6.1.1 Decoding Supercodes of Gabidulin Codes and Applications to Cryptanalysis

Participants: Maxime Bombar, Alain Couvreur.

Besides the Hamming metric, other metrics have been considered for building error correcting codes. In particular, rank metric codes, and more specifically the so-called Fqm-linear codes, have found their way to code-based cryptography because they allow a more compact description and therefore smaller keys for comparable efficiency. Gabidulin codes, which are the rank-metric analogue of Reed-Solomon codes, come with a strong algebraic structure and efficient algorithms to decode uniquely up to half the minimum distance. However, contrary to their Hamming metric counterpart, they lack from a list-decoding algorithm, and therefore it is considered as a hard problem to decode beyond this bound. Based on this hard problem, two somehow dual encryption schemes with short keys had been recently proposed: LIGA and RAMESSES.

In 21, we analyse the security of these two cryptosystems, and show that in both cases the ciphertext could also be seen as a codeword from a bigger code corrupted by a small error. We then extend a decoding algorithm for Gabidulin codes to any code containing a Gabidulin code, at the cost of a decrease in the decoding radius, which was enough to recover the plaintext from the ciphertext and public data. We furthermore propose an implementation of our algorithm and of the attack on LIGA in SageMath.

6.1.2 Quantum reduction

Participants: Thomas Debris-Alazard.

We give a quantum reduction from finding short codewords in a random linear code to decoding for the Hamming metric. This is the first time such a reduction (classical or quantum) has been obtained. Our reduction adapts to linear codes Stehlé-Steinfield-Tanaka- Xagawa’s re-interpretation of Regev’s quantum reduction from finding short lattice vectors to solving the Closest Vector Problem. The Hamming metric is a much coarser metric than the Euclidean metric and this adaptation has needed several new ingredients to make it work. For instance, in order to have a meaningful reduction it is necessary in the Hamming metric to choose a very large decoding radius and this needs in many cases to go beyond the radius where decoding is unique. Another crucial step for the analysis of the reduction is the choice of the errors that are being fed to the decoding algorithm. For lattices, errors are usually sampled according to a Gaussian distribution. However, it turns out that the Bernoulli distribution (the analogue for codes of the Gaussian) is too much spread out and can not be used for the reduction with codes. Instead we choose here the uniform distribution over errors of a fixed weight and bring in orthogonal polynomials tools to perform the analysis and an additional amplitude amplification step to obtain the aforementioned result.

The result is presented in the preprint 44.

6.1.3 LLL like algorithm for codes

Participants: Thomas Debris-Alazard.

In 14, we have proposed an adaptation of the algorithmic reduction theory of lattices to binary codes. This includes the celebrated LLL algorithm (Lenstra, Lenstra, Lovasz, 1982), as well as adaptations of associated algorithms such as the Nearest Plane Algorithm of Babai (1986). Interestingly, the adaptation of LLL to binary codes can be interpreted as an algorithmic version of the bound of Griesmer (1960) on the minimal distance of a code. Using these algorithms, we demonstrate —both with a heuristic analysis and in practice— a small polynomial speed-up over the Information-Set Decoding algorithm of Lee and Brickell (1988) for random binary codes. This appears to be the first such speed-up that is not based on a time-memory trade-off. The above speed-up should be read as a very preliminary example of the potential of a reduction theory for codes, for example in cryptanalysis.

6.1.4 Wavelet: Code-based postquantum signatures with fast verification on microcontrollers

Participants: Gustavo Banegas, Thomas Debris-Alazard, Ben Smith.

This work 37 has presented the first full implementation of Wave, a postquantum code-based signature scheme. We define Wavelet, a concrete Wave scheme at the 128-bit classical security level (or NIST postquantum security Level 1) equipped with a fast verification algorithm targeting embedded devices. Wavelet offers 930- byte signatures, with a public key of 3161 kB. We include implementation details using AVX instructions, and on ARM Cortex-M4, including a solution to deal with Wavelet’s large public keys, which do not fit in the SRAM of a typical embedded device. Our verification algorithm is approximately 4.65 times faster then the original, and verifies in 1 087 538 cycles using AVX instructions, or 13 172 ticks in an ARM Cortex-M4.

6.1.5 Quantum-resistant software update security on low-power networked embedded devices

Participants: Gustavo Banegas, Ben Smith.

