I do research work in applied cryptography more specifically and in computer security more generally.
Currently, my main research and software project is Verifpal, and my
occupation is running a small applied cryptography consultancy called Symbolic Software. I live in Paris, France.
In 2018, I defended my Ph.D. thesis, Formal Verification for Real-World Cryptographic Protocols and Implementations, at INRIA Paris, after 3½ years of research with team PROSECCO.
Since 2018, I've been running Symbolic Software, a Paris-based applied cryptography consulting office. As its director, I manage a small team that offers security audits, cryptographic protocol design and formal verification services. Since its founding in 2018, Symbolic Software has completed and delivered over 150 software and cryptographic audits for clients all around the world.
In 2018 and 2019, I also designed and taught the computer security course at New York University's Paris campus.
I've also done other things in other places, but I'm not going to mention every single one. I've also given many talks at many conferences over the years about my work, but I'm equally uncertain that listing these talks here would be of any value to you, the visitor.
- 2020-03-29: Thoughts on “Half-Life: Alyx” and G-Man
- 2019-04-11: Selfie's Reflections on Formal Verification for TLS 1.3: Largely Opaque
- 2018-10-26: Repairing a ThinkPad with a Corrupt Thunderbolt Firmware Chip
- 2015-11-25: On Encryption and Terrorists
Verifpal— Visit Project Website
Verifpal is new software for verifying the security of cryptographic protocols. Building upon contemporary research in symbolic formal verification, Verifpal’s main aim is to appeal more to real-world practitioners, students and engineers without sacrificing comprehensive formal verification features. Verifpal is really cool!
Noise Explorer— Visit Project Website
Noise Explorer is an online engine for designing, reasoning about, formally verifying and implementing arbitrary Noise Handshake Patterns. Based on our formal treatment of the Noise Protocol Framework, Noise Explorer can validate any Noise Handshake Pattern and then translate it into a model ready for automated verification and also into a production-ready software implementation written in Go or in Rust.
DiskGem— Visit Project Website
DiskGem is software for secure file transfer over SFTP. DiskGem currently offers an easy to use, stable command-line user interface that supports parallel file transfers and other useful features. DiskGem will soon also support creating encrypted archives on the server which offer encryption of stored files as well as metadata obfuscation.
Resilience— Visit Project Website
Resilience is an ad blocker for your computer that works with any browser on any operating system. Resilience doesn't sell out your privacy with “acceptable ads”. Resilience won't be blocked by your web browser's developers. Resilience won't ever stop defending your privacy and your right to block ads on your goddamn computer.
Cryptocat— Visit Project Website
Cryptocat was kind of a big deal from around 2012 to 2015, because it was the very first easy to use, web-based end-to-end encrypted messenger. It pre-dated Signal, implemented OTR messaging (and then Signal), and had some cool features. Unfortunately it was shadowed by a history of severe security vulnerabilities (it was my first ever software project that I started at the age of 20), and ultimately was superseded by Signal as well as by end-to-end encryption in WhatsApp and other platforms. Discontinued in 2019.
Minilock— Visit Project Website
miniLock is a small, portable file encryption software. The idea behind its design is that passphrase memorized by the user, along with their email address, can act as a complete, portable basis for a persistent public key identity and provide a full substitute for other key pair models, such as having the key pair stored on disk media (the PGP approach). Discontinued in 2017.
Random other things I like include travel, video games (especially Undertale, Black Mesa, Beat Saber), operating systems (openSUSE and macOS are what I use), programming languages (I love Go, revere OCaml from a safe distance, and am cautiously appreciative of Rust, if it weren't for its incredibly noisy syntax) and computer hardware (avid Linus Tech Tips viewer).
My favorite show is Better Call Saul, and my favorite films include Lawrence of Arabia, Waltz with Bashir, Jojo Rabbit, Paprika, No Country for Old Men and Princess Mononoke. I like Nietzsche.