Short Bio
I was born in Monza in August 1991. I got my master degree cum laude in Computer Science engineering on April 2016 at Politecnico
di Milano, with a thesis about designing a predicated grammar for X.509 Digital Certificates in order to improve accuracy of existing
implementations. Later, I have started a PhD since November 2016 in the same university. I am currently working in the polimi
[cryptography group], mainly with Alessandro Barenghi and Gerardo Pelosi,
strongly focusing on Homomorphic Encryption, but also on other topics addressed by my group, like Language Theoretic Security and
Side-Channel attacks. Apart from my research activity, I enjoy playing Capture The Flag (CTF) competitions, even if it has been a while
since the last time I played one of them. I usually focus both on reversing challenges and on crypto ones. I am also a Chalmerist,
attending Chalmers university in Gothenburg for a semester in the last year of my master, under Erasmus+ exchange program. Moreover,
during the first year of my master I was in the Board of Administration(BOA) of BEST Milan student association, the polimi local
group among the 96 ones of the wide european association BEST. As a BOA member, I contributed to lead the group throughout the year,
together with being responsible of the group finances as the elected treasurer.
Personal interests:
I am really passionate about motorsport, rarely losing a race of Formula1, MotoGP and Superbike I have become quite interested for a couple of years in card and board games, my favourite one surely being Munchkin
(I own The Clone Wars expansion to the original game) I really like Physics, in particular I have always been fascinated by quantum physics since the first time I studied it
at high school I really enjoy science divulgation books, in particular my favourite ones are "The Selfish Gene", by Richard Dawkins,
and "QED - Quantum ElectroDynamics", by Richard Feynman I love Stanley Kubrick's movies, in particular I consider the clockwork orange to be absolutely the greatest movie I
have ever seen My favourite singers are Caparezza and Fabrizio De Andrè, which unluckily cannot be fully appreciated without
knowledge of italian language. I enjoy also some rock groups, in particular Dreamtheater, as well as softer music like
movies soundtracks or Ludovico Einaudi
Algoritmi e Principi dell'Informatica
Informazioni Per Gli Studenti:
-
Per dubbi su esercizi e domande in generale, potete contattarmi sia via mail che via telefono per fissare un
appuntamento. Probabilmente in molti casi posso anche ricevervi non appena chiamate o mandate la mail, ma contattatemi comunque prima di venire nel mio ufficio almeno siete sicuri che ci sono e che posso ricevervi ;)
-
[Link]
al feedback form per il corso. Per eventuali errori sulle dispense, potete usare o questo form o mandarmi una mail
-
In caso vogliate provare in concreto automi e grammatiche, potete usare [JFlap].
AVVISO: contiene Java, purtroppo :(
-
Un simpatico linguaggio di programmazione che secondo me si avvicina molto al progettare algoritmi su macchine di
Turing è [Brainfuck]. Nel caso voleste provarlo,
[qui] c'è una lista di implementazioni,
sia interpreti online che compilatori scaricabili. Se avete un sistema Unix, potete trovare una versione già pronta
per l'uso in [questo archivio]
-
[Raccolta] di algoritmi a cura
dell'università di Stanford poco intuitivi ma molto efficienti su diversi problemi aritmetici con numeri binari, tra
cui l'hamming weight presente sulle slide
Currently, my research activity focuses on two main areas: Homomorphic Encryption and Language-Theoretic Security.
Homomorphic Encryption
Homomorphic encryption will likely be the topic of my PhD thesis. Homomorphic encryption schemes seem to be a really disruptive
technology in the future years, since they allow to perform computations on encrypted data, therefore ensuring input privacy. There
are different practical contexts where homomorphic encryption can be applied. The most intuitive one is data outsorcing in the cloud
computing scenario, where homomorphic encryption ensures the data is not disclosed to the cloud provider. During last decade, Fully
Homomorphic Encryption (FHE) schemes, which are able to compute an arbitrary function on encrypted data, have already been proposed.
These schemes are generally based on lattice problems, which are believed to be even post-quantum resistant.
Despite different schemes have been proposed, FHE has not been efficient enough to be practically employed yet.
Therefore, during my PhD research activity, I will focus on this topic, trying to provide useful contributions to the ambitious goal
of getting practical FHE.
Language-Theoretic Security
This research area tries to apply language-theoretical concepts to input parsing in complex systems, in order to improve
security of these systems. Proper input parsing is indeed identified as one of the main sources of vulnerability. The main
classes of vulnerabilities (Buffer Overflows, Format String, SQL Injections) are actually caused by wrong input handling.
However, this latter problem can be addressed with really effective techniques, which are grounded by a long-standing theoretical
framework, that is formal languages theory. In particular, in case the input can be described by a deterministic context-free
grammar, an input parser with strong formal guarantees, such as parser termination, can be automatically derived. Moreover,
these techniques dramatically reduce the complexity of input handling, decreasing the attack surface and the probability to get
vulnerable parsers in implementations. Nevertheless, input languages are not always deterministic context-free, but they are
generally more powerful due to the wide practice of being generous in what is accepted. Isntead, language-theoretic security suggests
to keep
a language as weak as possible, that is designing a format which requires the minimum computational power for the functionalities
which have to be performed. After outlining these general principles, language-theoretic security tries to apply them on real-world
formats. During my research activity in Polimi's cryptography group, I focus on X.509 digital certificates, which are used everyday to
authenticate public keys in TLS, and in particular HTTPS. During my master thesis, I performed a language-theoretic analysis of
X.509 format to highlight parsing hindrances, and then I wrote a predicated grammar usin ANTLR to recognize digital certificates.
Comparison with existing libraries show this approach to be more accurate than existing handcrafted parsers found in TLS
implementations. Later, we design a new, regular format for X.509 digital certificates which can be generated by a simple regular
grammar, without decreasing the expressiveness of the original format. We automatically derive a parser for this novel format using
well known Yacc framework.
International Journals
Scientific Conferences
-
Efficient Oblivious Substring Search via Architectural Support
[Details]
-
Privacy-Preserving Substring Search Protocol with Polylogarithmic Communication Cost
[Details]
-
Comparison-Based Attacks against Noise-Free Fully Homomorphic Encryption Schemes
[Details]
-
OpenCL HLS Based Design of FPGA Accelerators for Cryptographic Primitives
[Details]
-
A Security Audit of the OpenPGP Format
[Details]
-
A Novel Regular Format for X.509 Digital Certificates
[Details]
Peer-Reviewed Poster with Interactive Presentation
Master Thesis
Events
-
[slides] of my talk about Quantum Computing (8th September 2017)
-
[slides] of my talk about Format Transforming Encryption and its applications
(15th September 2017). Find all the information at this
[link]
|
Contacts
Email |
nicholas.mainardi@polimi.it |
Phone Number |
+39 02 2399 9683 |
Address |
Via Golgi 39, 20133 - Milan |
Location |
Building 21, 1st Floor, Office 6 |
[Curriculum Vitae]
[Linkedin Profile]
|
