## Cryptology

Digital signatures aim at recover *in silico* the usual properties of the traditional *in vivo* signatures, namely authentication, integrity, non-repudiation of the signed document and universal verifiability of the signatures. However, unlike handwritten signatures, digital signatures can be copy-cloned and therefore authenticated confidential documents (\emph{e.g.} software
certificates, contracts, dishonorable bills) can easily be disseminated. For privacy reasons, it is preferable, in many applications, that the verification of signatures be controlled or (at least) limited by the signer.

The first part of my works in asymmetric cryptography was devoted to the design of privacy-preserving authentication protocols and to the study of their security (with Fabien Laguillaumie and Pascal Paillier). The approach adopted is both theoretical and practical, since we gave the definitions and the security results in the formal framework of the reductionist security with the objective to design protocols among the most efficient known.

It is striking to observe that after more that two decades of active research on the matter, the standard-model security of discrete-log based signatures like Schnorr, ElGamal or DSA remains mysteriously unknown. Although dedicated proof techniques do exist in weakened models (\eg the random oracle model or the generic group model), none of them provides intuition about the actual security of discrete-log signatures. Even though they have withstood concerted cryptanalytic effort fairly well, we suspect that the real-life security of many of these signature schemes is actually weaker than expected. In collaboration with Pascal Paillier, we provided evidence that most discrete-log-based signatures defined over some prime-order group cannot be equivalent to extracting discrete logs in the standard model (under realistic assumptions).

top## Diophantine approximation

Let y^{2} = 4x^{3}+g_{2}x+g_{3} be the equation of an elliptic curve and let Λ be the
associated period lattice. Let ω be a non zero element in Λ and η be the associated
quasi-period of the Weierstra zeta function. In 1976 G.V. Chudnovsky proved
that among g2, g3, ω/π and η/π, there are at least two algebraically independent numbers
over Q. I made use of the classical links between elliptic, hypergeometric
and modular functions to obtain quantitative diophantine results for numbers
connected with elliptic curves. In particular, using the "G-function" property
of hypergeometric functions in the context of the modular method of Yu. Nesterenko, I presented a measure of simultaneous approximation for g2, g3, ω/π and η/π which allows to retrieve Chudnovsky's
result.