6.1.1 Belenios

• Name:
  Belenios - Verifiable online voting system
• Keyword:
  E-voting
• Functional Description:

  Belenios is an open-source online voting system that provides vote confidentiality and verifiability. End-to-end verifiability relies on the fact that the ballot box is public (voters can check that their ballots have been received) and on the fact that the tally is publicly verifiable (anyone can recount the votes). Vote confidentiality relies on the encryption of the votes and the distribution of the decryption key (no one detains the secret key).

  Belenios supports various kind of elections. In the standard mode, Belenios supports simple elections where voters simply select one or more candidates. It also supports arbitrary counting functions at the cost of a slightly more complex tally procedure for the authorities. For example, Belenios supports Condorcet, STV, and Majority Judgement, where voters order candidates and grade them.

  Belenios is available in several languages for the voters as well as the administrators of an election. More languages can be freely added by users.

• News of the Year:

  In 2021, our platform was used for the organization of about 2000 elections, with about 70,000 ballots counted.

  This year, we modified the voting platform to make it more user-friendly and responsive: it automatically adapts on a cell phone, for example. We also developed two new interfaces to vote by ranking the candidates (Condorcet) or by rating them (Majority Judgement). Following several requests, Belenios now offers weighted votes, where each voter has a certain number of votes. Less visible to users, an important change was the update of the cryptographic core, in order to better link a ballot to the context of the election. Finally, we initiated the development of a REST API and modernized the management of administrator accounts.

• URL:
  https://­www.­belenios.­org/
• Contact:
  Stéphane Glondu
• Participants:
  Pierrick Gaudry, Stéphane Glondu, Véronique Cortier
• Partners:
  CNRS, Inria

6.1.2 CADO-NFS

• Name:
  Crible Algébrique: Distribution, Optimisation - Number Field Sieve
• Keywords:
  Cryptography, Number theory
• Functional Description:
  CADO-NFS is a complete implementation in C/C++ of the Number Field Sieve (NFS) algorithm for factoring integers and computing discrete logarithms in finite fields. It consists in various programs corresponding to all the phases of the algorithm, and a general script that runs them, possibly in parallel over a network of computers.
• News of the Year:

  During year 2021, several internal aspects of the CADO-NFS code were modified. - some computations are now shared in order to save a significant number of modular inversions during the sieving step. - the Python script that orchestrates the computation has been improved. - 32-bit factor bases are now supported. - the filtering simulation code has been improved. - the continuous integration machinery has been considerably improved and extended. - tooling was put in place in order to automatically detect code defects with static analysis software (Coverity Scan).

  In 2020, CADO-NFS has moved to the Inria gitlab platform. However, the question of a permanent URL that Cado-NFS could use is still awaiting validation by the relevant service.

• URL:
  https://­cado-nfs.­inria.­fr/
• Contact:
  Emmanuel Thome
• Participants:
  Pierrick Gaudry, Emmanuel Thome, Paul Zimmermann

6.1.3 TNFS-alpha

• Name:
  alpha for the Tower Number Field Sieve algorithm
• Keyword:
  Cryptography
• Functional Description:
  This library implements a simulation tool for the tower number field sieve algorithm computing discrete logarithms in extension fields of small degree (tested up to 54). The library contains an implementation of the exact computation of alpha, the bias between the expected smoothness of an integer and the expected smoothness of a norm of an algebraic integer in a number field made of two extensions. The algorithm is a generalization to extensions of the exact implementation of alpha in the software CADO-NFS. The software contains an implementation of the E-function of B. A. Murphy (Murphy's E) which estimates the quality of the polynomial selection step in TNFS through a simulation of the yield of the relation collection in the TNFS algorithm. Finally it contains a database of pairing-friendly curve seeds with the estimated level of security w.r.t a discrete logarithm computation in the corresponding finite field.
• News of the Year:
  The paper hal-02263098 was published in 2021 and the library was updated accordingly. The library was updated later in 2021 to estimate the security of the curves listed at https://members.loria.fr/AGuillevic/pairing-friendly-curves/ and other curves upon request (e.g. the Pluto BN curve).
• URL:
  https://­gitlab.­inria.­fr/­tnfs-alpha/­alpha
• Publications:
  hal-02263098, hal-02396352
• Contact:
  Aurore Guillevic

