Algorithmic number theory dates back to the dawn of mathematics
itself, *cf.* Eratosthenes's sieve to enumerate consecutive prime numbers.
With the
arrival of computers, previously unsolvable problems have come into reach,
which has boosted the development of more or less practical algorithms
for essentially all number theoretic problems. The field is now mature
enough for a more computer science driven approach, taking into account
the theoretical complexities and practical running times of the algorithms.

Concerning the lower level multiprecision arithmetic, folklore has asserted for a long time that asymptotically fast algorithms such as Schönhage–Strassen multiplication are impractical; nowadays, however, they are used routinely. On a higher level, symbolic computation provides numerous asymptotically fast algorithms (such as for the simultaneous evaluation of a polynomial in many arguments or linear algebra on sparse matrices), which have only partially been exploited in computational number theory. Moreover, precise complexity analyses do not always exist, nor do sound studies to choose between different algorithms (an exponential algorithm may be preferable to a polynomial one for a large range of inputs); folklore cannot be trusted in a fast moving area such as computer science.

Another problem is the reliability of the computations; many number
theoretic algorithms err with a
small probability, depend on unknown constants or rely on a Riemann
hypothesis. The correctness of their output can either be ensured by a
special design of the algorithm itself (slowing it down) or by an *a
posteriori* verification. Ideally, the algorithm outputs a certificate,
providing an independent *fast* correctness proof. An example is integer
factorisation, where factors are hard to obtain but trivial to
check; primality proofs have initiated sophisticated generalisations.

One of the long term goals of the Lfant project team is to make an inventory of the major number theoretic algorithms, with an emphasis on algebraic number theory and arithmetic geometry, and to carry out complexity analyses. So far, most of these algorithms have been designed and tested over number fields of small degree and scale badly. A complexity analysis should naturally lead to improvements by identifying bottlenecks, systematically redesigning and incorporating modern asymptotically fast methods.

Reliability of the developed algorithms is a second long term goal of our project team. Short of proving the Riemann hypothesis, this could be achieved through the design of specialised, slower algorithms not relying on any unproven assumptions. We would prefer, however, to augment the fastest unproven algorithms with the creation of independently verifiable certificates. Ideally, it should not take longer to check the certificate than to generate it.

All theoretical results are complemented by concrete reference implementations in Pari/Gp, which allow to determine and tune the thresholds where the asymptotic complexity kicks in and help to evaluate practical performances on problem instances provided by the research community. Another important source for algorithmic problems treated by the Lfant project team is modern cryptology. Indeed, the security of all practically relevant public key cryptosystems relies on the difficulty of some number theoretic problem; on the other hand, implementing the systems and finding secure parameters require efficient algorithmic solutions to number theoretic problems.

Modern number theory has been introduced in the second half of the 19th
century by Dedekind, Kummer, Kronecker, Weber and others, motivated by
Fermat's conjecture: There is no non-trivial solution in integers to the
equation

The solution requires to augment the integers by *algebraic
numbers*, that are roots of polynomials in *number
field* consists of the rationals to which have been added finitely
many algebraic numbers together with their sums, differences, products
and quotients. It turns out that actually one generator suffices, and
any number field *algebraic integers*, “numbers without denominators”,
that are roots of a monic polynomial. For instance, *ring of integers* of

Unfortunately, elements in *ideals*, subsets of *principal*, that is,
generated by one element, so that ideals and numbers are essentially
the same. In particular, the unique factorisation of ideals then
implies the unique factorisation of numbers. In general, this is not
the case, and the *class group* *class number*

Using ideals introduces the additional difficulty of having to deal
with *fundamental units*. The *regulator*

One of the main concerns of algorithmic algebraic number theory is to
explicitly compute these invariants (

The *analytic class number formula* links the invariants
*generalised Riemann hypothesis
(GRH)*, which remains unproved even over the rationals, states that
any such

When

Algebraic curves over finite fields are used to build the currently
most competitive public key cryptosystems. Such a curve is given by
a bivariate equation *elliptic curves* of equation
*hyperelliptic curves* of
equation

The cryptosystem is implemented in an associated finite
abelian group, the *Jacobian* *rational function field* with subring *function field* of *coordinate ring*

The size of the Jacobian group, the main security parameter of the
cryptosystem, is given by an *genus*

The security of the cryptosystem requires more precisely that the
*discrete logarithm problem* (DLP) be difficult in the underlying
group; that is, given elements

For any integer *Weil pairing* *Tate-Lichtenbaum pairing*, that is more difficult to define,
but more efficient to implement, has similar properties. From a
constructive point of view, the last few years have seen a wealth of
cryptosystems with attractive novel properties relying on pairings.