Bringing practical post-quantum security to low-end IoT devices is a pressing challenge. In 38 we evaluate a range of pre- and post-quantum secure signature schemes in the context of SUIT software updates (specified by the IETF), on three popular, off-the-shelf microcontroller boards (ARM Cortex-M4, ESP32, and RISC-V) that are representative of the 32-bit landscape. We show that upgrading to postquantum security is practical now, and reflect on the best choices for various use cases. This work has been selected for presentation at Real World Crypto 2022.

6.1.6 Attack on LAC Key Exchange in Misuse Situation

Participants: Guenael Renault, Simon Montoya.

LAC is a Ring Learning With Error based cryptosystem that has been proposed to the NIST call for post-quantum standardization and passed the first round of the submission process. It did not pass to the third round but it is selected as the chinese standard for key exchange. The particularity of LAC is to use an error-correction code ensuring a high security level with small key sizes and small ciphertext sizes. LAC team proposes a CPA secure cryptosystem, LAC-CPA, and a CCA secure one, LAC-CCA, obtained by applying the Fujisaki-Okamoto transformation on LAC-CPA.

Together with Aurelien Greuet (IDEMIA), we study in 57 the security of LAC Key Exchange (KE) mechanism, using LAC-CPA, in a misuse context: when the same secret key is reused for several key exchanges and an active adversary has access to a mismatch oracle. This oracle indicates information on the possible mismatch at the end of the KE protocol. In this context, we show that an attacker needs at most 8 queries to the oracle to retrieve one coefficient of a static secret key. This result has been experimentally confirmed using the reference and optimized implementations of LAC. Since our attack can break the CPA version in a misuse context, the Authenticated KE protocol, based on the CCA version, is not impacted. However, this research provides a tight estimation of LAC resilience against this type of attacks.

6.1.7 Post-quantum Public Key Encryption from Isogenies

Participants: Luca De Feo, Antonin Leroux.

Together with Cyprien Delpech de Saint Guilhem (KU Leuven), Tako Boris Fouotsa (Universit`a Degli Studi Roma Tre), Peter Kutas (University of Birmingham), Christophe Petit (Université Libre de Bruxelles), Javier Silva ( Universitat Pompeu Fabra)and Benjamin Wesolowski (Institut Mathématiques de Bordeaux), Luca de Feo and Antonin Leroux have introduced a new post-quantum public key encryption scheme that uses constructively the torsion point attack against the SIDH key exchange. The publication includes an implementation in C of this new construction. Another contribution of this work is the "uber-isogeny assumption" which aims at generalizing some computational assumption encountered in various scheme of the literature.

6.1.8 CTIDH: high-speed constant-time isogeny-based key exchange

Participants: Gustavo Banegas, Ben Smith.

Together with Daniel J. Bernstein, Fabio Campos, Tung Chou, Tanja Lange, Michael Meyer, and Jana Sotáková, this work 7 implements the fastest implementation of commutative supersingular isogeny-based key exchange (CSIDH) with basic side-channel protection to date. This new speed record is partly due to a redesign of the private key space, while maintaining compatibilty with existing CSIDH software. This work was published in TCHES 2021.

6.1.9 HD-CSIDH: higher-degree generalizations of commutative isogeny-based key exchange

Participants: Mathilde Chenu, Ben Smith.

6.1.10 Quantum Equivalence of the DLP and CDHP for Group Actions

Participants: Ben Smith.

6.2.1 Verifiable computation based on coding theory

Participants: Daniel Augot, Sarah Bordage, Jade Nardi.

In the coding theoretic setting, these protocols are made popular, in particular in the blockchain area, under the name of (ZK-)STARKS, Scalable Transparent Arguments of Knowledge, introduced in 2018. In theoretical computer science, these proofs are derived for protocols which are called IOPs Interactive Oracle Proofs, which are combination of IPs Interactive Proofs and PCPs Probabilistically Checkable Proofs, for combining the best of both worlds, and making PCPs pratical.

At the core of these protocols lies the following coding problem: how to decide, with high confidence, that a very long ambient word is close to a given code, while looking at very few coordinates of it.

