Guillaume Endignoux

Contact Me

About Me

I am currently a software engineer at Google. I hold an engineering degree from the Ecole Polytechnique of Palaiseau, France, as well as a master's degree from EPFL, where I specialized in information security and completed a master's thesis in cryptography.

I am interested in many aspects of software engineering (see my open-source contributions), with a strong focus on what I would call "foundations" of software and security. This has led me to work on a wide range of topics including cryptography, firmware, file formats, data compression, performance and privacy. But I also enjoy writing software higher up the stack, such as a 3D visualization of surrounding mountains with OpenGL.

I have published several research papers and given talks, notably on cryptography, file formats and privacy topics.

I am always eager to learn and teach, so don't hesitate to reach me on Twitter for any question or just to get news. You can also subscribe to my blog's RSS feed.

Featured publications   See all publications

Improving Stateless Hash-Based Signatures

Jean-Philippe Aumasson, Guillaume Endignoux

CT-RSA 2018

Paper Slides Citation

We present several optimizations to SPHINCS, a stateless hash-based signature scheme proposed by Bernstein et al. in 2015: PORS, a more secure variant of the HORS few-time signature scheme used in SPHINCS; secret key caching, to speed-up signing and reduce signature size; batch signing, to amortize signature time and reduce signature size when signing multiple messages at once; mask-less constructions to reduce the key size and simplify the scheme; and Octopus, a technique to eliminate redundancies from authentication paths in Merkle trees. Based on a refined analysis of the subset resilience problem, we show that SPHINCS' parameters can be modified to reduce the signature size while retaining a similar security level and computation time. We then propose Gravity-SPHINCS, our variant of SPHINCS embodying the aforementioned tricks. Gravity-SPHINCS has shorter keys (32 and 64 bytes instead of ≈1 KB), shorter signatures (≈30 KB instead of 41 KB), and faster signing and verification for a same security level as SPHINCS.

Caradoc: a Pragmatic Approach to PDF Parsing and Validation

Guillaume Endignoux, Olivier Levillain, Jean-Yves Migeon

Proceedings of the 37th IEEE Symposium on Security and Privacy Workshops (SPW 2016)

Paper Slides Video Citation

PDF has become a de facto standard for exchanging electronic documents, for visualization as well as for printing. However, it has also become a common delivery channel for malware, and previous work has highlighted features that lead to security issues. In our work, we focus on the structure of the format, independently from specific features. By methodically testing PDF readers against hand-crafted files, we show that the interpretation of PDF files at the structural level may cause some form of denial of service, or be ambiguous and lead to rendering inconsistencies among readers. We then propose a pragmatic solution by restricting the syntax to avoid common errors, and propose a formal grammar for it. We explain how data consistency can be validated at a finer-grained level using a dedicated type checker. Finally, we assess this approach on a set of real-world files and show that our proposals are realistic.

ORide: A Privacy-Preserving yet Accountable Ride-Hailing Service

Anh Pham, Italo Dacosta, Guillaume Endignoux, Juan Ramon Troncoso Pastoriza, Kevin Huguenin, Jean-Pierre Hubaux

USENIX Security Symposium 2017

Paper Citation

In recent years, ride-hailing services (RHSs) have become increasingly popular, serving millions of users per day. Such systems, however, raise significant privacy concerns, because service providers are able to track the precise mobility patterns of all riders and drivers. In this paper, we propose ORide (Oblivious Ride), a privacy-preserving RHS based on somewhat-homomorphic encryption with optimizations such as ciphertext packing and transformed processing. With ORide, a service provider can match riders and drivers without learning their identities or location information. ORide offers riders with fairly large anonymity sets (e.g., several thousands), even in sparsely populated areas. In addition, ORide supports key RHS features such as easy payment, reputation scores, accountability, and retrieval of lost items. Using real data-sets that consist of millions of rides, we show that the computational and network overhead introduced by ORide is acceptable. For example, ORide adds only several milliseconds to ride-hailing operations, and the extra driving distance for a driver is less than 0.5 km in more than 75% of the cases evaluated. In short, we show that a RHS can offer strong privacy guarantees to both riders and drivers while maintaining the convenience of its services.

Featured projects   See more projects