Algorithmic number theory dates back to the dawn of mathematics
itself, cf. Eratosthenes's sieve to enumerate consecutive prime numbers.
With the
arrival of computers, previously unsolvable problems have come into reach,
which has boosted the development of more or less practical algorithms
for essentially all number theoretic problems. The field is now mature
enough for a more computer science driven approach, taking into account
the theoretical complexities and practical running times of the algorithms.

Concerning the lower level multiprecision arithmetic, folklore has asserted for a long time that asymptotically fast algorithms such as Schönhage–Strassen multiplication are impractical; nowadays, however, they are used routinely. On a higher level, symbolic computation provides numerous asymptotically fast algorithms (such as for the simultaneous evaluation of a polynomial in many arguments or linear algebra on sparse matrices), which have only partially been exploited in computational number theory. Moreover, precise complexity analyses do not always exist, nor do sound studies to choose between different algorithms (an exponential algorithm may be preferable to a polynomial one for a large range of inputs); folklore cannot be trusted in a fast moving area such as computer science.

Another problem is the reliability of the computations; many number
theoretic algorithms err with a
small probability, depend on unknown constants or rely on a Riemann
hypothesis. The correctness of their output can either be ensured by a
special design of the algorithm itself (slowing it down) or by an a
posteriori verification. Ideally, the algorithm outputs a certificate,
providing an independent fast correctness proof. An example is integer
factorisation, where factors are hard to obtain but trivial to
check; primality proofs have initiated sophisticated generalisations.

One of the long term goals of the Lfant project team is to make an
inventory of the major number theoretic algorithms, with an emphasis on
algebraic number theory and arithmetic geometry, and to carry out
complexity analyses. So far, most of these algorithms have been designed
and tested over number fields of small degree and scale badly. A complexity
analysis should naturally lead to improvements by identifying bottlenecks,
systematically redesigning and incorporating modern
asymptotically fast methods.

Reliability of the developed algorithms is a second long term goal of our project team. Short of proving the Riemann hypothesis, this could be achieved through the design of specialised, slower algorithms not relying on any unproven assumptions. We would prefer, however, to augment the fastest unproven algorithms with the creation of independently verifiable certificates. Ideally, it should not take longer to check the certificate than to generate it.

All theoretical results are complemented by concrete reference
implementations in Pari/Gp, which allow to determine and tune
the thresholds where the asymptotic complexity kicks in and help
to evaluate practical performances on problem instances
provided by the research community.
Another important source for algorithmic problems treated
by the Lfant project team is modern
cryptology. Indeed, the security of all practically relevant public key
cryptosystems relies on the difficulty of some number theoretic problem;
on the other hand, implementing the systems and finding secure parameters
require efficient algorithmic solutions to number theoretic problems.

Modern number theory has been introduced in the second half of the 19th
century by Dedekind, Kummer, Kronecker, Weber and others, motivated by
Fermat's conjecture: There is no non-trivial solution in integers to the
equation

The solution requires to augment the integers by algebraic
numbers, that are roots of polynomials in number
field consists of the rationals to which have been added finitely
many algebraic numbers together with their sums, differences, products
and quotients. It turns out that actually one generator suffices, and
any number field algebraic integers, “numbers without denominators”,
that are roots of a monic polynomial. For instance, ring of integers of

Unfortunately, elements in ideals, subsets of principal, that is,
generated by one element, so that ideals and numbers are essentially
the same. In particular, the unique factorisation of ideals then
implies the unique factorisation of numbers. In general, this is not
the case, and the class groupclass number

Using ideals introduces the additional difficulty of having to deal
with fundamental units. The regulator

One of the main concerns of algorithmic algebraic number theory is to
explicitly compute these invariants (

The analytic class number formula links the invariants
generalised Riemann hypothesis
(GRH), which remains unproved even over the rationals, states that
any such

When

Algebraic curves over finite fields are used to build the currently
most competitive public key cryptosystems. Such a curve is given by
a bivariate equation elliptic curves of equation
hyperelliptic curves of
equation

The cryptosystem is implemented in an associated finite
abelian group, the Jacobianrational function field with subring function field of coordinate ring

The size of the Jacobian group, the main security parameter of the
cryptosystem, is given by an genus

The security of the cryptosystem requires more precisely that the
discrete logarithm problem (DLP) be difficult in the underlying
group; that is, given elements

For any integer Weil pairingTate-Lichtenbaum pairing, that is more difficult to define,
but more efficient to implement, has similar properties. From a
constructive point of view, the last few years have seen a wealth of
cryptosystems with attractive novel properties relying on pairings.

