Réunion

Nele Mentens -- Flexible electronic systems are moving rapidly from research labs into everyday products, from intelligent pharmaceutical packaging to wearable health-monitoring devices. Flexible electronics offer significant benefits through cost-effective fabrication techniques and mechanical adaptability. Yet, solutions for secure communication, data processing and storage are still in their infancy. This talk discusses challenges and recent advancements in the emerging field of hardware security for flexible electronics.

Chiara Galdi -- Artificial intelligence and big data systems increasingly influence decisions in areas such as security, finance, and public services. While often perceived as objective, these systems can inherit and amplify biases present in the data and in the design choices made during development. This presentation explores how bias originates in society and progressively propagates into technological systems - through human cognitive biases, data collection and labeling practices, and algorithmic design decisions. By examining different sources of bias and common fairness metrics, we discuss how unintended discrimination can emerge even in well-intentioned systems. A case study on face recognition illustrates how performance disparities across demographic groups reveal these underlying mechanisms. Ultimately, the talk highlights that achieving fairness in AI requires understanding the entire pipeline - from societal context and data generation to model design and deployment - rather than treating bias solely as a technical problem.

Pierrick Dartois (Prix de thèse) -- Fast computation of higher dimensional isogenies for cryptographic applications.

In 1995, Shor discovered an algorithm that would enable a sufficiently powerful quantum computer to attack all public-key cryptographic schemes based on discrete logarithm and prime factorisation, such as RSA and elliptic curves that are widely used today. Isogeny-based cryptography provides a quantum resistant alternative. In 2022, the Supersingular

Isogeny Diffie-Hellman (SIDH) key exchange proposed to the NIST competition came under major attacks. Far from hindering the future of isogeny-based cryptography, these attacks gave a major boost to research in this field. The ideas behind these highly effective attacks actually inspired new cryptographic schemes and improvements to existing ones that do not suffer from SIDH's security weaknesses. Leveraging these new techniques, our works contributed to improvements of Short Quaternion Isogeny Signatures (SQIsign), a digital signature scheme recently selected to the third round of the NIST competition. As a result, SQIsign became faster, safer and even more compact than it already was. Our works also contributed to the design and implementation of fast algorithms to compute isogenies in dimensions 2 and 4 that made SQIsign improvements effective, with broader cryptographic applications beyond SQIsign.

Théophile Wallez (Prix Artefact) -- A Verification Framework for Secure Group Messaging.

Messaging applications are nowadays pervasively used to communicate with each other, in particular using group conversations to connect people within a social circle. This is a potential threat for privacy, for example if the messaging application servers were to have access to the conversation content. To address this issue, modern messaging applications provide end-to-end encryption, meaning that messages are encrypted by the sender device and decrypted by the receiver device, so that their content stays hidden from the messaging application servers. Such end-to-end encryption is a feature of cryptographic protocols, whose design is notoriously error-prone. This begs the following question: are secure messaging applications actually secure? In this thesis, we develop a novel methodology to analyze the secure group messaging protocol Messaging Layer Security (MLS) by using formal methods on bit-precise specifications in the symbolic model, and ultimately helped to fix design flaws in MLS before its standardization.

The first axis of this thesis is developing tools to analyze cryptographic protocols, on bit-precise specifications. To handle the complexities exhibited by MLS, such as dynamic group size or recursive data structures, we present several key improvements to DY*, a symbolic analysis framework written in the F* proof assistant. To write bit-precise specifications of cryptographic protocols and handle their precise message formats, we introduce Comparse, a tool to specify and prove properties on message formats in F*. In the process, we study the broad class of message formatting attacks, and derive criteria cryptographic protocols should obey to avoid such attacks.

The second axis of this thesis is applying the tools we developed on MLS. We present a novel modularization of MLS to decompose it into three sub-protocols, thereby allowing us to analyze each sub-protocol independently. We then analyze and produce a machine-checked proof for two out of three sub-protocols, TreeSync and TreeKEM. Our specification for MLS is bit-precise, executable and interoperable with other MLS implementations. During our analysis, we found several design flaws and proposed fixes to the Working Group in charge of its design at the Internet Engineering Task Force (IETF), which were integrated in the MLS standard.

Pol Labarbarie -- Face anonymization aims to protect privacy by transforming facial images into realistic yet identity-obscured alternatives, ensuring both visual realism and utility for downstream computer vision tasks. For real-world applications, such as criminal investigations using CCTV footage or testimonial videos, a reversible anonymization process is essential to enable authorized re-identification of individuals. In this presentation, we discuss key challenges in achieving robust and realistic video face anonymization. We first examine the limitations of the widely used frame-by-frame paradigm, highlighting issues related to temporal inconsistency and visual artifacts. To overcome these limitations, we propose a sliding-window-based anonymization approach that enforces temporal coherence across consecutive frames. This method significantly improves the stability and realism of the generated anonymized faces. Finally, we outline the remaining challenges, including robustness to extreme poses and lighting variations, as well as maintaining coherence over long video sequences.

Lorenzo Casalino -- Artificial Intelligence (AI) has sparked an unexpected, fast-paced evolution in the services and manufacturing industries.

At the same time, the uncontrolled use of such technology has greatly expanded the existing attack surface, bringing new security, safety, and privacy issues.

Among the possible attack vectors, side-channel attacks are an emerging threat.

Through side-channel analysis techniques, a malicious user may exfiltrate information on the AI's IP, gaining a significant economic advantage over competitors or paving the way to more dangerous attacks.

In this context, the attack-related literature advances quickly: Red team can already exploit side channels to recover the full architecture of a TPU-hosted AI model, and combine side-channel information with analytical techniques to recover the whole set of parameters of an AI model.

But where is Blue Team?

With this talk, I provide a comprehensive overview of the existing methodologies to protect AI against side-channel attacks. Starting with classic countermeasures borrowed from the cryptology field, and exploring new countermeasures underpinned by AI characteristics, I show how Blue Team is defying Red Team efforts, and how it is supporting the design of trustworthy AI.

Gabriel Zaid -- Model extraction attacks pose a major threat to the confidentiality and integrity of deep neural networks, particularly in embedded systems where physical access enables additional attack vectors. This talk investigates how side-channel analysis can be leveraged to significantly enhance neural network extraction techniques beyond traditional software-only approaches. We introduce a novel paradigm for model extraction based on the subdivision of neural networks into smaller components at activation boundaries. By combining side-channel information with cryptanalytic techniques, this approach overcomes key limitations of prior methods, enabling the extraction of more complex architectures that were previously out of reach. We then analyze the impact of 8-bit quantization on extraction attacks, showing that while it can degrade the effectiveness of existing cryptanalytic methods, it does not provide sufficient protection in some context. These results demonstrate that neural network extraction in embedded contexts must be considered through both algorithmic and physical perspectives, and highlight the need for defenses that account for side-channel leakage.