About
184
Publications
14,154
Reads
How we measure 'reads'
A 'read' is counted each time someone views a publication summary (such as the title, abstract, and list of authors), clicks on a figure, or views or downloads the full-text. Learn more
1,509
Citations
Publications
Publications (184)
Deep attestation is a particular case of remote attestation, i.e., verifying the integrity of a platform with a remote verification server. We focus on the remote attestation of hypervisors and their hosted virtual machines (VM), for which two solutions are currently supported by ETSI. The first is single-channel attestation, requiring for each VM...
This paper describes the heuristics used by the Shadoks ¹ team for the CG:SHOP 2021 challenge. This year’s problem is to coordinate the motion of multiple robots in order to reach their targets without collisions and minimizing the makespan. It is a classical multi agent path finding problem with the specificity that the instances are highly dense...
During the last years, several card-based Zero-Knowledge Proof (ZKP) protocols for Nikoli’s puzzles have been designed. Although there are relatively simple card-based ZKP protocols for a number of puzzles, such as Sudoku and Kakuro, some puzzles face difficulties in designing simple protocols. For example, Slitherlink requires novel and elaborate...
The multi-armed bandit is a reinforcement learning model where a learning agent repeatedly chooses an action (pull a bandit arm) and the environment responds with a stochastic outcome (reward) coming from an unknown distribution associated with the chosen arm. Bandits have a wide-range of application such as Web recommendation systems. We address t...
We consider the problem of cumulative reward maximization in multi-armed bandits. We address the security concerns that occur when data and computations are outsourced to an honest-but-curious cloud i.e., that executes tasks dutifully, but tries to gain as much information as possible. We consider situations where data used in bandit algorithms is...
In 1968, Liu described the problem of securing documents in a shared secret project. In an example, at least six out of eleven participating scientists need to be present to open the lock securing the secret documents. Shamir proposed a mathematical solution to this physical problem in 1979, by designing an efficient k-out-of-n secret sharing schem...
Suguru is a paper and pencil puzzle invented by Naoki Inaba. The goal of the game is to fill a grid with numbers between 1 and 5 while respecting three simple constraints. We first prove the NP-completeness of Suguru puzzle. For this we design gadgets to encode the PLANAR-CIRCUIT-SAT in a Suguru grid. We then design a physical Zero-Knowledge Proof...
During the last years, many Physical Zero-knowledge Proof (ZKP) protocols for Nikoli’s puzzles have been designed. In this paper, we propose two ZKP protocols for the two Nikoli’s puzzles called Nurikabe and Hitori. These two puzzles have some similarities, since in their rules at least one condition requires that some cells are connected to each o...
We propose a technique to construct physical Zero-Knowledge Proof (ZKP) protocols for puzzles that require a single loop draw feature. Our approach is based on the observation that a loop has only one hole and this property remains stable by some simple transformations. Using this trick, we can transform a simple big loop, which is visible to anyon...
Over the last decade, blockchain has gained popularity and researchers, as well as companies, are investigating new fields that could be impacted by blockchain technology. Among them, accounting has been identified as a promising field, as blockchain is said to bring trust and transparency to data, as well as tamper-resistance. However, there might...
A linear Cramer-Shoup encryption scheme version was proposed by Shacham in 2007. Short Cramer-Shoup encryption scheme was designed by Abdalla et al. in 2014. This scheme is a variant of the Cramer-Shoup encryption scheme that has a smaller size. They proved that it is an IND-PCA secure encryption under DDH and the collision-resistance assumptions....
![Fig. 7.5 Sketch of the patented NXP DB Protocol [303, 553]](publication/348490758/figure/fig4/AS:1022232792944641@1620730698477/Sketch-of-the-patented-NXP-DB-Protocol-303-553_Q320.jpg)
We present the concept of relay attacks, and discuss distance-bounding schemes as the main countermeasure. We give details on relaying mechanisms, we review canonical distance-bounding protocols, as well as their threat-model (i.e., covering attacks beyond relaying) stemming from the authentication dimension in distance bounding. Advanced aspects o...
The linear stochastic multi-armed bandit is a sequential learning setting, where, at each round, a learner chooses an arm and receives a stochastic reward based on an unknown linear function of the chosen arm. The goal is to collect as much reward as possible. Linear bandits have popular applications such as online recommendation based on user pref...