For a random curve, the parameter

Complex multiplication provides a link between number fields and
algebraic curves; for a concise introduction in the elliptic curve case,
see Section 1.1 of 50,
for more background material, see 49.
In fact, for most curves CM field. The CM field
of an elliptic curve is an imaginary-quadratic field Hilbert class field

Algebraically, Galois if Galois groupabelian extension is a Galois extension with abelian Galois
group.

Analytically, in the elliptic case singular valuemodular function

The same theory can be used to develop algorithms that, given an
arbitrary curve over a finite field, compute its

A generalisation is provided by ray class fields; these are
still abelian, but allow for some well-controlled ramification. The tools
for explicitly constructing such class fields are similar to those used
for Hilbert class fields.

Being able to compute quickly and reliably algebraic invariants is an invaluable aid to mathematicians: It fosters new conjectures, and often shoots down the too optimistic ones. Moreover, a large body of theoretical results in algebraic number theory has an asymptotic nature and only applies for large enough inputs; mechanised computations (preferably producing independently verifiable certificates) are often necessary to finish proofs.

For instance,
many Diophantine problems reduce to a set of Thue equations of the form

Deeper invariants such as the Euclidean spectrum are related to more theoretical
concerns, e.g., determining new examples of principal, but not norm-Euclidean number
fields, but could also yield practical new algorithms: Even if a number field
has class number larger than 1 (in particular, it is not norm-Euclidean),
knowing the upper part of the spectrum should give a partial gcd
algorithm, succeeding for almost all pairs of elements of

Algorithms developed by the team are implemented in the free Pari/Gp system
for number theory maintained by K. Belabas (see §6.1 for
details). They will thus have a high impact on the worldwide number theory
community, for which Pari/Gp is a reference and the tool of choice.

Public key cryptology has become a major application domain for algorithmic
number theory. This is already true for the ubiquitous RSA system, but even
more so for cryptosystems relying on the discrete logarithm problem in algebraic
curves over finite fields.
For the same level of security, the latter require
smaller key lengths than RSA, which results in a gain of bandwidth and
(depending on the precise application) processing time. Especially in
environments that are constrained with respect to space and computing power
such as smrt cards and embedded devices, algebraic curve cryptography has become
the technology of choice. Most of the research topics of the Lfant team
detailed in §3 concern directly problems relevant for
curve-based cryptology: The difficulty of the discrete logarithm problem in
algebraic curves (§3.2) determines the security of the
corresponding cryptosystems. Complex multiplication, point counting and
isogenies (§3.3) provide, on one hand,
the tools needed to create secure instances of curves. On the other hand,
isogenies have been found to have direct cryptographic applications to hash
functions 48 and encryption 51. Pairings in algebraic
curves (§3.2) have proved to be a a rich source for novel
cryptographic primitives. Class groups of number fields (§3.1)
also enter the game as candidates for algebraic groups in which cryptosystems can
be implemented. However, breaking these systems by computing discrete logarithms
has proved to be easier than in algebraic curves; we intend to pursue this
cryptanalytic strand of research.

Apart from solving specific problems related to cryptology, number theoretic expertise is vital to provide cryptologic advice to industrial partners in joint projects. It is to be expected that continuing pervasiveness and ubiquity of very low power computing devices will render the need for algebraic curve cryptography more pressing in coming years.

Bill Allombert, Karim Belabas and Henri Cohen have been awarded the 2021 ACM/SIGSAM Richard Dimick Jenks Memorial Prize for Excellence in Software Engineering applied to Computer Algebra for the Pari/GP computer algebra system, see the announcement. The prize has been given at ISSAC 2022.