6.1.4 ALPINAC

• Name:
  ALgorithmic Process for Identification of Non-targeted Atmospheric Compounds
• Keyword:
  Chemistry
• Functional Description:
  ALPINAC identifies up to 95% of the measured signal obtained from an Electron-Impact Time-of-Flight High Resolution Mass Spectrometer (EI ToF HRMS) on air sampling, without a-priori knowledge on the encountered chemical compounds, without database search. The software was successfully tested on mass spectrum ranging from 23 m/z to 330 m/z.
• News of the Year:
  ALPINAC was first released in July 2021.
• URL:
  https://­gitlab.­inria.­fr/­guillevi/­alpinac
• Publication:
  hal-03176025
• Contact:
  Aurore Guillevic
• Partner:
  EMPA

6.1.5 snark-2-chains

• Name:
  Families of SNARK-friendly 2-chains of elliptic curves
• Keywords:
  Cryptography, Cryptocurrency, Blockchain
• Functional Description:
  This small library implements finite field and elliptic curve arithmetic for BN curves (Barreto-Naehrig), BLS curves (Barreto-Lynn-Scott), and 2-chains made of BW6 (Brezing-Weng curves of embedding degree 6), CP8, CP12 (Cocks-Pinch curves of embedding degree 8 and 12) for use with zk-snarks (zero-knowledge succinct non-interactive argument of knowledge). The cryptographic applications are: pairing, scalar multiplication on the curves, hashing on the curves. The code is a proof of concept tied to a preprint and is not optimized.
• News of the Year:
  The library was first released in October 2021.
• URL:
  https://­gitlab.­inria.­fr/­zk-curves/­snark-2-chains
• Publication:
  hal-03371573
• Contact:
  Aurore Guillevic

7.1.1 Families of SNARK-friendly 2-chains of elliptic curves

This work 30 is a generalization of   34 published last year at CANS'2020, with Youssef El Housni, PhD student in the GRACE team at Inria Saclay, and ConsenSys. This paper considers chains of two pairing-friendly elliptic curves for SNARKs (Succint Non-interactive ARguments of Knowledge). In the previous work, one 2-chain was investigated: the curves BLS12-381 and BW6-761. This work considers 2-chains of curves where the first (inner) curve can be a BN (Barreto–Naehrig), or a BLS12 or BLS24 (Barreto–Lynn–Scott) curve. The second (outer) curve is obtained with the Brezing–Weng construction (BW6 curves) of the Cocks-Pinch curve. The aim is to provide other trade-offs in terms of size, and arithmetic and pairing efficiency. This preprint improves the operations on BLS curves: a general proof of faster cofactor multiplication is provided for example. The companion code is referenced in Section 6.1.5, and a full Golang implementation is developed in the library GNARK.

7.2.1 On the Alpha value of polynomials in the Tower Number Field Sieve Algorithm

Participants: Aurore Guillevic.

7.2.2 Lattice enumeration for Tower NFS: a 521-bit discrete logarithm computation

Participants: Gabrielle De Micheli, Pierrick Gaudry, Cécile Pierrot.

7.2.3 Refined analysis of the asymptotic complexity of the Number Field Sieve

Participants: Aude Le Gluher, Pierre-Jean Spaenlehauer, Emmanuel Thomé.

The preprint version of this work was written in 2020. This paper was published in 2021 in the new diamond open-access journal Mathematical Cryptology.

In 15, we examine how it is possible to refine the asymptotic complexity of the Number Field Sieve. Its most commonly used expression, for the factorization of an $n$-bit integer, is of the form $exp\left(\right(1+o\left(1\right)\left)f\right(n\left)\right)$. This $(1+o(1\left)\right)$ factor is present for reasons that pertain to analytic number theoretic results. In practical terms however, this inaccuracy is problematic since it can swallow potentially huge factors. Yet, extrapolations on the hardness of integer factoring, or of finite field discrete logarithms, resort to setting $o\left(1\right)=0$ by lack of a better alternative. In 15, we try to see what hides behind $o\left(1\right)$. On the positive side, we show that symbolic computation tools can be used to provide an asymptotic expansion to arbitrarily many terms. On the negative side, we show that this expansion is basically useless, as $o\left(1\right)$ stands in fact for a series that diverges in a range that widely encompasses the practical range. A consequence of this is that predictions of the hardness of, say, 8000-bit RSA, given a data point for 800-bit RSA should be regarded with extreme care.

7.2.4 History of cryptographic key sizes

Participants: Emmanuel Thomé.