For a random curve, the parameter

Complex multiplication provides a link between number fields and
algebraic curves; for a concise introduction in the elliptic curve case,
see Sect. 1.1, for more background material,
. In fact, for most curves *CM field*. The CM field
of an elliptic curve is an imaginary-quadratic field *Hilbert class field*

Algebraically, *Galois* if *Galois group* *abelian* extension is a Galois extension with abelian Galois
group.

Analytically, in the elliptic case *singular value* *modular* function

The same theory can be used to develop algorithms that, given an
arbitrary curve over a finite field, compute its

A generalisation is provided by *ray class fields*; these are
still abelian, but allow for some well-controlled ramification. The tools
for explicitly constructing such class fields are similar to those used
for Hilbert class fields.

http://

Pari/Gp is a widely used computer algebra system designed for fast computations in number theory (factorisation, algebraic number theory, elliptic curves, ...), but it also contains a large number of other useful functions to compute with mathematical entities such as matrices, polynomials, power series, algebraic numbers, etc., and many transcendental functions.

Pari is a C library, allowing fast computations.

Gp is an easy-to-use interactive shell giving access to the Pari functions.

`gp2c`, the GP-to-C compiler, combines the best of both worlds by compiling
Gp scripts to the C language and transparently loading the resulting
functions into Gp; scripts compiled by `gp2c` will typically run three to
four times faster.

Version of Pari/Gp: 2.7.2

Version of `gp2c`: 0.0.9

License: GPL v2+

Programming language: C

http://

GnuMpc is a C library for the arithmetic of complex numbers with arbitrarily high precision and correct rounding of the result. It is built upon and follows the same principles as Gnu Mpfr.

It is a prerequisite for the Gnu compiler collection Gcc since version 4.5, where it is used in the C and Fortran front ends for constant folding, the evaluation of constant mathematical expressions during the compilation of a program. Since 2011, it is an official Gnu project.

2012 has seen the first release of the major version 1.0.

Version: 1.0.2 *Fagus silvatica*

License: LGPL v3+

ACM: G.1.0 (Multiple precision arithmetic)

AMS: 30.04 Explicit machine computation and programs

APP: Dépôt APP le 2003-02-05 sous le numéro IDDN FR 001 060029 000 R P 2003 000 10000

Programming language: C

http://

Mpfrcx is a library for the arithmetic of univariate polynomials over arbitrary precision real (Mpfr) or complex (Mpc) numbers, without control on the rounding. For the time being, only the few functions needed to implement the floating point approach to complex multiplication are implemented. On the other hand, these comprise asymptotically fast multiplication routines such as Toom-Cook and the FFT.

Version: 0.4.2 *Cassava*

License: LGPL v2.1+

Programming language: C

The Cm software implements the construction of ring class fields of imaginary quadratic number fields and of elliptic curves with complex multiplication via floating point approximations. It consists of libraries that can be called from within a C program and of executable command line applications. For the implemented algorithms, see .

Version: 0.2 *Blindhühnchen*

License: GPL v2+

Programming language: C

http://

AVIsogenies (Abelian Varieties and Isogenies) is a Magma package for working with abelian varieties, with a particular emphasis on explicit isogeny computation.

Its prominent feature is the computation of

It can also be used to compute endomorphism rings of abelian surfaces, and find complete addition laws on them.

Version: 0.6

License: LGPL v2.1+

Programming language: Magma

http://

Apip, Another Pairing Implementation in PARI, is a library for computing standard and optimised variants of most cryptographic pairings.

The following pairings are available: Weil, Tate, ate and twisted ate, optimised versions (à la Vercauteren–Hess) of ate and twisted ate for selected curve families.

