Lfantis an INRIA team joint with University of Bordeaux and CNRS (IMB, UMR 5251). The team has been created on March 1st, 2009

Algorithmic number theory dates back to the dawn of mathematics itself,
*cf.*Eratosthenes's sieve to enumerate consecutive prime numbers. With the arrival of computers, previously unsolvable problems have come into reach, which has boosted the development of
more or less practical algorithms for essentially all number theoretic problems. The field is now mature enough for a more computer science driven approach, taking into account the theoretical
complexities and practical running times of the algorithms.

Concerning the lower level multiprecision arithmetic, folklore has asserted for a long time that asymptotically fast algorithms such as Schönhage–Strassen multiplication are impractical; nowadays, however, they are used routinely. On a higher level, symbolic computation provides numerous asymptotically fast algorithms (such as for the simultaneous evaluation of a polynomial in many arguments or linear algebra on sparse matrices), which have only partially been exploited in computational number theory. Moreover, precise complexity analyses do not always exist, nor do sound studies to choose between different algorithms (an exponential algorithm may be preferable to a polynomial one for a large range of inputs); folklore cannot be trusted in a fast moving area such as computer science.

Another problem is the reliability of the computations; many number theoretic algorithms err with a small probability, depend on unknown constants or rely on a Riemann hypothesis. The
correctness of their output can either be ensured by a special design of the algorithm itself (slowing it down) or by an
*a posteriori*verification. Ideally, the algorithm outputs a certificate, providing an independent
*fast*correctness proof. An example is integer factorisation, where factors are hard to obtain but trivial to check; primality proofs have initiated sophisticated generalisations.

One of the long term goals of the Lfantproject team is to make an inventory of the major number theoretic algorithms, with an emphasis on algebraic number theory and arithmetic geometry, and to carry out complexity analyses. So far, most of these algorithms have been designed and tested over number fields of small degree and scale badly. A complexity analysis should naturally lead to improvements by identifying bottlenecks, systematically redesigning and incorporating modern asymptotically fast methods.

Reliability of the developed algorithms is a second long term goal of our project team. Short of proving the Riemann hypothesis, this could be achieved through the design of specialised, slower algorithms not relying on any unproven assumptions. We would prefer, however, to augment the fastest unproven algorithms with the creation of independently verifiable certificates. Ideally, it should not take longer to check the certificate than to generate it.

All theoretical results are complemented by concrete reference implementations in Pari/Gp, which allow to determine and tune the thresholds where the asymptotic complexity kicks in and help to evaluate practical performances on problem instances provided by the research community. Another important source for algorithmic problems treated by the Lfantproject team is modern cryptology. Indeed, the security of all practically relevant public key cryptosystems relies on the difficulty of some number theoretic problem; on the other hand, implementing the systems and finding secure parameters require efficient algorithmic solutions to number theoretic problems.

K. Belabas has co-organised the international conference “Number theory and applications” from November 30 to December 4 at Luminy (
http://

The week after the conference, A. Morra has defended her PhD on “Comptage asymptotique et algorithmique d'extensions cubiques relatives” .

Modern number theory has been introduced in the second half of the 19th century by Dedekind, Kummer, Kronecker, Weber and others, motivated by Fermat's conjecture: There is no non-trivial
solution in integers to the equation
x^{n}+
y^{n}=
z^{n}for
. For recent textbooks, see
. Kummer's idea for solving Fermat's problem was to rewrite the
equation as
for a primitive
n-th root of unity
, which seems to imply that each factor on the left hand side is an
n-th power, from which a contradiction can be derived.

The solution requires to augment the integers by
*algebraic numbers*, that are roots of polynomials in
. For instance,
is a root of
X^{n}-1,
is a root of
X^{3}-2and
is a root of
25
X
^{2}-3. A
*number field*consists of the rationals to which have been added finitely many algebraic numbers together with their sums, differences, products and quotients. It turns out that actually
one generator suffices, and any number field
Kis isomorphic to
, where
f(
X)is the minimal polynomial of the generator. Of special interest are
*algebraic integers*, “numbers without denominators”, that are roots of a monic polynomial. For instance,
and
are integers, while
is not. The
*ring of integers*of
Kis denoted by
; it plays the same role in
Kas
in
.

