Nadim Kobeissi

Cursus

I currently run Symbolic Software, a Paris-based applied cryptography consulting office. As its director, I manage a small team that offers security audits, cryptographic protocol design and formal verification services. Therefore the main focus of my professional work currently is auditing cryptography and also developing Verifpal, an automated cryptographic protocol modeling, analysis and verification framework and a project that I am very passionate about.

Since its founding in 2018, Symbolic Software has completed and delivered over 200 software and cryptographic audits for clients all around the world.

In 2018, I defended my Ph.D. thesis, Formal Verification for Real-World Cryptographic Protocols and Implementations, at Inria Paris, after 3½ years of research with team PROSECCO, where I had the inimitable privilege of studying under Karthikeyan Bhargavan and Bruno Blanchet.

In 2018 and 2019, I also designed and taught the computer security course at New York University's Paris campus, where I served as an adjunct professor.

Academic Publications, Talks and Media

My full list of academic publications is available on Google Scholar. I also have some videos of my conference talks over at my YouTube channel. I also sometimes write things or appear in the media to comment on matters relating to security and privacy.

Blog Posts

2020-05-27: Why StopCOVID Fails as a Privacy-Preserving Design
2020-04-25: iPhone SE and the Commodification of the Pocket Computer
2020-04-17: An Investigation Into PEPP-PT
2020-03-29: Thoughts on 'Half-Life: Alyx' and G-Man
2019-04-11: Selfie's Reflections on Formal Verification for TLS 1.3: Largely Opaque
2018-10-26: Repairing a ThinkPad with a Corrupt Thunderbolt Firmware Chip
2015-11-25: On Encryption and Terrorists

RSS feed

Software Projects

Verifpal — Website • Code

Verifpal is new software for verifying the security of cryptographic protocols. Building upon contemporary research in symbolic formal verification, Verifpal’s main aim is to appeal more to real-world practitioners, students and engineers without sacrificing comprehensive formal verification features. Verifpal is really cool!

Kyber-K2SO — Code

Kyber-K2SO is a clean implementation of the Kyber IND-CCA2-secure key encapsulation mechanism (KEM), whose security is based on the hardness of solving the learning-with-errors (LWE) problem over module lattices. Kyber is one of the candidate algorithms submitted to the NIST post-quantum cryptography project.

Noise Explorer — Website • Code

Noise Explorer is an online engine for designing, reasoning about, formally verifying and implementing arbitrary Noise Handshake Patterns. Based on our formal treatment of the Noise Protocol Framework, Noise Explorer can validate any Noise Handshake Pattern and then translate it into a model ready for automated verification and also into a production-ready software implementation written in Go or in Rust.

FormatForest — Website • Code

FormatForest is a simple and elegant blogging engine written in Go. It was originally developed as a personal project to run my own blog, but has now been rendered open source. Simplicity and elegance in the FormatForest design and functionality allow you to focus on growing your writing and personal web presence. Complete Markdown support allows you to draft posts quickly and without fuss. Secure sync over rsync allows you to publish your website quickly from your local machine.

DiskGem — Website • Code

DiskGem is software for secure file transfer over SFTP. DiskGem currently offers an easy to use, stable command-line user interface that supports parallel file transfers and other useful features. DiskGem will soon also support creating encrypted archives on the server which offer encryption of stored files as well as metadata obfuscation.

Other Interests

Check out this gallery of my favorite paintings. I'm also a hobbyist photographer, and I like prog rock.

I greatly enjoy traveling alone around the world. I'm an appreciator of good video games (especially Final Fantasy VII Remake, Undertale, Black Mesa, Beat Saber), operating systems (openSUSE and macOS are what I use), programming languages (I love Go, revere OCaml from a safe distance, and am cautiously appreciative of Rust, if it weren't for its incredibly noisy syntax) and computer hardware (avid Linus Tech Tips viewer).

My favorite show is Better Call Saul, and my favorite films include Rocky, Lawrence of Arabia, Waltz with Bashir, Jojo Rabbit, Paprika, No Country for Old Men and Princess Mononoke. I like Nietzsche.