The book chapter 23 (online in 2021, to be published in 2022) was written in the context of a festschrift dedicated to Arjen K. Lenstra, and relates the progression of cryptanalysis over several decades, and its impact on the recommendation of key sizes. Both secret- and public-key settings are covered, and in particular the most recent computational records which were obtained by Caramba (and co-authors) using Cado-NFS are of course part of this history.

7.3.1 MOE: Multiplication Operated Encryption with Trojan resilience

Participants: Virginie Lallemand.

As most hardware design companies cannot afford having their own foundries, a common strategy consists in outsourcing the production of integrated circuits to external factories. While this solution allows them to reduce the production costs, it brings up the problem of trust in the third party. One of the most feared threats in this respect goes under the name of hardware Trojan, defined as a malicious modification of the circuit design. In this paper 10 we studied the possibility of building a symmetric cipher that would reach Trojan-resilience in an efficient manner. Our concrete proposal is called MOE, acronym for “Multiplication Operated Encryption”. It can be implemented using (mostly) untrusted low-cost chips and provides robustness more efficiently than by exploiting secret sharing and multi-party computation on a standard block cipher. MOE exploits a simple round structure mixing a modular multiplication and a multiplication with a binary matrix. Besides being motivated as a new block cipher design for Trojan resilience, our research also exposes the cryptographic properties of the modular multiplication, which is of independent interest.

7.3.2 CTET+: A beyond-birthday-bound secure tweakable enciphering scheme using a single pseudorandom permutation

Participants: Virginie Lallemand, Marine Minier.

In this paper 11, we build upon the results on tweakable SPNs (Single Pseudorandom Permutations) with independent round keys and permutations from CRYPTO 2018 by constructing a 2-round tweakable substitution-permutation network using a single secret S-box. The construction is based on non-linear permutation layers using independent round keys, and achieves security beyond the birthday bound in the random permutation model. When instantiated with an $n$-bit block cipher with $k$-bit keys, the resulting tweakable block cipher, dubbed CTET+, can be viewed as a tweakable enciphering scheme that encrypts $wn$-bit messages for any integer $w>1$ using $5n+k$-bit keys and $n$-bit tweaks, providing $2n/3$-bit security.

Furthermore, we propose a concrete instance with $n=128$ named AES6-CTET+ which is a new tweakable enciphering scheme using a reduced round AES block cipher as the underlying secret S-box.

7.3.3 Efficient methods to search for best differential characteristics on SKINNY

Participants: Marine Minier.

Notably, for SKINNY-128 in the SK model and for 13 rounds, we retrieve the results of Abdelkhalek et al. within a few seconds (instead of 16 days) and we provide, for the first time, the best differential related-tweakey characteristics up to 14 rounds for the TK1 model. Regarding the TK2 and the TK3 models, we were not able to test all the solutions in Step 1, and thus the differential characteristics we found up to 16 and 17 rounds are not necessarily optimal.

7.3.4 Non-triangular self-synchronizing stream ciphers

Participants: Paul Huynh, Marine Minier.

7.3.5 Hybrid architecture of LPV dynamical systems in the context of cybersecurity

Participants: Marine Minier, Hamid Boukerrou.

7.4.1 A privacy attack on the Swiss Post e-voting system

Participants: Pierrick Gaudry.

Together with Alexandre Debant and Véronique Cortier, from the PESTO team, we have discovered a privacy issue in the protocol and its implementation that would allow a collusion of a subset of the trust parties to learn the vote of any voter of their choice. This is in contradiction with the trust model imposed by the Federal Chancellery that imposes that privacy should be preserved unless all the trustees are dishonest.

For this result 28, accepted to RWC 2022, we obtained a generous reward from the bug bounty program (40 k euros). The protocol has been fixed, and the certification process continues.

7.4.2 A toolbox for verifiable tally-hiding e-voting systems

Participants: Pierrick Gaudry, Quentin Yang.

In this work 29, we explore the possibility of revealing only the result of an election, without decrypting the individual ballots, or any side-information. The result must be computed in a way such that everyone can verify that it indeed corresponds to the (public) ballot box. Also, even the trust parties who possess the shares of the decryption key should not learn anything more than the winner of the election.

We propose a multi-party computation toolbox dedicated to this kind of problems, and show that it allows us to tackle all famous tally functions, including the most complicated, like the Condorcet-Schulze, D'Hondt, STV, or Majority Judgement. We also explain how the classical ElGamal encryption (typically based on elliptic curves) can be used, instead of the Paillier scheme that is often chosen in theoretical papers, but is far less frequent in standard crypto libraries.