Unfortunately, elements in
may factor in different ways, which invalidates Kummer's argumentation. Unique factorisation may be recovered by switching to
*ideals*, subsets of
that are closed under addition and under multiplication by elements of
. In
, for instance, any ideal is
*principal*, that is, generated by one element, so that ideals and numbers are essentially the same. In particular, the unique factorisation of ideals then implies the unique factorisation
of numbers. In general, this is not the case, and the
*class group*
Cl
_{K}of ideals of
modulo principal ideals and its
*class number*
h_{K}= |Cl
_{K}|measure how far
is from behaving like
.

Using ideals introduces the additional difficulty of having to deal with
, the invertible elements of
: Even when
h_{K}= 1, a factorisation of ideals does not immediately yield a factorisation of numbers, since ideal generators are only defined up to units. For instance, the ideal factorisation
(6) = (2)·(3)corresponds to the two factorisations
6 = 2·3and
6 = (-2)·(-3). While in
, the only units are 1 and
-1, the unit structure in general is that of a finitely generated
-module, whose generators are the
*fundamental units*. The
*regulator*
R_{K}measures the “size” of the fundamental units as the volume of an associated lattice.

One of the main concerns of algorithmic algebraic number theory is to explicitly compute these invariants (
Cl
_{K}and
h_{K}, fundamental units and
R_{K}), as well as to provide the data allowing to efficiently compute with numbers and ideals of
; see
for a recent account.

The
*analytic class number formula*links the invariants
h_{K}and
R_{K}(unfortunately, only their product) to the
-function of
K,
, which is meaningful when
(
s)>1, but which may be extended to arbitrary complex
s1. Introducing characters on the class group yields a generalisation of
- to
L-functions. The
*generalised Riemann hypothesis (GRH)*, which remains unproved even over the rationals, states that any such
L-function does not vanish in the right half-plane
(
s)>1/2. The validity of the GRH has a dramatic impact on the performance of number theoretic algorithms. For instance, under GRH, the class group admits a system of
generators of polynomial size; without GRH, only exponential bounds are known. Consequently, an algorithm to compute
Cl
_{K}via generators and relations (currently the only viable practical approach) either has to assume that GRH is true or immediately becomes exponential.

When
h_{K}= 1the number field
Kmay be norm-Euclidean, endowing
with a Euclidean division algorithm. This question leads to the notions of the Euclidean minimum and spectrum of
K, and another task in algorithmic number theory is to compute explicitly this minimum and the upper part of this spectrum, yielding for instance generalised Euclidean gcd algorithms.

Algebraic curves over finite fields are used to build the currently most competitive public key cryptosystems. Such a curve is given by a bivariate equation
with coefficients in a finite field
. The main classes of curves that are interesting from a cryptographic perspective are
*elliptic curves*of equation
and
*hyperelliptic curves*of equation
with
.

The cryptosystem is implemented in an associated finite abelian group, the
*Jacobian*
. Using the language of function fields exhibits a close analogy to the number fields discussed in the previous section. Let
(the analogue of
) be the
*rational function field*with subring
(which is principal just as
). The
*function field*of
is
; it contains the
*coordinate ring*
. Definitions and properties carry over from the number field case
to the function field extension
. The Jacobian
is the divisor class group of
, which is an extension of (and for the curves used in cryptography usually equals) the ideal class group of
.

The size of the Jacobian group, the main security parameter of the cryptosystem, is given by an
L-function. The GRH for function fields, which has been proved by Weil, yields the Hasse–Weil bound
or
, where the
*genus*
gis an invariant of the curve that correlates with the degree of its equation. For instance, the genus of an elliptic curve is 1, that of a hyperelliptic one is
. An important algorithmic question is to compute the exact cardinality of the Jacobian.