The following methods to compute the Miller part are implemented: standard Miller double-and-add method, standard Miller using a non-adjacent form, Boxall et al. version, Boxall et al. version using a non-adjacent form.

The final exponentiation part can be computed using one of the following variants: naive exponentiation, interleaved method, Avanzi–Mihailescu's method, Kato et al.'s method, Scott et al.'s method.

Part of the library has been included into Pari/Gp proper.

Version: 2012-10-17

License: GPL v2+

Programming language: C with libpari

Cmh computes Igusa class polynomials, parameterising two-dimensional abelian varieties (or, equivalently, Jacobians of hyperelliptic curves of genus 2) with given complex multiplication.

Version: 1.0

License: GPL v3+

Programming language: C

http://

Cubic is a stand-alone program that prints out generating equations for cubic fields of either signature and bounded discriminant. It depends on the Pari library. The algorithm has quasi-linear time complexity in the size of the output.

Version: 1.2

License: GPL v2+

Programming language: C

http://

Euclid is a program to compute the Euclidean minimum of a number field. It is the practical implementation of the algorithm described in . Some corresponding tables built with the algorithm are also available. Euclid is a stand-alone program depending on the PARI library.

Version: 1.2

License: LGPL v2+

Programming language: C

http://

KleinianGroups is a Magma package that computes fundamental domains of arithmetic Kleinian groups.

Version: 1.0

License: GPL v3+

Programming language: Magma

Aurel Page has defended his PhD thesis on
*Méthodes explicites pour les groupes arithmétiques*
in July 2014.
Nicolas Mascot has defended his PhD thesis on
*Computing modular Galois representations*
,
in July 2014.

Ohno and Nakagawa have proved, relations between the counting functions of
certain cubic fields. These relations may be viewed as complements to the
Scholz reflection principle, and Ohno and Nakagawa deduced them as
consequences of 'extra functional equations' involving the Shintani zeta
functions associated to the prehomogeneous vector space of binary cubic
forms.
In ,
Henri Cohen, Simon Rubinstein-Salzedo and Frank Thorne
generalize their result by proving a similar identity relating certain
degree fields with Galois groups

Deciding whether an ideal of a number field is principal and finding a generator is a fundamental problem with many applications in computational number theory. In the article gives a an algorithm for indefinite quaternion algebras by reducing the decision problem to that in the underlying number field. It also gives an heuristically subexponential algorithm for finding a generator.

With F. Morain, A. Enge has determined exhaustively under which conditions
“generalised Weber functions”, that is, simple quotients of

N. Mascot has continued his work on computing Galois representations attached to Jacobians of modular curves. He has given tables of modular Galois representations in obtained using the algorithm of . He has computed Galois representations modulo primes up to 31 for the first time. In particular, he has computed the representations attached to a newform with non-rational (but of course algebraic) coefficients, which had never been done before. These computations take place in the Jacobians of modular curves of genus up to 26.

This article expands the article by D. Cosset
and D. Robert about the computation of

The Peace project is joint between the research teams of Institut de Recherche en Mathématiques de Rennes (IRMAR), Lfant and Institut Mathématiques de Luminy (IML).

The project aims at constituting a comprehensive and coherent approach towards a better understanding of theoretical and algorithmic aspects of the discrete logarithm problem on algebraic curves of small genus. On the theoretical side, this includes an effective description of moduli spaces of curves and of abelian varieties, the maps that link these spaces and the objects they classify. The effective manipulation of moduli objects will allow us to develop a better understanding of the algorithmic difficulty of the discrete logarithm problem on curves, which may have dramatic consequences on the security and efficiency of already deployed cryptographic devices.

One of the anticipated outcomes of this proposal is a new set of general criteria for selecting and validating cryptographically secure curves (or families of curves) suitable for use in cryptography. Instead of publishing fixed curves, as is done in most standards, we aim at proposing generating rationales along with explicit theoretical and algorithmic criteria for their validation.

The ANR organised the conference “Effective moduli spaces and applications to cryptography” in June 2014 as a part of the Centre Henri Lebesgue's Thematic Semester 2014 “Around moduli spaces”.

