I’m a postdoctoral researcher at the Vrije Universiteit Brussel, at the ETRO.RDI lab.

My research interests are cryptography and privacy engineering. In particular, I research tools that support building peer-to-peer online social networks.

Publications

  • : Armed with Faster Crypto: Optimizing Elliptic Curve Cryptography for ARM Processors.

    (, , , , and )
    The final publication is available as open access at MDPI Sensors via https://dx.doi.org/10.3390/s24031030

    abstract

    Elliptic curve cryptography is a widely deployed technology for securing digital communication. It is the basis of many cryptographic primitives such as key agreement protocols, digital signatures, and zero-knowledge proofs. Fast elliptic curve cryptography relies on heavily optimised modular arithmetic operations, which are often tailored to specific micro-architectures. In this article, we study and evaluate optimisations of the popular elliptic curve Curve25519 for ARM processors. We specifically target the ARM NEON single instruction, multiple data (SIMD) architecture, which is a popular architecture for modern smartphones. We introduce a novel representation for 128-bit NEON SIMD vectors, optimised for SIMD parallelisation, to accelerate elliptic curve operations significantly. Leveraging this representation, we implement an extended twisted Edwards curve Curve25519 back-end within the popular Rust library “curve25519-dalek”. We extensively evaluate our implementation across multiple ARM devices using both cryptographic benchmarks and the benchmark suite available for the Signal protocol. Our findings demonstrate a substantial back-end speed-up of at least 20% for ARM NEON, along with a noteworthy speed improvement of at least 15% for benchmarked Signal functions.

  • : Private Electronic Road Pricing using Bulletproofs with Vector Commitments.

    (, , and )
    The final publication is published through IEEE Transactions on Dependable Computing via https://dx.doi.org/10.1109/TDSC.2023.3314867 download the

    abstract

    We present a novel approach to privacy preserving electronic road pricing (ERP) based on on-board units (OBUs) and zero-knowledge proofs (ZKPs), and without any need for tamper-proof elements. Since our approach is software-only and protocol-enforced, it can be rapidly deployed on off-the-shelve or even pre-existing hardware, such as a smartphone or the on-board computer of a car. In addition, communication complexity is only logarithmic in function of route length, such that even for short routes the communication cost of the protocol is lower than the cost of naively transmitting the clear text route. Our implementation proves the construction to be computationally practical, especially for the verifier. Since the scheme is based on ZKPs, no unnecessary information gets leaked. At the basis of the scheme lies Bulletproofs, which is modified to provide native support for Pedersen vector commitments with logarithmic impact on proof size.

  • : SHA 3 and Keccak variants computation speeds on constrained devices.

    (, , , and )
    The final publication is available via Elsevier at https://dx.doi.org/10.1016/j.future.2021.09.042 or download the

    abstract

    In 2015, the National Institute of Standards and Technology (NIST) announced Keccak as the new primitive to be used in SHA 3, not replacing but complementing SHA 2. The Keccak primitive, based on a sponge construction, has flexible parameters that can be controlled by the user to fit the needs of the application. However, the SHA 3 standard constrains and predefines the Keccak parameters to be used and thus making its use less flexible.

    In this paper we try to understand the influence of these parameters with respect to memory size and throughput, specifically for constrained devices used in the Internet of Things (IoT) where speed and efficiency is important. Apart from evaluations of the code on real devices, a mathematical model is also presented which helps predicting the performance of the Keccak primitive. We also compare the standard functions from SHA 2 with SHA 3 on different platforms. All implementations of SHA 2, SHA 3 and Keccak are purely written in Rust, since Rust guarantees safe memory manipulation whilst having the same performance as C.

    Our measurements show that for the software implementations SHA 2 is always faster than SHA 3 on all tested platforms. When only looking at the Keccak construction, Keccak-f[800] always outperforms other permutations based on Keccak- when the capacity stays below 276 bits. In addition, Keccak-f[800] has the added advantage of using less flash memory on 32-bit platforms.

  • : Circuitree: A Datalog Reasoner in Zero-Knowledge.

    (, , , , , and )
    The final publication is available as open access at IEEE Access via https://dx.doi.org/10.1109/ACCESS.2022.3153366 download the

    abstract

    Driven by the increased consciousness in data ownership and privacy, zero-knowledge proofs (ZKPs) have become a popular tool to convince a third party of the truthfulness of a statement without disclosing any further information. As ZKPs are rather complex to design, frameworks that transform high-level languages into ZKPs have been proposed. We propose Circuitree, a Datalog reasoner in zero-knowledge. Datalog is a high-level declarative logic language that is generally used for querying. Furthermore, as a logic language, it can also be used to solve logic problems. An application using Circuitree can efficiently generate ZKPs, based on Datalog rules and encrypted data, to prove that a certain conclusion follows from a Datalog ruleset and encrypted input data. Compared to existing frameworks, which generally use their own limited imperative languages, Circuitree uses an existing high-level declarative language. We point out several applications for Circuitree, including EU Digital COVID Certificates and privacy-preserving access control for peer-to-peer (p2p) networks. Circuitree’s performance is evaluated for access control in a p2p network. First results show that our approach allows for fast proofs and proof verification for this application.

