See also DBLP and Google scholar.

# Journal papers in cryptography

Simple Schnorr multi-signatures with applications to Bitcoin

Designs, Codes and Cryptography, 87(9), pp. 2139-2164 (2019)

Available files:
[Authors version]
[DOI]

Analysis of the single-permutation encrypted Davies-Meyer construction

Designs, Codes and Cryptography, 86(12), pp. 2703-2723 (2018)

Available files:
[Authors version]
[DOI]

Minimizing the Two-Round Even-Mansour Cipher

Journal of Cryptology, 31(4), pp. 1064-1119 (2018)

(Journal version of this CRYPTO 2014 paper)

Available files:
[DOI]

Reconsidering the Security Bound of AES-GCM-SIV

IACR Trans. Symmetric Cryptol. 2017(4), pp. 240-267 (2017)

Available files:
[Paper]
[FSE 2018 Slides]

New Constructions of MACs from (Tweakable) Block Ciphers

IACR Trans. Symmetric Cryptol. 2017(2), pp. 27-58 (2017)

Available files:
[Paper]
[FSE 2018 Slides]

How to Build an Ideal Cipher: The Indifferentiability of the Feistel Construction

Journal of Cryptology 29(1), pp. 61-114 (2016)

Available files:
[Authors version]
[DOI]

# Conference papers in cryptography

## 2019

Aggregate Cash Systems: A Cryptographic Investigation of Mimblewimble

Proceedings of EUROCRYPT 2019 (I), LNCS 11476, pp. 657-689

Available files:
[Full version]

## 2017

ZMAC: A Fast Tweakable Block Cipher Mode for Highly Secure Message Authentication

Proceedings of CRYPTO 2017 (III), LNCS 10403, pp. 34-65

Available files:
[Full version]

Indifferentiability of Iterated Even-Mansour Ciphers with Non-idealized Key-Schedules: Five Rounds Are Necessary and Sufficient

Proceedings of CRYPTO 2017 (III), LNCS 10403, pp. 524-555

Available files:
[Full version]

## 2016

Counter-in-Tweak: Authenticated Encryption Modes for Tweakable Block Ciphers

Proceedings of CRYPTO 2016 (I), LNCS 9814, pp. 33-63

Available files:
[Full version]
[Slides]

EWCDM: An Efficient, Beyond-Birthday Secure, Nonce-Misuse Resistant MAC

Proceedings of CRYPTO 2016 (I), LNCS 9814, pp. 121-149

Available files:
[Full version]
[Slides]

Strengthening the Known-Key Security Notion for Block Ciphers

Proceedings of FSE 2016, LNCS 9783, pp. 494-513

Available files:
[Full version]
[Slides]

## 2015

Beyond-Birthday-Bound Security for Tweakable Even-Mansour Ciphers with Linear Tweak and Key Mixing

Proceedings of ASIACRYPT 2015 (II), LNCS 9453, pp. 134-158

Available files:
[Full version]

The Iterated Random Permutation Problem with Applications to Cascade Encryption

Proceedings of CRYPTO 2015 (I), LNCS 9215, pp. 351-367

Available files:
[Full version]

Tweaking Even-Mansour Ciphers

Proceedings of CRYPTO 2015 (I), LNCS 9215, pp. 189-298

On the Provable Security of the Iterated Even-Mansour Cipher against Related-Key and Chosen-Key Attacks

Proceedings of EUROCRYPT 2015 (I), LNCS 9056, pp. 584-613

Available files:
[Full version]

Relaxing Full-Codebook Security: A Refined Analysis of Key-Length Extension Schemes

Proceedings of FSE 2015, LNCS 9054, pp. 319-341

Available files:
[Full version]
[Slides]

## 2014

Security Amplification for the Composition of Block Ciphers: Simpler Proofs and New Results

Proceedings of SAC 2014, LNCS 8781, pp. 129-146

Available files: [Full version]

Minimizing the Two-Round Even-Mansour Cipher

Proceedings of CRYPTO 2014 (I), LNCS 8616, pp. 39-56

On the Lossiness of the Rabin Trapdoor Function

Proceedings of PKC 2014, LNCS 8383, pp. 380-398

Available files:
[Full version]
[Slides]

Security Analysis of Key-Alternating Feistel Ciphers

Proceedings of FSE 2014, LNCS 8540, pp. 243-264

Available files:
[Full version]
[Slides]

## 2013

How to Construct an Ideal Cipher from a Small Set of Public Permutations

Proceedings of ASIACRYPT 2013, LNCS 8269, pp. 444-463

Available files:
[Full version]
[Slides]

Tweakable Blockciphers with Asymptotically Optimal Security

Proceedings of FSE 2013, LNCS 8424, pp. 113-151

New Constructions and Applications of Trapdoor DDH Groups

Proceedings of PKC 2013, LNCS 7778, pp. 443-460

Available files:
[Full version]
[Slides]