The Simpatic project is an industrial research project, formed by academic research teams and industrial partners: Orange Labs, École Normale Supérieure, INVIA, Oberthur Technologies, ST-Ericsson France, Université de Bordeaux 1, Université de Caen Basse-Normandie, Université de Paris 8.

The aim of the Simpatic project is to provide the most efficient and secure hardware/software implementation of a bilinear pairing in a SIM card. This implementation will then be used to improve and develop new cryptographic algorithms and protocols in the context of mobile phones and SIM cards. The project will more precisely focus on e-ticketing and e-cash, on cloud storage and on the security of contactless and of remote payment systems.

D. Robert is a participant in the Task 2 whose role is to give state of the art algorithms for pairing computations, adapted to the specific hardware requirements of the Simpatic Project.

Type: FP7

Defi: NC

Instrument: ERC Starting Grant

Objectif: NC

Duration: January 2012 - December 2016

Coordinator: Inria (France)

Inria contact: Andreas Enge

Abstract: Data security and privacy protection are major challenges in the digital world. Cryptology contributes to solutions, and one of the goals of ANTICS (Algorithmic Number Theory in Cryptology) is to develop the next generation public key cryptosystem, based on algebraic curves and abelian varieties. Challenges to be tackled are the complexity of computations, certification of the computed results and parallelisation, addressed by introducing more informatics into algorithmic number theory.

The *MACISA* project-team (Mathematics Applied to Cryptology
and Information Security in Africa) is one of the new teams of LIRIMA.
Researchers from Inria and the universities of Bamenda, Bordeaux, Dakar,
Franceville, Maroua, Ngaoundéré, Rennes, Yaoundé cooperate in this team.

The project is concerned with public key cryptology and more specifically the role played by algebraic maps in this context. The team focus on two themes:

Theme 1 : Rings, primality, factoring and discrete logarithms;

Theme 2 : Elliptic and hyperelliptic curve cryptography.

The project is managed by a team of five permanent researchers: G. Nkiet, J.-M. Couveignes, T. Ezome, D. Robert and A. Enge. Since Sep. 2014 the coordinator is T. Ezome and the vice-coordinator is D. Robert. The managing team organises the cooperation, schedules meetings, prepares reports, controls expenses, reports to the LIRIMA managing team and administrative staff.

A non-exhaustive list of activities organised or sponsored by Macisa includes

The Summer school in M’Bour in Senegal with the International Center for Pure and Applied Mathematics (ICPAM/CIMPA), June 2014;

The Annual Cameroonian workshop on Cryptography, Algebra and Geometry (CRAG), July 2014;

The visit of Thierry Mefenza (Cameroun), to École Normale Supérieure de Paris for a PhD Thesis with Damien Vergnault, November 2013 and September–November 2014;

The visit of Hortense Boudjou (Maroua) to work with Abdoul Aziz Ciss (École Polytechnique de Thièse, Sénégal), May – July 2014;

The visit of Abdoul Aziz Ciss (Dakar) and Tony Ezome (Franceville) to Bordeaux, September 2014.

Kodjo Kpognon Egadédé defended his PhD thesis in december 2014 under the supervision of Julien Sebag.

The team was evaluated in September 2014 as part of the general LIRIMA evaluation seminar.

The team is used to collaborate with Leiden University through the ALGANT program for PhD joint supervision.

Eduardo Friedman (U. of Chile), long term collaborator of K. Belabas and H. Cohen is a regular visitor in Bordeaux (about 1 month every year).

Hartmut Monien, Universität Bonn, Germany. 01/2014;

Eduardo Friedman, Universidad de Chile, 02/2014;

Amalia Pizarro-Madariaga, Universidad de Valparaiso, Chile, 04/2014;

Tony Ezome Mintsa, University of Franceville, Gabon, 04/2014 and 09/2014;

Alina Dudeanu, École polytechnique fédérale de Lausanne, Switzerland, 05/2014;

Kamal Khuri-Makdisi, American University of Beirut, Lebanon, 07/2014;

Abdoul-Aziz Ciss, University of Dakar, 09/2014;

Dimitar Jetchev, École polytechnique fédérale de Lausanne, Switzerland, 10/2014;

Ilaria Chillotti (with D. Robert), Université Joseph Fourier, 02/2014–07/2014]

Gregor Seiler (with A. Enge), Technische Universität Berlin, Germany, 10/2013–03/2014

The team helped organising the Colloque Jeunes Chercheurs en Théorie des Nombres, which took place in Bordeaux on 11/06/2014–13/06/2014.