These protocols were originally designed for the simplest algebraic codes, Reed-Solomon codes. Daniel Augot and Sarah Bordage provided a generalization of these protocols to multivariate codes, i.e. product of Reed-Solomon codes and Reed-Muller codes. The performance does not degrade badly with respect to the basic Reed-Solomon case 36. It remains to assert the revelance of these codes for building proof systems and to compare to litterature, where product of Reed-Solomon codes have been studied for more than twenty years.

A very important issue is have a smaller alphabet, and this can be done using algebraic-geometric codes. This was done by Sarah Bordage and Jade Nardi 40, using curves with a resoluble automorphims group, which enable to build codes which are foldable in way similar to the Reed-Solomon codes with are folded in the "FRI" protocol  52. Their protocol has very good perfomance, akin to the Reed-Solomon case.

6.2.2 Verifiable computation based on elliptic curves

Participants: Daniel Augot, Youssef El Housni, François Morain.

Verifiable computation can also be built using the theory of ellitpic curves, the hardness of the discrete logarithms, and pairings, as introduced in  58 and made practical in  60. These proofs are much more shorter than the ones provided by the STARKS, with a higher cost for the prover. Furthermore, these systems are not post-quantum, and there are important issues in the setting of the proof system, where a trusted third party is required.

The verifiable computation problems leads to several new questions in elliptic curves cryptographic, since the required operations depart from the standard ones used for instance in signature algorithms.

A very interesting topic is the notion of "proof of proofs". Essentially, verifying a proof is a computation, and a proof that a proof has been verified can be given. The same idea applies for verifying hundreds of proofs. A single proof can report that hundred of proofs have been checked.

This is very strong in the elliptic curve setting because the size of a proof is a constant (a few hundred bytes, only depending on the security parameter, not the computation). This means that the above hundred of statements admits a very short proof. In the blockchain world, this translates into a very short proof that many offchain transactions are correct.

To achieve this goal, this requires an ellitpic curve for proving computations done over an other elliptic curve. The problem is that there is an arithmetic mismatch: the statement which is to be proved is defined over ${𝔽}_r$, for a prime $r$ which is a size of a cyclic group provided by an elliptic curve defined over ${𝔽}_q$. Verifying the proof requires to do computations over ${𝔽}_q$, and thus, for the above recursion, one needs another curve over ${𝔽}_{q^{\text{'}}}$ providing a group of prime order $q$. Furthermore both curves must be pairing-friendly. This raises quite challenging questions, which are solved using the theory of complex multiplication.

In collaboration with Aurore Guillevic, Youssef El Housni provided curves which are very efficient for this recursion  56, 45. These curves beat the competition, an implementation has been provided here. Some other blockchain players CELO, Consensys also have used these curves in their implentations of verifiable computation and zero-knowledge proofs.

Visit of Giuseppe Cotardo

• Status
  PhD student.
• Institution of origin:
  University College Dublin.
• Country:
  Ireland
• Dates:
  From September 1st to december 31st, 2021.
• Context of the visit:
  Giuseppe visited us during his PhD in order to work in collaboration on algebraic problems on rank metric codes.

8.2.1 FP7 & H2020 projects

8.3.1 ANR CIAO

Participants: Benjamin Smith, Luca De Feo, Antonin Leroux, Mathilde Chenu.

8.3.2 ANR CBCRYPT

Participants: Alain Couvreur, Olivier Blazy.

8.3.3 ANR COLA

Participants: Alain Couvreur, Thomas Debris–Alazard.

8.3.4 ANR BARRACUDA

Participants: Daniel Augot, Alain Couvreur, Françoise Levy-dit-Vehel.

BARRACUDA is a collaborative ANR project accepted in 2021 and led by A. Couvreur.

Website : barracuda.inria.fr

The project gathers specialists of coding and cryptology on one hand and specialists of number theory and algebraic geometry on the other hand. The objectives concern problems arising from modern cryptography which require the use of advanced algebra based objects and techniques. It concerns for instance mathematical problems with applications to distributed storage, multi-party computation or zero knowledge proofs for protocols.

8.3.5 ANR SANGRIA

Participants: Olivier Blazy.

SANGRIA is a collaborative ANR project accepted in 2021.

