Daniel De Almeida Braga

PhD Student at University of Rennes 1, CNRS, IRISA


Bat. 12, Office F407

IRISA, Rennes (France)

I started my PhD in October 2019, under the supervision of Pierre-Alain FOUQUE and Mohamed SABT in the SPICY team (former EMSEC) at IRISA in Rennes.

My research focuses on vulnerabilities in cryptographic implementations, which can be related to the core protocol (if there is an issue in the specification) or implementation specific (side channel, or any information leak). The goal of my PhD is to outline the practicability of such vulnerabilities by implementing attacks in a real world scenario.

Before starting my PhD, I graduated from Rennes 1’s Cryptography Master in 2018, where I acquired the mathematical background needed to understand the underlying mechanisms of cryptography. Then, I worked one year at Amossys (Rennes) as a Security Analyst (mostly crypto related software), which allowed me to get my hands on some real world crypto implementations and pushed me to enlarge my CS knowledge and develop more practical skills.


Nov 5, 2021 I participated to REDOCS 2021: “Risques des objets connectés sur la vie privée” avec la CNIL
Feb 16, 2021 Our patch of OpenSSL’s implementation of SRP is part of the major changes between OpenSSL 1.1.1i and 1.1.1j (changelog).
Dec 15, 2020 GlobalPlatform issues an amendment to SCP10 following our disclosure of a vulnerability in SCP10.
Nov 8, 2020 Our attack on Dragonfly (WPA3) implementations got the second place at CSAW Applied Research Competition (Europe).


Mar 1, 2021 ProtonMail Security Contributor following the disclosure of our PARASITE attack.
Nov 8, 2020 Second place at CSAW Applied Research competition (Europe) 2020

selected publications

  1. A*
    “They’re not that hard to mitigate”: What Cryptographic Library Developers Think About Timing Attacks
    Jancar, J., Fourné, M.,  De Almeida Braga, D., Sabt, M., Schwabe, P., Barthe, G., Fouque, P., and Acar, Y.
    In IEEE Symposium on Security and Privacy (SP), May 2022
  2. A*
    PARASITE: PAssword Recovery Attack against Srp Implementations in ThE wild
    De Almeida Braga, Daniel, Fouque, Pierre-Alain, and Sabt, Mohamed
    In CCS, May 2021
  3. A
    Dragonblood is Still Leaking: Practical Cache-based Side-Channel in the Wild
    De Almeida Braga, Daniel, Fouque, Pierre-Alain, and Sabt, Mohamed
    In ACSAC, May 2020