The security of the cryptosystem requires more precisely that the
*discrete logarithm problem*(DLP) be difficult in the underlying group; that is, given elements
D_{1}and
D_{2}=
xD_{1}of
, it must be difficult to determine
x. Computing
xcorresponds in fact to computing
explicitly with an isomorphism to an abstract product of finite cyclic groups; in this sense, the DLP amounts to computing the class group in the function field setting.

For any integer
n, the
*Weil pairing*
e_{n}on
is a function that takes as input two elements of order
nof
and maps them into the multiplicative group of a finite field extension
with
k=
k(
n)depending on
n. It is bilinear in both its arguments, which allows to transport the DLP from a curve into a finite field, where it is potentially easier to solve. The
*Tate-Lichtenbaum pairing*, that is more difficult to define, but more efficient to implement, has similar properties. From a constructive point of view, the last few years have seen a
wealth of cryptosystems with attractive novel properties relying on pairings.

For a random curve, the parameter
kusually becomes so big that the result of a pairing cannot even be output any more. One of the major algorithmic problems related to pairings is thus the construction of curves with a
given, smallish
k.

Complex multiplication provides a link between number fields and algebraic curves; for a concise introduction in the elliptic curve case, see
Sect. 1.1, for more background material,
. In fact, for most curves
over a finite field, the endomorphism ring of
, which determines its
L-function and thus its cardinality, is an order in a special kind of number field
K, called
*CM field*. The CM field of an elliptic curve is an imaginary-quadratic field
with
D<0, that of a hyperelliptic curve of genus
gis an imaginary-quadratic extension of a totally real number field of degree
g. Deuring's lifting theorem ensures that
is the reduction modulo some prime of a curve with the same endomorphism ring, but defined over the
*Hilbert class field*
H_{K}of
K.

Algebraically,
H_{K}is defined as the maximal unramified abelian extension of
K; the Galois group of
H_{K}/
Kis then precisely the class group
Cl
_{K}. A number field extension
H/
Kis called
*Galois*if
and
Hcontains all complex roots of
f. For instance,
is Galois since it contains not only
, but also the second root
of
X^{2}-2, whereas
is not Galois, since it does not contain the root
of
X^{3}-2. The
*Galois group*
Gal
_{H/
K}is the group of automorphisms of
Hthat fix
K; it permutes the roots of
f. Finally, an
*abelian*extension is a Galois extension with abelian Galois group.

Analytically, in the elliptic case
H_{K}may be obtained by adjoining to
Kthe
*singular value*
j(
)for a complex valued, so-called
*modular*function
jin some
; the correspondence between
Gal
_{H/
K}and
Cl
_{K}allows to obtain the different roots of the minimal polynomial
fof
j(
)and finally
fitself. A similar, more involved construction can be used for hyperelliptic curves. This direct application of complex multiplication yields algebraic curves whose
L-functions are known beforehand; in particular, it is the only possible way of obtaining ordinary curves for pairing-based cryptosystems.

The same theory can be used to develop algorithms that, given an arbitrary curve over a finite field, compute its
L-function.

A generalisation is provided by
*ray class fields*; these are still abelian, but allow for some well-controlled ramification. The tools for explicitly constructing such class fields are similar to those used for Hilbert
class fields.

Being able to compute quickly and reliably algebraic invariants is an invaluable aid to mathematicians: It fosters new conjectures, and often shoots down the too optimistic ones. Moreover, a large body of theoretical results in algebraic number theory has an asymptotic nature and only applies for large enough inputs; mechanised computations (preferably producing independently verifiable certificates) are often necessary to finish proofs.

For instance, many Diophantine problems reduce to a set of Thue equations of the form
P(
x,
y) =
afor an irreducible, homogeneous
,
, in unknown integers
x,
y. In principle, there is an algorithm to solve the latter, provided the class group and units of a rupture field of
Pare known. Since there is no other way to prove that the full set of solutions is obtained, these algebraic invariants must be computed and certified, preferably without using the
GRH.