7.5.1 Quantum period finding against symmetric primitives in practice

Participants: Xavier Bonnetain.

7.5.2 Quantum linearization attacks

Participants: Xavier Bonnetain.

We also present some variants of this attack that use other quantum algorithms, which are much less common in quantum symmetric cryptanalysis: Deutsch's, Bernstein-Vazirani's, and Shor's. To the best of our knowledge, this is the first time these algorithms have been used in quantum forgery or key-recovery attacks.

Our attacks break most parallelizable MACs such as LightMac, PMAC, and numerous variants with (classical) beyond-birthday-bound security (LightMAC+, PMAC) or using tweakable block ciphers (ZMAC). More generally, it shows that constructing parallelizable quantum-secure PRFs might be a challenging task.

7.5.3 QCB: efficient quantum-secure authenticated encryption

Participants: Xavier Bonnetain.

We also generalize some quantum attacks, which allows us to show that a large class of authenticated encryption modes is broken in a quantum setting, and discuss the quantum security notions for authenticated encryption modes.

7.6.1 Automated fragment formula annotation for electron ionisation, high resolution mass spectrometry: application to atmospheric measurements of halocarbons

Participants: Aurore Guillevic.

7.6.2 The CORE-MATH project

Participants: Paul Zimmermann.

In 2021, two functions were implemented for the above four formats: the cubic root function (cbrt) and the arc-cosine function (acos). In parallel, the article about the accuracy of current mathematical libraries was extended with the help of Vincenzo Innocente to the Apple and CUDA mathematical libraries 31. This article shows that current mathematical libraries return very different results, and are far from correct rounding, even for rounding to nearest.

7.6.3 Parallel integer multiplication

Participants: Emmanuel Thomé, Samuel Vivien, Paul Zimmermann.

9.1.1 Informal International Partners

Participants: Marine Minier, Virginie Lallemand.

9.2.1 Visits to international teams

9.3.1 ANR Decrypt

Participants: Marine Minier, Virginie Lallemand.

• Program: ANR
• Project acronym: DECRYPT
• Duration: 01/2019 - 12/2022
• Coordinator: Caramba Team, LORIA
• Other partners: LIRIS (Lyon), LIMOS (Clermont-Ferrand), IRISA (Rennes), TASC (Nantes).

This project aims to propose a declarative language dedicated to cryptanalytic problems in symmetric key cryptography using constraint programming (CP) to simplify the representation of attacks, to improve existing attacks and to build new cryptographic primitives that withstand these attacks. We also want to compare the different tools that can be used to solve these problems: SAT and MILP where the constraints are homogeneous and CP where the heterogeneous constraints can allow a more complex treatment.

One of the challenges of this project will be to define global constraints dedicated to the case of symmetric cryptography.

Concerning constraint programming, this project will define new dedicated global constraints, will improve the underlying filtering and solution search algorithms, and will propose dedicated explanations generated automatically. See web site for more information.

10.1.1 Scientific events: organisation

• Pierre-Jean Spaenlehauer is a member of the organisation committee of the Journées Nationales du Calcul Formel 2022.

10.1.2 Scientific events: selection

10.1.3 Journals

10.1.4 Invited talks

• Virginie Lallemand was invited to give a (remote) talk at the Séminaire Crypto & Sécurité of the GREYC Research Laboratory of Caen in June 2021. She also was invited to give two talks at the CISPA-LORIA workshops (February and November).
• Marine Minier was invited to give a talk to Cyber in Saclay, winter school of the GDR sécurité in February 2021.
• Cécile Pierrot was invited to give a talk to the Tutte Colloquium, University of Waterloo in June 2021.
• Xavier Bonnetain was invited to give two talks during the Dagstuhl Seminar 21421 on Quantum Cryptanalysis in October 2021.
• Aurore Guillevic was invited to give a talk at the online Journées Nationales Informatique Mathématique (Journées du GDR-IM), March 16.
• Paul Zimmermann was invited to give a talk at the online CaSToRC HPC Seminar Series (Cyprus Supercomputing Center), November 16.

10.1.5 Leadership within the scientific community

• Cécile Pierrot is a member of the steering committee of the French working group Code and Cryptography.
• Pierrick Gaudry is a member of the Conseil Scientifique du GdR IM.

