Elie Bursztein, (born 1980) is a French

computer scientist A computer scientist is a scientist who specializes in the academic study of computer science. Computer scientists typically work on the theoretical side of computation. Although computer scientists can also focus their work and research on ...

and

software engineer Software engineering is a branch of both computer science and engineering focused on designing, developing, testing, and maintaining software applications. It involves applying engineering principles and computer programming expertise to develop ...

. He is

Google Google LLC (, ) is an American multinational corporation and technology company focusing on online advertising, search engine technology, cloud computing, computer software, quantum computing, e-commerce, consumer electronics, and artificial ...

and

DeepMind DeepMind Technologies Limited, trading as Google DeepMind or simply DeepMind, is a British–American artificial intelligence research laboratory which serves as a subsidiary of Alphabet Inc. Founded in the UK in 2010, it was acquired by Go ...

AI cybersecurity technical and research lead.

Education and early career

Bursztein obtained a computer engineering degree from EPITA in 2004, a master's degree in computer science from

Paris Diderot University Paris Diderot University, also known as Paris 7 (), was a French university located in Paris, France. It was one of the inheritors of the historic University of Paris, which was split into 13 universities in 1970. Paris Diderot merged with Pari ...

/ENS in 2005, and a PhD in computer science from

École normale supérieure Paris-Saclay The (; also ENS Paris-Saclay or Paris-Saclay), formerly ENS Cachan, is a grande école and a constituent member of Paris-Saclay University. It was established in 1892. It is located in Gif-sur-Yvette within the Essonne department near Paris ...

in 2008 with a dissertation titled ''Anticipation games: Game theory applied to network security''. Before joining Google, Bursztein was a post-doctoral fellow at

Stanford University Leland Stanford Junior University, commonly referred to as Stanford University, is a Private university, private research university in Stanford, California, United States. It was founded in 1885 by railroad magnate Leland Stanford (the eighth ...

's Security Laboratory, where he collaborated with

Dan Boneh Dan Boneh (; ) is an Israeli–American professor in applied cryptography and computer security at Stanford University. In 2016, Boneh was elected a member of the National Academy of Engineering for contributions to the theory and practice of cr ...

and John Mitchell on

web security Internet security is a branch of computer security. It encompasses the Internet, browser security, web site security, and network security as it applies to other applications or operating systems as a whole. Its objective is to establish rules an ...

, game security, and applied

cryptographic Cryptography, or cryptology (from "hidden, secret"; and ''graphein'', "to write", or '' -logia'', "study", respectively), is the practice and study of techniques for secure communication in the presence of adversarial behavior. More gen ...

research. His work at Stanford University included the first cryptanalysis of the inner workings of Microsoft's DPAPI (Data Protection Application Programming Interface), the first evaluation of the effectiveness of

private browsing Private browsing (also known as incognito mode or private mode) is a feature in most web browsers that enhances user privacy. In this mode, the browser initiates a temporary session separate from its main session and user data. The browsing ...

, and many advances to

CAPTCHA Completely Automated Public Turing Test to tell Computers and Humans Apart (CAPTCHA) ( ) is a type of challenge–response authentication, challenge–response turing test used in computing to determine whether the user is human in order to de ...

security and usability. Bursztein has discovered, reported, and helped fix hundreds of vulnerabilities, including securing Twitter's frame-busting code, exploiting Microsoft's location service to track the position of mobile devices, and exploiting the lack of proper encryption in the Apple

App Store An app store, also called an app marketplace or app catalog, is a type of digital distribution platform for computer software called applications, often in a mobile context. Apps provide a specific set of functions which, by definition, do not i ...

to steal user passwords and install unwanted applications.