Website : lip6.fr/Damien.Vergnaud/projects/sangria/

The main scientific challenge of the SANGRIA (Secure distributed computAtioN - cryptoGRaphy, combinatorIcs and computer Algebra) project are (1) to construct specific protocols that take into account practical constraints and prove them secure, (2) to implement them and to improve the efficiency of existing protocols significantly. The SANGRIA project (for Secure distributed computAtioN: cryptoGRaphy, combinatorIcs and computer Algebra) aims to undertake research in these two aspects while combining research from cryptography, combinatorics and computer algebra. It is expected to impact central problems in secure distributed computation, while enriching the general landscape of cryptography.

8.3.6 ANR MobiS5

Participants: Olivier Blazy.

MobiS5 is a collaborative ANR project accepted in 2018.

Website : mobis5.limos.fr/

MobiS5 will aim to foresee and counter the threats posed in 5G architectures by the architectural modifications suggested in TR 22.861-22.864. Concretely, we will provide a provably-secure cryptographic toolbox for 5G networks, validated formally and experimentally, responding to the needs of 5G architectures at three levels:

* Challenge 1: security in the network infrastructure and end points: including core network security and attack detection and prevention; * Challenge 2: cryptographic primitives and protocols, notably : a selection of basic primitives, an authenticated key-exchange protocol, tools to compute on encrypted data, and post-quantum cryptographic countermeasures * Challenge 3: mobile applications, specifically in the use-case of a secure server that aids or processes outsourced computation; and the example of a smart home.

8.3.7 ANR CryptiQ

Participants: Olivier Blazy.

CryptiQ is a collaborative ANR project accepted in 2018.

The goal of the CryptiQ project is to major changes due to Quantum Computing by considering three plausible scenarios, from the closest to the furthest foreseeable future, depending on the means of the adversary and the honest parties. In the first scenario, the honest execution of protocols remains classical while the adversary may have oracle access to a quantum computer. This is the so-called post-quantum cryptography, which is the best known setting. In the second scenario (quantum-enhanced classical cryptography), we allow honest parties to have access to quantum technologies in order to achieve enhanced properties, but we restrict this access to those quantum technologies that are currently available (or that can be built in near-term). The adversary is still allowed to use any quantum technology. Finally, in the third scenario (cryptography in a quantum world), we allow the most general quantum operations to an adversary and we consider that anybody can now have access to both quantum communication and computation.

9.1.1 Scientific events: organisation

9.1.2 Scientific events: selection

9.1.3 Journal

9.1.4 Invited talks

• A. Couvreur gave an invited talk at the conference Curves over finite fields, past present and future

9.1.5 Leadership within the scientific community

• O. Blazy and A. Couvreur lead the CNRS' Groupe de travail Codage et Cryptographie of Groupes de recherche Sécurité Informatique and Informatique Mathématique.

9.1.6 Scientific expertise

• A. Couvreur was referee for the PhD of Dang Truong Mac (Université de Limoges);
• A. Couvreur was referee for the PhD of Ba-Duc Pham (Université Rennes 1);
• O. Blazy was referee for the PhD of Mirko Koscina (Université PSL);
• T. Debris–Alazard was reviewer for the ANR.

9.1.7 Research administration

• A. Couvreur is elected member of Inria's Commission d'évaluation
• Until September 30th 2021, A. Couvreur was appointed member (membre nommé) of the french Conseil National des universités (CNU) in 25th section (Mathematics).
• A. Couvreur is member of the Comité scientifique du programme Maths et IA of the Labex Mathématiques Jacques Hadamard.
• B. Smith is a member of the Commission Recherche et Innovation of LabEx DigiCosme.
• B. Smith is a member of the Commission Scientifique at Inria Saclay.
• T. Debris–Alazard is a contact for LIX PhD students

