I started working as a lecturer at the university of Surrey in September 2020, after a PhD. in Universite Clermont Auvergne (France) and a postdoc in NTU (Singapore).
University roles and responsibilities
- Year 2 personal tutor
My main research interest in the application of AI-related techniques (in particular, constraint programming and machine learning) to assist cryptanalysts. I also work on provable security for cryptographic protocols, in particular in distance bounding.
Postgraduate research supervision
I am currently co-supervising (with Liqun Chen) the PhD. of Parthi Parthipan.
- David Gérault and Pascal Lafourcade and Marine Minier and Christine Solnon 2020. Computing AES related-key differential characteristics with constraint programming. Artif. Intell., 278.
- Ling Sun and David Gérault and Wei Wang and Meiqin Wang 2020. On the Usage of Deterministic (Related-Key) Truncated Differentials and Multidimensional Linear Approximations for SPN Ciphers. IACR Trans. Symmetric Cryptol., 2020(3), p.262–287.
- David Gérault and Pascal Lafourcade and Marine Minier and Christine Solnon 2018. Revisiting AES related-key differential attacks with constraint programming. Inf. Process. Lett., 139, p.24–29.
- Siwei Sun and David Gérault and Pascal Lafourcade and Qianqian Yang and Yosuke Todo and Kexin Qiao and Lei Hu 2017. Analysis of AES, SKINNY, and Others with Constraint Programming. IACR Trans. Symmetric Cryptol., 2017(1), p.281–306.
- Gildas Avoine and Xavier Bultel and Sébastien Gambs and David Gérault and Pascal Lafourcade and Cristina Onete and Jean-Marc Robert 2017. A Terrorist-fraud Resistant and Extractor-free Anonymous Distance-bounding Protocol. In Proceedings of the 2017 ACM on Asia Conference on Computer and Communications Security, AsiaCCS 2017, Abu Dhabi, United Arab Emirates, April 2-6, 2017 (pp. 800–814). ACM.
- David Gérault and Marine Minier and Christine Solnon 2017. Using Constraint Programming to solve a Cryptanalytic Problem. In Proceedings of the Twenty-Sixth International Joint Conference on Artificial Intelligence, IJCAI 2017, Melbourne, Australia, August 19-25, 2017 (pp. 4844–4848).
- David Gérault and Marine Minier and Christine Solnon 2016. Constraint Programming Models for Chosen Key Differential Cryptanalysis. In Principles and Practice of Constraint Programming - 22nd International Conference, CP 2016, Toulouse, France, September 5-9, 2016, Proceedings (pp. 584–601). Springer.
- David Gérault and Pascal Lafourcade 2016. Related-Key Cryptanalysis of Midori. In Progress in Cryptology - INDOCRYPT 2016 - 17th International Conference on Cryptology in India, Kolkata, India, December 11-14, 2016, Proceedings (pp. 287–304).
- Xavier Bultel and Sébastien Gambs and David Gérault and Pascal Lafourcade and Cristina Onete and Jean-Marc Robert 2016. A Prover-Anonymous and Terrorist-Fraud Resistant Distance-Bounding Protocol. In Proceedings of the 9th ACM Conference on Security & Privacy in Wireless and Mobile Networks, WISEC 2016, Darmstadt, Germany, July 18-22, 2016 (pp. 121–133). ACM.
HB+ is a lightweight authentication scheme, which is secure against passive attacks if the Learning Parity with Noise Prob- lem (LPN) is hard. However, HB+ is vulnerable to a key- recovery, man-in-the-middle (MiM) attack dubbed GRS. The HB+DB protocol added a distance-bounding dimension to HB+, and was experimentally proven to resist the GRS attack. We exhibit several security flaws in HB+DB. First, we refine the GRS strategy to induce a different key-recovery MiM attack, not deterred by HB+DB's distance bounding. Second, we prove HB+DB impractical as a secure distance-bounding (DB) protocol, as its DB security-levels scale poorly compared to other DB protocols. Third, we refute that HB+DB's security against passive attackers relies on the hardness of LPN; more-over, (erroneously) requiring such hardness lowers HB+DB's efficiency and security. We also propose a new distance-bounding protocol called BLOG. It retains parts of HB+DB, yet BLOG is provably secure and enjoys better (asymptotical) security.