Career at Google

Bursztein joined

in 2012 as a research scientist. He founded the Anti-Abuse Research Team in 2014 and became the lead of the Security and Anti-Abuse Research teams in 2017. In 2023, he became Google and

AI cybersecurity technical and research lead. Bursztein's contributions at Google include: * 2022 Creating the first post quantum resilient security keys. * 2020 Developing a deep-learning engine that helps to block malicious documents targeting Gmail users. * 2019 Inventing Google's password-checking service Password Checkup that allows billion of users to check whether their credentials have been compromised due to data breaches while preserving their privacy. * 2019 Developing

Keras Keras is an open-source library that provides a Python interface for artificial neural networks. Keras was first independent software, then integrated into the TensorFlow library, and later added support for more. "Keras 3 is a full rewrite o ...

tuner which became the default hypertuner for

TensorFlow TensorFlow is a Library (computing), software library for machine learning and artificial intelligence. It can be used across a range of tasks, but is used mainly for Types of artificial neural networks#Training, training and Statistical infer ...

and TFX. * 2018 Conducting the first large-scale study on the illegal online distribution of child sexual abuse material in partnership with NCMEC. * 2017 Finding the 1st

SHA-1 In cryptography, SHA-1 (Secure Hash Algorithm 1) is a hash function which takes an input and produces a 160-bit (20-byte) hash value known as a message digest – typically rendered as 40 hexadecimal digits. It was designed by the United States ...

full collision. * 2015 Deprecating

security question A security question is a form of shared secret used as an authenticator. It is commonly used by banks, cable companies and wireless providers as an extra security layer. History Financial institutions have used questions to authenticate custo ...

s at Google after completing the first large in-the-wild study on the effectiveness of security questions, which showed that they were both insecure and had a very low recall rate. * 2014 Redesigning Google

to make it easier for humans, resulting in a 6.7% improvement in the pass rate. * 2013 Strengthening Google accounts protections against hijackers and fake accounts.

Awards and honors

Best academic papers awards

* 2023 ACNS best workshop paper award for ''Hybrid Post-Quantum Signatures in Hardware Security Keys'' * 2021 USENIX Security distinguished paper award for ''"Why wouldn't someone think of democracy as a target?": Security practices & challenges of people involved with U.S. political campaigns'' * Bursztein 2019 USENIX Security distinguished paper award for ''Protecting accounts from credential stuffing with password breach alerting'' * 2019 CHI best paper award for ''“They don’t leave us alone anywhere we go”: Gender and digital abuse in South Asia'' * 2017 Crypto best paper award for ''The first collision for full SHA-1'' * 2015 WWW best student paper award for ''Secrets, lies, and account recovery: Lessons from the use of personal knowledge questions at Google'' * 2015 S&P Distinguished Practical Paper award for ''Ad Injection at Scale: Assessing Deceptive Advertisement Modifications'' * 2011 S&P best student paper award for ''OpenConflict: Preventing real time map hacks in online games'' * 2008 WISPT best paper award for ''Probabilistic protocol identification for hard to classify protocol''

Industry awards

* 2019 Recognized as one of the 100 most influential French people in

cybersecurity Computer security (also cybersecurity, digital security, or information technology (IT) security) is a subdiscipline within the field of information security. It consists of the protection of computer software, systems and networks from thr ...

* 2017 BlackHat Pwnie award for the first practical SHA-1 collision * 2015 IRTF Applied Networking Research Prize for ''Neither snow nor rain nor MITM … An empirical analysis of email delivery security'' * 2010 Top 10 Web Hacking Techniques for ''Attacking HTTPS with cache injection''

Philanthropy

In 2023 Elie founded the Etteilla Foundation dedicated to preserving and promoting the rich heritage of playing cards and donated his extensive collection of historical playing cards decks and tarots to it.

Trivia

Bursztein is an accomplished magician and he posted magic tricks weekly on Instagram during the 2019 pandemic. In 2014, following his talk on hacking

Hearthstone ''Hearthstone'' is a 2014 Online game, online digital collectible card game, digital collectible card video game produced by Blizzard Entertainment, released under the free-to-play model. Originally subtitled ''Heroes of Warcraft'', ''Hearthsto ...

using machine learning, he decided not to make his prediction tool open source at

Blizzard Entertainment Blizzard Entertainment, Inc. is an American video game developer and Video game publisher, publisher based in Irvine, California, and a subsidiary of Activision Blizzard. Originally founded in 1991, the company is best known for producing the h ...

’s request.

Selected publications

References

External links

Elie Bursztein's personal site
*
Elie Bursztein on Google Scholar
{{DEFAULTSORT:Bursztein, Elie Living people 1980 births Hackers Modern cryptographers Computer security academics French computer scientists French cryptographers Google employees DeepMind people