D. Robert has described a polynomial time algorithm for breaking SIDH in 38. The system was the main contender for isogeny based key exchange to withstand the threat of a potential quantum computer, submitted to the NIST competition for a new standard. D. Robert's work completely breaks the cryptosystem already in a classical, non quantum setting, by building on years of mathematical and algorithmic studies of isogenies of higher dimensional abelian varieties.

Jared Asuncion has defended his doctoral degree with a thesis entitled
Complex multiplication constructions of abelian extensions of quartic fields31.

Amaury Durand has defended his doctoral degree with a thesis entitled
Duaux des codes de Reed-Solomon linéarisés; résidus de polynômes
tordus.

Abdoulaye Maiga has defended in June his doctoral degree with a thesis entitled
Relèvement canonique de surfaces abéliennes.

The team wishes to thank the Commission d'Évaluation for its outstanding
efforts, in 2022 and previous years, in defending the interests of the
research community, keeping us thoroughly informed about topics relevant
to the scientific life at Inria, and upholding the moral and intellectual
values we are collectively proud of and which define our institute.

The presumed hardness of the discrete logarithm problem (DLP) in
finite fields (or other families of groups) is a foundation of classical public-key
cryptography. It has recently been found that the DLP is much
easier than previously believed in an important family: finite fields
of small characteristic, where algorithms of quasi-polynomial
complexity have been discovered.

Pomerance proved in 1987 that the DLP in finite fields of fixed characteristic
can be solved in subexponential time. All improvements from that point to the
discrovery of the first quasi-polynomial algorithms have been heuristic.
In 21, T. Kleinjung and B. Wesolowski prove that
this problem can indeed be solved in quasi-polynomial expected time, bridging the
gap between the best heuristic and rigorous algorithms.
More generally, they prove that it can be solved in the field of cardinality

Inner product functional encryption (IPFE) is a primitive which
produces, from a master secret key, decryption keys multiple orders of magnitude upon previous work.
A single-core C implementation of these schemes shows that, for a
112 bit security, and slowest proposed scheme takes

In
24, accepted at the ASIACRYPT'22
conference, Castagnos, Laguillaumie and Tucker provide the first threshold linearly homomorphic
encryption whose message space is à la ElGamal makes it possible to
distribute the decryption among servers using linear integer secret
sharing, allowing any access structure for the decryption
policy. Furthermore its efficiency and its flexibility on the
choice of the message space make it a good candidate for applications to
multiparty computation.

In 33, Bouvier, Castagnos, Imbert and Laguillaumie introduce BICYCL, an Open Source C++ library that implements arithmetic in the ideal class groups of imaginary quadratic fields, together with a set of cryptographic primitives based on class groups. It is available here under the GNU General Public License version 3 or any later version. It provides significant speed-ups on the implementation of the arithmetic of class groups. Concerning cryptographic applications, BICYCL is orders of magnitude faster than any previous implementation of the Castagnos–Laguillaumie linearly homomorphic encryption scheme, making it faster than Paillier's encryption scheme at any security level. Linearly homomorphic encryption is the core of many multi-party computation protocols, sometimes involving a huge number of encryptions and homomorphic evaluations: class group based protocols become the best solution in terms of bandwidth and computational efficiency to rely upon.

Due to their use in crypto-currencies, threshold ECDSA signatures have received much attention in recent years. Though efficient solutions now exist both for the two party, and the full threshold scenario, there is still much room for improvement, be it in terms of protocol functionality, strengthening security or further optimising efficiency.

In the past few months, a range of protocols have been published, allowing for a non interactive – and hence extremely efficient – signing protocol; providing new features, such as identifiable aborts (parties can be held accountable if they cause the protocol to fail),
fairness in the honest majority setting (all parties receive output or nobody does) and other properties. In some cases, security is proven in the strong simulation based model.
In 16, G. Castagnos, D. Catalano,
F. Laguillaumie, F. Savasta and I. Tucker combine ideas from the aforementioned articles with the suggestion of Castagnos et al. (PKC 2020) to use the class group based CL framework so as to drastically reduce bandwidth consumption.