Suguru is a paper and pencil puzzle invented by Naoki Inaba. The goal of the game is to fulfil a grid with numbers between 1 and 5 and to respect three simple constraints. In this paper we design a physical Zero-Knowledge Proof (ZKP) protocol for Suguru. A ZKP protocol allows a prover (P) to prove that he knows a solution of a Suguru grid to a veri...
Malware detection is a term that is often associated to Computer Science Security. The underlying main problem is called Virus detection and consists in answering the following question: Is there a program that can always decide if a program is a virus or not? On the other hand, the undecidability of some problems is an important notion in Computer...
This exploratory paper intends to drive preliminary insights on the different mental models accountants and blockchain developers have on the implementation of blockchain for accounting. Based on the question of whether blockchain applications for accounting could be revolutionary, this paper employs a ground theory methodology based on semi-struct...
MapReduce is one of the most popular distributed programming paradigms that allows processing big data sets in parallel on a cluster. MapReduce users often outsource data and computations to a public cloud, which yields inherent security concerns. In this paper, we consider the problem of matrix multiplication and one of the most efficient matrix m...
We address the security concerns that occur when outsourcing graph data and query evaluation to an honest-but-curious cloud i.e., that executes tasks dutifully, but tries to gain as much information as possible. We present \(\mathsf {GOOSE}\), a secure framework for Graph OutsOurcing and SPARQL Evaluation. \(\mathsf {GOOSE}\) relies on cryptographi...
In Conspiracy Santa, a variant of Secret Santa, a group of people offer each other Christmas gifts, where each member of the group receives a gift from the other members of the group. To that end, the members of the group form conspiracies, to decide on appropriate gifts, and usually divide the cost of each gift among all participants of that consp...
In Conspiracy Santa, a variant of Secret Santa, a group of people offer each other Christmas gifts, where each member of the group receives a gift from the other members of the group. To that end, the members of the group form conspiracies, to decide on appropriate gifts, and usually divide the cost of each gift among all participants of that consp...
A blockchain is designed to be a self-sufficient decentralised ledger: a peer verifying the validity of past transactions only needs to download the blockchain (the ledger) and nothing else. However, it might be of interest to make two different blockchains interoperable, i.e., to allow one to transmit information from one blockchain to another blo...
In 1968, Liu described the problem of securing the documents in a shared secret research project. In his example, at least six out of eleven participating scientists need to be present to open the lock securing the secret documents. Shamir proposed a mathematical solution to this physical problem in 1979, by designing the first efficient k-out-of-n...
Auctions are widely used to sell products between different users. In this paper, we present Auctionity, an English e-auction based on blockchain. We describe the different protocols used in Auctionity. We also define the security models and the associated properties. We formally prove some security properties of this protocol using ProVerif.
Telecare Medicine Information Systems (TMIS) protocols aim at authenticating a patient in a telecare context, and permitting information exchange between the patient and a distant server through a verifier. In 2019, Safkhani and Vasilakos [10] showed that several protocols of the literature were insecure, and proposed a new protocol. In this paper,...
In most systems without a centralised authority, users are free to create as many accounts as they please, without any harmful effect on the system. However, in the case of e-voting, for instance, proof of identity is crucial, as sybil identities can be used to breach the intended role of the system. We explore the conditions under which a decentra...
It is a challenging problem to delegate the computation of a polynomial on encrypted data to a server in an oblivious and verifiable way. In this paper, we formally define Verifiable and Private Oblivious Polynomial Evaluation (VPOPE) scheme. We design a scheme called Verifiable Paillier based Private Oblivious Polynomial Evaluation (VIP-POPE). Usi...
The stochastic multi-armed bandit is a classical decision making model, where an agent repeatedly chooses an action (pull a bandit arm) and the environment responds with a stochastic outcome (reward) coming from an unknown distribution associated with the chosen action. A popular objective for the agent is that of identifying the arm with the maxim...
We propose a new technique to construct physical Zero-Knowledge Proof (ZKP) protocols for games that require a single loop draw feature. This feature appears in Slitherlink, a puzzle by Nikoli. Our approach is based on the observation that a loop has only one hole and this property remains stable by some simple transformations. Using this trick, we...
Cryptanalysis aims at testing the properties of encryption processes, and this usually implies solving hard optimization problems. In this paper, we focus on related-key differential attacks for the Advanced Encryption Standard (AES), which is the encryption standard for block ciphers. To mount these attacks, cryptanalysts need to solve the optimal...
Trick-Taking Games (TTGs) are card games in which each player plays one of his cards in turn according to a given rule. The player with the highest card then wins the trick, i.e., he gets all the cards that have been played during the round. For instance, Spades is a famous TTG proposed by online casinos, where each player must play a card that fol...