10.1.6 Scientific expertise

• Pierrick Gaudry was a member of a jury for the Innoviris LAUNCH program, whose goal is to fund start-ups created on the basis of academic work.
• Paul Zimmermann was a reviewer for the “Appel à projets Emergence” for Sorbonne University (France).
• Jean-Michel Muller (AriC project-team, Inria Rhône-Alpes) and Paul Zimmermann were contacted by Andrew Haley to review the “Shubfach” algorithm proposed by Raffaello Giulietti for the double to string conversion (latest version here). This algorithm takes as input a binary64 number, and outputs a decimal string with minimal length so that, if we convert back that string to binary64 with rounding to nearest, we recover the original number. The corresponding OpenJDK patch had been stuck as an open pull request for nearly two years because of the difficulty of verifying the algorithm's correctness. A public review was made, which confirmed the correctness of the algorithm, and the OpenJDK patch will be included in the next release.

10.1.7 Research administration

• Marine Minier is (since September 2021) assistant director of the LORIA laboratory.
• Marine Minier is responsible for the LORIA laboratory of the cybersecurity axis.
• Marine Minier is co-head (with Antoine Joux from CISPA) of the German-French virtual center for cybersecurity between LORIA and CISPA (Saarbrucken, Germany).
• Marine Minier is the scientific head of the LUE4 impact project DigiTrust (2018-2022, 2,2 Meuro).
• Marine Minier is an elected member of the Collégium “sciences et techniques” from University of Lorraine.
• Marine Minier is a member of the steering committee of the LHS – Laboratoire Haute Sécurité of LORIA.
• Marine Minier was president of the “comité de spécialistes” of the “poste 27MCF1352”, and member of the “comité de spécialistes” of the “poste 27PR4310”.
• Pierre-Jean Spaenlehauer is a member of the Commission des Développements Technologiques of the Inria Nancy – Grand Est research center.
• Pierrick Gaudry was a member of the hiring committee for two Professors in mathematics (25) in the Institut de Mathématiques de Jussieu-Paris Rive Gauche.
• Pierrick Gaudry is a member of the steering committee of the LHS – Laboratoire Haute Sécurité of LORIA.
• Cécile Pierrot is a member of the Comité de Centre Inria Nancy - Grand Est.
• Cécile Pierrot is a member of the working group concerning remote work at Inria.
• Cécile Pierrot is a leader and member of the local group for integration of young researchers in Nancy (Loria, Inria) and Strasbourg (Inria).
• Paul Zimmermann is member of the scientific committee of the EXPLOR computing center (Université de Lorraine).

10.2.1 Teaching

• Bachelor
  • Pierrick Gaudry, Intégration Web, 48h eq. TD, IUT 1A, Université de Lorraine, IUT Charlemagne, Nancy, France.
  • Sébastien Duval, Algorithmique et Programmation 3, 28h eq. TD, L2 Informatique, Université de Lorraine, Faculté des sciences et technologies, Vandœuvre-lès-Nancy, France.
  • Marine Minier, Introduction à la sécurité et à la cryptographie, 35h eq. TD, L3, Université de Lorraine, Faculté des sciences et technologies, Vandœuvre-lès-Nancy, France.
  • Marine Minier, Mathématiques Discrètes, 80h eq. TD, L2, Université de Lorraine, Faculté des sciences et technologies, Vandœuvre-lès-Nancy, France.
• Master
  • Sébastien Duval, Analyse et Conception de Logiciels, 22h eq. TD, M1 Informatique, Université de Lorraine, Faculté des sciences et technologies, Vandœuvre-lès-Nancy, France.
  • Sébastien Duval, Sécurité des Systèmes d'Information, 32h eq. TD, M2 Informatique, Université de Lorraine, Faculté des sciences et technologies, Vandœuvre-lès-Nancy, France.
  • Sébastien Duval, Sécurité des Applications Web, 32h eq. TD, M2 Informatique, Université de Lorraine, Faculté des sciences et technologies, Vandœuvre-lès-Nancy, France.
  • Pierre-Jean Spaenlehauer, Théorie analytique des nombres, géométrie algébrique, et applications à la cryptographie, 24h eq. TD, M2 Mathématiques Fondamentales et Appliquées, Université de Lorraine, Faculté des sciences et technologies, Vandœuvre-lès-Nancy, France.
  • Marine Minier is head of the M2 SIRAV, Université de Lorraine, Faculté des sciences et technologies, Vandœuvre-lès-Nancy.
  • Marine Minier, Contrôle d'accès, 40h eq. TD, M2 Informatique, Université de Lorraine, Faculté des sciences et technologies, Vandœuvre-lès-Nancy, France.
  • Marine Minier, Intégration Méthodologique, 36h eq. TD, M2 Informatique, Université de Lorraine, Faculté des sciences et technologies, Vandœuvre-lès-Nancy, France.
  • Marine Minier Sécurité Informatique, 18h eq. TD, M2 droit, Université de Lorraine.
  • Marine Minier is head of the M2 SIRAV, Université de Lorraine, Faculté des sciences et technologies, Vandœuvre-lès-Nancy, France.
• Engineering school
  • Aurore Guillevic, RSA, Integer Factorization, record computations, 1h30 guest lecture, Master, MIT, Cambridge MA, Course 6.857: Computer and Network Security, Spring 2021
  • Cécile Pierrot, Introduction to Modern Cryptography, 27h eq. TD, Second year of Engineering school, TELECOM Nancy, France.
  • Cécile Pierrot, Cryptography and Communication, 15h eq. TD, Second year of Engineering school, TELECOM Nancy, France.
  • Cécile Pierrot, Introduction to Cryptography, 54h eq. TD, Mastère spécialisé de cybersécurité, École des Mines de Nancy, France.
  • Haetham AL ASWAD, Programming and Data Structures: Python, 22h eq. TD, First year of Engineering, École des Mines de Nancy, France.
  • Antoine Leudière, Programming and Data Structures: Python, 22h eq. TD, First year of Engineering, École des Mines de Nancy, France.