Deeper invariants such as the Euclidean spectrum are related to more theoretical concerns, e.g., determining new examples of principal, but not norm-Euclidean number fields, but could
also yield practical new algorithms: Even if a number field has class number larger than 1 (in particular, it is not norm-Euclidean), knowing the upper part of the spectrum should give a
*partial*gcd algorithm, succeeding for almost all pairs of elements of
. As a matter of fact, every number field whose unit group has rank strictly greater than 1 is almost norm-Euclidean
,
.

Algorithms developed by the team are implemented in the free Pari/Gpsystem for number theory maintained by K. Belabas, which is a reference and the tool of choice for the worldwide number theory community.

Public key cryptology has become a major application domain for algorithmic number theory. This is already true for the ubiquitous RSA system, but even more so for cryptosystems relying on the discrete logarithm problem in algebraic curves over finite fields . For the same level of security, the latter require smaller key lengths than RSA, which results in a gain of bandwidth and (depending on the precise application) processing time. Especially in environments that are constrained with respect to space and computing power such as smart cards and embedded devices, algebraic curve cryptography has become the technology of choice. Most of the research topics of the Lfantteam concern directly problems relevant for curve-based cryptology: The difficulty of the discrete logarithm problem in algebraic curves determines the security of the corresponding cryptosystems. Complex multiplication, point counting and isogenies provide, on one hand, the tools needed to create secure instances of curves. On the other hand, isogenies have been found to have direct cryptographic applications to hash functions and encryption . Pairings in algebraic curves have proved to be a rich source for novel cryptographic primitives. Class groups of number fields also enter the game as candidates for algebraic groups in which cryptosystems can be implemented. However, breaking these systems by computing discrete logarithms has proved to be easier than in algebraic curves; we intend to pursue this cryptanalytic strand of research.

Apart from solving specific problems related to cryptology, number theoretic expertise is vital to provide cryptologic advice to industrial partners in joint projects. It is to be expected that continuing pervasiveness and ubiquity of very low power computing devices will render the need for algebraic curve cryptography more pressing in coming years.

http://

License: GPL 2+

Current stable version: 2.3.3, 2008

Current testing version: 2.4.2.alpha, 2007

Pari/Gpis a widely used computer algebra system designed for fast computations in number theory (factorisation, algebraic number theory, elliptic curves, ...), but it also contains a large number of other useful functions to compute with mathematical entities such as matrices, polynomials, power series, algebraic numbers, etc., and many transcendental functions.

Pariis a C library, allowing fast computations.

Gpis an easy-to-use interactive shell giving access to the Parifunctions.

`gp2c`, the GP-to-C compiler, combines the best of both worlds by compiling
Gpscripts to the C language and transparently loading the resulting functions into
Gp; scripts compiled by
`gp2c`will typically run three to four times faster.

http://

License: GPL 2+

Current stable version: 1.0, 2009

Cubicis a standalone program that prints out generating equations for cubic fields of either signature and bounded discriminant. It depends on the Parilibrary. The algorithm is quasi-linear time in the size of the output.

http://

License: LGPL 2.1+

Current version: 0.8.1
*Dianthus deltoides*, 2009

Mpcis a C library for the arithmetic of complex numbers with arbitrarily high precision and correct rounding of the result. It is built upon and follows the same principles as Mpfr. The Mpclibrary has been registered in France by the Agence pour la Protection des Programmes on 2003-02-05 under the number IDDN FR 001 060029 000 R P 2003 000 10000.

It has become a requirement for the upcoming release 4.5 of the Gnucompiler collection Gcc, where it is used in the C and Fortran frontends for constant folding, the evaluation of constant mathematical expressions during the compilation of a program.

http://

License: LGPL 2.1+

Initial public release: version 0.2
*Ananas*, 2009

Mpfrcxis a library for the arithmetic of univariate polynomials over arbitrary precision real ( Mpfr) or complex ( Mpc) numbers, without control on the rounding. For the time being, only the few functions needed to implement the floating point approach to complex multiplication are implemented. On the other hand, these comprise asymptotically fast multiplication routines such as Toom-Cook and the FFT.

http://

License: GPL 2+

Initial public release: version 0.1
*Apfelkraut*, 2009

The Cmsoftware implements the construction of ring class fields of imaginary quadratic number fields and of elliptic curves with complex multiplication via floating point approximations. It consists of libraries that can be called from within a C program and of executable command line applications. For the implemented algorithms, see .