Building upon this latter protocol they present a new, maliciously secure, full threshold ECDSA protocol that achieves additional features without sacrificing efficiency. Their most basic protocol boasts a non interactive signature algorithm and identifiable aborts. They also propose a more advanced variant that achieves adaptive security (for the

The elliptic curve method of factorisation (ECM) is a building block of the best algorithms for factoring and computing discrete logarithms. ECM has a rigorous proof of complexity under the celebrated conjecture of existence of smooth numbers in short intervals. However, it does not correspond to the variant which is implemented and studied in the literature of ECM-friendly curves. In 32 R. Barbulescu and F. Jouve prove that the celebrated conjecture of Elliott–Halberstam implies this latter variant in the case of CM elliptic curves, for a smoothness bound larger than the one used in ECM. Then they prove that a recent conjecture of Pollack's implies the correctness in the general case.

It has been known since the work of Shor in 1994 that a functional,
large-scale quantum computer would be able to break most classical
public-key cryptosystems deployed today. The cryptographic community
has since then investigated new families of post-quantum
cryptosystems, meant to resist the advance of quantum computing.
Lattice-based cryptography, one of the leading post-quantum
candidates, relies on the presumed hardness of certain computational
problems in euclidean lattices. There is strong confidence in the
hardness of these problems in general, but the use of algebraic
lattices (necessary for efficiency or advanced functionalities) opens
new angles of attack.
In 22, K. Boudgoust, E. Gachon and A. Pellet-Mary
show that some algebraic lattices with a lot of symmetries (namely, ideal lattices
stabilised by field automorphisms) can lead to easier algorithmic problems
than non structured lattices.
They also demonstrate this weakness by implementing an attack on some cryptographic
scheme using these lattices with too much structure.
In 26, J. Felderhoff, A. Pellet-Mary and D. Stehlé extend
a result from last year by A. Pellet-Mary and D. Stehlé on the algorithmic problem NTRU
(used in many post-quantum cryptographic primitives).
The previous work proved a lower bound on the hardness of NTRU (by reducing a more
standard lattice problem to NTRU), whereas this new result
shows an equivalence between NTRU and another (more standard) problem.

Isogeny-based cryptography is another popular candidate for
post-quantum cryptography which relies on the presumed hardness of computing isogenies
between elliptic curves. The cryptosystems of this family actually rely on a variety
of computational assumptions which do not trivially relate to each other.
In 30, B. Wesolowski proves the equivalence of two of the
most fundamental problems: the supersingular isogeny path problem, and the supersingular
endomorphism ring problem (assuming the generalised Riemann hypothesis).
In 29, he then shows how these
problems relate to group actions, exposing a hierarchy of computational problems. These
results notably imply that the security of the CSIDH cryptosystem is equivalent
to some specialisation of the endomorphism ring problem.
In 25, W. Castryck, M. Houben, F. Vercauteren and B. Wesolowski
show that the decisional variants of some of these problems are often easy to solve.

Finally, in the preprint 41, B. Wesolowski shows that contrary to previous belief, analogs of isogeny-based cryptosystems using Drinfeld modules are insecure.

In 14, X. Caruso et A. Durand develop a theory of residues for Ore rational functions in the differential case and use it to give a description of the duals of linearised Reed-Solomon codes. Their construction shows in particular that, under some assumptions on the base field, the class of linearised Reed-Solomon codes is stable under duality.

Given a polynomial

The paper 12 has been published, in which A. Page and his coauthors
analyse in detail the
subfield method to accelerate the computation of

In 28, A. Page and P. Molin describe algorithms to
represent and compute groups of Hecke characters of a number field.
They obtain the whole family of such characters, including
transcendental ones. They also show how to isolate the algebraic characters,
which are of particular interest in number theory. These results have been
implemented in Pari/Gp, and they illustrate their work with a variety of
examples using this implementation, in particular showing the interactions with
modular forms,

A.-E. Wilke has written a program 44 whose
purpose is to compute tables of primitive quartic number fields with
bounded absolute discriminant. The underlying theoretical tool is
Bhargava's bijection between such fields and certain classes of pairs
of ternary quadratic forms with integer coefficients. This program has
been used to compute the complete list of all primitive quartic number
fields of absolute discriminant at most

The best algorithms for integer factorisation use a non-negligible proportion of the time to enumerate smaller integers and to test if all their prime factors are below a given bound. A lot of effort has been spent in the literature to improve the best algorithm for this task, the elliptic curve method (ECM). In 11, R. Barbulescu and his doctoral student S. Shinde give a simple method which allows to find rapidly, in a unified manner, all the previously known families of elliptic curves for ECM. They prove that there are precisely 1525 ECM-friendly families using the theory of modular forms.