9.2.1 Teaching

• Licence : F. Morain, Lectures for INF361: “Introduction à l'informatique”, 15h (equiv TD), 1st year (L3), École polytechnique. Coordinator of this module (350 students).
• Licence : T. Debris–Alazard, Exercises for INF361: “Introduction à l'informatique”, 15h (equiv TD), 1st year (L3), École polytechnique.
• Licence : B. Smith: CSE101: Introduction to Computer Programming, 42h, L1, École polytechnique, France
• Licence : O. Blazy: CSE101: Introduction to Computer Programming (Tutorials), 58h, L1, École polytechnique, France
• Master : T. Debris–Alazard, Lectures for "Post-quantum cryptography", 8h, 4th year, ENS Lyon,
• Master : A. Couvreur : MPRI 2-13-2: Error Correcting codes and applications to cryptography.
• Master A. Couvreur : Master QDCS Calcul quantique avancé et codes correcteurs. 10h.
• Master: D. Augot: lectures and labs on crypto in blockchains, 24h, M2, École polytechnique, France.
• Master: D. Augot designed with Julien Prat the cursus of a course in blockchains and economics, and made lectures on zero-knowledge.
• Master : F. Morain is the scientific leader of the Master of Science and Technology Cybersecurity: Threats and Defense of École Polytechnique.
• Master : F. Morain, INF558, Introduction to cryptology, 36h, M1, École Polytechnique. This special year included video making of all his courses.
• Master : T. Debris–Alazard, Lectures on INF558, Introduction to cryptology, 36h, M1, École Polytechnique.
• Master : B. Smith: INF568: Advanced Cryptography, 45h, M1, École polytechnique, France
• Master : B. Smith and F. Morain: MPRI 2-12-2: Algorithmes Arithmétiques pour la Cryptologie, 22.5h, M2, Master Parisien de Recherche en Informatique, France. The lectures were all given in live video.
• Master : F. Levy-dit-Vehel, Lectures on discrete maths, 21h, M1, ENSTA.
• Master : T. Debris–Alazard, Exercices on discrete maths, 21h, M1, ENSTA.
• Master : F. Levy-dit-Vehel, Lectures on cryptography, 24h, M2, ENSTA.
• Master Cybersecurity: D. Augot, cryptography in blockchains, 24h, M2.
• Master : G. Renault: Lectures and Labs for INF565: Information Systems Security, 60h, M1, École polytechnique, France
• Master : G. Renault: Lectures and Labs for INF648: Embedded security: side-channel attacks; javacard, 60h, M2, École polytechnique, France
• Master : G. Renault: Coordinator for INF637: Reverse engineering vs Obfuscation, 2h, M2, École polytechnique, France
• Professionnal training: D. Augot gave a two hours lecture at System-X.

9.2.2 Juries

• D. Augot was member of the PhD jury of Isabella Panaccione (Institut Polytechnique de Paris);
• D. Augot was president of the PhD jury of Édouard Rousseau (Institut Polytechnique de Paris);
• A. Couvreur was member of the PhD jury of Valentin Vasseur (Université de Paris);
• A. Couvreur was member of the PhD jury of Matthieu Lequesne (Sorbonne Université);
• A. Couvreur was member of the PhD jury of Dang Truong Mac (Université de Limoges);
• O. Blazy was member of the PhD jury of Mirko Koscina (Université PSL);
• O. Blazy was president of the PhD jury of Dang Truong Mac (Université de Limoges);
• A. Couvreur was member of the PhD jury of Ba-Duc Pham (université Rennes 1);
• A. Couvreur was president of the PhD jury of Nilesh Vyas (Institut Polytechnique de Paris);
• B. Smith was a member of the PhD jury of Dimitri Koshelev (Université Paris-Saclay)
• B. Smith was a member of the the PhD jury of Sudarshan Shinde (Sorbonne Université)
• T. Debris–Alazard was member of the Gilles Kahn PhD award jury.

9.2.3 Recruiting juries

• A. Couvreur was member of the recruiting jury for chargés de recherche and ISFP of the centre of Nancy.
• A. Couvreur was member of a recruiting jury for a Maître de conférence position in pure mathematics at Université Toulouse Jean Jaurès;
• D. Augot was member of a recruiting jury for a Professor position at École polytechnique;
• O. Blazy was member of a recruiting jury for a Maître de conférence position in cybersecurity/cryptographie at Telecom Paris;
• O. Blazy was member of a recruiting jury for a Maitre de Conférence position in computer science at Insa de Bourges.

