[LUM#17] Ninjalab, star-studded cryptanalysis
It is a merciless war where good and evil clash with encrypted algorithms to control the best-kept secrets. Since 2017, Victor Lomné and Thomas Roche have chosen to put their strengths at the service of businesses and research by creating the start-up NinjaLab. Their weapon: cryptanalysis.
From the Japanese -nin- for stealthy and -ja- for specialist, the ninja inevitably evokes an agile and discreet figure tasked with slipping into any fortress, outwitting security systems. Transform this fortress into a wall of algorithms designed to protect your secrets, and these fighters become... cryptanalysts! "Cryptology is the science of secrets, " says Victor Lomné, co-founder of NinjaLab and microelectronics specialist. "In this science, you have cryptographers who invent algorithms designed to protect these secrets, and cryptanalysts whose goal is to break these algorithms."
The best defense...
These algorithms are everywhere, starting with your pockets: bank cards, passports, smartphones... They are what we call embedded systems. Their weakness? Vulnerability to theft. "It's easy to steal these objects and subject them to attack techniques, so it's imperative that they be extremely well secured, " explains Thomas Roche, computer scientist and second sensei of the NinjaLab duo. And since the best defense is still offense, product designers call on cryptanalysts to test their security systems. "Our specialty is inventing new attacks. That's our area of innovation," says Victor Lomné. "Designers come to us for expertise they can't find anywhere else," adds Thomas Roche.
Gaining freedom
Heir to a French ecosystem that invented the smart card, it was in the "Hardware Security" department of the prestigious ANSSI, the French national agency for information systems security, that the pair met. After a few years in government service, Victor Lomné returned to the Laboratoire d'informatique, de robotique et de microélectronique de l'Université de Montpellier (Lirmm)* where he had completed his thesis, while Thomas Roche fell in love with the Apple brand. "Then, in 2017, the planets aligned. Thomas moved to Montpellier just as I wanted to try my hand at entrepreneurship, to gain the freedom I'd been missing at ANSSI," says Victor Lomné. NinjaLab was born and set up on the Saint-Priest campus. " We feel closer to a craftsman's workshop than a start-up, so the Lirmm environment suits us well," laughs Thomas Roche.
White Ninjas
A life of geek entrepreneurship punctuated by "periods of hardship and moments of adrenaline, when you finally find the flaw." And when clients give them the time, the two ninjas are happy to don the costume of white hat hackers, ethical hackers who probe the weaknesses of new products on the market, not to cause harm, but to warn users and designers. "We call this responsible disclosure," explains Victor Lomné. "It's our research activity, and when we do this, our goal is also to publish our findings."
In 2021, NinjaLab scored its biggest hit with Google by finding a vulnerability in the Titan security key (A side journey to Titan). This was a great showcase for the company, which saw its order book explode and took the opportunity to recruit a PhD student, but without losing sight of the essentials. "Growing bigger would mean more verticality, more administration," emphasizes Thomas Roche. "As long as the formula works and we're having fun, we'll stay as we are!" Ninja wisdom...
Find UM podcasts now available on your favorite platform (Spotify, Deezer, Apple Podcasts, Amazon Music, etc.).
*Lirmm (UM, CNRS, INRIA, UPVD, UPVM)