Santiago Zanella Béguelin

Suggest Changes
Gilles Barthe40
Phillip Rogaway34
Mihir Bellare33
Silvio Micali27
Shafi Goldwasser26
52Gilles Barthe
31Benjamin Grégoire
20Neal Koblitz
20Cédric Fournet
19Markulf Kohlweiss

Filter Results:

Publication Year

2005
2017

Publication Type

Co-author

Publication Venue

Key Phrases

Learn More
Computer-Aided Security Proofs for the Working Cryptographer
We present an automated tool for elaborating security proofs of cryptographic systems from proof sketches—compact, formal representations of the essence of a proof as a sequence of games and hints. Proof sketches are checked automatically using off-the-shelf SMT solvers and automated theorem provers, and then compiled into verifiable proofs in the(More)
Formal Certification of Code-Based Cryptographic Proofs
As cryptographic proofs have become essentially unverifiable, cryptographers have argued in favor of developing techniques that help tame the complexity of their proofs. Game-based techniques provide a popular approach in which proofs are structured as sequences of games and in which proof steps establish the validity of transitions between successive(More)
Probabilistic Relational Reasoning for Differential Privacy
Differential privacy is a notion of confidentiality that protects the privacy of individuals while allowing useful computations on their private data. Deriving differential privacy guarantees for real programs is a difficult and error-prone task that calls for principled approaches and tool support. Approaches based on linear types and static analysis have(More)
Proving the TLS Handshake Secure (as it is)
The TLS Internet Standard features a mixed bag of cryptographic algorithms and constructions, letting clients and servers negotiate their use for each run of the handshake. Although many ciphersuites are now well-understood in isolation, their composition remains problematic, and yet it is critical to obtain practical security guarantees for TLS. We(More)
Imperfect Forward Secrecy: How Diffie-Hellman Fails in Practice
We investigate the security of Diffie-Hellman key exchange as used in popular Internet protocols and find it to be less secure than widely believed. First, we present Logjam, a novel flaw in TLS that lets a man-in-the-middle downgrade connections to "export-grade" Diffie-Hellman. To carry out this attack, we implement the number field sieve discrete log(More)
Fully automated analysis of padding-based encryption in the computational model
Computer-aided verification provides effective means of analyzing the security of cryptographic primitives. However, it has remained a challenge to achieve fully automated analyses yielding guarantees that hold against computational (rather than symbolic) attacks. This paper meets this challenge for public-key encryption schemes built from trapdoor(More)
Beyond Provable Security Verifiable IND-CCA Security of OAEP
OAEP is a widely used public-key encryption scheme based on trapdoor permutations. Its security proof has been scrutinized and amended repeatedly. Fifteen years after the introduction of OAEP, we present a machine-checked proof of its security against adaptive chosen-ciphertext attacks under the assumption that the underlying permutation is partial-domain(More)
Formal Certification of ElGamal Encryption
CertiCrypt [1] is a framework that assists the construction of machine-checked cryptographic proofs that can be automatically verified by third parties. To date, CertiCrypt has been used to prove formally the exact security of widely studied cryptographic systems, such as the OAEP padding scheme and the Full Domain Hash digital signature scheme. The purpose(More)
Computer-Aided Cryptographic Proofs
Provable security [6] is at the heart of modern cryptography. It advocates a mathematical approach in which the security of new cryptographic constructions is defined rigorously, and provably reduced to one or several assumptions, such as the hardness of a computational problem, or the existence of an ideal func-tionality. A typical provable security(More)
Verifiable Security of Boneh-Franklin Identity-Based Encryption
Identity-based encryption (IBE) allows one party to send ciphered messages to another using an arbitrary identity string as an en-cryption key. Since IBE does not require prior generation and distribution of keys, it greatly simplifies key management in public-key cryptography. Although the concept of IBE was introduced by Shamir in 1981, constructing a(More)