In 34, H. Cohen shows how to obtain infinitely many
continued fractions for certain

In 35, J.-M. Couveignes and T. Ezome study the complexity of multiplication in the context of normal bases of finite field extensions. They define the equivariant complexity of such an extension and prove general and specific bounds for it using the geometry of covers of curves and isogenies of Jacobian varieties.

In 18, J. Kieffer gives degree and height bounds for modular equations on PEL Shimura varieties in terms of their level. In particular, his result answers previous questions about Hilbert and Siegel modular polynomials and the complexity of algorithms manipulating them.

In 19, J. Kieffer shows that the sign choices made in Dupont's algorithm to evaluate genus 2 theta constants in quasi-linear time in the precision are indeed correct. This gives a positive answer to a question raised by Dupont in his 2006 thesis, and lifts one of the heuristic that Dupont's algorithm uses.

In 30, B. Wesolowski proves that the path-finding
problem in

In 27, accepted for publication at the ANTS 2022
conference, D. Lubicz and D. Robert give new change of level formulas
between theta functions with a quasi-linear time complexity. As an application,
they derive an algorithm to compute

In 37, A. Maiga and D. Robert improve the
dependency on

In 38, D. Robert gives a polynomial time algorithm to break SIDH in all cases. This result extends previous results by Castryck–Decru which heuristically broke SIDH in polynomial time when the endomorphism ring of the starting curve was known, and of Maino–Martindale, who suggested a subexponential attack.

In 39, D. Robert shows that any isogeny on an abelian variety admits a representation taking polylogarithmic space and allowing evaluation in polylogarithmic time.

In 23, continuing their work on the computation of Gröbner bases over Tate algebras, X. Caruso, T. Vaccon and T. Verron study ideals spanned by polynomials or overconvergent series in a Tate algebra. They prove that ideals which are spanned by polynomials admit a Tate Gröbner basis made of polynomials, and propose an algorithm for computing it. As a result, the size of the output of this algorithm grows linearly with the precision. They also prove the existence of a universal analytic Gröbner basis for polynomial ideals in Tate algebras, compatible with all convergence radii.

In 15, X. Caruso studies the distribution of the
roots of a random

In 13, X. Caruso, A. David and A. Mézard propose some evidences towards a new type of Langlands correspondence (of combinatorial nature) which they call the 1-adic Langlands correspondence.

In 36, F. Johansson presents a new algorithm for calculating elementary functions at high precision, achieving a speed-up of roughly a factor of 2 at precisions above 1000 digits. The method is implemented in the latest version of Arb.

In 42, A.-E. Wilke first tries to make the
known analogy between convexity and plurisubharmonicity more precise.
Then he introduces a notion of strict plurisubharmonicity analogous to
strict convexity, and he shows how this notion can be used to study
the strong maximum modulus principle in Banach spaces. As an
application, he defines a notion of

G. Castagnos has a three years contract with Orange (Orange Labs Cesson-Sévigné) for the supervision of the PhD of Élie Bouscatié (Thèse CIFRE) from November 2020 to November 2023.

Duration: 2021–2024

One of the most promising candidates for quantum-resistant cryptography is lattice-based cryptography. In this framework, the security is inherited from the presumed computational intractability of certain problems on high-dimensional Euclidean lattices. Efficiency and functionality of lattice-based cryptography can be significantly improved by switching the underlying hardness assumptions to module lattices, which possess additional algebraic structure. For this reason, hardness assumptions for problems on algebraically-structured lattices have received significant attention in recent studies.

