Guillaume Endignoux

Contact Me

About Me

I just finished my master at the Swiss Federal Institute of Technology in Lausanne (EPFL), with a specialization in information security and a master's thesis in cryptography. Before that, I graduated from the Ecole Polytechnique of Palaiseau, France.

I am interested in many aspects of software engineering (see my open-source contributions in various languages), including algorithms, file formats and protocols, cryptography, user interfaces or 2D/3D geometry. More recently, I focused on security and published several research papers, notably on cryptography, file formats and privacy topics.

I am always eager to learn and teach, so don't hesitate to reach me on Twitter for any question or just to get news. You can also subscribe to my blog's RSS feed.

Recent publications   See all publications

ORide: A Privacy-Preserving yet Accountable Ride-Hailing Service

Anh Pham, Italo Dacosta, Guillaume Endignoux, Juan Ramon Troncoso Pastoriza, Kevin Huguenin, Jean-Pierre Hubaux

USENIX Security Symposium 2017

Paper Citation

In recent years, ride-hailing services (RHSs) have become increasingly popular, serving millions of users per day. Such systems, however, raise significant privacy concerns, because service providers are able to track the precise mobility patterns of all riders and drivers. In this paper, we propose ORide (Oblivious Ride), a privacy-preserving RHS based on somewhat-homomorphic encryption with optimizations such as ciphertext packing and transformed processing. With ORide, a service provider can match riders and drivers without learning their identities or location information. ORide offers riders with fairly large anonymity sets (e.g., several thousands), even in sparsely populated areas. In addition, ORide supports key RHS features such as easy payment, reputation scores, accountability, and retrieval of lost items. Using real data-sets that consist of millions of rides, we show that the computational and network overhead introduced by ORide is acceptable. For example, ORide adds only several milliseconds to ride-hailing operations, and the extra driving distance for a driver is less than 0.5 km in more than 75% of the cases evaluated. In short, we show that a RHS can offer strong privacy guarantees to both riders and drivers while maintaining the convenience of its services.

Linking Online Misuse-Resistant Authenticated Encryption and Blockwise Attack Models

Guillaume Endignoux, Damian Vizár

IACR Transactions on Symmetric Cryptology, Volume 2016

Paper Slides Citation

Real-world applications of authenticated encryption often require the encryption to be computable online, e.g. to compute the ith block of ciphertext after having processed the first i blocks of plaintext. A significant line of research was dedicated to identifying security notions for online authenticated encryption schemes, that capture various security goals related to real-life scenarios. Fouque, Joux, Martinet and Valette proposed definitions of privacy and integrity against adversaries that can query their oracles in a blockwise-adaptive manner, to model memory-constrained applications. A decade later, Fleischmann, Forler and Lucks proposed the notion of online nonce misuse-resistant authenticated encryption (OAE) to capture the security of online authenticated encryption under nonce-reuse.
In this work we investigate the relation between these notions. We first recast the blockwise notions of Fouque et al. to make them compatible with online authenticated encryption schemes that support headers. We then show that OAE and the conjunction of the blockwise notions are "almost" equivalent. We identify the missing property on the side of blockwise notions, and formalize it under the name PRTAG. With PRTAG being just an auxiliary definition, the equivalence we finally show suggests that OAE and the blockwise model for online authenticated encryption capture essentially the same notion of security.

Caradoc: a Pragmatic Approach to PDF Parsing and Validation

Guillaume Endignoux, Olivier Levillain, Jean-Yves Migeon

Proceedings of the 37th IEEE Symposium on Security and Privacy Workshops (SPW 2016)

Paper Slides Video Citation

PDF has become a de facto standard for exchanging electronic documents, for visualization as well as for printing. However, it has also become a common delivery channel for malware, and previous work has highlighted features that lead to security issues. In our work, we focus on the structure of the format, independently from specific features. By methodically testing PDF readers against hand-crafted files, we show that the interpretation of PDF files at the structural level may cause some form of denial of service, or be ambiguous and lead to rendering inconsistencies among readers. We then propose a pragmatic solution by restricting the syntax to avoid common errors, and propose a formal grammar for it. We explain how data consistency can be validated at a finer-grained level using a dedicated type checker. Finally, we assess this approach on a set of real-world files and show that our proposals are realistic.

Featured projects   See more projects