Our research addresses the broad application domain of cryptography and cryptanalysis from the algorithmic perspective. We study all the algorithmic aspects, from the top-level mathematical background down to the optimized high-performance software implementations. Several kinds of mathematical objects are commonly encountered in our research. Some basic ones are truly ubiquitous: integers, finite fields, polynomials, real and complex numbers. We also work with more structured objects such as number fields, algebraic curves, or polynomial systems. In all cases, our work is geared towards making computations with these objects effective and fast.

The mathematical objects we deal with are of utmost importance for the
applications to cryptology, as they are the background of the most widely
developed cryptographic primitives, such as the RSA cryptosystem or the
Diffie–Hellman key exchange. The two facets of cryptology—cryptography
and cryptanalysis—are central to our research. The key challenges are
the assessment of the security of proposed cryptographic primitives,
through the study of the cornerstone problems, which are the integer
factorization and discrete logarithm problems, as well as the
optimization work in order to enable cryptographic implementations that
are both efficient *and* secure.

Among the research themes we set forth, two are guided by the most important mathematical objects used in today's cryptography, and two others are rather guided by the technological background we use to address these problems.

Extended NFS family. A common algorithmic framework, called the Number Field Sieve (NFS), addresses both the integer factorization problem as well as the discrete logarithm problem over finite fields. We have numerous algorithmic contributions in this context, and develop software to illustrate them.

We plan to improve on the existing state of the art in this domain by researching new algorithms, by optimizing the software performance, and by demonstrating the reach of our software with highly visible computations.

Algebraic curves and their Jacobians. We develop algorithms and software for computing essential properties of algebraic curves for cryptology, eventually enabling their widespread cryptographic use.

One of the challenges we address here is point counting. In a wider perspective, we also study the link between abelian varieties over finite fields and principally polarized abelian varieties over fields of characteristic zero, together with their endomorphism ring. In particular, we work in the direction of making this link an effective one. We are also investigating various approaches for attacking the discrete logarithm problem in Jacobians of algebraic curves.

Arithmetic. Our work relies crucially on efficient arithmetic, be it for small or large sizes. We work on improving algorithms and implementations, for computations that are relevant to our application areas.

Polynomial systems. It is rather natural with algebraic curves, and occurs also in NFS-related contexts, that many important challenges can be represented via polynomial systems, which have structural specificities. We intend to develop algorithms and tools that, when possible, take advantage of these specificities.

We consider that the impact of our research on cryptology in general owes a lot to the publication of concrete practical results. We are strongly committed to making our algorithms available as software implementations. We thus have several long-term software development projects that are, and will remain, parts of our research activity.

Public-key cryptography is our main application target. We are interested in the study of the cryptographic primitives that serve as a basis for the most widespread protocols.

Since the early days of public-key cryptography, and through the
practices and international standards that have been established for
several decades, the most widespread cryptographic primitives have been
the RSA cryptosystem, as well as the Diffie–Hellman key exchange using
multiplicative groups of finite fields. The level of security provided
by these cryptographic primitives is related to the hardness of the
underlying mathematical problems, which are integer factorization and the
discrete logarithm problem. The complexity of attacking them is known to
be subexponential in the public key size, and more precisely written as

This complexity is achieved with the Number Field
Sieve (NFS) algorithm and its many derivatives. This means that as the
desired security level

Software for NFS is obviously the entry point to computational records. Few complete NFS implementations exist, and their improvement is of crucial importance for better assessment of the hardness of the key cryptographic primitives considered. Here, “improvement” may be understood in many ways: better algorithms (outperforming the NFS algorithm as a whole is certainly a tremendous improvement, but replacing one of its numerous substeps is one, too), better implementations, better parallelization, or better adaptation to suitable hardware. The numerous sub-algorithms of NFS strongly depend on arithmetic efficiency. This concerns various mathematical objects, from integers and polynomials to ideals in number fields, lattices, or linear algebra.

