Charlotte Lefevre

I am in the Digital Security Group at Radboud University Nijmegen since September 2021, under the supervision of Bart Mennink and with Joan Daemen as promotor. During my PhD, I had the opportunity to complete a 6-month internship at CSEM, under the supervision of Damian Vizár. Before that, I completed my Master’s thesis at the University of Grenoble under the supervision of Pierre Karpman. Most of my current research focuses on the provable security of symmetric cryptographic schemes, particularly permutation-based ones. In general, I am interested in all aspects of cryptology.

Works

You can also find them on my Google Scholar profile.

Permutation-Based Hashing with Stronger (Second) Preimage Resistance
Siwei Sun, Shun Li, Zhiyu Zhang, Charlotte Lefevre, Bart Mennink, Zhen Qin, Dengguo Feng
MacaKey: Full-State Keyed Sponge Meets the Summation-Truncation Hybrid
Charlotte Lefevre, Mario Marhuenda Beltrán
SoK: Security of the Ascon Modes
Charlotte Lefevre, Bart Mennink
IACR Transactions on Symmetric Cryptology, 2025(1), pp. 138-210 (2025)
To Pad or Not to Pad? Padding-Free Arithmetization-Oriented Sponges
Mario Marhuenda Beltrán, Charlotte Lefevre, Bart Mennink
IACR Transactions on Symmetric Cryptology, 2025(1), pp. 97-137 (2025)
Permutation-Based Hash Chains with Application to Password Hashing
Charlotte Lefevre, Bart Mennink
IACR Transactions on Symmetric Cryptology 2024(4), pp. 249-286 (2024)
best paper award
Generic Security of the Ascon Mode: On the Power of Key Blinding
Charlotte Lefevre, Bart Mennink
Selected Areas in Cryptography, SAC 2024, pp. 3-32
Kirby: A Robust Permutation-Based PRF Construction
Charlotte Lefevre, Yanis Belkheyar, Joan Daemen
Permutation-Based Hashing Beyond the Birthday Bound
Charlotte Lefevre, Bart Mennink
IACR Transactions on Symmetric Cryptology 2024(1), pp. 71-113 (2024)
A Note on Adversarial Online Complexity in Security Proofs of Duplex-Based Authenticated Encryption Modes
Charlotte Lefevre
Indifferentiability of the Sponge Construction with a Restricted Number of Message Blocks
Charlotte Lefevre
IACR Transactions on Symmetric Cryptology 2023(1), pp. 224-243 (2023)
Tight Preimage Resistance of the Sponge Construction
Charlotte Lefevre, Bart Mennink
CRYPTO 2022 (IV). LNCS, vol. 13510, pp. 185-204. Springer (2022)
Time-memory tradeoffs for large-weight syndrome decoding in ternary codes
Pierre Karpman, Charlotte Lefevre
PKC 2022. LNCS, vol. 13177. pp. 82-111. Springer (2022)

Activites

Teaching

Teaching assistant in Radboud University for the following bachelor courses:

2024-2025 Mathematical Structures (NWI-IPC020)
2023-2024 Logics and Applications (NWI-IPI004)
2022-2023 Logics and Applications (NWI-IPI004)
2021-2022 Logics and Applications (NWI-IPI004)

Editorial

Program Committee:

FSE 2027/ToSC 2026/2027
SAC 2026
ProTeCS 2026
Inscrypt 2025

External reviewer:

EUROCRYPT 2026
CRYPTO 2025, 2024, 2023
ASIACRYPT 2025, 2023, 2022
Journal of Cryptology (2024)
Inscrypt 2024
Designs, Codes, and Cryptography (2023)

Organization

Part of the organizing team of Online GAPS seminar
Co-organizer of GelreCrypt 2025 (Nijmegen, November 2025)