10.2.2 Supervision

• Ph.D.: Gabrielle De Micheli, Discrete Logarithm Cryptanalyses : Number Field Sieve and Lattice Tools for Side-Channel Attacks, Université de Lorraine, defended May 25, 2021, advised by Cécile Pierrot and Pierrick Gaudry 24.
• Ph.D.: Aude Le Gluher, Symbolic Computation and Complexity Analyses for Number Theory and Cryptography, Université de Lorraine, defended December 7, 2021, advised by Pierre-Jean Spaenlehauer and Emmanuel Thomé 25.
• Ph.D. in progress: Antoine Leudière, Isogenies of Drinfeld modules and post-quantum cryptography, since Oct. 2021, Pierre-Jean Spaenlehauer and Emmanuel Thomé.
• Ph.D. in progress: Ana Rodriguez Cordero, Design and Cryptanalysis of New Symmetric Key Cryptographic Primitives, since Oct. 2021, Virginie Lallemand and Marine Minier.
• Ph.D. in progress: Loïc Rouquette, Constraint Programming for symmetric key cryptography, since Oct. 2019, Christine Solnon and Marine Minier, Ph.D. in Lyon.
• Ph.D. in progress: Hamid Boukerrou, Control Theory for stream ciphers, since Oct. 2019, Gilles Millerioux and Marine Minier, Ph.D. in the CRAN Lab.

10.2.3 Juries

• Virginie Lallemand was member of the PhD thesis jury Selected Topics in Cryptanalysis of Symmetric Ciphers defended by John-Petter Indrøy, October 2021, University of Bergen (Norway).
• Aurore Guillevic was reviewer of the PhD thesis Conception de courbes elliptiques et applications defended by Rémi Clarisse, December 16, 2021, Université de Rennes 1.
• Pierrick Gaudry was a member of the PhD thesis jury Isolating the Singularities of the Plane Projection of Generic Space Curves and Applications in Robotics defended by George Krait, May 2021, Université de Lorraine.
• Marine Minier was reviewer of the PhD thesis Techniques de cryptanalyse dédiées au chiffrement à bas coût defended by Daniele Coggia, October 8 2021, Sorbonne Université.
• Marine Minier was reviewer of the PhD thesis La sécurité et l'optimisation des chaines à blocs et algorithmes associés defended by Mirko Koscina, October 5 2021, Université Paris Sciences et Lettres.
• Marine Minier was reviewer of the PhD thesis Modélisation de réseaux IoT hétérogènes à des fins d’évaluation de sécurité defended by Jonathan Tournier, March 10 2021, Université de Lyon.
• Marine Minier was reviewer of the PhD thesis On GDPR Compliant Data Processing defended by Supriya Adhatarao, July 22 2021, Université Grenoble Alpes.
• Marine Minier was president of the PhD thesis Conception, analyse et implémentation d'algorithmes de chiffrement symétrique sur FPGA defended by Loïc Besson, December 22 2021, Université de Versailles Saint Quentin en Yvelines.
• Paul Zimmermann was reviewer and member of the PhD thesis Software-based approximate computing for mathematical functions defended by Nicholas Gerard Timmons on June 18, 2021, Cambridge University.
• Paul Zimmermann was reviewer of the PhD thesis Building a Formally Verified High-Performance Multi-Platform Cryptographic Library in F${}^{*}$ by Marina Polubelova, to be defended in 2022, PSL University (Paris, France).

