Serge Vaudenay entered the École Normale Supérieure in Paris as a normalien student in 1989. In 1992, he passed the agrégation in mathematics. He completed his Ph.D. studies at the computer science laboratory of École Normale Supérieure, and defended it in 1995 at the Paris Diderot University; his advisor was Jacques Stern. From 1995 to 1999, he was a senior research fellow at French National Centre for Scientific Research (CNRS). In 1999, he moved to a professorship at the École Polytechnique Fédérale de Lausanne where he leads the Laboratory of Security and Cryptography (LASEC). LASEC is host to two popular security programs developed by its members:
- iChair, developed by Thomas Baignères and Matthieu Finiasz, a popular on-line submission and review server used by many cryptography conferences; and,
- Ophcrack, a Microsoft Windows password cracker based on rainbow tables by Philippe Oechslin.
In spring 2020, with Martin Vuagnoux he identifies also various security vulnerabilities in SwissCovid, the Swiss digital contact tracing application. The system would thus allow a third party to trace the movements of a phone using the application by means of Bluetooth sensors scattered along its path, for example in a building. Another possible attack would be to copy identifiers from the phones of people who may be ill (for example, in a hospital), and to reproduce those identifiers in order to receive notification of exposure to COVID-19 and illegitimately benefit from quarantine (thus entitling them to paid leave, a postponed examination, or other benefits). The system would also allow a third party to use a phone using the application by means of Bluetooth sensors scattered along the way.
Vaudenay and his team have developed several security protocols for a number of projects and in particular to reinforce the biometric identification technology based on vein scanning developed by Lambert Sonna Momo.
Vaudenay has published several papers related to cryptanalysis and design of block ciphers and protocols. He is one of the authors of the IDEA NXT (FOX) algorithm (together with Pascal Junod). He was the inventor of the padding oracle attack on CBC mode of encryption. Vaudenay also discovered a severe vulnerability in the SSL/TLS protocol; the attack he forged could lead to the interception of the password. He also published a paper about biased statistical properties in the Blowfish cipher and is one of the authors of the best attack on the Bluetooth cipher E0. In 1997 he introduced decorrelation theory, a system for designing block ciphers to be provably secure against many cryptanalytic attacks.
- Serge Vaudenay at the Mathematics Genealogy Project
- Serge Vaudenay appointed as a Full Professor of security and cryptography, EPFL, March 28, 2007.
- "The Dark Side of SwissCovid". lasec.epfl.ch. Retrieved 2020-08-11.
- Junod, Pascal; Vaudenay, Serge, "FOX : A New Family of Block Ciphers", Selected Areas in Cryptography (PDF), Lecture Notes in Computer Science, 3357, Springer-Verlag, pp. 114–129.
- Dennis Fisher (2010-09-13). "'Padding Oracle' Crypto Attack Affects Millions of ASP.NET Apps". Threat Post. Archived from the original on 2010-10-13.
- Canvel, Brice; Hiltgen, Alain; Vaudenay, Serge; Vuagnoux, Martin (2003), "Password Interception in a SSL/TLS Channel", Advances in Cryptology - CRYPTO 2003 (PDF), Lecture Notes in Computer Science, 2729, Springer-Verlag, pp. 583–599.
- Vaudenay, Serge (1996), "On the weak keys of blowfish", Fast Software Encryption, Lecture Notes in Computer Science, 1039, Springer-Verlag, pp. 27–32, doi:10.1007/3-540-60865-6_39, ISBN 978-3-540-60865-3.
- Lu, Yi; Meier, Willi; Vaudenay, Serge (2005), "The Conditional Correlation Attack: A Practical Attack on Bluetooth Encryption", Advances in Cryptology – CRYPTO 2005, Lecture Notes in Computer Science, 3621, Springer-Verlag, pp. 97–117, CiteSeerX 10.1.1.323.9416, doi:10.1007/11535218_7, ISBN 978-3-540-28114-6.
- Vaudenay, Serge (1998), "Provable security for block ciphers by decorrelation", STACS 98, Lecture Notes in Computer Science, 1373, Springer-Verlag, pp. 249–275, CiteSeerX 10.1.1.56.9229, doi:10.1007/BFb0028566, ISBN 978-3-540-64230-5.
- Eurocrypt 2006 web site, retrieved 2010-01-23.
- PKC 2005 call for papers, retrieved 2010-01-23. Archived February 29, 2008, at the Wayback Machine
- FSE 1998 at DB&LP.
- IACR board of directors, retrieved 2010-01-23.