This ANR-NSF project aims at clarifying the landscape of module lattice problems. The prime objective is to provide a clearer understanding of the intractability of module lattice problems, via improved reductions between them and improved dedicated algorithms.

Duration: 2021–2022

This project called REDGATE (recherche et encadrement doctoral en géométrie algébrique et théorie des nombres effectives en Afrique) aims at supporting the activities of the Pole of Research in Mathematics and Applications in Africa , a network of 60 African mathematicians, in the fields of algebraic geometry, number theory and their applications to information theory. This projects is managed by researchers from Bordeaux, Besançon and Franceville (Gabon). The two main activities supported by the REDGATE project are research schools for graduate and PhD students in Africa and scientific visits to enhance collaborations. In April 2022 a workshop has been organized at the École Normale Supérieure de Libreville during 3 weeks for PhD student. In December 2021 a research school has been organized at the Institut de Mathématiques et Sciences Physiques du Bénin during 2 weeks (30 participants). In Decembre 2022 a research school has been organized in Libreville during 2 weeks (50 participants).

The following international researchers have given a presentation
in the Lfant team seminar:

Duration: 2016 – 2022

The Alambic project was planned to end in October 2020,
but was prolonged due to the pandemics to April 2021 and then to April 2022.

The Alambic project is a research project formed by members of the
INRIA Project-Team CASCADE of ENS Paris, members of the AriC INRIA
project-team of ENS Lyon, and members of the CRYPTIS of the university
of Limoges. G. Castagnos is an external member of the team of Lyon for
this project.

Non-malleability is a security notion for public key cryptographic encryption schemes that ensures that it is infeasible for an adversary to modify ciphertexts into other ciphertexts of messages which are related to the decryption of the first ones. On the other hand, it has been realised that, in specific settings, malleability in cryptographic protocols can actually be a very useful feature. For example, the notion of homomorphic encryption enables specific types of computations to be carried out on ciphertexts and to generate an encrypted result which, when decrypted, matches the result of operations performed on the plaintexts. The homomorphic property can be used to create secure voting systems, collision-resistant hash functions, private information retrieval schemes, and fully homomorphic encryption enables widespread use of cloud computing by ensuring the confidentiality of processed data.

The aim of the Alambic project is to investigate further theoretical
and practical applications of malleability in cryptography. More
precisely, this project focuses on three different aspects: secure
computation outsourcing and server-aided cryptography, homomorphic
encryption and applications and “paradoxical” applications of
malleability.

Duration: 2017–2022

Building on the unifying theme of Flair project
synthetises complementary point of views from multiple domains: analytic
approaches for classical

Developping systematically the emerging notion of good families of

Duration: 2018–2023

The

The CLap-CLap ANR project aims at accelerating the expansion of the

This project is also the opportunity to contribute to the
development of the mathematical software SageMath and to the expansion
of computational methodologies.

Duration: 2019–2024

The CIAO ANR project is a young researcher ANR project led by Damien Robert.

The aim of the CIAO project is to study the security and to improve the efficiency of the SIDH (supersingular isogenies Diffie Helmann) protocol, which is one of the post-quantum cryptographic project submitted to NIST, where it passed the first round of selections.

The project includes all aspects of SIDH, from theoretical ones (computing the endomorphism ring of supersingular elliptic curves, generalisation of SIDH to abelian surfaces) to more practical aspects like arithmetic efficiency and fast implementations, and also extending SIDH to more protocols than just key exchange.

Applications of this project are to improve the security of communication in a context where the currently used cryptosystems are vulnerable to quantum computers. Beyond post-quantum cryptography, isogeny based cryptosystems also allow one to construct new interesting cryptographic tools, such as verifiable delay functions used in block chains.

Duration: 2021–2025

The NuSCAP project aims at developing theorems, algorithms and software to improve the numerical safety of computer-aided proofs in mathematics.

Duration: 2021–2025

The MELODIA ANR project is a young researcher ANR project led by Gaetan Bisson.

Its main objective is to systematically study the algebraic structure of isogeny graphs of abelian varieties, with a view to attacking important open problems in number theory and cryptography.