10.3.1 Interventions

• Cécile Pierrot, Pierre-Jean Spaenlehauer and Paul Zimmermann are involved in the animation of a MATh. en. JEANS activity at the Lycée Vauban, Luxembourg.
• Cécile Pierrot took part to the event "Chiche ! Une classe, un chercheur" that intends to present computer science studies and careers to young people. She met 5 groups of 30 students each at Lycée Margueritte, Verdun, France.

10.3.2 Education

• Cécile Pierrot was invited to take part to discussions about the NSI (Numérique et Science Informatique) courses with highschool teachers from Académie de Reims, France.

International journals

• 7 articleM.Max Alekseyev, J. S.Joseph Samuel Myers, R.Richard Schroeppel, S. R.Scott R Shannon, N. J.Neil James Alexander Sloane and P.Paul Zimmermann. Three Cousins of Recamán's Sequence.The Fibonacci Quarterly2021
  HAL
• 8 articleX.Xavier Bonnetain and S.Samuel Jaques. Quantum Period Finding against Symmetric Primitives in Practice.IACR Transactions on Cryptographic Hardware and Embedded Systems20221November 2021, 1-27
  HALDOIback to text
• 9 articleC.Charles Bouillaguet and P.Paul Zimmermann. Parallel Structured Gaussian Elimination for the Number Field Sieve.Mathematical Cryptology01January 2021, 22-39
  HAL
• 10 articleO.Olivier Bronchain, S.Sebastian Faust, V.Virginie Lallemand, G.Gregor Leander, L.Léo Perrin and F.-X.François-Xavier Standaert. MOE: Multiplication Operated Encryption with Trojan Resilience.IACR Transactions on Symmetric Cryptology20211March 2021, 78-129
  HALDOIback to text
• 11 articleB.Benoît Cogliati, J.Jordan Ethan, V.Virginie Lallemand, B.Byeonghak Lee, J.Jooyoung Lee and M.Marine Minier. CTET+: A Beyond-Birthday-Bound Secure Tweakable Enciphering Scheme Using a Single Pseudorandom Permutation.IACR Transactions on Symmetric Cryptology20214December 2021, 1-35
  HALDOIback to text
• 12 articleJ.Julien Francq, L.Loic Besson, P.Paul Huynh, P.Philippe Guillot, G.Gilles Millérioux and M.Marine Minier. Non-triangular self-synchronizing stream ciphers.IEEE Transactions on Computers711January 2022, 134-145
  HALDOIback to text
• 13 articleM.Myriam Guillevic, A.Aurore Guillevic, M. K.Martin K Vollmer, P.Paul Schlauri, M.Matthias Hill, L.Lukas Emmenegger and S.Stefan Reimann. Automated fragment formula annotation for electron ionisation, high resolution mass spectrometry: application to atmospheric measurements of halocarbons.Journal of Cheminformatics1378October 2021, 1-27
  HALDOIback to text
• 14 articleA.Aurore Guillevic and S.Shashank Singh. On the Alpha Value of Polynomials in the Tower Number Field Sieve Algorithm.Mathematical Cryptology11February 2021, 1-39
  HALback to textback to textback to text
• 15 articleA.Aude Le Gluher, P.-J.Pierre-Jean Spaenlehauer and E.Emmanuel Thomé. Refined Analysis of the Asymptotic Complexity of the Number Field Sieve.Mathematical Cryptology112021, 71-88
  HALback to textback to text