In
, we presented for the first time an algorithm for the discrete
logarithm problem in certain algebraic curves that runs in subexponential time less than
L(1/2), namely,
L(1/3 +
)for any
>0. In
, we lower this complexity to
L(1/3), showing that the corresponding algebraic curves (essentially
C_{ab}curves of genus
ggrowing at least quadratically with the logarithmic size of the finite field of definition,
log
q) result in cryptosystems that are as easily attacked as RSA or tradtional cryptosystems based on discrete logarithms in finite fields. We provide a complete
classification of all the curves to which the attack applies. The article has been accepted by
*Journal of Cryptology*.

J.-F. Biasse has made practical improvements to the sieving-based algorithm of Jacobson
for computing the group structure of the ideal class group of an
imaginary-quadratic number field. These improvements, based on the use of large prime variations combined with structured Gaussian elimination, have led to the computation of the class group
structure of a number field with a 110-digit discriminant (whereas older techniques were limited to 90-digit discriminants). The resulting article
has been accepted for publication in
*Advances in Mathematics of Communications*.

Biasse has also determined a class of number fields for which the ideal class group, the regulator, and a system of fundamental units of the maximal order can be computed in subexponential
time
L(1/3,
O(1))(whereas the best previously known algorithms have complexity
L(1/2,
O(1))). This class of number fields is analogous to the class of curves described in
, cf.
. The article
has been submitted to
*Mathematics of Computation*.

In joint work with Eva Bayer Fluckiger and Jérôme Chaubert (EPF Lausanne), J.-P. Cerri has generalised the notion of norm-Euclideanity to central division algebras, and in particular to quaternion algebras. They have established deep theoretical results in the spirit of Cerri's achievements for number fields (rationality of the minimum, properties of the spectra, ...), and they have obtained good bounds for the Euclidean minimum . This theory should make it possible to formulate algorithms similar to those given by Cerri in the number field case, with the aim of establishing complete lists of Euclidean quaternion algebras over quadratic fields.

Using new theoretical ideas and his novel algorithmic approach, J.-P. Cerri has discovered examples of generalised Euclidean number fields and of 2-stage norm-Euclidean number fields in degree greater than 2 . These notions, extending the link between usual Euclideanity and principality of the ring of integers of a number field had already received much attention before; however, examples were only known for quadratic fields.

In joint work with Mark van Hoeij (Florida State), Jürgen Klüners (Paderborn), and Allan Steel (Sydney), K. Belabas has proved the polynomial time complexity of the now standard algorithm of van Hoeij (as extended by Belabas) to factor univariate polynomials over number fields, and in particular over the rational numbers . The same approach also yields polynomial time complexity results for bivariate polyomials over a finite field.

In joint work with Étienne Fouvry (Orsay), K. Belabas has proved a new case of Malle's conjecture, a strong effective form of the inverse Galois problem
. They have given an asymptotic enumeration of Galois sextic fields
with group
S_{3}, ordered by discriminant, using classical Davenport-Heilbronn theory in a novel way. The same result was independently obtained by Bhargava and Wood using a different method. The
article
will appear in
*International Journal of Number Theory*.

Classical theorems of Davenport and Heilbronn enumerate cubic fields and estimate the average 3-torsion of class groups of quadratic fields. In joint work with Manjul Bhargava (Princeton)
and Carl Pomerance (Dartmouth College), K. Belabas has proved the first power-saving error terms for those results, lending support to a conjecture of Roberts. As a corollary, the
generating Dirichlet series associated to cubic discriminants can be analytically continued to the left of its simple pole at
s= 1, proving a conjecture of Cohen. The article
will appear in
*Duke Mathematical Journal*.

