Informatics at Masaryk University, thesis titled PYECSCA: Reverse-engineering black-box Elliptic Curve Cryptography implementations via side-channels, [pdf].
  Received the Dean's award [2020] for an outstanding final thesis.
• ERASMUS+ study mobility at Radboud University in Nijmegen and Eindhoven University of Technology, attending the TRU/e Master in Cyber Security programme.
• Bachelor's degree from Faculty of Informatics at Masaryk University in Brno, thesis on
  Security considerations for elliptic curve domain parameters selection, [pdf].
  Received the Dean's award [2018] for an outstanding final thesis.

Experience

• Was part of the Artifact Review Committee for CHES 2021, CHES 2022, CHES 2023, EUROCRYPT 2024, NDSS 2025, and CHES 2025.
• Worked as a research intern during my Master's at the Centre for Research on Cryptography and Security on research on elliptic curve cryptography, smart-card security and side-channel attacks.
• Participated in Google Summer of Code 2017, for the full period of 3 months. Worked for the Python Software Foundation org, on the Mailman subproject. I designed and implemented a new plugin API for the Mailman 3 mailing list server. This API was then used to build a plugin that adds support for PGP encrypted mailing lists.

Publications

• pyecsca: Reverse engineering black-box elliptic curve cryptography via side-channel analysis,
  Jan Jancar, Vojtech Suchanek, Petr Svenda, Vladimir Sedlacek, Lukasz Chmielewski, CHES 2024
  Received the CHES 2024 Honorable mention and Best Artifact Award.
  SCAREECC
• Chain of trust: Unraveling the references among Common Criteria certified products,
  Adam Janovsky, Lukasz Chmielewski, Petr Svenda, Jan Jancar, Vashek Matyas, IFIP SEC 2024.
  CCFIPS-140security certifications
• sec-certs: Examining the security certification practice for better vulnerability mitigation,
  Adam Janovsky, Jan Jancar, Petr Svenda, Łukasz Chmielewski, Jiri Michalik, Vashek Matyas, Computers & Security Journal.
  CCFIPS-140security certifications
• “These results must be false”: A usability evaluation of constant-time analysis tools,
  Marcel Fourné, Daniel De Almeida Braga, Jan Jancar, Mohamed Sabt, Peter Schwabe, Gilles Barthe, Pierre-Alain Fouque, Yasemin Acar, 33rd USENIX Security Symposium 2024.
  CTtiming attacksusable security
• “They’re not that hard to mitigate”: What Cryptographic Library Developers Think About Timing Attacks,
  Jan Jancar, Marcel Fourné, Daniel De Almeida Braga, Mohamed Sabt, Peter Schwabe, Gilles Barthe, Pierre-Alain Fouque, Yasemin Acar, 43rd IEEE Symposium on Security and Privacy (S&P) 2022.
• A formula for disaster: a unified approach to elliptic curve special-point-based attacks,
  Vladimir Sedlacek, Jesús-Javier Chi-Domínguez, Jan Jancar, Billy Bob Brumley, ASIACRYPT 2021.
  SCAECC
• Minerva: The curse of ECDSA nonces,
  Jan Jancar, Vladimir Sedlacek, Petr Svenda, Marek Sys, CHES 2020
  Received the CHES 2020 Best Paper Award.
  ECCtiming attacks
• Fooling primality tests on smartcards,
  Vladimir Sedlacek, Jan Jancar, Petr Svenda, ESORICS 2020.
  ECCprimality testing

Projects

• sec-certs: A project analysing the security certifications (Common Criteria and FIPS 140) landscape.
• Minerva: A group of side-channel vulnerabilities in implementations of ECDSA in programmable smart cards and cryptographic software libraries.
• ecgen: A tool for generating elliptic curve domain parameters.
• ECTester: A toolkit for testing elliptic curve cryptography implementations on the JavaCard platform and in software libraries.
• pyecsca: A toolkit for reverse engineering of black-box elliptic curve cryptography implementations using side-channel analysis.
• std: A database of standard curves used in cryptography.
• covid notifikácie: A site for timely notifications of free spots during the COVID vaccination effort in Slovakia.
• This website. Running on Flask on DigitalOcean.
• Some more-or-less working Ludum Dare game jam entries: Sphaera, Transmuto [play] and World Factory.