International peer-reviewed conferences

• 16 inproceedingsR.Ritam Bhaumik, X.Xavier Bonnetain, A.André Chailloux, G.Gaëtan Leurent, M.María Naya-Plasencia, A.André Schrottenloher and Y.Yannick Seurin. QCB: Efficient Quantum-Secure Authenticated Encryption.ASIACRYPT 2021 - 27th Annual International Conference on the Theory and Application of Cryptology and Information Security13090Lecture Notes in Computer ScienceSingapore / Virtual, SingaporeSpringer International PublishingDecember 2021, 668-698
  HALDOIback to text
• 17 inproceedingsX.Xavier Bonnetain, G.Gaëtan Leurent, M.María Naya-Plasencia and A.André Schrottenloher. Quantum Linearization Attacks.ASIACRYPT 2021 - 27th Annual International Conference on the Theory and Application of Cryptology and Information Security13090Lecture Notes in Computer ScienceSingapore / Virtual, SingaporeSpringer International PublishingDecember 2021, 422-452
  HALDOIback to text
• 18 inproceedingsG.Gabrielle De Micheli, P.Pierrick Gaudry and C.Cécile Pierrot. Lattice Enumeration for Tower NFS: a 521-bit Discrete Logarithm Computation.ASIACRYPT 2021 - 27th Annual International Conference on the Theory and Application of Cryptology and Information Security13090ASIACRYPTVirtual, SingaporeSpringer2021, 67-96
  HALDOI
• 19 inproceedingsS.Stéphanie Delaune, P.Patrick Derbez, P.Paul Huynh, M.Marine Minier, V.Victor Mollimard and C.Charles Prud'Homme. Efficient Methods to Search for Best Differential Characteristics on SKINNY.Proceedings of the 19th International Conference on Applied Cryptography and Network SecurityACNS 2021 - 19th International Conference on Applied Cryptography and Network Security1272719th International Conference on Applied Cryptography and Network SecurityKamakura, JapanJune 2021, 184-207
  HALDOIback to text
• 20 inproceedingsS.Samuel Vivien. Parallel integer multiplication.30th Euromicro International Conference on Parallel, Distributed andNetwork-based Processing (PDP 2022)PDP 2022 - 30th Euromicron International Conference on Parallel, Distributed, and Network-Based ProcessingValladoid, Spain2022
  HALback to text

Conferences without proceedings

• 21 inproceedingsH.Hamid Boukerrou, G.Gilles Millérioux and M.Marine Minier. Hybrid architecture of LPV dynamical systems in the context of cybersecurity.LPVS 2021 - 4th IFAC Workshop on Linear Parameter Varying SystemsMilano, ItalyJuly 2021
  HALback to text
• 22 inproceedingsC.Cyrius Nugier, D.Diane Leblanc-Albarel, A.Agathe Blaise, S.Simon Masson, P.Paul Huynh and Y. B.Yris Brice Wandji Piugie. An Upcycling Tokenization Method for Credit Card Numbers.SECRYPT 2021 - 18th International Conference on Security and CryptographyOnline, FranceJuly 2021
  HAL

Scientific book chapters

• 23 inbookN. P.Nigel P Smart and E.Emmanuel Thomé. History of Cryptographic Key Sizes.469Computational CryptographyLondon Mathematical Society Lecture Note SeriesCambridge University PressDecember 2021
  HALback to text

Doctoral dissertations and habilitation theses

• 24 thesisG.Gabrielle De Micheli. Discrete Logarithm Cryptanalyses : Number Field Sieve and Lattice Tools for Side-Channel Attacks.Université de LorraineMay 2021
  HALback to text
• 25 thesisA.Aude Le Gluher. Symbolic Computation and Complexity Analyses for Number Theory and Cryptography.Université de LorraineDecember 2021
  HALback to text

Reports & preprints

• 26 reportA.Anne Canteaut, M. A.Miguel Angel Fernández, L.Luc Maranget, S.Sophie Perin, M.Mario Ricchiuto, M.Manuel Serrano and E.Emmanuel Thomé. Évaluation des Logiciels.InriaJanuary 2021
  HAL
• 27 reportA.Anne Canteaut, M. A.Miguel Angel Fernández, L.Luc Maranget, S.Sophie Perin, M.Mario Ricchiuto, M.Manuel Serrano and E.Emmanuel Thomé. Software Evaluation.InriaJanuary 2021
  HAL
• 28 reportV.Véronique Cortier, A.Alexandre Debant and P.Pierrick Gaudry. A privacy attack on the Swiss Post e-voting system.Université de Lorraine, CNRS, Inria, LORIANovember 2021
  HALback to text
• 29 miscV.Véronique Cortier, P.Pierrick Gaudry and Q.Quentin Yang. A toolbox for verifiable tally-hiding e-voting systems.April 2021
  HALback to text
• 30 miscY.Youssef El Housni and A.Aurore Guillevic. Families of SNARK-friendly 2-chains of elliptic curves.October 2021
  HALback to textback to textback to text
• 31 miscV.Vincenzo Innocente and P.Paul Zimmermann. Accuracy of Mathematical Functions in Single, Double, Extended Double and Quadruple Precision.January 2022
  HALback to text