The focus of my doctorate thesis was threefold: I developed cryptographic protocols allowing for privacy friendly technology, I studied advanced technics in reductionist security and I considered diophantine properties of values of elliptic, hypergeometric and modular functions.


Digital signatures aim at recover in silico the usual properties of the traditional in vivo signatures, namely authentication, integrity, non-repudiation of the signed document and universal verifiability of the signatures. However, unlike handwritten signatures, digital signatures can be copy-cloned and therefore authenticated confidential documents (\emph{e.g.} software certificates, contracts, dishonorable bills) can easily be disseminated. For privacy reasons, it is preferable, in many applications, that the verification of signatures be controlled or (at least) limited by the signer.

The first part of my works in asymmetric cryptography was devoted to the design of privacy-preserving authentication protocols and to the study of their security (with Fabien Laguillaumie and Pascal Paillier). The approach adopted is both theoretical and practical, since we gave the definitions and the security results in the formal framework of the reductionist security with the objective to design protocols among the most efficient known.

It is striking to observe that after more that two decades of active research on the matter, the standard-model security of discrete-log based signatures like Schnorr, ElGamal or DSA remains mysteriously unknown. Although dedicated proof techniques do exist in weakened models (\eg the random oracle model or the generic group model), none of them provides intuition about the actual security of discrete-log signatures. Even though they have withstood concerted cryptanalytic effort fairly well, we suspect that the real-life security of many of these signature schemes is actually weaker than expected. In collaboration with Pascal Paillier, we provided evidence that most discrete-log-based signatures defined over some prime-order group cannot be equivalent to extracting discrete logs in the standard model (under realistic assumptions).


Diophantine approximation

Let y2 = 4x3+g2x+g3 be the equation of an elliptic curve and let Λ be the associated period lattice. Let ω be a non zero element in Λ and η be the associated quasi-period of the Weierstra zeta function. In 1976 G.V. Chudnovsky proved that among g2, g3, ω/π and η/π, there are at least two algebraically independent numbers over Q. I made use of the classical links between elliptic, hypergeometric and modular functions to obtain quantitative diophantine results for numbers connected with elliptic curves. In particular, using the "G-function" property of hypergeometric functions in the context of the modular method of Yu. Nesterenko, I presented a measure of simultaneous approximation for g2, g3, ω/π and η/π which allows to retrieve Chudnovsky's result.


Doctorate Thesis

Approximation diophantienne et courbes elliptiques. Protocoles asymétriques d'authentification non-transférable.

Thesis pages (in french) top