  • : Glycos: the basis for a peer-to-peer, private online social network.

    (, , , and )
    The final publication is available at Springer via https://dx.doi.org/10.1007/978-3-030-16744-8_9 or download the

    abstract

    Typical Web 2.0 applications are built on abstractions, allowing developers to rapidly and securely develop new features. For decentralised applications, these abstractions are often poor or non-existent. By proposing a set of abstract but generic building blocks for the development of peer-to-peer (decentralised), private online social networks, we aim to ease the development of user-facing applications. Additionally, an abstract programming system decouples the application from the data model, allowing to alter the front-end independently from the back-end. The proposed proof-of-concept protocol is based on existing cryptographic building blocks, and its viability is assessed in terms of performance.

  • : Glycos: an extensible, resilient and private peer-to-peer online social network.

    (, , and )
    download the

    abstract

    Online privacy typically comes in two forms. At one hand, users can typically choose with whom of their connections to share information, and have plenty of social privacy controls. The so-called \textit{privacy problem} is more about institutional privacy, whereby the service provider fails to securely store users’ data, be it on purpose or not (danah boyd & Hargittai, 2010). When on purpose, these data are often mined for profit through resale of profiles; often called profiling.

    One way of giving back this institutional privacy to citizens, is by taking away the institution as a whole, by decentralising the application. Care has to be taken as not to make potential “re-centralisation” possible, as is happening to email, where a few large email server providers take up large portions of worldwide email traffic. Mailchimp, a large email marketing company, reports GMail having over 1.8 billion more email delivered than Hotmail (Khan, 2015), and online resources seem to suggest that both Microsoft and GMail are by far the world most popular email service providers (Datanyze, 2018; Lewkowicz, 2017).

    By opting for a carefully designed peer-to-peer design, the risk of this “re-centralisation” can be minimised.

    Several noteworthy efforts have been made to “re-decentralise” online social media platforms, not only academic, also commercial and community projects. These efforts often adapt underlying protocols on a per-feature basis, slowing down the development process, and often scaring off non-domain-specialist developers. This is in contrast with how web development and mobile app development works, where developers have APIs such as cookies, SQL (often with ORM), and REST. These APIs offer developers an abstract method of reasoning about their application.

    We explore a peer-to-peer, fully trustless, obfuscated graph-database model, that is only readable and efficiently traversable by legitimate users. Outsiders only learn a minimal amount of metadata, without revealing content nor structure of the graph database.

    This database model is designed as building block for development of online social media, keeping in mind mobile-friendliness, scalability, and efficiency.

Master Thesis supervision

  • Van de Velde, S. (2023). Zero-knowledge proofs for anonymous authentication mechanisms (Master Thesis). Vrije Universiteit Brussel. Belgium.
  • Peeters, D. (2023). Realtime Energy Market Datastreams from a Prosumer-Perspective: towards a prosumer-driven smart grid (Master Thesis). Vrije Universiteit Brussel. Belgium.
  • Blancquaert, R. (2022). Elliptic curve field arithmetic speed-up using SIMD instructions (Master Thesis). Vrije Universiteit Brussel. Belgium.
  • Ma, Y. (2022). Investigation of Electrical Vehicle Charging Protocols (Master Thesis). Vrije Universiteit Brussel. Belgium.
  • Michalopoulos, A. (2022). Enhancing V2G (Vehicle-to-grid) communication protocols (Master Thesis). Vrije Universiteit Brussel. Belgium.
  • Vercammen, J. E. (2022). Enabling privacy preserving derived predicates in W3C Verifiable Credentials (Master Thesis). Vrije Universiteit Brussel. Belgium.
  • Akande, M. T. (2022). Investigation of electrical vehicle charging protocols Implementation and evaluation of a proxy server based on the Open Charge Point Protocol (OCPP) (Master Thesis). Vrije Universiteit Brussel. Belgium.
  • Godden, T. (2020). Blindly enforcing access control policies on encrypted data using zero-knowledge: access control for privacy-focussed, peer-to-peer online social media applications (Master Thesis). Vrije Universiteit Brussel. Belgium.
  • Assi, G. (2020). Efficient control of secured wireless sensor and actuator networks using a Keccak sponge: an implementation for a competitive chess environment (Master Thesis). Vrije Universiteit Brussel. Belgium.
  • El Khattuti, Y. (2020). Implementation and evaluation of a Keccak-based symmetric authentication Protocol on RFID (Master Thesis). Vrije Universiteit Brussel. Belgium.
  • Contryn, A. (2019). Secure communication between IoT devices for short messages (Master Thesis). Vrije Universiteit Brussel. Belgium.

Project management and contribution

RustIEC

Currently participating in the RustIEC VLAIO TETRA project (VLAIO TETRA HBC.2021.0066). The goal of the project is to teach Flanders’ companies to be proficient in the Rust programming language. More information about the project can be found on the RustIEC project website.