It focuses on low-dimensional abelian varieties defined over finite fields and tackles the following (closely related) problems: describing the abstract structure of the isogeny graph; computing the endomorphism ring of an abelian variety; constructing an abelian variety with a prescribed number of points; obtaining a Gross-Zagier formula for such varieties.

The case of supersingular elliptic curves is of particular interest as the presumed hardness of the corresponding computational problems is of foundational importance to isogeny-based cryptography. The MELODIA project aims at pinpointing the precise hardness of these problems, to guide the choice of secure cryptographic parameters for a variety of post-quantum protocols.

Duration: 2021–2025

Secure distributed computation has long stood in the realm of theoretical cryptography, but it was known to have the potential of providing a disruptive change for practical security solutions. The concept was introduced by Yao in the 1980s and it allows mutually distrusting parties to run joint computations without disclosing any participant’s private inputs. New cryptographic tools have been invented in recent years (e.g. fully-homomorphic encryption, functional encryption, succinct proof systems, and so on). These constructions have opened the door to applications that were previously believed unattainable in practice (e.g. Cloud Computing, Big Data, Blockchain or the Internet of Things). There is currently a strong interest in secure distributed computation from governments and security organisations (in particular the National Institute of Standards and Technology, NIST), military, academia and industry. We are close to the stage where the secure distributed computation protocols can be applied to real-world security issues.

The main scientific challenges of the Sangria project are (1) to
construct specific protocols that take into account practical
constraints and prove them secure, (2) to implement them and to
improve the efficiency of existing protocols significantly. The
project aims at undertaking research in
these two directions while combining research from cryptography,
combinatorics and computer algebra. It is expected to impact central
problems in secure distributed computation, while enriching the
general landscape of cryptography.

Duration: 2021–2025

The AGDE ANR project is a young researcher ANR project led by Jean Raimbault.

Its main objects of study are groups of matrices with integer entries, as these are objects of interest in geometric group theory, number theory, differential geometry and topology. Its main objective is to study the properties that are common or different in various classes of such groups, with a particular focus on the asymptotic behaviour. The project focuses on torsion homology and regulators, and the classes of congruence groups, arithmetic but noncongruence groups, and thin subgroups. The development of computational methods is an important tool for the project.

B. Allombert and K. Belabas organised the annual PARI/GP Workshop in Besançon to present the new features of the software and discuss future directions with the community.

Atelier francophone hybride PARI/GP 2022b

B. Allombert, A. Page and A. Zekhnini organised a two-days hybrid PARI/GP workshop to give an introduction to PARI/GP to the participants of the conference JATNA 2022 held in Oujda.

J.-M. Couveignes was a member of the programme committee of the conference
A Tour of Arithmetic Geometry, conference in honour of Bas
Edixhoven’s 60th birthday, Schiermonnikoog, April 2022.

A. Pellet-Mary and B. Wesolowski were members of the programme committees of the conferences ANTS 2022 and PKC 2023.

X. Caruso was Publicity Chair at the conference ISSAC 2022.

X. Caruso is an editor and one of the founders of the journal
Annales Henri Lebesgue. He is a member of the editorial board
(scientific committee) of Journal de Théorie des Nombres de
Bordeaux since 2022.

J.-M. Couveignes is a member of the editorial board (scientific committee)
of the Publications mathématiques de Besançon since 2010
and of Journal de Théorie des
Nombres de Bordeaux since 2020.

K. Belabas acts on the editorial board Archiv der Mathematik since
2006.

A. Enge is an editor of Designs, Codes and Cryptography
since 2004.

A. Page is an associate editor of the LMFDB since 2022.

A. Page gave an online invited talk at the conference Arithmetic groups and 3-manifolds (Bonn, MPIM) initially scheduled for March 2020 but rescheduled to May 2022 because of the pandemic.

F. Johansson gave an invited plenary talk at the Fifteenth Algorithmic Number Theory Symposium, ANTS-XV at the University of Bristol.

F. Johansson gave invited talks at the online conferences Big Data in Pure Mathematics 2022 and Global Virtual Sage Days 112.358.

