7.1.1 snark-2-chains

• Name:
  Families of SNARK-friendly 2-chains of elliptic curves
• Keywords:
  Cryptography, Cryptocurrency, Blockchain
• Functional Description:
  This library implements finite field and elliptic curve arithmetic for BN curves (Barreto-Naehrig), BLS (Barreto-Lynn-Scott), KSS (Kachisa-Schaefer-Scott), and 2-chains made of BW6 (Brezing-Weng curves of embedding degree 6), CP8, CP12 (Cocks-Pinch curves of embedding degree 8 and 12) for use with zk-snarks (zero-knowledge succinct non-interactive argument of knowledge). The cryptographic applications are: pairing, scalar multiplication on the curves, hashing on the curves. The code is a proof of concept tied to two papers and is not optimized.
• URL:
  https://­gitlab.­inria.­fr/­zk-curves/­snark-2-chains
• Publications:
  hal-03667798, hal-03371573
• Contact:
  Aurore Guillevic

7.1.2 WaveSign

• Name:
  Wave Signatures: Reference Implementation
• Functional Description:
  This software provides a complete and functional reference implementation in C99 for Wave, a post-quantum digital signature scheme based on hard problems in coding theory. Key generation, signing, and verification functions are provided, compliant with the API specified by NIST for their post-quantum signature on-ramp call. The emphasis is on portability, rather than targeted optimizations.
• URL:
  https://­wave-sign.­org
• Contact:
  Nicolas Sendrier

8.1.1 A Freiman-like Theorem for function fields

Participants: Alain Couvreur.

A famous Theorem of additive number theory due to Freiman claims that given $A\subset \mathbb{Z}$ whose Minkowski sum

satisfies

then $A$ is contained in an arithmetic progression where at most $|A+A|-2\left|A\right|+1$ elements are missing.

Motivated by question from coding theory, secret sharing and code-based cryptography, Alain Couvreur in a collaboration with Gilles Zémor (Institut de Mathématiques de Bordeaux) obtained the following result in 28.

Theorem. Let $K$ be a perfect field and $F/K$ be an extension in which $K$ is algebraically closed. Let $S\subset F$ be a $K$–subspace of finite dimension such that the subspace

satisfies $1\in S$ and

Then $S$ generates a subfield of $F$ of transcendence degree 1 over $K$ with genus $g$ satisfying $g\le dim{S}^2-2dimS+1.$ Moreover, $S$ is contained in a Riemann-Roch space $ℒ\left(D\right)$ and has codimension at most $dim{S}^2-2dimS+1-g$ in this space.

8.1.2 Decoding of rank metric Reed–Muller codes

Participants: Alain Couvreur, Rakhi Pratihar.

The notion of $\Theta$-polynomials over a finite abelian extension $𝕃$ of an arbitrary field $𝕂$, where $\Theta =({\theta }_1,...,{\theta }_m)$ gives a system of generators for $\mathrm{G}:=\mathrm{Gal}(𝕃/𝕂)=\mathbb{Z}/n_1\mathbb{Z}\times \cdots \times \mathbb{Z}/n_m\mathbb{Z}$, is a generalization of the $q$-polynomials over finite fields introduced by Ore in 1933. A $\Theta$-monomial ${\theta }_1^{i_1}\cdots {\theta }_m^{i_m}$ describes the $m$-tuple $(i_1,...,i_m)\in \mathbb{Z}/n_1\mathbb{Z}\times \cdots \times \mathbb{Z}/n_m\mathbb{Z}$ and every element in the skew group algebra $𝕃\left[\mathrm{G}\right]$ have a unique representation as a $\Theta$-polynomial

where ${deg}_{\Theta }\left(P\right)\stackrel{\text{def}}{=}max\{i_1+\cdots +i_m:b_{(i_1,...,i_m)}\ne 0\}$. Keeping the analogy with classical Reed–Muller codes defined as evaluation of multivariate polynomials of bounded degree, Augot, Couvreur, Lauvazelle, and Neri 36 introduced in 2021 the $\Theta$-Reed–Muller codes in the rank metric as the $𝕃$-subspaces of $𝕃\left[\mathrm{G}\right]$ as follows:

For $0<r\le {\sum }_{i=1}^m(n_i-1)$, the $\Theta$-Reed-Muller code of order $r$ and type $n\stackrel{\text{def}}{=}(n_1,...,n_m)$ is defined as

In a joint work 26, Alain Couvreur and Rakhi Pratihar address the following decoding problem for $R{M}_{\Theta }(r,n)$:

Problem: Given $Y\in 𝕃\left[\mathrm{G}\right]$ such that $Y=C+E$ for some $C\in {\mathrm{RM}}_{\theta }(r,𝐧)$ and $E\in 𝕃\left[\mathrm{G}\right]$ with $\mathrm{Rk}\left(E\right)=t=\lfloor \frac{d-1}{2}\rfloor$, where $d$ is the minimum distance of ${\mathrm{RM}}_{\theta }(r,𝐧)$, recover the pair $(C,E)$.

