I strive to develop reliable and maintainable software, with an eye toward improving the tools of our craft. * Experience ** 2021 – present: software engineer at AdaCore ** 2014 – 2021: software engineer at Airbus CyberSecurity *** Research I took part in the [[https://paclido.fr][PACLIDO project]], a French government-funded project gathering industrial and academic partners in order to design and implement *lightweight authenticated encryption algorithms* and protocols. During the course of this project, - I implemented the reference version of Lilliput-AE, our submission to the [[https://csrc.nist.gov/projects/lightweight-cryptography][NIST Lightweight Cryptography Standardization Process]]. - I described this implementation in [[https://csrc.nist.gov/CSRC/media/Projects/Lightweight-Cryptography/documents/round-1/spec-doc/LILLIPUT-AE-spec.pdf][the algorithm's specification document]], comparing its performance to that of Ascon and ACORN, the lightweight winners of the [[https://competitions.cr.yp.to/caesar-submissions.html][CAESAR competition]]. - I extended the [[https://www.cryptolux.org/index.php/FELICS][FELICS]] benchmarking framework to support AEAD algorithms; we [[https://gitlab.inria.fr/minier/felics-ae/][published this fork]] and presented these improvements at the [[https://csrc.nist.gov/CSRC/media/Presentations/felics-ae-a-framework-to-benchmark-lightweight/images-media/session3-huynh-felics-ae.pdf][NIST LWC Workshop 2019]]. - I developed optimized software implementations for Lilliput-AE on the 16-bit MSP430 platform. *** Industrial development I helped develop a network monitoring appliance for four years among a team of roughly twenty people. My main role was *maintaining the codebase* for an in-house rule-matching engine: designing and implementing features, fixing bugs… Over the course of the project, I took part in many other activities: - I helped our project transition from manual software packaging to full-blown continuous integration, - I contributed extensively to our integration test suite, - I studied some mechanisms to improve the system's security (Secure Boot, TPMs) and helped implement others (LXC containers). - I reviewed all uses of cryptography in the system as part of our security certification process; this allowed me to get a good grasp of how filesystem encryption, VPNs, webservers, and repository authentication are configured in a free software distribution. - I supported our license team in assessing our use of free and open source software. ** 2014 (6 months): internship at Airbus CyberSecurity I extended an *Intrusion Detection System to authenticate and decrypt its ruleset using a Hardware Security Module*. This was a very informative foray into the world of cryptographic APIs, such as: - the [[https://docs.oasis-open.org/pkcs11/pkcs11-base/v2.40/os/pkcs11-base-v2.40-os.html][PKCS#11]] standard to communicate with hardware tokens, - the [[https://tools.ietf.org/html/rfc2315][PKCS#7]] format, and its successor [[https://tools.ietf.org/html/rfc5652][CMS]], to serialize encrypted and authenticated messages, - the [[https://tools.ietf.org/html/rfc5280][X.509]] standard to understand how PKIs work and how to process certificates, - the [[http://luca.ntop.org/Teaching/Appunti/asn1.html][ASN.1]] format to reverse-engineer cryptic HSM errors, such as ECDSA signatures lacking the [[https://www.cryptsoft.com/pkcs11doc/v220/group__SEC__12__3__1__EC__SIGNATURES.html][zero-padding expected in PKCS#11]], - [[https://www.openssl.org/][OpenSSL]], to setup PKIs, [[https://stackoverflow.com/a/23422301/1503371][encrypt and sign rulesets, and generate CSRs for keys stored securely on a hardware token]]. I also got to learn [[https://security.stackexchange.com/q/58131][a thing or two]] about network security. As far as software development goes, I dug into many aspects of C programming: debugging with gdb and valgrind, profiling with gperftools, the best practices for [[https://www.akkadia.org/drepper/dsohowto.pdf][shared libraries development]]… I also got a feel for Python by way of [[https://scapy.net/][Scapy]]. ** 2013 (4 months): internship at LIRIS laboratory I studied two protocols for anonymous communication: - [[https://dedis.cs.yale.edu/dissent/][Dissent]] :: "accountable anonymous group communication", - [[https://hal.inria.fr/hal-00945795][RAC]] :: "freerider-resilent, scalable, anonymous communication" ([[https://web.archive.org/web/20131018000154/http://www.temple.edu/cis/icdcs2013/data/5000a520.pdf][paper]]). The goal was to instrument Dissent's implementation to assess its performance, then to implement and benchmark RAC in order to validate the theoretical results presented in its specification. While four months proved too short for me to obtain comparable figures for both protocols, I appreciated this opportunity to dive into the guts of these secure communication protocols. Technically, I also enjoyed sharpening my knowledge of C++, the Boost framework, and working with the [[https://www.grid5000.fr/w/Grid5000:Home][Grid5000 environment]]. ** 2012 (2 months): internship at Vescape 🇩🇪 I helped this innovative startup expand its game repertoire by studying a free software game engine and adapting the gameplay to their unique use-case. This was my first deep-dive into a considerable codebase, and thus my first opportunity to practise various aspects of software development (version control, debugging) on a non-trivial C++ project. ** 2009 – 2014: school projects at INSA de Lyon Thanks to INSA's generalist syllabus, as well as [[http://gamerush.free.fr/debriefing2.html][some extra-curricular activies]], I touched on a wide array of problem domains and technologies: - drivers for segmented LCD displays on MSP430 microcontrollers, in C, - image recognition based on [[https://en.wikipedia.org/wiki/Image_moment#Rotation_invariants][Hu moment invariants]], in C, - game engines, in C++ and Java, - GUIs in Java, - webservers, in Java and Go.