9.3.1 Internal or external Inria responsibilities

• A. Couvreur is the référent médiation scientifique of Saclay's research center.
  • He organised the Rendez-vous des Jeunes Mathématiciennes et Informaticiennes on February 25 and 26th 2021. The event happened online due to the pandemic.
  • He participated to the organisation of Fête de la science 2021.
  • He has been involved in the development of vulgarisation videos for the on-line Fête de la science of Université Paris-Saclay.
• T. Debris–Alazard gave a plenary talk at Inria Saclay's Rendez-vous des Jeunes Mathématiciennes et Informaticiennes 2021.
• T. Debris–Alazard was plenary speaker for the ceremony award of the Olympiades de Mathématiques de l'Académie de Créteil

9.3.2 Articles and contents

• O. Blazy wrote an article in Polethis about ethics in computer science;
• O. Blazy gave various interviews about trending privacy/security topics like a cyberattack (La tribune), blockchains and NFT (Science & Vie, Science & Vie Junior), age control technologies for websites (La Croix)
• D. Augot was interviewed by University Paris-Saclay, by Science & Vie on blockchains.

9.3.3 Interventions

• A. Couvreur and T. Debris–Alazard were volunteers for the fête de la science 2021 at École polytechnique.

International journals

• 6 articleD.Daniel Augot, A.Alain Couvreur, J.Julien Lavauzelle and A.Alessandro Neri. Rank-metric codes over arbitrary Galois extensions and rank analogues of Reed-Muller codes.SIAM Journal on Applied Algebra and Geometry522021, 165-199
  HALDOIback to text
• 7 articleG.Gustavo Banegas, D. J.Daniel J. Bernstein, F.Fabio Campos, T.Tung Chou, T.Tanja Lange, M.Michael Meyer, B.Benjamin Smith and J.Jana Sotáková. CTIDH: Faster constant-time CSIDH.IACR Transactions on Cryptographic Hardware and Embedded Systems20214August 2021
  HALDOIback to text
• 8 articleO.Olivier Blazy, L.Laura Brouilhet, C.Celine Chevalier, P.Patrick Towa, I.Ida Tucker and D.Damien Vergnaud. Hardware security without secure hardware: How to decrypt with a password and a server.Theoretical Computer Science895December 2021, 178-211
  HALDOI
• 9 articleS.Sarah Bordage and J.Julien Lavauzelle. On the privacy of a code-based single-server computational PIR scheme.Cryptography and Communications - Discrete Structures, Boolean Functions and Sequences March 2021
  HALDOI
• 10 articleM.Mathilde Chenu and B.Benjamin Smith. Higher-degree supersingular group actions.Mathematical Cryptology2021
  HALback to text
• 11 articleJ.-J.Jesús-Javier Chi-Domínguez, F.Francisco Rodríguez-Henríquez and B.Benjamin Smith. Extending the GLS endomorphism to speed up GHS Weil descent using Magma.Finite Fields and Their Applications75June 2021
  HALDOI
• 12 articleA.Alain Couvreur and M.Matthieu Lequesne. On the security of subspace subcodes of Reed-Solomon codes for public key encryption.IEEE Transactions on Information Theory681October 2021, 632-648
  HALDOI
• 13 articleN.Nicholas Coxon. Fast transforms over finite fields of characteristic two.Journal of Symbolic Computation1042021, 824-854
  HALDOI
• 14 articleT.Thomas Debris-Alazard, L.Leo Ducas and W. P.Wessel P.J. Van Woerden. An Algorithmic Reduction Theory for Binary Codes: LLL and more.IEEE Transactions on Information TheoryJanuary 2022
  HALDOIback to text
• 15 articleS.Samuel Dobson, S.Steven Galbraith and B.Benjamin Smith. Trustless unknown-order groups.Mathematical Cryptology2021
  HALback to text
• 16 articleS.Steven Galbraith, L.Lorenz Panny, B.Benjamin Smith and F.Frederik Vercauteren. Quantum Equivalence of the DLP and CDHP for Group Actions.Mathematical Cryptology112021, 40-44
  HALback to text
• 17 articleJ.Julien Lavauzelle, R.Razane Tajeddine, R.Ragnar Freij-Hollanti and C.Camilla Hollanti. Private Information Retrieval Schemes with Product-Matrix MBR Codes.IEEE Transactions on Information Forensics and Security162021, 441-450
  HALDOI
• 18 articleF.François Morain, G.Guénaël Renault and B.Benjamin Smith. Deterministic factoring with oracles.Applicable Algebra in Engineering, Communication and ComputingSeptember 2021
  HALDOI