Whilst proximity-checking mechanisms are on the rise, proximity-based attacks other than relaying have not been studied from a practical viewpoint, not even in academia. Are the simplest proximity-based attacks, namely distance frauds, a practical danger? Can an attacker make it look like they are here and there at the same time? In this paper, we first distinguish “credible” vs. impractical distance frauds, in a quantifiable, formal manner. Second, we implement two “credible” distance frauds on off-the-shelf NFC-enabled Android phones. We present an initial evaluation focused on their feasibility.
Distance-bounding protocols were introduced in 1993 as a countermeasure to relay attacks, in which an adversary fraudulently forwards the communication between a verifier and a distant prover. In the more than 40 different protocols that followed, assumptions were taken on the structure of distance-bounding protocols and their threat models. In this paper, we survey works disrupting these assumptions, and discuss the remaining challenges.
- Ling Sun and David Gérault and Adrien Benamira and Thomas Peyrin 2020. NeuroGIFT: Using a Machine Learning Based Sat Solver for Cryptanalysis. In Cyber Security Cryptography and Machine Learning - Fourth International Symposium, CSCML 2020, Be'er Sheva, Israel, July 2-3, 2020, Proceedings (pp. 62–84). Springer.
- David Gérault and Pascal Lafourcade 2019. Towards Secure TMIS Protocols. In Foundations and Practice of Security - 12th International Symposium, FPS 2019, Toulouse, France, November 5-7, 2019, Revised Selected Papers (pp. 337–344). Springer.
- Ioana Boureanu and David Gérault and James Lewis 2019. Here and There at Once, with my Mobile Phone!. In Proceedings of the 16th International Joint Conference on e-Business and Telecommunications, ICETE 2019 - Volume 2: SECRYPT, Prague, Czech Republic, July 26-28, 2019 (pp. 478–484). SciTePress.
- David Gérault and Ioana Boureanu 2019. Distance bounding under different assumptions: opinion. In Proceedings of the 12th Conference on Security and Privacy in Wireless and Mobile Networks, WiSec 2019, Miami, Florida, USA, May 15-17, 2019 (pp. 245–248). ACM.
- Hardik Gajera and Matthieu Giraud and David Gérault and Manik Lal Das and Pascal Lafourcade 2019. Verifiable and Private Oblivious Polynomial Evaluation. In Information Security Theory and Practice - 13th IFIP WG 11.2 International Conference, WISTP 2019, Paris, France, December 11-12, 2019, Proceedings (pp. 49–65). Springer.
- David Gérault, 2018. Security analysis of contactless communication protocols. (Analyse de sécurité des protocoles de communication sans contact). (Doctoral dissertation, University of Clermont Auvergne, Clermont-Ferrand, France).
- Xavier Bultel and Manik Lal Das and Hardik Gajera and David Gérault and Matthieu Giraud and Pascal Lafourcade 2017. Verifiable Private Polynomial Evaluation. In Provable Security - 11th International Conference, ProvSec 2017, Xi'an, China, October 23-25, 2017, Proceedings (pp. 487–506). Springer.
- Ioana Boureanu and David Gérault and Pascal Lafourcade and Cristina Onete 2017. Breaking and fixing the HB+DB protocol. In Proceedings of the 10th ACM Conference on Security and Privacy in Wireless and Mobile Networks, WiSec 2017, Boston, MA, USA, July 18-20, 2017 (pp. 241–246). ACM.
- Agnes Brelurut and David Gérault and Pascal Lafourcade 2015. Survey of Distance Bounding Protocols and Threats. In Foundations and Practice of Security - 8th International Symposium, FPS 2015, Clermont-Ferrand, France, October 26-28, 2015, Revised Selected Papers (pp. 29–49). Springer.