H. Cohen and A. Morra have obtained an explicit expression for the Dirichlet generating function associated to cubic extensions of an arbitrary number field with a fixed quadratic
resolvent. As a corollary, they have proved refinements of Malle's conjecture in this context. The article
has been submitted to the
*Journal of Algebra*.

A. Morra has devised and implemented an algorithm to enumerate cubic extensions of principal imaginary quadratic fields, by increasing discriminant. Her algorithm is essentially linear in the output size. The article has been submitted.

These last two results constitute the heart of Morra's thesis , which she has defended in December.

A. Enge's article analysing and comparing the complexity of algorithms computing complex multiplication elliptic curves and ring class fields of imaginary-quadratic orders has appeared in print. The new algorithm of quasi-linear complexity (that is, linear up to logarithmic factors) in the size of the output class polynomial has been implemented in the Cmsoftware, see , relying on the helper libraries Mpfrcx, see , and Mpc, see ; parts of the algorithm have also been included into the development version of Pari/Gp, see . The results are summarised in an overview article aimed at the computer algebra community .

With F. Morain, A. Enge has determined exhaustively under which conditions “generalised Weber functions”, that is, simple quotients of functions of not necessarily prime transformation level and not necessarily of genus 1, yield class invariants . The result is a new infinite family of generators for ring class fields, usable to determine complex multiplication curves. We examine in detail which lower powers of the functions are applicable, thus saving a factor of up to 12 in the size of the class polynomials, and describe the cases in which the polynomials have integral rational instead of integral quadratic coefficients.

In the same vein as the result for univariate class polynomials, proposes a quasi-linear algorithm to compute bivariate modular polynomials, which are at the heart of modern point counting algorithms for elliptic curves. The algorithm relies on asymptotically fast evaluation and interpolation. Its unpublished implementation has been used to compute polynomials of degree around 10000, each filling 16 GB of disk space. This has enabled the current point counting record for a curve of 2500 decimal digits .

The year has been marked by the kick-off of the Anr Pace, leading to the publication of two surveys. Much in the spirit of , the paper gives a low-brow introduction to the Weil and the Tate pairings as well as to algorithms computing them. In particular, simple proofs of the main properties of these pairings, as well as of the equivalence of the three different definitions of the Weil pairing are presented. We briefly comment on techniques for generating suitable curves and on cryptographic standards. The survey is devoted to a succinct presentation of the main computational asumptions underlying pairing-based cryptography, and in particular protocols related to e-cash.

https://

The Paceproject unites researchers of France Télécom, Gemalto, ST-Ericsson, Cryptolog International, the Inriaproject teams Cascadeand Lfantand University of Caen. It deals with electronic commerce and more precisely with electronic cash systems. Electronic cash refers to money exchanged electronically, with the aim of emulating paper money and its traditional properties and use cases, such as the anonymity of users during spending. The goal of Paceis to use the new and powerful tool of bilinear pairings on algebraic curves to solve remaining open problems in electronic cash, such as the strong unforgeability of money and the strong unlinkability of transactions, which would allow users to conveniently be anonymous and untraceable. It also studies some cryptographic tools that are useful in the design of e-cash systems.

Vincent Verneuil, co-directed with B. Feix (Inside Contactless) and C. Clavier (Gemalto), works at Inside Contactless on elliptic curve cryptography, with an emphasis on embedded systems and side-channel attacks.

http://

The AlgoLproject comprises research teams in Bordeaux, Montpellier, Lyon, Toulouse and Besançon.

It studies the so-called
L-functions in number theory from an algorithmic and experimental point of view.
L-functions encode delicate arithmetic information, and crucial arithmetic conjectures revolve around them: Riemann Hypotheses, Birch and Swinnerton-Dyer conjecture, Stark conjectures,
Bloch-Kato conjectures, etc.