The authors give a method for reconstructing the error $\Theta$-polynomial by recovering its unknown coefficients by minor cancellations of the associated $\mathrm{G}$-Dickson matrix, which leads to the following.

Theorem. Let $C={\sum }_{i=0}^{N-1}$ be an element of ${\mathrm{RM}}_{\Theta }(r,𝐧)$. and $k$ and $d$ denote the $𝕃$–dimension and the minimum distance of ${\mathrm{RM}}_{\Theta }(r,𝐧)$, respectively. Let $Y=C+E$ be the received polynomial for some $E\in 𝕃\left[\mathrm{G}\right]$ with $\mathrm{Rk}\left(E\right)\le \lfloor \frac{d-1}{2}\rfloor$, then $C$ can be recovered uniquely in $𝒪\left(k{t}^{\omega }\right)$ operations in $𝕃$, where $\omega$ denotes the complexity exponent of linear algebraic operations.

8.2.1 Quantum oblivious LWE sampling and insecurity of standard model lattice-based SNARKs

Participants: Thomas Debris–Alazard.

The Learning With Errors ($\mathrm{𝖫𝖶𝖤}$) problem 44 is well-known for its conjectured intractability for quantum algorithms, inherited from the conjectured worst-case hardness of specific problems over Euclidean lattices. It has led to abundant cryptographic constructions that are presumably quantum resistant. For three integers $m,n,q$ as well as a distribution ${\chi }_{\sigma }$ over $\mathbb{Z}/q\mathbb{Z}$ concentrated on values that are small modulo $q$ and with standard deviation $\sigma$, the search version of $\mathrm{𝖫𝖶𝖤}$ with parameters $m,n,q$ and $\sigma$ consists in recovering the secret $𝐬$ from the $\mathrm{𝖫𝖶𝖤}$ instance $(𝐀,𝐀𝐬+𝐞)\in {(\mathbb{Z}/q\mathbb{Z})}^{m\times n}\times {(\mathbb{Z}/q\mathbb{Z})}^m$ where $𝐞$ is i.i.d. from ${\chi }_{\sigma }$. From a hardness point of view, it was shown in 44 that the $\mathrm{𝖫𝖶𝖤}$ problem with well chosen parameters $m,n,q,\sigma$ is quantumly at least as hard as some worst-case lattice problems in dimension $n$. From an algorithmic viewpoint, there is no known polynomial time solvers (classical or quantum) for the aforementioned regime of parameters.

In this work, we did not focus on the hardness of $\mathrm{𝖫𝖶𝖤}$, but on the task of generating $\mathrm{𝖫𝖶𝖤}$ samples: $𝐛=𝐀𝐬+𝐞\in {(\mathbb{Z}/q\mathbb{Z})}^m$. For parameters of cryptographic interest, a correctly distributed $\mathrm{𝖫𝖶𝖤}$ pair $(𝐀,𝐛)$ admits a unique pair $(𝐬,𝐞)$ that is much more likely than any other pair to satisfy $𝐛=𝐀𝐬+𝐞$. As the correctly formed $𝐛$'s are extremely sparse in their range, the naive approach of sampling a uniform $𝐛$ and keeping it if it has the correct form is prohibitively expensive. Given this, it could seem that the only way to proceed to build $\mathrm{𝖫𝖶𝖤}$ samples is to first create $𝐬$ and $𝐞$ and then return $𝐀𝐬+𝐞$. It has then been conjectured that all $\mathrm{𝖫𝖶𝖤}$ samplers are such that they know the underlying secrets $𝐬$ and $𝐞$. It turns out that this natural assumption has been pivotal to serve as security foundation of Succinct Non-interactive Arguments of Knowledge (SNARKs) whose security inherits from lattice assumptions 41, 43, 42, 45, 39, 40.

Motivated by the task of invalidating the security assumption used in almost all known lattice-based SNARKs (claiming to be safe even against quantum computers), Thomas Debris–Alazard in collaboration with Pouria Fallahpour (ENS Lyon) and Damien Stehlé (CryptoLab) designed in 18 an efficient algorithm that generates $\mathrm{𝖫𝖶𝖤}$ samples without knowing the underlying secret (under the assumption that $\mathrm{𝖫𝖶𝖤}$ is intractable). This result, beyond showing that aforementioned lattice-based SNARKs are not quantumly secure, shows that “oblivious” $\mathrm{𝖫𝖶𝖤}$ sampling can be performed quantumly efficiently while the problem seems to be hard classically. So far, only extremely few problems related to lattices admit a quantum polynomial-time algorithm while remaining conjecturally hard for classical algorithms.