Andreas Enge was a member of the programme committee for the
*Elliptic Curve Cryptography* 2014 conference in Chennai, India.

Sorina Ionica was a member of the program committee for the
*Latincrypt * 2014 conference.

K. Belabas acts on the editorial board of
*Journal de Théorie des Nombres de Bordeaux* since 2005
and of *Archiv der Mathematik* since 2006.

H. Cohen is an editorial board member of
*Journal de Théorie des Nombres de Bordeaux*;
he is an editor for the Springer book series
*Algorithms and Computations in Mathematics (ACM)*.

J.-M. Couveignes is a member of the editorial board
of the *Publications mathématiques de Besançon* since 2010.

A. Enge is an editor of *Designs, Codes and Cryptography*
since 2004.

D. Robert was invited to give a talk on “Pairings on abelian varieties and the Discrete Logarithm Problem” for the Discrete Logarithm Problem Conference in May 2014 at Ascona, Switzerland

D. Robert was invited to give a talk on “Isogenies between abelian varieties” for the Effective moduli spaces and applications to cryptography conference in June 2014 at Rennes

D. Robert was invited to give a talk on “Optimal pairings on abelian varieties” for the Elliptic Curve Cryptography conference in October 2014 at Chennai, India

H. Ivey-Law was invited to give a talk on “Arithmetic on Jacobians of Relative Curves” for the Number Theory Meets Geometry conference in November 2014 at Kaiserslautern, Germany

A. Enge has given an invited talk on “Abelian varieties and theta functions for cryptography” at the 4th International Cryptology and Information Security Conference at Putrajaya, Malaysia

A. Enge has given an invited talk on “Class invariants for Abelian surfaces” at the workshop Computational Number Theory of Foundations of Computational Mathematics in Montevideo, Uruguay

The following external speakers have given a presentation at the Lfant seminar, see

http://

Frédérique Oggier (NTU, Singapour): “ Le codage pour le stockage distribué de données”

Hartmut Monien (Physikalisches Institut der Universität Bonn): “Zeta values, random matrix theory and Euler-MacLaurin summation” and
“Calculating rational coverings for subgroups of

Nicolas Delfosse (Montreal): “Une introduction au calcul quantique tolérant aux fautes”

Eduardo Friedman (Universidad de Chile): “Cône de Shintani et degré topologique”

John Boxall (Caen): “Heuristiques sur les variétés abéliennes adaptées à la cryptographie à couplage”

Pınar Kılıçer (Leiden+IMB): “The class number one problem for genus-2 curves”

Bertrand Maury (Paris-Sud): “Arbre bronchique infini et entiers dyadiques”

Emmanuel Thomé (Nancy): “Un algorithme quasi-polynomial de calcul de logarithme discret en petite caractéristique”

Oriol Serra (UPC, Barcelone): “Algebraic Removal Lemma ”

Amalia Pizarro-Madariaga (Valparaíso): “Estimations for the Artin conductor”

Alina Dudeanu (EPFL): “Computing a Velu type formula for rational cyclic isogenies betweenisomorphism classes of Jacobians of genus two curves that are defined over afinite field.”

Gaetan Bisson (University of French Polynesia): “On polarised class groups of orders in quartic CM-fields”

Kamal Khuri Makdisi (American University of Beirut): “Moduli interpretation of Eisenstein series”

Kamal Khuri Makdisi (American University of Beirut): “On divisor group arithmetic for typical divisors on curves”

Chloe Martindale (University of Leiden / IMB): “An algorithm for computing Hilbert modular varieties”

Dimitar Jetchev (EPFL): “Euler systems from special cycles on unitary Shimura varieties andarithmetic applications”

Alain Couvreur (Inria and LIX, École Polytechnique): “Une attaque polynomiale du schéma de McEliece basé sur les codes de Goppa "sauvages".”