K. Belabas is a member of the “conseil scientifique” of the Société Mathématique de France (second mandate).

X. Caruso is a member of the “conseil national des universités” (CNU) since 2021.

X. Caruso was president of the HCERES evaluation of Institut de Mathématiques de Marseille.

A. Enge took part in the HCERES evaluation of Institut de Mathématiques de Toulon.

J.-M. Couveignes was head of the comité de visite, d'analyse
et de recommandation de l’équipe
Modélisation et Applications du LMNO de Caen at the request
of CNRS-INSMI and Université de Caen Normandie.

Up to March 2022, K. Belabas was vice-head of the Mathematics Institute (IMB); he also led the IT support service (“cellule informatique”) of IMB. X. Caruso took his place in March 2022.

Up to March 2022, K. Belabas was vice-head of the Unité de Formation Mathématiques et Interactions (UFMI).

Since March 2022, K. Belabas is vice-president of the Université de Bordeaux, in charge of digital policies, including privacy, security and data management. He coordinates the 59M€ INFRANUM project for the 2021–2027 CPER financing mutualised numerical infrastructures for all universities and engineering schools of the Nouvelle Aquitaine region.

A. Enge and A. Page are members of the administrative council of the Société
Arithmétique de Bordeaux, which edits the Journal de théorie des
nombres de Bordeaux and supports number theoretic conferences.

G. Castagnos is responsible for the bachelor programme in mathematics and informatics.

J.-M. Couveignes is co-responsible for the Graduate Programme Numerics of the Université de Bordeaux.

R. Barbulescu is a member of the Laboratory council of the IMB since september 2022.

A. Pellet-Mary gave a course about lattice-based cryptography at a summer school in Budapest (master and PhD students).

A. Page gave a course about computational mathematics and Pari/GP at the SuSAAN Summer School in the Nesin Math Village (Izmir, Turkey).

At the Cogent Summer School in Grenoble, A. Page gave a mini-course about arithmetic groups in low rank and number theory, and B. Allombert gave a Pari/GP mini-course.

X. Caruso and C. Ménini are leaders of the popularisation group at IMB (Institut de Mathématiques de Bordeaux).

R. Barbulescu is one of the organisers of concours Alkindi 1, which proposes interactive exercises of cryptography for students of 8th, 9th and 10th grade (French 4e, 3e and 2nde). Together with the Ministries of Education and of Defense, the contest is supported by Inria and Thalès. In 2021-2022 the contest had 57000 participants from 800 middle and high schools. R. Barbulescu had two roles: an administrative task (he was one of the three organisers) and a scientific role (he was one of six researchers in this function), which consists in translating the latest research results into exercises adapted for middle- and high-school students. D. Robert invited the local Alkindi laureates to visit IMB and Inria Bordeaux to discuss with researchers and also gave a talk about cryptography.

R. Barbulescu is one of the four members of the regional organisation committee of Tournoi français des jeunes mathématiciennes et mathématiciens (TFJM) in Bordeaux2. A. Enge was a jury member.

R. Barbulescu takes part in the action for central Africa of the NGO Animath3. In 2022, an agreement was found with Université Virtuelle du Sénégal to organise the Alkindi contest in Senegal.

R. Barbulescu published an article in the science section of “The conversation”, which was read by over 5000 people. The article is not adapted for the general public and quotes many research articles.4

R. Barbulescu published an article for the general public in the online version of the “Sud-Ouest” newspaper.5

A. Enge took part in a discussion with middle school pupils around challenges
in the digital world organised by Cap Sciences, Inria and the Conseil
National du Numérique.

X. Caruso was the corresponding researcher for an atelier
MATh.en.JEANS for families in Cestas. Besides, he gave a talk at the
final conference.

D. Robert gave a talk on Les enjeux de la blockchain écologique at
the French tech days in Bordeaux, and at Unité a talk with E. Jeannot on
Les Cryptomonnaies et les NFT.

A. Pellet-Mary facilitated two activities on cryptography for high school and middle school female students, during the week “Moi informaticienne moi mathématicienne”.

R. Barbulescu facilitated a workshop for highschool and IUT students about Cryptography for the Circuit scientifique at IMB.