8.2.2 Isogeny formulæ in dimension 2

Participants: Benjamin Smith.

While the basic arithmetic of genus-2 Jacobians and Kummer surfaces has matured, and cryptographic applications have driven great improvements in the efficiency of the resulting formulæ and algorithms, the corresponding explicit theory of isogenies lags behind. Just as elliptic isogenies factor naturally into compositions of scalar multiplications and isogenies with prime cyclic kernel (i.e., isomorphic to $\mathbb{Z}/N\mathbb{Z}$ with $N$ prime), isogenies of abelian surfaces (including Jacobians of genus-2 curves) decompose into compositions of scalar multiplications and $(N,N)$-isogenies (with kernel isomorphic to ${(\mathbb{Z}/N\mathbb{Z})}^2$. The fundamental task, then, is to compute and evaluate prime $(N,N)$-isogenies. The problem is especially relevant today given the role of genus-2 isogenies in isogeny-based cryptography, where they have been the basis of both devastating attacks and radical optimizations since 2022. The case $N=2$ is classical: explicit methods and formulæ go back to the 19th century, but the case of prime $N>2$ has proven more complicated.

In 12, we give a general method for deriving explicit formulæ for isogenies of fast Kummer surfaces—the most relevant surfaces for genus-2 isogeny-based cryptography—exploiting their high symmetry to optimize the approach of Bruin, Flynn, and Testa. Our approach is elementary in the sense that it avoids explicitly using the heavy machinery of theta functions (though of course theta functions implicitly play a fundamental role behind the scenes). We apply these methods to give explicit examples for $N=3$ and 5.

8.4.1 Verifiable computation based on coding theory

Participants: Daniel Augot, Hugo Delavenne, Tanguy Medevielle, Élina Roussel.

In the coding theoretic setting, these protocols are made popular, in particular in the blockchain area, under the name of (ZK-)STARKS, Scalable Transparent Arguments of Knowledge, introduced in 2018. The short non interactive proofs are derived for protocols which are called IOPs Interactive Oracle Proofs, which are combination of IPs Interactive Proofs and PCPs Probabilistically Checkable Proofs, for combining the best of both worlds, and making PCPs pratical.

At the core of these protocols lies the following coding problem: how to decide, with high confidence, that a very long ambient word is close to a given code, while looking at very few coordinates of it.

An Interactive Oracle Proof of Proximity (IOPP) has been designed for codes on graphs. The soundness is significantly improved compared to the FRI, the complexity parameters are comparable, the domain of validity is provably better, and there are no restrictions on the field used, enabling to consider new codes to design code-based SNARKs. Under submission.

8.5.1 Modular polynomials

Participants: François Morain.

Basic isogeny computations require the use of modular polynomials in two ways. The roots of a modular polynomial first indicate the existence of curves isogenous to the curve of interest. Second, these isogenous curves are computed using explicit formulas involving derivatives of the modular polynomial, as first described by Atkin for two families of modular polynomials. The height of the polynomial is critical, since it is the dominant parameter in the complexity analysis of the various methods used to compute them. In our investigations, we resumed some old work of Fricke, see the two preprints 32 and 33. In particular, new formulas for the final isogeny computation were worked out.

8.5.2 Factoring over number fields

Participants: François Morain.

This is an exploratory topic aiming at transposing classical integer factoring algorithms into the realm of euclidean number fields. The traditional strategy to factor an integer of a number field is to factor its norm over $Z$ and then finding the ideals dividing the original integer. Here, we give some hints at factoring the number without going to $Z$. This approach was suggested following the solving of an ANSSI CTF.

8.5.3 Cryptographic smooth twins

Participants: Bruno Sterner.

A pair of consecutive integers is a smooth twin if their product is $B$-smooth for some small $B$ (i.e., each prime factor in the product is $\le B$). Smooth twins whose sum is a prime are used in some isogeny-based cryptosystems such as SQIsign. We have made progress on finding large smooth twins with smaller smoothness bounds. One approach to finding smooth twins is to find polynomials $f\left(x\right)$ and $g\left(x\right)=f\left(x\right)+1$ in $\mathbb{Q}\left[x\right]$ that both split into a product of small degree factors, then evaluate them at smooth integers. Costello, Meyer, and Naehrig (EUROCRYPT 2021) used polynomials that split completely into distinct linear factors, which they found using Diophantine number theory. Here is a degree-8 example that they found:

In our new work 20, we allow repeated linear factors and some quadratic factors. The overall smoothness probability is either better than or comparable with that of the prior polynomials. Here is a degree-8 example:

We use these polynomials to search for large smooth twins whose sum is prime. We thus find 384 and 512-bit twins with significantly smaller smoothness bounds than those found at EUROCRYPT 2021.

