I am a cryptographer working within CryptoExperts, a solution provider in the area of cryptography.

My research interests include cryptographic implementations, emebedded system security, elliptic curve cryptography, and white-box cryptography.

Before joining CryptoExperts in 2010, I have been a cryptography engineer at Oberthur Technologies (smart card manufacturer) and PhD student at University of Luxembourg (2006-2009) focusing on cryptographic implementations and side-channel attacks.

This webpage contains information about my publications, my PhD thesis, and some talks I have given.


Coming (Oct 10): Invited talk at Journées C2 on "Secure Computation in the Presence of Noisy Leakage"  
Coming (Sep 21): PhD defense of Dahmun Goudarzi at ENS
Currently: Program co-chair of CHES 2018 with Dan Page (co-editors-in-chief of IACR TCHES)  
Sep 03, 2018: Last issue of IACR TCHES Vol. 2018 now online  
Aug 13, 2018: Two accepted papers at ASIACRYPT: ia.cr/2017/929 and ia.cr/2018/439  
Jan 25, 2018: White paper on our white-box attack techniques (see also Junwei's talk at RWC 2018)  

I am member of the International Association for Cryptologic Research (IACR) since 2007.

I have served as a program committee member of the following events:
ASIACRYPT 2017   CHES 2017   COSADE 2017   TIs 2016   SPACE 2016   CHES 2016   EUROCRYPT 2016   COSADE 2016   GREHACK 2015   CHES 2015   COSADE 2015   CHES 2014   FDTC 2014   COSADE 2014   CARDIS 2013   CHES 2013   FDTC 2013   COSADE 2013   CARDIS 2012   CHES 2012   FDTC 2012   HOST 2012   CARDIS 2011   HOST 2011   HOST 2010  

I am currently supervising the PhD thesis of Dahmun Goudarzi (co-supervision with Damien Vergnaud) and of Junwei Wang (co-supervision with Jean-Sébastien Coron, Sihem Mesnager and Pascal Paillier)


In 2015, I have co-organized CHES 2015 with Emmanuel Prouff and Guénaël Renault.

The conference CHES (Cryptographic Hardware and Embedded System) is a prime scientific event in the area of applied cryptography with a strong focus on implementation and hardware security. It has occurred every year since 1999 in different countries (USA, France, Germany, Japan, Korea, ...) and it is has become the event with highest attendance among IACR conferences.

For the 2015 edition (13-16 Sep 2015), we chose Saint-Malo (France) as venue. The event has been supported by 32 industrial sponsors and exhibitors. It has gathered 445 registered members (a new record) from more than 30 countries, a few dozens of exhibitors, and a staff of 20 volonteer students.

See also: Les rois du cryptage à Saint-Malo (French press paper on the event)















On the Physical Security of Cryptographic Implementations

Thesis defended on September 22nd 2009 at University of Luxembourg.

PhD advisor: Jean-Sébastien Coron

PhD committee: Alex Biryukov, Jean-Sébastien Coron, Louis Goubin, Marc Joye, Franck Leprévost, François-Xavier Standaert

Abstract: In modern cryptography, an encryption system is usually studied in the so-called black-box model. In this model, the cryptosystem is seen as an oracle replying to message encryption (and/or decryption) queries according to a secret value: the key. The security of the cryptosystem is then defined following a simple game. An adversary questions the oracle about the encryption (and/or decryption) of messages of its choice and, depending on the answers, attempts to recover the value of the secret key (or to encrypt/decrypt a message for which he did not query the oracle). If by following an optimal strategy the adversary only has a negligible chance of winning, the system is considered as secure. Several cryptosystems have been proved secure in the black-box model. However, this model is not always sufficient to ensure the security of a cryptosystem in practice. Let us consider the example of smart cards which are used as platforms for cryptosystems in various applications such as banking, access control, mobile telephony, pay TV, or electronic passport. By the very nature of these applications, a cryptosystem embedded on a smart card is physically accessible to potential attackers. This physical access invalidates the modeling of the cryptosystem as a simple encryption oracle since it allows the adversary to observe and disrupt its physical behavior. New attacks then become possible which are known as physical cryptanalysis.

Physical cryptanalysis includes two main families of attacks: side channel attacks and fault attacks. The purpose of side channel attacks is to analyze the different physical leakages of a cryptographic implementation during its computation. Chief among these rank timing, power consumption, and electromagnetic radiation. Observing these so-called side channels provides sensitive information about the cryptographic computation. The secret key value can then be easily recovered by statistical treatment although the cryptosystem is secure in the black-box model. The access to a cryptographic implementation enables more than a simple observation of its physical behavior; it is also possible to disrupt its computation. Working on this assumption, fault attacks consist in corrupting cryptographic computations so that they produce erroneous results. Surprisingly, these results can be used in order to recover information about the secret key.

This thesis focuses on physical cryptanalysis as well as on the secure implementation of cryptographic primitives. We examine in the first part side channel attacks from a theoretical viewpoint. Various techniques of attack based on different statistical tools are addressed. We analyze their success rate, we compare their efficiency and we propose some improvements. Our analyses are illustrated by results of simulated attacks as well as practical attacks on smart cards. The second part of this thesis is devoted to one of the most widely used countermeasures to side channel attacks: data masking. Our investigations concentrate on generic masking schemes for block ciphers such as the encryption standards DES and AES. We analyze existing schemes, exhibiting some attacks against certain of them and we propose new designs. The third and last part of this thesis deals with fault attacks. First, we describe a new attack on the DES cipher which exhibits some requirements to its secure implementation. We then provide a case study based on the RSA cryptosystem where we propose a new countermeasure which can also be applied to secure any exponentiation algorithm. We finally address an important issue for practical security: the implementation of coherence checks.

  pdf file


Contact information

If you wish to contact me, send me an email: