Raphael Sanzio, The School of Athens (1509–1511). Black-and-white adaptation.

Cristian Lepore

PhD — Research Scientist I at IRIT (Toulouse)

Contact: cristianlepore24@gmail.com

Profiles: Google Scholar · ResearchGate

About

It’s 2:30 p.m. on a Friday afternoon. I’m sitting in a Starbucks in Paris. Nothing seems unusual.

Days later, I start receiving strange emails — confirmations of university registrations I never requested.

At first, they’re easy to dismiss as spam. Only gradually does it become clear that something is wrong.

Eventually, I realize that my email account had been compromised.

What struck me wasn’t the breach itself. It was the fact that, at the time it happened, I had no signal, no warning, and no reliable way to understand that control over my digital identity had already been lost.

The system worked silently — and successfully — on behalf of someone else.

That delayed realization shaped my interest in security and digital identity.

Today I’m a researcher at the Research Institute in Computer Science of Toulouse (IRIT), working on security, authentication, privacy, and trust management, with a focus on digital identity systems designed to remain trustworthy even when compromise goes unnoticed.

What I work on

I design and study digital identity systems where what a user approves is exactly what the system enforces. The challenge is that the software mediating these approvals — especially web browsers and client-side components — cannot always be assumed to be trustworthy, observable, or even benign.

My research explores authorization-first authentication: instead of relying on the client to behave correctly or to alert the user when something goes wrong, the goal is to bind user intent directly to cryptographic signatures and formal authorization models, so that actions cannot be altered, replayed, or misinterpreted — even under partial compromise.

I work at the intersection of formal security models and deployed identity infrastructures, including Self-Sovereign Identity, WebAuthn/FIDO-style authentication, and cross-platform / cross-cloud identity stacks, with a focus on systems that remain secure even when compromise goes unnoticed.

Selected talks & venues

I regularly present work at conferences and research venues in security, privacy, and digital identity, including:

Selected publications

  1. Yang, Qifan, Lepore, Cristian, et al. “From Theory to Practice: Data Minimisation and Technical Review of Verifiable Credentials under the GDPR.”
    Computer Law & Security Review, vol. 57, 2025, Article 106138.
  2. Bartoletti, Massimo, Lepore, Cristian, et al. “A Formal Model of Algorand Smart Contracts.”
    Financial Cryptography and Data Security (FC 2021), Revised Selected Papers, Springer, 2021.
  3. Lepore, Cristian, et al. “A Survey on Blockchain Consensus with a Performance Comparison of PoW, PoS and Pure PoS.”
    Mathematics, vol. 8, no. 10, 2020, Article 1782.

Full list: Google Scholar · ResearchGate