10.1.1 Visits of international scientists

10.2.1 Horizon Europe

10.3.1 ANR CIAO

Participants: Benjamin Smith.

ANR CIAO (Cryptography, Isogenies, and Abelian varieties Overwhelming) is a JCJC 2019 project, led by Damien Robert (Inria EP LFANT). This project, which started in October 2019, will examine applications of higher-dimensional abelian varieties in isogeny-based cryptography.

10.3.2 ANR COLA

Participants: Alain Couvreur, Thomas Debris–Alazard.

ANR COLA (An interface between COde and LAttice-based cryptography) is a project from (Appel à projets générique, Défi 9, Liberté et sécurité de l’Europe, de ses citoyens et de ses résidents, Axe 4 ; Cybersécurité). This project (ANR JCJC), starting in october 2021 led by Thomas Debris-Alazard focusses on bringing closer post-quantum solutions based on codes and lattices to improve our trust in cryptanalysis and to open new perspectives in terms of design.

10.3.3 ANR BARRACUDA

Participants: Daniel Augot, Alain Couvreur, Françoise Levy-dit-Vehel.

BARRACUDA is a collaborative ANR project accepted in 2021 and led by Alain Couvreur .

Website : barracuda.inria.fr

The project gathers specialists of coding and cryptology on one hand and specialists of number theory and algebraic geometry on the other hand. The objectives concern problems arising from modern cryptography which require the use of advanced algebra based objects and techniques. It concerns for instance mathematical problems with applications to distributed storage, multi-party computation or zero knowledge proofs for protocols.

10.3.4 ANR SANGRIA

Participants: Olivier Blazy.

SANGRIA is a collaborative ANR project accepted in 2021.

Website : lip6.fr/Damien.Vergnaud/projects/sangria/

The main scientific challenge of the SANGRIA (Secure distributed computAtioN - cryptoGRaphy, combinatorIcs and computer Algebra) project are (1) to construct specific protocols that take into account practical constraints and prove them secure, (2) to implement them and to improve the efficiency of existing protocols significantly. The SANGRIA project (for Secure distributed computAtioN: cryptoGRaphy, combinatorIcs and computer Algebra) aims to undertake research in these two aspects while combining research from cryptography, combinatorics and computer algebra. It is expected to impact central problems in secure distributed computation, while enriching the general landscape of cryptography.

10.3.5 ANR Priva-SiQ

Participants: Benjamin Smith, Olivier Blazy, Thomas Debris–Alazard.

Priva-Siq is a collaborative ANR project accepted in 2023.

Website : anr.fr/Projet-ANR-23-CE39-0008

The Priva SIQ projects aims to manage threats to user-privacy in secure-channel establishment, at all levels. In this project, the goal is to specifically tackle the following threats:

• Interception: Privacy with respect to person-in-the-middle adversaries (exterior to the communication and aiming to track, deanonymize, or identify an endpoint of the channel);
• Subversion: Providing privacy-enhancing countermeasures against mass-surveillance attacks;
• Quantum adversaries: Designing protocols that preserve both user-privacy and security against powerful quantum adversaries.

10.3.6 ANR TRUST

Participants: Olivier Blazy.

Trust is a collaborative ANR project accepted in 2023.

Website : anr.fr/Project-ANR-23-CE39-0009

TRUST focuses on personal data protection measures to meet the objectives of the RGPD but also the texts in preparation such as the "Data Act" or the "Data Governance Act". This project aims to study and develop new security solutions, based on advanced cryptography, for use cases involving the reuse of personal data. These use cases will present various configurations in terms of actors, type of data and processing, opening the way to different technical and legal issues. This is done in order to anticipate legal evolutions and prepare technical architectures to allow the reuse of personal data in compliance with the various legal frameworks.

10.3.7 PEPR sur les technologues quantiques - Projet intégré "Un cadenas post-quantique pour les navigateurs web"

Participants: Alain Couvreur, Thomas Debris–Alazard, Anaëlle Le Dévéhat, Rakhi Pratihar, Antonio Ras, Benjamin Smith.

This projet intégré aims to develop post quantum cryptographic primitives in 5 years which would be implemented in an open source web browser. The evolution of cryptographic standards has already begun. The choice of new primitives will be made soon and the transition should be operated in a few years. The objective of the project is to play a crucial role in this evolution so that french researchers, which are already strongly implied in this process could influence the choice of cryptographic standards in the next years.