Selected Presentations

Permutation-Based Hashing with Stronger (Second) Preimage Resistance

November 2025

Talk, Limos Seminar, Clermont-Ferrand, France

Squeezing the Most out of the Sponge

October 2025

Talk, CARAMBA Seminar, Nancy, France

SoK: Security of the Ascon Modes

September 2025

Talk, GAPS workshop 2025, NTU Singapore

SoK: Security of the Ascon Modes

June 2025

Talk, Cryptography Seminar, Rennes, France

Permutation-Based Hash Chains with Application to Password Hashing

May 2025

Talk, Permutation-Based Crypto 2025, Madrid, Spain

Permutation-Based Hash Chains with Application to Password Hashing

March 2025

Talk, FSE 2025 conference, Rome, Italy

Generic Security of the Ascon Mode: On the Power of Key Blinding

August 2024

Talk, Selected Areas in Cryptography 2024, Université de Québec à Montréal

Kirby: A Robust Permutation-Based PRF Construction

April 2024

Talk, Lorentz Center workshop on Beating Real-Time Crypto, Leiden, The Netherlands

Indifferentiability of the Sponge Construction with a Restricted Number of Message Blocks

March 2023

Talk, FSE 2023 conference, Beijing, China (presented at the mirror even in Kobe, Japan)

Tight Preimage Resistance of the Sponge Construction

August 2022

Talk, Crypto 2022, Santa Barbara, USA

Tight Preimage Resistance of the Sponge Construction

May 2022

Talk, NIST Lightweight Cryptography Workshop 2022, Online

CV

Ph.D in provable security of permutation-based cryptography
2021-2026
Radboud University, Nijmegen, Netherlands
Supervisors: prof. dr. B.J.M. Mennink (daily supervisor) and prof. dr. J.J.C. Daemen (promotor)
Cum laude (highest distinction)
Master mathematics and applications, specialization cybersecurity
2019-2021
University of Grenoble, France
Thesis: time-memory tradeoffs for large-weight syndrome decoding in ternary codes supervised by Pierre Karpman
Mention très bien (highest distinction)
B.S. (Licence) mathematics
2017-2019
University of Grenoble, France
Mention très bien (highest distinction)
DUT Mesures Physiques
2015-2017
University of Clermont-Ferrand, France

PhD

Provable Security of Permutation-Based Cryptography

Members of the Doctoral Examination Board

prof. dr. J.J.C. Daemen (supervisor)
prof. dr. B.J.M. Mennink (co-supervisor)
prof. dr. J.H. Geuvers (manuscript committee)
prof. dr. T. Ristenpart (manuscript committee)
dr. M. Eichlseder (manuscript committee)
dr. G. Leurent (manuscript committee)
dr. M. Stam
dr. M.T.C. Venema
prof. dr. L. Batina (acting rector)

Date, Time, and Location

Tuesday, 10th February at 12h30

Comeniuslaan 2, 6525HP Nijmegen

Abstract

Permutation-based cryptography, in particular the sponge construction, has become central to the design of lightweight symmetric schemes. In this thesis, we advance the state of provable security for permutation- based designs in several ways.

First, we establish tight bounds on the preimage resistance of the sponge construction using a new proof technique. This result significantly improves generic preimage security for many lightweight schemes. In addition, we prove indifferentiability of the sponge in two scenarios that have received limited attention: (i) when input messages are bounded in size, and (ii) when inputs are not required to remain secret.

Second, we introduce new sponge-based constructions. We propose the double sponge, the first permutation-based hash function to achieve indifferentiability security beyond the birthday bound in the capacity. We also present two efficient sponge-based pseudorandom function con- structions which outperform existing state-of-the-art designs in terms of efficiency.

Next, we explore permutation-based hashing in specific contexts, namely password-based hash chains and finite-field-oriented designs. Our results demonstrate that dedicated analysis and small design tweaks can yield stronger security guarantees and more efficient schemes.

Finally, we unify and sharpen the generic security analysis of the authenticated encryption mode of Ascon, the winner of the Lightweight Cryptography competition organized by the US National Institute of Standards and Technology. We systematize existing knowledge, introduce a novel security model, and fill important gaps, which together complete the picture of its generic security.