[LUM#17] Ninjalab: Starry Cryptanalysis
It is a merciless war where good and evil clash with a barrage of encrypted algorithms in the battle for control of the best-kept secrets. Since 2017, Victor Lomné and Thomas Roche have chosen to put their skills to work for businesses and research by founding the startup NinjaLab. Their weapon: cryptanalysis.
Derived from the Japanese -nin- (meaning “stealthy”) and -ja- (meaning “specialist”), the word “ninja” inevitably brings to mind an agile, discreet figure tasked with slipping into any fortress while outwitting security systems. Transform that fortress into a wall of algorithms built to protect your secrets, and those warriors become… cryptanalysts! “ Cryptology is the science of secrets, ” says Victor Lomné, co-founder of NinjaLab and a specialist in microelectronics. “In this field, you have cryptographers who invent algorithms designed to protect these secrets, and cryptanalysts whose goal is to break those algorithms.”
The best defense…
You’ll find these algorithms everywhere, starting right in your pockets: credit cards, passports, smartphones… They’re what we call embedded systems. Their weakness? Vulnerability to theft. “It’s easy to steal these devices and subject them to attack techniques, so it’s imperative that they be extremely well secured, ” explains Thomas Roche, a computer scientist and the second “sensei” of the NinjaLab duo. And since the best defense is still offense, product designers turn to… cryptanalysts to test their security systems. “Our specialty is inventing new attacks. That’s our area of innovation,” says Victor Lomné. “Designers come to us for expertise they won’t find anywhere else,” adds Thomas Roche.
Winning Freedom
Heir to a French ecosystem that invented the smart card, it was in the "Hardware Security" department of the prestigious ANSSI, the French national agency for information systems security, that the pair met. After a few years in government service, Victor Lomné returned to the Laboratoire d'informatique, de robotique et de microélectronique de l'Université de Montpellier (Lirmm)* where he had completed his thesis, while Thomas Roche fell in love with the Apple brand. "Then, in 2017, the planets aligned. Thomas moved to Montpellier just as I wanted to try my hand at entrepreneurship, to gain the freedom I'd been missing at ANSSI," says Victor Lomné. NinjaLab was born and set up on the Saint-Priest campus. " We feel closer to a craftsman's workshop than a start-up, so the Lirmm environment suits us well," laughs Thomas Roche.
White Ninjas
A life as geek entrepreneurs punctuated by “dry spells and adrenaline-fueled moments, when we finally find the vulnerability.” And when clients give them the time, the two ninjas are happy to don the mantle of white hat hackers—those ethical hackers who probe the vulnerabilities of new products on the market, not to cause harm, but to warn users and developers. “We call this responsible disclosure,” explains Victor Lomné. “It’s our research activity; when we do this, our goal is also to publish.”
In 2021, NinjaLab earned its sharpest accolade by uncovering a vulnerability in Google’s Titan security key (A Side Journey to Titan). It was a great showcase for the company, which saw its order book skyrocket and took the opportunity to hire a PhD student—all without losing sight of what really matters. “Growing any further would mean more hierarchy, more red tape,” Thomas Roche points out. “As long as the formula works and we’re having fun: we’ll stay this way!” Ninja wisdom…
UM podcasts are now available on your favorite platform (Spotify, Deezer, Apple Podcasts, Amazon Music, etc.).
*Lirmm (University of Marseille, CNRS, INRIA, University of Perpignan-Vieille-Durance, University of Perpignan-Méditerranée)