10.3.8 Inria AEx CACHAÇA

Participants: Anaëlle Le Dévéhat, Guenaël Renault, Benjamin Smith, Bruno Sterner.

The Action Exploratoire CACHAÇA, led by Benjamin Smith and based at Campus Cyber, started in 2022. CACHAÇA aims to bring high-assurance techniques from formal methods to the initial design and implementation phase for new postquantum cryptosystems, to produce fast, safe, and portable software implementations, especially for constrained environments such as IoT devices. Guenael Renault has associate researcher status, and so CACHAÇA is an anchor-point for collaborations between GRACE and the Secure Components laboratory at ANSSI. It will also englobe GRACE's contribution to planned industrial consortia (expected to begin in 2023).

10.3.9 HYPERFORM

Participants: Olivier Blazy, Guenaël Renault, Benjamin Smith, Bruno Sterner, Alessandro Sferlazza.

Benjamin Smith is coordinating Inria's involvement in the Bpifrance-funded HYPERFORM industrial consortium (2023–2026), which aims to develop a pre- and post-quantum hybrid cryptographic reference platform.

10.4.1 Regulation

Participants: Daniel Augot.

Daniel Augot participates to a working group jointly managed by ACPR (autorité de contrôle prudentiel et de résolution) and AMF (autorité des marchés financiers). This working group will report on proposals and recommendations for the regulation of smart contracts in the context of decentralized finance (blockchains).

10.4.2 Academia of Science and Technology

Daniel Augot contributed as an expert to a report on blockchains from Académie des sciences et technologies.

10.4.3 Eidas 2

Participants: Olivier Blazy.

Olivier Blazy participates to working groups supervised by the European commission around the implementation of the new European digital identity and wallet.

11.1.1 Scientific events: organisation

• Daniel Augot and Alain Couvreur organised the second Encode Training School for ENCODE project at Institut Henri Poincaré from April 29 to may 3rd 2024. This workshop was a sequence of mini-lectures and discussion dedicated to the training of the ENCODE PhD students.

11.1.2 Scientific events: selection

11.1.3 Journal

11.1.4 Invited talks

• Olivier Blazy was an invited speaker at
  • SAC 2024
  • Stanford Cyber Policy Center Spring Seminar
  • Alain Couvreur gave a talk at the Algebraic Coding Theory session at the joint AMS-UMI workshop 2024 in Palermo.
  • Thomas Debris–Alazard was invited speaker at:Toggle sub-subsection view
    • the thirteenth International Workshop on Coding and Cryptography (WCC '24);
    • the conference Mathematics for post-quantum cryptanalysis
  • Rakhi Pratihar gave invited talks atToggle sub-subsection view
    • ADMA - ICDM 2024 : 20th Annual Conference of Academy of Discrete Mathematics and Applications & International Conference on Discrete Mathematics 2024;
    • International conference on Women in Pure and Applied Mathematics (India).
  • Benjamin Smith was an invited speaker atToggle sub-subsection view
    • Mathematics for post-quantum cryptanalysis
    • The kick-off event for the Inria–Einstein Centre Digital Future partnership, ECDF, Berlin.

11.1.5 Leadership within the scientific community

• Olivier Blazy and Alain Couvreur were co-responsible of the Groupe de Travail Codes et Cryptographie (C2) of the GdR's Informatique Mathématiques and Sécurité Informatique.

11.1.6 Scientific expertise

• Alain Couvreur was evaluator for the Cum Laude Judicum (an exceptional award for the PhD degree) for TUe (Eindhoven).
• Olivier Blazy was evaluator for the Horizon Cybersecurity Call CL3-CS-01
• Benjamin Smith is a member of the Comité de Pilotage, Stratégie Nationale Quantique (volet Normalisation)

11.1.7 Research administration

• Daniel Augot was member of a recruiting committee (Comité de sélection) for a Chargé de conférences at University of Bordeaux.
• Daniel Augot was member of a recruiting committee (Comité de sélection) for a Chargé de conférences at University of Grenoble.
• Olivier Blazy was a member of recruitment committees for Mâitre de conférences positions in Amiens, and Clermont-Ferrand.
• Olivier Blazy was president of the recruitement committee for Professor at Ecole polytechnique.
• Alain Couvreur is elected member of Inria's Commission d'Évaluation. He served in the recruitment jury CRCN centre Inria de Lille.
• Alain Couvreur is coordinator for Inria of the Axis PQ-TLS of PEPR quantique and in charge of the work package on code-based cryptography with Philippe Gaborit (University of Limoges).
• Alain Couvreur was member of a recruiting committee (Comité de sélection) for a Chaire de Professeur Junior at University of Rennes.
• François Morain is a member of the Board of Master Parisien de Recherche en Informatique (MPRI).
• François Morain is a member of the board of the Cybersecurity track in the CS Master of IPParis.
• François Morain represents the axis networks and security at the "conseil de direction" of LIX.
• Benjamin Smith was a member of a recruitment committee (Comité de sélection) for a Mâitre de conférences position at the University of Nancy.
• Benjamin Smith is co-leader of the PEPR PQ-TLS work package on isogeny-based cryptography with Benjamin Wesolowski (CNRS).
• Benjamin Smith is the Inria coordinator for the HYPERFORM industrial consortium.