A Robust and Plaintext-Aware Variant of Signed ElGamal Encryption

Proceedings of CT-RSA 2013, LNCS 7779, pp. 68-83

Available files:
[Full version]

## 2012

An Asymptotically Tight Security Analysis of the Iterated Even-Mansour Cipher

Proceedings of ASIACRYPT 2012, LNCS 7658, pp. 278-295

Available files:
[Full version]

On the Exact Security of Schnorr-Type Signatures in the Random Oracle Model

Proceedings of EUROCRYPT 2012, LNCS 7237, pp. 554-571

On the Public Indifferentiability and Correlation Intractability of the 6-Round Feistel Construction

Proceedings of TCC 2012, LNCS 7194, pp. 285-302

Available files:
[Full version]
[Slides]

## 2010

A Domain Extender for the Ideal Cipher

Proceedings of TCC 2010, LNCS 5978, pp. 273-289

Available files:
[Full version]

## 2008

The Random Oracle Model and The Ideal Cipher Model are Equivalent -
Best Paper Award!

Proceedings of CRYPTO 2008, LNCS 5157, pp. 1-20

Available files:
[Full version]

Warning: the proof of Theorem 2 is flawed, see this paper. See also this journal paper.
Analysis of intermediate field systems

Proceedings of SCC 2008, pp. 110-117

Available files:
[Proceedings version]

Building Secure Block Ciphers on Generic Attacks Assumptions

Proceedings of SAC 2008, LNCS 5381, pp. 66-81

Available files:
[Proceedings version]
[Slides]

Hash Functions and RFID Tags: Mind the Gap

Proceedings of CHES 2008, LNCS 5154, pp. 283-299

Available files:
[Proceedings version]

How to Encrypt with the LPN Problem

Proceedings of ICALP 2008, LNCS 5126, pp. 679-690

Available files:
[Proceedings version]
[Slides]

Looking Back at a New Hash Function

Proceedings of ACISP 2008, LNCS 5107, pp. 239-253

Available files:
[Proceedings version]

HB

^{#}: Increasing the Security and Efficiency of HB^{+}Proceedings of EUROCRYPT 2008, LNCS 4965, pp. 361-378

Good Variants of HB

^{+}are Hard to FindProceedings of Financial Crypto 2008, LNCS 5143, pp. 156-170

Available files:
[Proceedings version]
[Slides]

## 2007

PRESENT: An Ultra-Lightweight Block Cipher

Proceedings of CHES 2007, LNCS 4727, pp. 450-466

Available files:
[Proceedings version]

Security Analysis of Constructions Combining FIL Random Oracles

Proceedings of FSE 2007, LNCS 4593, pp. 119-136

Available files:
[Proceedings version]
[Slides]

# Other publications in cryptography

A Note on the Indifferentiability of the 10-Round Feistel Construction

Unpublished note, March 2011

Available files:
[Note]

Primitives et protocoles cryptographiques à sécurité prouvée

PhD thesis, Versailles University, 2009

Available files:
[Thesis] (in french)

Warning: problems have been found in Theorem 2.4, see this paper. See also this note and this journal paper.
# Publications in quantum physics

Semiconductor Sources of Twin Photons for Quantum Information

J. Opt. B: Quantum Semiclass. Opt. 7, S158 - S165 (2005)

Nonlinear AlGaAs Waveguide for the Generation of
Counterpropagating Twin Photons in the Telecom Range

Journal of Applied Physics 98, 063103 (2005)

Available files:
[DOI]

Fast Rotation of a Bose-Einstein Condensate

Phys. Rev. Lett. 92, 050403 (2004)

# Invited talks

Efficiency and Privacy Improvements for Bitcoin with Schnorr Signatures

Available files:
[Slides]

Efficiency and Privacy Improvements for Bitcoin with Schnorr Signatures

Beyond-Birthday-Bound Secure MACs

Available files: [Slides]

Constructing Tweakable Block Ciphers in the Random Permutation Model

Available files: [Slides]

On the Provable Security of the Iterated Even-Mansour Cipher against Related-Key and Chosen-Key Attacks

ENS Crypto Seminar, April 2015

Available files: [Slides]

Les preuves de sécurité en cryptographie

University of Cergy, April 2015

Available files: [Slides] (in French)

Security Analysis of Key-Alternating Ciphers in the Even-Mansour Model

INRIA CCA Seminar, March 2015

Available files: [Slides]

Indifférentiabilité et modèles de preuve idéalisés

University of Limoges, February 2012

Available files: [Slides] (in French)

Indifferentiability and Security Proofs in Idealized Models

University of Rennes, May 2010

Available files: [Slides]

The Random Oracle Model and the Ideal Cipher Model are Equivalent

ENS Crypto Seminar, June 2008

Available files: [Slides]

# Professionnal activities

Program Committee:

Reviewer for:

Member of:

IACR (since 2007)