This paper presents the first recursive secure multiparty computation protocol for matrix multiplication, based on Strassen-Winograd algorithm. We focus on the setting in which any given player knows only one row of both input matrices and learns the corresponding row of the resulting product matrix. Neither the player initial data, nor the interme...
Norinori is a logic game similar to Sudoku. In Norinori, a grid of cells has to be filled with either black or white cells so that the given areas contain exactly two black cells, and every black cell shares an edge with exactly one other black cell. We propose a secure interactive physical algorithm, relying only on cards, to realize a zero-knowle...
Physical cryptography provides cryptographic protocols using physical objects like cards and envelopes instead of using computers. In this paper, we introduce a new model for physical cryptography, called light cryptography. It uses transparent sheets and some properties of light and shadows. We design several secure light cryptographic protocols:...
MapReduce is one of the most popular programming paradigms that allows a user to process Big data sets. Our goal is to add privacy guarantees to the two standard algorithms of join computation for MapReduce: the cascade algorithm and the hypercube algorithm. We assume that the data is externalized in an honest-but-curious server and a user is allow...
Sanitizable signatures allow designated parties (the sanitizers) to apply arbitrary modifications to some restricted parts of signed messages. A secure scheme should not only be unforgeable, but also protect privacy and hold both the signer and the sanitizer accountable. Two important security properties that are seemingly difficult to achieve simu...
![Fig. 1. PKIX registration [11, Fig. 2].](profile/Pascal-Thoniel-2/publication/330349168/figure/fig1/AS:714447026937856@1547348853500/PKIX-registration-11-Fig-2_Q320.jpg)
![Table 1 . Timings of Tamarin's proofs of lemmas [11, Tab. 1].](profile/Pascal-Thoniel-2/publication/330349168/figure/tbl1/AS:714447026921475@1547348853637/Timings-of-Tamarins-proofs-of-lemmas-11-Tab-1_Q320.jpg)
![Fig. 2. LOCALPKI registration [11, Fig. 1].](profile/Pascal-Thoniel-2/publication/330349168/figure/fig2/AS:714447026933761@1547348853532/LOCALPKI-registration-11-Fig-1_Q320.jpg)
![Fig. 3. LOCALPKI end entity interactive authentication [11, Fig. 3].](profile/Pascal-Thoniel-2/publication/330349168/figure/fig3/AS:714447026921474@1547348853559/LOCALPKI-end-entity-interactive-authentication-11-Fig-3_Q320.jpg)
Symmetric Searchable Encryption (\(\mathrm {SSE}\)) schemes enable clients to securely outsource their data while maintaining the ability to perform keywords search over it. The security of these schemes is based on an explicit leakage profile [1], has initiated the investigation into how much information could be deduced in practice from this leak...
A public-key infrastructure (PKI) binds public keys to identities of entities. Usually, this binding is established through a process of registration and issuance of certificates by a certificate authority (CA) where the validation of the registration is performed by a registration authority. In this paper, we propose an alternative scheme, called...
![Figure 2: Two requests and responses in textbook MODBUS [25].](profile/Maxime-Puys/publication/329632543/figure/fig1/AS:704824140132353@1545054578959/Two-requests-and-responses-in-textbook-MODBUS-25_Q320.jpg)
![Figure 4: Two requests and responses in secure MODBUS [17].](profile/Maxime-Puys/publication/329632543/figure/fig3/AS:704824144297985@1545054579019/Two-requests-and-responses-in-secure-MODBUS-17_Q320.jpg)
Industrial systems are nowadays regularly the target of cyberattacks, the most famous being Stuxnet. At the same time such systems are increasingly interconnected with other systems and insecure media such as Internet. In contrast to other IT systems, industrial systems often do not only require classical properties like data confidentiality or aut...
Depuis l’avènement du bitcoin, les innovations liées à la blockchain sont en plein essor. Cet ouvrage tente d’expliquer le fonctionnement de cette technologie innovante mais aussi ses applications au travers de 50 questions comme:
- Qu’est-ce qu’une blockchain ?
- Quel est le lien entre bitcoin et blockchains ?
- Qui sont les mineurs et que font-i...
The Advanced Encryption Standard (AES) is one of the most studied symmetric encryption schemes. During the last years, several attacks have been discovered in different adversarial models. In this paper, we focus on related-key differential attacks, where the adversary may introduce differences in plaintext pairs and also in keys. We show that Cons...