11.2.1 Teaching

• Licence:
  • Olivier Blazy : CSE101: Introduction to Computer Programming (Tutorials), 31.5h, L1, École polytechnique, France
  • Maxime Bombar : INF361: Introduction à l'informatique (tutorials), 40h (equiv TD), 1st year (L3), École polytechnique.
  • Thomas Debris–Alazard , Exercises for INF361: “Introduction à l'informatique”, 15h (equiv TD), 1st year (L3), École polytechnique.
  • François Morain , Lectures for INF361: “Introduction à l'informatique”, 15h (equiv TD), 1st year (L3), École polytechnique. Coordinator of this module (350 students).
  • Bruno Sterner , Tutorials for CSE103: Introduction to Algorithms, 28h, L1, École polytechnique.
• Master:
  • Daniel Augot designed with Julien Prat the cursus of a course in blockchains and economics, and made lectures on zero-knowledge.
  • Master : Olivier Blazy : Lectures and Labs for Authentification, VPN et Chiffrement, 6h, M2, Telecom Sud Paris, France
  • Thomas Debris–Alazard : Lectures for CSC_51063_EP: “Information Theory”, 36h, M1, École Polytechnique
  • Thomas Debris–Alazard : Lectures for INF563: “Information Theory”, 36h, M1, École Polytechnique
  • Thomas Debris–Alazard : Lectures for MDC_51002_EP: “Quantum Information and Computing”, 18h, M1, École Polytechnique
  • Thomas Debris–Alazard : Lectures for INF587: “Introduction to quantum computer science”, 36h, École polytechnique.
  • Alain Couvreur and Thomas Debris–Alazard : Lectures in MPRI 2-13-2: Error Correcting codes and applications to cryptography
  • François Morain , INF558, Lectures and labs Introduction to cryptology, 36h, M1, École Polytechnique
  • Françoise Levy-dit-Vehel , Lectures on discrete maths, 21h, M1, ENSTA
  • Françoise Levy-dit-Vehel , Lectures on cryptography, 24h, M2, ENSTA.
  • Matthieu Lequesne , INF558, labs Introduction to cryptology, 36h, M1, École Polytechnique
  • Guenaël Renault : Lectures and Labs for INF565: Information Systems Security, 60h, M1, École polytechnique, France
  • Guenaël Renault : Lectures and Labs for INF648: Embedded security: side-channel attacks; javacard, 60h, M2, École polytechnique, France
  • Master : Guenaël Renault : Coordinator for INF637: Reverse engineering vs Obfuscation, 2h, M2, École polytechnique, France
  • Benjamin Smith : INF568: Advanced Cryptography, 45h, M1, École polytechnique, France
  • Benjamin Smith : MPRI 2-12-2: Algorithmes Arithmétiques pour la Cryptologie, 22.5h, M2, Master Parisien de Recherche en Informatique, France.
  • Daniel Augot : Structures de données distribuées, avec un focus sur les blockchains (2024-2025), 8h, M1 École polytechnique

11.2.2 Supervision

• Martino Borello advised the Master Project of Valentina Astore.
• Françoise Levy-dit-Vehel advised the Cybersecurity M2 IP Paris Internship of Elouan Gros on “Private Information Retrieval with Resut Verification”.
• Benjamin Smith supervised
  • Alessandro Sferlazza 's M2 internship (SNS Pisa)
  • Pauline Vinchon 's M1 internship (ENSTA)
  • Cezara Petrui 's Bachelor Thesis (École polytechnique Bachelor, L3)
  • Hongjie Zhang 's Executive MSc&T Cybersecurity masters project (Renault and École polytechnique)
  • Luc Papadopoulos 's Executive MSc&T Cybersecurity masters project (Crédit Agricole and École polytechnique)
  • Franck Wetie 's Executive MSc&T Cybersecurity masters project (École polytechnique)

