Serge Vaudenay entered the École Normale Supérieure in Paris as a normalien student in 1989. In 1992, he passed the agrégation in mathematics. He completed his Ph.D. studies at the computer science laboratory of École Normale Supérieure, and defended it in 1995 at the Paris Diderot University; his advisor was Jacques Stern.[1] From 1995 to 1999, he was a senior research fellow at French National Centre for Scientific Research (CNRS). In 1999, he moved to a professorship at the École Polytechnique Fédérale de Lausanne where he leads the Laboratory of Security and Cryptography (LASEC).[2] LASEC is host to two popular security programs developed by its members:
iChair, developed by Thomas Baignères and Matthieu Finiasz, a popular on-line submission and review server used by many cryptography conferences; and,
Ophcrack, a Microsoft Windows password cracker based on rainbow tables by Philippe Oechslin.
In spring 2020, with Martin Vuagnoux he identifies also various security vulnerabilities in SwissCovid, the Swiss digital contact tracing application. The system would thus allow a third party to trace the movements of a phone using the application by means of Bluetooth sensors scattered along its path, for example in a building. Another possible attack would be to copy identifiers from the phones of people who may be ill (for example, in a hospital), and to reproduce those identifiers in order to receive notification of exposure to COVID-19 and illegitimately benefit from quarantine (thus entitling them to paid leave, a postponed examination, or other benefits). The system would also allow a third party to use a phone using the application by means of Bluetooth sensors scattered along the way.[3]
Vaudenay and his team have developed several security protocols for a number of projects and in particular to reinforce the biometric identification technology based on vein scanning developed by Lambert Sonna Momo.[4][5]
Vaudenay has published several papers related to cryptanalysis and design of block ciphers and protocols. He is one of the authors of the IDEA NXT (FOX) algorithm (together with Pascal Junod).[6] He was the inventor of the padding oracle attack on CBC mode of encryption.[7] Vaudenay also discovered a severe vulnerability in the SSL/TLS protocol; the attack he forged could lead to the interception of the password.[8] He also published a paper about biased statistical properties in the Blowfish cipher[9] and is one of the authors of the best attack on the Bluetooth cipher E0.[10] In 1997 he introduced decorrelation theory, a system for designing block ciphers to be provably secure against many cryptanalytic attacks.[11]
^Canvel, Brice; Hiltgen, Alain; Vaudenay, Serge; Vuagnoux, Martin (2003), "Password Interception in a SSL/TLS Channel", Advances in Cryptology - CRYPTO 2003(PDF), Lecture Notes in Computer Science, vol. 2729, Springer-Verlag, pp. 583–599.
^Vaudenay, Serge (1996), "On the weak keys of blowfish", Fast Software Encryption, Lecture Notes in Computer Science, vol. 1039, Springer-Verlag, pp. 27–32, doi:10.1007/3-540-60865-6_39, ISBN978-3-540-60865-3.
^Lu, Yi; Meier, Willi; Vaudenay, Serge (2005), "The Conditional Correlation Attack: A Practical Attack on Bluetooth Encryption", Advances in Cryptology – CRYPTO 2005, Lecture Notes in Computer Science, vol. 3621, Springer-Verlag, pp. 97–117, CiteSeerX10.1.1.323.9416, doi:10.1007/11535218_7, ISBN978-3-540-28114-6.