Algorithmic number theory, and the computational issues related to algebraic curves over various fields and arithmetic rings, is a central theme in our research. This very rich area of mathematics and computer science has already shown its relevance in public key cryptography, with industrial successes including the RSA cryptosystem and elliptic curve cryptography. It is less well-known that very good codes for error correction can be built using the same areas of mathematics; this is also at the heart of the Grace proposal. We believe that geometric interpretation, unification, and transformation gives better insight into the nature and performance of this wide range of problems and algorithms in coding theory and cryptology.

Both of these application domains, cryptology and coding, deal with communication systems for securing high-level applications. Cryptography is seen as a part of computer science, while coding theory traditionally has an electical engineering flavour; but recent developments in computer science have shed new light on coding theory, with new applications more central to computer science. Grace aims to:

provide better cryptosystems,

provide better security assessments for key sizes in cryptography and cryptanalysis, and

build the best codes with algebraic curves.

D. Augot co-edited a special issue of Designs, Codes and Cryptography, devoted to WCC 2011. Online versions of the articles are avalaible, while the issue will appear as volume number 66, issue 1-3, in January 2013.

Grace approaches its twin themes of coding theory and cryptology from the point of view of algebraic geometry and number theory. The foundations of Grace therefore lie in algorithmic number theory, the algorithmic theory of algebraic systems, the arithmetic geometry of curves, and the theory of algebraic codes.

Algorithmic Number Theory is concerned with effective number
theory at large, with three main threads: fundamental algorithms
(primality, factorization), number fields, and curves (over all
kinds of fields). Algorithmic Number Theory is concerned with
replacing special cases with algorithms. For example, Mersenne
primes (which have the form

Arithmetic Geometry is the meeting point of algebraic geometry and number theory: the study of geometric objects defined over arithmetic number systems. In our case, the most important objects are curves and their Jacobians over finite fields; these are fundamental to our applications in both coding theory and cryptology. Jacobians of curves are excellent candidates for cryptographic groups when constructing efficient instances of public-key cryptosystems, of which Diffie–Hellman key exchange is an instructive example.

Coding Theory studies originated with the idea of using redundancy in messages to protect them against noise and errors. While the last decade of the 20th century has seen the success of so-called iterative decoding methods, we see now many new ideas in the realm of algebraic coding, with the foremost example being list decoding.

We want to establish the security of practical proposals relying on computational problems, be they standardized (like RSA or Elliptic Curve Cryptography), or more exotic (like Hyperelliptic Curve Cryptography). We do not work with abstract cryptographic primitives. On the design side, building efficient near-optimal codes impacts directly on the security of basic operations in symmetric primitives. We also investigate other applications, such as secret sharing schemes, universal hash functions, and message authentication, revisiting them in the context of Algebraic Geometry codes.

We do not want to do basic forward error correction, dealing with bit error rates and signal-to-noise ratios. Rather, we aim to deal with higher models of communication and computation, including peer-to-peer systems and distributed storage. We also consider adversarial noise, or distributed computations with byzantine faults. List decoding deals precisely with these kinds of “difficult”, non-random errors. In a related spirit, one can deal with “computationally bounded channels”, where the errors are generated by an adversarial machine or algorithm that is computationally bounded.

F. Morain has been continually improving his primality proving
algorithm called ECPP, originally developed in the early 1990s.
Binaries for version 6.4.5 have been available since 2001 on his web page.
Proving the primality of a 512 bit number requires less than a
second on an average PC.
His personal record is around

Together with E. Schost and L. DeFeo, F. Morain has developed a new
implementation of the SEA algorithm that computes the cardinality of
elliptic curves over finite fields (large prime case, case `gforge` project.

The TIFA library (short for Tools for Integer FActorization), initially developed in 2006, has been continuously improved during the last few years. TIFA is made up of a base library written in C99 using the GMP library, together with stand-alone factorization programs and a basic benchmarking framework to assess the performance of each algorithm.

It is now available online at
http://

The Quintix library is a Mathemagix package, available at
http://

G. Quintin wrote the finitefieldz package which provides arithmetic for finite fields (of any characteristic) and towers of finite fields. He wrote this package with the help of Grégoire Lecerf during the first year of his PhD thesis. The package uses univariate polynomials and multiprecision integers, and also provides univariate polynomial root finding and factorization over finite fields.

Decoding is a standalone C library licensed under the GPLv2. Its primary goal is to implement Guruswami–Sudan list decoding-related algorithms, as efficiently as possible. Its secondary goal is to give an efficient tool for the implementation of decoding algorithms (not necessarily list decoding algorithms) and their benchmarking.