When trying to prove the security of a protocol, one usually analyzes the protocol in isolation, i.e., in a network with no other protocols. But in reality, there will be many protocols operating on the same network, maybe even sharing data including keys, and an intruder may use messages of one protocol to break another. We call that a multi-proto...
Cloud storage provides an attractive solution for many organisations and enterprises due to its features such as scalability, availability and reduced costs. However, storing data in the cloud is challenging if we want to ensure data security and user privacy. To address these security issues cryptographic protocols are usually used. Such protocols...
An Unlinkable Sanitizable Signature scheme (USS) allows a sanitizer to modify some parts of a signed message in such away that nobody can link the modified signature to the original one. A Verifiable Ring Signature scheme (VRS) allows the users to sign messages anonymously within a group where a user can prove a posteriori to a verifier that it is...
In this paper we argue that decentralized virtual currencies can contribute to systemic change driven by SSE. We first show that they cumulate a number of the strengths of local currencies and SELs in their transformative power and provide solutions to some of their weaknesses, while obviously having their own limitations. Secondly, we emphasize th...
Ring signature is a well-known cryptographic primitive that allows any user who has a signing key to anonymously sign a message according to a group of users. Some years ago, Hoshino et al. propose a new kind of ring signature where anybody can transform a digital signature into an anonymous signature according to a chosen group of users; authors p...
Accountability plays a key role in dependable distributed systems. It allows to detect, isolate and churn malicious/selfish nodes that deviate from a prescribed protocol. To achieve these properties, several accountable systems use at their core cryptographic primitives that produce non-repudiable evidence of inconsistent or incorrect behavior.
In...
Delegating the computation of a polynomial to a server in a verifiable way is challenging. An even more challenging problem is ensuring that this polynomial remains hidden to clients who are able to query such a server. In this paper, we formally define the notion of Private Polynomial Evaluation (PPE). Our main contribution is to design a rigorous...
In this paper, we propose SR3 (which means secure resilient reputation-based routing), a secure and resilient algorithm for convergecast routing in wireless sensor networks. SR3 uses lightweight cryptographic primitives to achieve data confidentiality and unforgeability. Security of SR3 has been proven formally using two verification tools: CryptoV...
Search for different types of distinguishers are common tasks in symmetrickey cryptanalysis. In this work, we employ the constraint programming (CP) technique to tackle such problems. First, we show that a simple application of the CP approach proposed by Gerault et al. leads to the solution of the open problem of determining the exact lower bound...
Wireless sensor networks (WSNs) are increasingly used in environmental monitoring applications. They are designed to operate for several months by featuring low activity cycles in order to save energy. In this paper, we propose a Medium Access Control (MAC) protocol for such WSNs with very low duty-cycles of 1% and less. Nodes are activated randoml...
The MapReduce programming paradigm allows to process big data sets in parallel on a large cluster of commodity machines. The MapReduce users often outsource their data and computations to a public cloud provider. We focus on the fundamental problem of matrix multiplication, and address the inherent security and privacy concerns that occur when outs...
More and more universities are moving toward electronic exams (in short e-exams). This migration exposes exams to additional threats, which may come from the use of the information and communication technology. In this paper, we identify and define several security properties for e-exam systems. Then, we show how to use these properties in two comp...
HB⁺ is a lightweight authentication scheme, which is secure against passive attacks if the Learning Parity with Noise Problem (LPN) is hard. However, HB⁺ is vulnerable to a key-recovery, man-in-the-middle (MiM) attack dubbed GRS. The HB+DB protocol added a distance-bounding dimension to HB⁺, and was experimentally proven to resist the GRS attack.
W...
This paper deals with distributed matrix multiplication. Each player owns only one row of both matrices and wishes to learn about one distinct row of the product matrix, without revealing its input to the other players. We first improve on a weighted average protocol, in order to securely compute a dot-product with a quadratic volume of communicati...
Distance-bounding protocols have been introduced to thwart relay attacks against contactless authentication protocols. In this context, verifiers have to authenticate the credentials of untrusted provers. Unfortunately, these protocols are themselves subject to complex threats such as terrorist-fraud attacks, in which a malicious prover helps an ac...
Search for different types of distinguishers are common tasks in symmetrickey cryptanalysis. In this work, we employ the constraint programming (CP) technique to tackle such problems. First, we show that a simple application of the CP approach proposed by Gerault et al. leads to the solution of the open problem of determining the exact lower bound...