11.2.3 Juries

• Alain Couvreur was referee for the PhD theses of
  • Victor Dyseryn (Univerity of Limoges);
  • Antoine Leudière (University of Lorraine).
• Alain Couvreur was president of the jury for the PhD thesis of Quyen Ngyen (University of Caen);
• Alain Couvreur was jury member for the HDR of Martin Weimann (University of Caen);
• Daniel Augot was jury member of the thesis of Karima Maklouf (Institut Polytechnique de Paris)
• Daniel Augot was reviewer of the following theses:
  • Loïc Demange (Sorbonne Université)
  • Thomas Lavaur (Université de Toulouse)
• Benjamin Smith was referee for the PhDs of
  • Marc Houben (Leiden Universiteit, Netherlands)
  • Jonathan Komada Eriksen (NTNU Trondheim, Norway)
• Thomas Debris–Alazard was jury member for the PhD theses:
  • Pouria Fallahpour (ENS Lyon);
  • Étienne Burle (Université of Rouen).
• Olivier Blazy was president for the PhD theses:
  • Thibaut Jacques (Université de Limoges)
  • Charles Olivier-Anclin (Université de Clermont-Ferrand)
  • Hugo Beguinet (Ecole Normale Supérieure)
• Olivier Blazy was reviewer for the PhD theses:
  • Corentin Jeudy (Université de Rennes)
  • Calvin Abou Haidar (École normale supérieure de Lyon)
  • Colin Putman (Royal Holloway London)

11.3.1 Productions (articles, videos, podcasts, serious games, ...)

• Nadja Aoutouf and Nihan Tanısalı are Encode members and published two YouTube videos about Coding Theory
  • YouTube channel AliceandBob
  • Coding Theory (Part 1/2)
  • Coding Theory (Part 2/2)

11.3.2 Participation in Live events

• Benjamin Smith was a panel member for the Webinar Forum InCyber – ONE ConferenceYour Cryptography Will Be Broken. Prepare now! A NL-FR exchange of views at Campus Cyber, La Défense Paris.

11.3.3 Others science outreach relevant activities

Participants: Daniel Augot, Christophe Levrat, Pierre Loisel.

We received a whole afternoon the whole promotion of M1 students of University of Versailles Saint-Quentin, to introduce them to cryptography, coding and INRIA.

International journals

• 8 articleG.Gianira Alfarano, M.Martino Borello and A.Alessandro Neri. Outer strong blocking sets.The Electronic Journal of CombinatoricsMarch 2024. In press. HAL
• 9 articleE.Elena Berardini, A.Alain Couvreur and G.Grégoire Lecerf. A proof of the Brill-Noether method from scratch.ACM Communications in Computer Algebra574March 2024, 200-229HALDOI
• 10 articleM.Martino Borello, W.Wolfgang Schmid and M.Martin Scotti. The geometry of intersecting codes and applications to additive combinatorics and factorization theory.Journal of Combinatorial Theory, Series A2025. In press. HAL
• 11 articleA.André Chailloux and T.Thomas Debris-Alazard. New Solutions to Delsarte’s Dual Linear Programs.IEEE Transactions on Information Theory711January 2025, 297-316HALDOI
• 12 articleM.Maria Corte-Real Santos, C.Craig Costello and B.Benjamin Smith. Efficient $(3,3)$-isogenies on fast Kummer surfaces.Research in Number Theory111January 2025, 25HALDOIback to text
• 13 articleH.Hugo Delavenne and F. L.François Le Gall. Quantum State Synthesis: Relation with Decision Complexity Classes and Impossibility of Synthesis Error Reduction.Quantum Information & Computation249&10July 2024, 745-765HALDOI