For now (2012/12/13) you can use the library and have a working list decoding algorithm, but there is no unique decoding algorithm (though you can tell decoding to list decode up to half the minimum distance). The library is being further developedm and more algorithms will be added.

The library was presented at the 2012 International Symposium on Symbolic and Algebraic Computation.

F. Morain has been studying the theory and practice of modular curves
associated with Weber's invariants. His paper ... is accepted for
publication in *Acta Arithmetica*.

D. Augot and F. Morain have been working on the practical application of Reed–Solomon decoding to speed up discrete logarithm computations, following the work of Cheng and Wan. This work is available as a preprint , and a Magma implementation was written in support of the many experiments needed.

G. Quintin designed a decoding algorithm based on a lifting decoding scheme. He obtained a unique decoding algorithm with quasi-linear complexity in all parameters for Reed–Solomon codes over Galois rings. Using erasures, he improved the decoding radius with the same complexity. He then applied these techniques to interleaved linear codes over a finite field, and obtained a decoding algorithm that can recover more errors than half the minimum distance. This work has been presented at IEEE ISIT 2012 (Boston, USA).

J.-F. Biasse and G. Quintin described an algorithm for list
decoding algebraic number field codes in polynomial time in
.
This is the first explicit procedure for decoding number field codes,
whose construction were previously described by Lenstra
and Guruswami .
They rely on a new algorithm for computing
the Hermite normal form of the basis of an

C. Gonçalvès designed a new algorithm to compute Zeta functions of cyclic covers of the projective line. This algorithm is a generalisation of the one for superelliptic curves provided by P. Gaudry and N. Gürel and has the same complexity. Moreover, optimal bounds for the precision have been proved. An alternative basis for computations has been studied and the resulting algorithm is faster, even if the asymptotic complexity is the same.

A. Couvreur proposed a new construction of codes from algebraic curves over
a finite field in . This class of codes is a
natural geometric generalisation of classical Goppa codes.
In particular, the nice equalities “*Proceeding of the American Mathematical
Society*.

A. Couvreur, N. Delfosse and G. Zémor studied a construction of quantum
LDPC codes proposed by McKay, Mitchison and Shokrollahi in a draft.
This construction involves Cayley graphs of

A. Couvreur is working with P. Gaborit, V. Gauthier, A. Otmani, and J.-P. Tillich on distinguisher-based attacks on cryptosystems based on Generalised Reed–Solomon codes. Using the particular structure of the square of an evaluation code, they have been able to break some variants of McEliece's cryptosystem using Generalised Reed–Solomon codes, such as Wieschebrink's variant . An article is in preparation.

A. Zeh is working with A. Wachter-Zeh (University of Ulm and Institut de Recherche de Mathématique de Rennes) and Sergey Bezzateev (St. Petersburg State University of Aerospace Instrumentation) on a new bound for the minimum distance of

A. Zeh is working with J. S. R. Nielsen (Department of Mathematics, DTU) on an iterative list decoding algorithm for generalized Reed–Solomon codes. The method is parametrizable and allows variants of the usual list decoding approach. An article is in preparation.

In September, D. Augot and F. Levy-dit-Vehel submitted a proposal to fund a joint PhD thesis with Abdullatif Shikfa (Alcatel Lucent), on local codes for distributed storage and related cloud-like issues.

A research agreement between Cryptoexperts and Grace has been made, to establish foundations for the DGA DIFMAT contract (see below). D. Augot is collaborating with M. Finiasz from Cryptoexperts.

CATREL (accepted June 2012, Kickoff December 14, 2012, Starting January 1st, 2013): “Cribles: Améliorations Théoriques et Résolution Effective du Logarithme” (Sieve Algorithms: Theoretical Advances and Effective Resolution of the Discrete Logarithm Problem). The aim of this project is to make effective “attacks” on reduced-size discrete logarithm problem (DLP) instances. It is a key ingredient for the assessment of the security of cryptosystems relying on the hardness of the DLP in finite fields, and for deciding on relevant key sizes.

DIFMAT: this two-year project aims to find matrices with good diffusion, over small finite fields. These matrices are used in block ciphers and hash functions; coding theory helps to build and analyse them. G. Quintin has been hired as postdoctoral researcher using this funding.

D. Augot is co-advising Gwezheneg Robert, with Pierre Loidreau (DGA, Rennes University).

Program: PHC Hubert Curien Procope

Project acronym: PowerList

Project title: PowerList

Duration: 01/01/2011 to 31/12/2012.

Coordinator: Daniel Augot

Other partners: Ulm Universität, TAIT group, Germany.