Most of current number theory conjectures originate from (usually mechanised) computations, and have been thoroughly checked numerically.
L-functions and their special values are no exception, but available tools and actual computations become increasingly scarce as one goes further away from Dirichlet
L-functions. We develop theoretical algorithms and practical tools to study and experiment with (suitable classes of) complex or
p-adic
L-functions, their coefficients, special or general values, and zeroes. For instance, it is not known whether
K-theoretic invariants conjecturally attached to special values are computable in any reasonable complexity model. On the other hand, special values are often readily computed and
sometimes provide, albeit conjecturally, the only concrete handle on said invariants.

New theoretical results are translated into new or more efficient functions in the Pari/Gpsystem.

The following researchers have visited the Lfantteam:

Marco Streng, University of Leiden, November 16–20

Gaëtan Bisson, InriaLorraine and University of Eindhoven, November 18–20

A. Enge has reported on N. El Mrabet's PhD thesis “Arithmétique des couplages, performance et résistance aux attaques par canaux cachés” at University of Montpellier.

He has been a committee member for Cédric Faure's PhD defense on “Études de systèmes cryptographiques construits à l'aide de codes correcteurs, en métrique de Hamming et en métrique rang” at École polytechnique.

K. Belabas acts on the editorial board of
*Journal de Théorie des Nombres de Bordeaux*since 2005 and of
*Archiv der Mathematik*since 2006.

H. Cohen is an editorial board member of
*Journal de Théorie des Nombres de Bordeaux*; he is an editor for the Springer book series
*Algorithms and Computations in Mathematics (ACM)*.

A. Enge is an editor of
*Designs, Codes and Cryptography*since 2004.

A. Enge has given a talk at
*Selected Areas in Cryptography*, Calgary, on “Elliptic complex multiplication in cryptography”.

H. Cohen, A. Enge and A. Morra have attended the workshop
*Algorithms and Number Theory*at Dagstuhl; A. Enge has spoken about “CM – Software for complex multiplication” and A. Morra has presented “An algorithm to compute relative cubic
fields”.

K. Belabas has co-organised the international conference “Number theory and applications” from November 30 to December 4 at Luminy.

A. Enge has been a member on the programme committee of the 9th Central European Conference on Cryptography, Třebíč, Czech Republic. He acts on the scientific advisory board of the Journées Nationales de Calcul Formel.

The following external speakers have given a presentation at the Lfantseminar

http://

Luca De Feo, École polytechnique: “Calcul d'isogénies en petite caractéristique”

Marco Streng, University of Leiden: “Abelian surfaces admitting an
(
l,
l)-endomorphism”

Gaëtan Bisson, InriaLorraine and University of Eindhoven: “Calcul des anneaux d'endomorphismes des variétés abéliennes sur les corps finis”

K. Belabas has taught a bachelor course in cryptology, and master courses on computer algebra, elliptic curves, and the algorithmic of public key cryptography. He has supervised master projects on cyclotomic proofs of (cases of) Fermat's Last Theorem, optimal elliptic curves models for cryptography, factorisation of univariate polynomials over a finite field, asymptotically fast integer multiplication (from Karatsuba to Fürer), and sub-quadratic integer division algorithms.

J.-P. Cerri has been invited to give three lectures at the GTEM summer school “Lattices and Applications” at EPFL in July (
http://

A. Enge is a “Chargé d'enseignement” at the Department of Informatics of École polytechnique. He has taught a master course on cryptology and a bachelor course on web programming. He has
supervised projects concerning factorisation by the quadratic sieve, implemented in CUDA on graphics card for the master course on parallel programming. At the summer school
*Calcul numérique certifié CNC '2*at Nancy, he has given a lecture entitled “MPC - Arithmétique complexe en précision arbitraire avec arrondi garanti”.

K. Belabas is the head of the computer science support service (“cellule informatique”) of the Institute of Mathematics of Bordeaux; he also coordinates the participation of the institute in the regional computation cluster PlaFRIM.

He is an elected member of the councils of both the math and computer science department (UFR) and the Math Institute (IMB).