K. Belabas is vice-head of the Math Institute (IMB). He also leads the computer science support service (“cellule informatique”) of IMB and coordinates the participation of the institute in the regional computation cluster PlaFRIM.

He is an elected member of “commission de la research” in the academic senate of Bordeaux University.

J.-P. Cerri is an elected member of the scientific council of the Mathematics Institute of Bordeaux (IMB) and responsible for the bachelor programme in mathematics and informatics.

Since January 2011, J.-M. Couveignes is involved in the
*GDR mathématiques et entreprises* and in the
*Agence pour les mathématiques en interaction avec l’entreprise et
la société*.

A. Enge is the head of the COST-GTRI, the Inria body responsible for the scientific evaluation of the international partnerships of the institute.

Summer school: A. Enge, Complex multiplication of elliptic curves and Pairings on elliptic curves, 6h, Putrajaya, Malaysia

Master: K. Belabas, Computer Algebra, 90h, M2, Université de Bordeaux

Master: K. Belabas, Computational number theory, 50h, M2, Université de Bordeaux

Master: K. Belabas, Number theory, 24h, M1, Université de Bordeaux

Licence: K. Belabas, C2i, 24h, L1, Université de Bordeaux

Licence: Jean-Paul Cerri, Codes et cryptologie, 34.67h, TD niveau L1, Université de Bordeaux

Licence: Jean-Paul Cerri, Algèbre 4, 50.67h, TD niveau L3, Université de Bordeaux

Licence: Jean-Paul Cerri, Cryptographie et Arithmétique, 24h, Cours niveau L3, Université de Bordeaux

Master, Jean-Paul Cerri, Arithmétique, 36h, Cours niveau M1, Université de Bordeaux

Encadrement, Jean-Paul Cerri, Encadrement d'un projet tuteuré (L3) et d'un TER (M1), Université de Bordeaux

Master: J.-M. Couveignes, Algorithms for public key cryptography, 40h, M2, Université Bordeaux, France;

Master: J.-M. Couveignes, Algorithms for number fields, 40h, M2, Université Bordeaux, France;

Licence : E. Milio, Topologie et Fonctions de plusieurs variables, 36 heures, niveau L2, université de Bordeaux site Victoire, France

Master: Sorina Ionica, Encadrement de 3 projets master (M2 CSI), Un iversité de Bordeaux.

PhD: Aurel Page,
*Méthodes explicites pour les groupes arithmétiques*,
,
supervised by K. Belabas and A. Enge,
defended 07/2014

PhD: Nicolas Mascot,
*Computing modular Galois representations*
,
supervised by K. Belabas and J.-M. Couveignes,
defended 07/2014

PhD in progress: Enea Milio,
*Isogénies entre surfaces abéliennes*,
University Bordeaux,
supervised by A. Enge and D. Robert

PhD in progress: Pınar Kılıçer,
*Topics in complex multiplication*,
Universities Bordeaux and Leiden,
supervised by A. Enge and M. Streng

PhD in progress: Chloë Martindale,
*Isogeny graphs*,
Universities Bordeaux and Leiden,
supervised by A. Enge and M. Streng

D. Robert was a member of the committee for the PhD defense of Christophe Tran in Rennes (December 2013).

A. Enge was a referee for the PhD of Nicole Sutherland, University of Sydney, entitled “Algorithms for Galois extensions of Global Function Fields”.

K. Belabas gave a lecture to present Bhargava's works (2014 Fields medal) to high school teachers during the “Journée de l'IREM d'Aquitaine” (11/2014, about 100 attendants).

A. Enge has presented “Les maths au service du secret (et de sa découverte!)” during the Math en Jeans congress held in Bordeaux in April 2014, for an audience of highschool pupils aged 12 to 17.

He has spoken on “Mathematik für (und gegen!) das Geheimnis” in an event in July at Gymnasium Leopoldinum, Detmold, Germany, to an audience comprised of pupils aged 12 to 18 and of mathematics teachers.

At the GNU Hacker's Meeting 2014 in München, Germany, he has presented a tutorial on “GnuPG key signing”.