International peer-reviewed conferences

• 19 inproceedingsL.Lucas Benmouffok, K.Kalpana Singh, N.Nicolas Heulot and D.Daniel Augot. Privacy-Preserving Initial Public Offering using SCALE-MAMBA and Hyperledger Fabric.ChainTech’2021 is a track of WETICE : the 31st IEEE International Conference on Enabling Technologies: Infrastructure for Collaborative EnterprisesBasque Coast, Bayonne, FranceOctober 2021
  HALback to text
• 20 inproceedingsL.Luk Bettale, S.Simon Montoya and G.Guénaël Renault. Safe-Error Analysis of Post-Quantum Cryptography Mechanisms.FDTC 2021 - Fault Diagnosis and Tolerance in CryptographieVirtual event, FranceSeptember 2021
  HAL
• 21 inproceedingsM.Maxime Bombar and A.Alain Couvreur. Decoding supercodes of Gabidulin codes and applications to cryptanalysis.Post-Quantum Cryptography 202112841Post-Quantum Cryptography. PQCrypto 2021Daejeon, South KoreaSpringerJuly 2021, 3-22
  HALDOIback to textback to text
• 22 inproceedingsA.André Chailloux, T.Thomas Debris-Alazard and S.Simona Etinski. Classical and Quantum Algorithms for Generic Syndrome Decoding Problems and Applications to the Lee Metric.Post-Quantum CryptographyPQCrypto 2021 - Post-Quantum Cryptography 12th International Workshop12841Lecture Notes in Computer ScienceDaejeon, South KoreaSpringer International PublishingJuly 2021, 44-62
  HALDOI
• 23 inproceedingsA.Alexis Challande, R.Robin David and G.Guénaël Renault. Exploitation du graphe de dépendance d'AOSP à des fins de sécurité.SSTIC 2021 - Symposium sur la sécurité des technologies de l'information et des communicationsRennes, FranceJune 2021
  HAL
• 24 inproceedingsK.Karim Eldefrawy, T.Tancrède Lepoint and A.Antonin Leroux. Communication-Efficient Proactive MPC for Dynamic Groups with Dishonest Majorities.ACNS 2022ACNS 2022Rome, Italy2021
  HAL
• 25 inproceedingsE.Enric Florit and B.Benjamin Smith. Automorphisms and isogeny graphs of abelian varieties, with applications to the superspecial Richelot isogeny graph.Arithmetic, Geometry, Cryptography, and Coding Theory 2021Arithmetic, Geometry, Cryptography, and Coding TheoryLuminy, FranceAmerican Mathematical SocietyMay 2021
  HAL
• 26 inproceedingsA.Aurélien Greuet, S.Simon Montoya and G.Guénaël Renault. On Using RSA/ECC Coprocessor for Ideal Lattice-Based Key Exchange.COSADE 2021Lugano, SwitzerlandOctober 2021
  HAL
• 27 inproceedingsE.Eleonora Guerrini, R.Romain Lebreton and I.Ilaria Zappatore. Polynomial Linear System Solving with Random Errors: New Bounds and Early Termination Technique.ISSAC 2021 - 46th International Symposium on Symbolic and Algebraic ComputationSaint Petersburg, RussiaACMJuly 2021, 171-178
  HALDOI

Scientific book chapters

• 28 inbookC.Carlo Brunetta, G.Georgia Tsaloli, B.Bei Liang, G.Gustavo Banegas and A.Aikaterini Mitrokotsa. Non-interactive, Secure Verifiable Aggregation for Decentralized, Privacy-Preserving Learning.13083Information Security and PrivacyLecture Notes in Computer ScienceSpringer International PublishingNovember 2021, 510-528
  HALDOI
• 29 inbookA.Alain Couvreur and H.Hugues Randriambololona. Algebraic geometry codes and some applications.A Concise Encyclopedia of Coding TheoryA Concise Encyclopedia of Coding TheoryChapman and Hall/CRCMarch 2021, 998
  HAL
• 30 inbookL.Luca De Feo, C.Cyprien Delpech de Saint Guilhem, T. B.Tako Boris Fouotsa, P.Péter Kutas, A.Antonin Leroux, C.Christophe Petit, J.Javier Silva and B.Benjamin Wesolowski. Séta: Supersingular Encryption from Torsion Attacks.13093Advances in Cryptology – ASIACRYPT 2021Lecture Notes in Computer ScienceSpringer International PublishingDecember 2021, 249-278
  HALDOI
• 31 inbookG.Georgia Tsaloli, B.Bei Liang, C.Carlo Brunetta, G.Gustavo Banegas and A.Aikaterini Mitrokotsa. DEVA: Decentralized, Verifiable Secure Aggregation for Privacy-Preserving Learning.13118Information SecurityLecture Notes in Computer ScienceSpringer International PublishingNovember 2021, 296-319
  HALDOI