Abstract: Building a less powerful but faster probabilistic list decoding algorithm. This funded Alexander Zeh's visits.

DTU Lyngby.

Ulm Universität.

Johan Sebastian Nielsen, DTU Lyngby PhD student, visited us from September 1st to December 20th.

D. Augot, A. Couvreur, and B. Smith visited the University of Illinois at Urbana–Champaign. This visit included two talks given in the Number Theory seminar, and discussions with I. Duursma to prepare the second year of the DGA DIFMAT contract.

A. Zeh visited the Institute of Information Transmission Problems (IITP), Moscow in December 2012. He gave a talk on low-rate small-minimum distance binary cyclic codes.

D. Augot is editor for the journal “RAIRO - Theoretical Informatics and Applications”

D. Augot was editor of a special issue of Designs, Codes and Cryptography.

D. Augot is co-organizer, with P. Loidreau, of the French CCA
(Coding, Cryptography and Algorithms) seminar,
http://

D. Augot was in the program committee of YACC 2012, Porquerolles.

D. Augot was a reviewer for IEEE Transactions on Information Theory, Designs, Codes and Cryptography, SIAM Journal on Discrete Mathematics, Journal of Symbolic Computation, AAECC.

B. Smith was a reviewer for ANTS, Eurocrypt, Asiacrypt, PQCrypto, RAIRO ITA, ETRI Journal.

B. Smith contributes to the American Mathematical Society's Mathematical Reviews (MathSciNet).

A. Zeh was reviewer for Advances in Mathematics of Communications (AMC), IEEE Communications Letters and IEEE Transactions on Information Theory.

Master MPRI : Daniel Augot, Error correcting codes and applications to cryptography, 24, M2, U. Paris Diderot, ENS Ulm, ENS Cachan, Polytechnique, U. Paris Sud, U. P. et M. Curie, France.

Master MPRI : F. Morain, arithmetic algorithms for cryptology, 9h, M2, U. Paris Diderot, ENS Ulm, ENS Cachan, Polytechnique, U. Paris Sud, U. P. et M. Curie, France.

Master MPRI: B. Smith, arithmetic algorithms for cryptology, 12h, M2, U. Paris Diderot, ENS Ulm, ENS Cachan, Polytechnique, U. ParisSud, U. P. et M. Curie, France

Master : F. Morain, 9 lectures of 1.5h, 3rd year course “cryptology” at École polytechnique (M1).

Master: B. Smith, 10 practical classes of 2h, 3rd year course “cryptology” at École polytechnique (M1).

Licence : F. Morain, 10 lectures of 1.5h, 1st year course “Introduction à l'informatique” (INF311) at École polytechnique (L2).

Licence: B. Smith, 20 TDs of 2h, 1st year course “Introduction à l'informatique” (INF311) at École polytechnique (L2).

Licence: A. Couvreur, 4 TP's of 2h on Matlab Programming for 1st year students at École Polytechnique (L2).

PhD: Guillaume QUINTIN, “Sur l'algorithme de d'ecodage en liste de Guruswami–Sudan sur les anneaux finis”, École polytechnique, defended 2012/11/22.

PhD in progress : Cécile GONÇALVES, Advanced cardinality algorithms for cryptographically interesting curves, 01/10/2011, F. Morain and B. Smith

D. Augot was an examiner in the jury of Julia Pieltant, “Tours de corps de fonctions algébriques et rang de tenseur de la multiplication dans les corps finis”, Université d'Aix-Marseille, December 12 2012.

D. Augot was an examiner in the jury of Guillaume Quintin, “Sur l'algorithme de décodage en liste de Guruswami-Sudan sur les anneaux finis”, école Polytechnique, November 22 2012.

D. Augot was an examiner in the jury of Anja Becker, “La technique de représentation – Application à des problèmes difficiles en cryptographie”, UVSQ, October 26 2012.

D. Augot was an examiner in the jury of Amar Siad, “Protocoles de génération des clés pour le chiffrement basé sur de l’identité”, Université Paris 8, December 21 2012.

F. Morain was president of the jury of Stéphane Jacob, Mars 08 2012 (Protection cryptographique des bases de données: conception et cryptanalyse).

B. Smith was an examiner in the jury of Jean-Pierre Flori, “Fonctions booléennes, courbes algébriques et multiplication complexe”, Télécom ParisTech, February 3 2012.

D. Augot made a presentation in the high school at Courcouronnes
“Quand

D. Augot was interviewed by French novelist François Bon.

F. Morain gave a talk on “Turing et la cryptanalyse”, during the special days for the centenary of the birth of Turing, Nancy 2012/09/20.