International peer-reviewed conferences

• 14 inproceedingsN.Nicolas Aragon, A.Alain Couvreur, V.Victor Dyseryn, P.Philippe Gaborit and A.Adrien Vinçotte. MinRank Gabidulin Encryption Scheme on Matrix Codes.Lecture Notes in Computer ScienceASIACRYPT 2024 - 30th International Conference on the Theory and Application of Cryptology and Information SecurityLNCS-15487Advances in Cryptology – ASIACRYPT 2024KOLKATA, IndiaSpringer Nature SingaporeDecember 2024, 68-100HALDOI
• 15 inproceedingsA.Anaïs Barthoulot, O.Olivier Blazy and S.Sébastien Canard. Cryptographic Accumulators: New Definitions, Enhanced Security, and Delegatable Proofs.Progress in Cryptology - AFRICACRYPT 2024AFRICACRYPT 2024 - 15th International Conference on Cryptology14861Lecture Notes in Computer ScienceDouala, CameroonSpringer Nature Singapore2024, In pressHAL
• 16 inproceedingsM.Maxime Bombar, D.Dung Bui, G.Geoffroy Couteau, A.Alain Couvreur, C.Clément Ducros and S.Sacha Servan-Schreiber. FOLEAGE: F 4 OLE-Based Multi-Party Computation for Boolean Circuits.Advances in Cryptology – ASIACRYPT 2024ASIACRYPT 2024 - 30th International Conference on the Theory and Application of Cryptology and Information Security15489Lecture Notes in Computer ScienceKolkata, IndiaSpringer Nature SingaporeDecember 2024, 69-101HALDOIback to text
• 17 inproceedingsA.Alain Couvreur, A.Anne Canteaut and L.Léo Perrin. On the Properties of the Ortho-Derivatives of Quadratic Functions.WCC 2024 - The Thirteenth International Workshop on Coding and CryptographyPerugia, ItalyJune 2024HAL
• 18 inproceedingsT.Thomas Debris-Alazard, P.Pouria Fallahpour and D.Damien Stehlé. Quantum Oblivious LWE Sampling and Insecurity of Standard Model Lattice-Based SNARKs.STOC 2024 - 56th Annual ACM Symposium on Theory of ComputingVancouver BC, CanadaACMJune 2024, 423-434HALDOIback to text
• 19 inproceedingsT.Thomas Debris-Alazard, P.Pierre Loisel and V.Valentin Vasseur. Exploiting Signature Leakages: Breaking Enhanced pqsigRM.2024 IEEE International Symposium on Information Theory (ISIT)Athens, FranceIEEEJuly 2024, 2903-2908HALDOI
• 20 inproceedingsB.Bruno Sterner. Towards Optimally Small Smoothness Bounds for Cryptographic-Sized Smooth Twins and their Isogeny-based Applications.Selected Areas in Cryptography SAC 2024Montreal (Canada), CanadaAugust 2024HALback to text

Conferences without proceedings

• 21 inproceedingsA.Antonin Leroux and M.Maxime Roméas. Updatable Encryption from Group Actions.PQCOxford, United KingdomJune 2024HAL

Edition (books, proceedings, special issue of a journal)

• 22 proceedingsSelected Areas in Cryptography: 29th International Conference, SAC 2022, Windsor, ON, Canada, August 24–26, 2022, Revised Selected Papers.SAC 2022 - International Conference on Selected Areas in CryptographyLNCS-13742Selected Areas in CryptographySpringer International Publishing; Springer2024HALDOI

Doctoral dissertations and habilitation theses

• 23 thesisC.Clément Ducros. Multiparty Computation from the Hardness of Coding Theory.Université Paris CitéNovember 2024HALback to text

Reports & preprints

• 24 miscV.Valentina Astore, M.Martino Borello, M.Marco Calderini and F.Flavio Salizzoni. A geometric invariant of linear rank-metric codes.January 2025HAL
• 25 miscM.Matteo Bonini, M.Martino Borello and E.Eimear Byrne. The geometry of covering codes in the sum-rank metric.2024HAL
• 26 miscA.Alain Couvreur and R.Rakhi Pratihar. Decoding rank metric Reed-Muller codes.January 2025HALback to text
• 27 miscA.Alain Couvreur, R.Rakhi Pratihar, N.Nihan Tanısalı and I.Ilaria Zappatore. On the structure of the Schur squares of Twisted Generalized Reed-Solomon codes and application to cryptanalysis.December 2024HAL
• 28 miscA.Alain Couvreur and G.Gilles Zémor. Freiman's $3k-4$ Theorem for Function Fields.September 2024HALback to text
• 29 miscH.Hugo Delavenne, T.Tanguy Medevielle and É.Élina Roussel. Interactive Oracle Proofs of Proximity to Codes on Graphs.2025HAL
• 30 miscS. R.Sudhir R. Ghorpade, T.Trygve Johnsen, R.Rati Ludhani and R.Rakhi Pratihar. Higher weight spectra and Betti numbers of Reed-Muller codes $R{M}_q(2,2)$.January 2025HAL
• 31 miscS. R.Sudhir R. Ghorpade, R.Rakhi Pratihar, T. H.Tovohery H. Randrianarisoa, H.Hugues Verdure and G.Glen Wilson. Homotopy type of shellable $q$-complexes and their homology groups.March 2024HAL
• 32 miscF.François Morain. Using Fricke modular polynomials to compute isogenies.February 2024HALback to text
• 33 miscF.François Morain. Using modular polynomials for eta products to compute isogenies.January 2024HALback to text
• 34 miscR.Rakhi Pratihar, T. H.Tovohery H. Randrianarisoa and K.Klara Stokes. A lattice framework for generalizing shellable complexes and matroids.July 2024HAL
• 35 miscN.Nadja Willenborg, M.Martino Borello, A.-L.Anna-Lena Horlemann and H.Habibul Islam. Dihedral Quantum Codes.May 2024HAL