Doctoral dissertations and habilitation theses

• 32 thesisM.Mathilde Chenu. Supersingular Group Actions and Post-quantum Key Exchange.Ecole PolytechniqueDecember 2021
  HALback to text
• 33 thesisI.Isabella Panaccione. On decoding algorithms for algebraic geometry codes beyond half the minimum distance.Institut Polytechnique de ParisDecember 2021
  HALback to text

Reports & preprints

• 34 miscS.Simon Abelard, E.Elena Berardini, A.Alain Couvreur and G.Grégoire Lecerf. Computing Riemann-Roch spaces via Puiseux expansions.July 2021
  HAL
• 35 miscS.Simon Abelard, A.Alain Couvreur and G.Grégoire Lecerf. Efficient computation of Riemann-Roch spaces for plane curves with ordinary singularities.January 2021
  HAL
• 36 miscD.Daniel Augot, S.Sarah Bordage and J.Jade Nardi. Efficient multivariate low-degree tests via interactive oracle proofs of proximity for polynomial codes.August 2021
  HALback to text
• 37 miscG.Gustavo Banegas, T.Thomas Debris-Alazard, M.Milena Nedeljković and B.Benjamin Smith. Wavelet: Code-based postquantum signatures with fast verification on microcontrollers.October 2021
  HALback to text
• 38 miscG.Gustavo Banegas, K.Koen Zandberg, A.Adrian Herrmann, E.Emmanuel Baccelli and B.Benjamin Smith. Quantum-Resistant Security for Software Updates on Low-power Networked Embedded Devices.June 2021
  HALback to text
• 39 miscM.Maxime Bombar and A.Alain Couvreur. Right-hand side decoding of Gabidulin codes and applications.December 2021
  HAL
• 40 miscS.Sarah Bordage and J.Jade Nardi. Interactive Oracle Proofs of Proximity to Algebraic Geometry Codes.February 2021
  HALback to text
• 41 miscA.Anne Canteaut, A.Alain Couvreur and L.Léo Perrin. Recovering or Testing Extended-Affine Equivalence.March 2021
  HAL
• 42 miscA.Alexis Challande, R.Robin David and G.Guénaël Renault. Patch Detection using Binary Only Semantic Signatures.December 2021
  HAL
• 43 miscA.Alain Couvreur. How arithmetic and geometry make error correcting codes better.October 2021
  HAL
• 44 miscT.Thomas Debris-Alazard, M.Maxime Remaud and J.-P.Jean-Pierre Tillich. Quantum Reduction of Finding Short Code Vectors to the Decoding Problem.January 2022
  HALback to text
• 45 miscY.Youssef El Housni and A.Aurore Guillevic. Families of SNARK-friendly 2-chains of elliptic curves.October 2021
  HALback to text
• 46 miscE.Enric Florit and B.Benjamin Smith. An atlas of the Richelot isogeny graph.January 2021
  HAL
• 47 miscF.Françoise Levy-dit-Vehel and M.Maxime Roméas. A Composable Look at Updatable Encryption.January 2022
  HAL
• 48 miscF.François Morain. SOME FACTORS OF NUMBERS OF THE FORM b^n ± 1 FOUND USING ECM WITH NEW CLASSES OF CURVES.November 2021
  HALback to text
• 49 miscJ.Jade Nardi. Projective toric codes.February 2021
  HAL
• 50 miscI.Isabella Panaccione. Attaining Sudan's decoding radius with no genus penalty for algebraic geometry codes.April 2021
  HAL

Other scientific publications

• 51 miscD.Daniel Augot, S.Sarah Bordage, Y.Youssef El Housni, G.Gilles Fedak and A.Anthony Simonet. Zero-Knowledge : trust and privacy on an industrial scale.January 2022
  HAL