Since the early 1990's, no new algorithm improved on the complexity of
NFS. As it is used in practice, the algorithm has complexity

While it is relatively easy to set public key sizes for RSA or
Diffie–Hellman that are “just above” the reach of academic computing
power with NFS, the sensible cryptographic choice is to aim at security
parameters that are well above this feasibility limit, in
particular because assessing this limit precisely is in fact a very
difficult problem. In line with the security levels offered by symmetric
primitives such as AES-128, public key sizes should be chosen so that
with current algorithmic knowledge, an attacker would need at least

Since the mid-1980's, elliptic curves, and more generally Jacobians of algebraic curves, have been proposed as alternative mathematical settings for building cryptographic primitives.

The discrete logarithm problem in these groups is formidably hard, and in comparison to the situation with the traditional primitives mentioned above, the cryptanalysis algorithms are such that the appropriate public-key size grows only linearly with the desired security level: a 256-bit public key, using algebraic curves, is well suited to match the hardness of AES-128. This asset makes algebraic curves more attractive for the future of public-key cryptography.

Challenges related to algebraic curves in cryptology are rather various, and call for expertise in several areas. Suggesting curves to be used in the cryptographic context requires to solve the point counting problem. This may be done by variants of the Schoof–Elkies–Atkin algorithm and its generalizations (which, in genus 2, require arithmetic modulo multivariate systems of equations), or alternatively the use of the complex multiplication method, a rich theory that opens the way to several problems in computational number theory.

The long-awaited transition from the legacy primitives to primitives based on curves is ready to happen, only circumstantially slowed down presently by the need to agree on a new set of elliptic curves (not because of any attack, but because of skepticism over how the currently widespread ones have been generated). The Internet Research Task Force has completed in 2015 a standardization proposal . In this context, the recommended curves are not of the complex multiplication family, and enjoy instead properties that allow fast implementation, and avoid a few implementation difficulties. Those are also naturally chosen to be immune to the few known attacks on the discrete logarithm problem for curves. No curve of genus 2 has made its way to the standardization process so far, however one candidate exists for the 128-bit security level .

The discrete logarithm problem on curves is very hard. Some results were obtained however for curves over extension fields, using techniques such as the Weil descent, or the point decomposition problem. In this context, the algorithmic setup connects to polynomial system solving, fast arithmetic, and linear algebra.

Another possible route for transitioning away from RSA and finite field-based cryptography is suggested, namely the switch to the “post-quantum” cryptographic primitives. Public-key cryptographic primitives that rely on mathematical problems related to Euclidean lattices or coding theory have an advantage: they would resist the potential advent of a quantum computer. Research on these topics is quite active, and there is no doubt that when the efficiency challenges that are currently impeding their deployment are overcome, the standardization of some post-quantum cryptographic primitives will be a worthwhile addition to the general cryptographic portfolio. The NSA has recently devoted an intriguing position text to this topic (for a glimpse of some of the reactions within the academic community, the reference is useful). Post-quantum cryptography, as a research topic, is complementary to the topics we address most, which are NFS and algebraic curves. We are absolutely confident that, at the very least for the next decade, primitives based on integer factoring, finite fields, and algebraic curves will continue to hold the lion's share in the cryptographic landscape. We also expect that before the advent of standardized and widely developed post-quantum cryptographic primitives, the primitives based on algebraic curves will become dominant (despite the apparent restraint from the NSA on this move).

We acknowledge that the focus on cryptographic primitives is part of a larger picture. Cryptographic primitives are part of cryptographic protocols, which eventually become part of cryptographic software. All these steps constitute research topics in their own right, and need to be scrutinized (as part of independent research efforts) in order to be considered as dependable building blocks. This being said, the interplay of the different aspects, from primitives to protocols, sometimes spawns very interesting and fruitful collaborations. A very good example of this is the LogJam attack .

The Number Field Sieve (NFS) has been the leading algorithm for factoring integers for more than 20 years, and its variants have been used to set records for discrete logarithms in finite fields. It is reasonable to understand NFS as a framework that can be used to solve various sorts of problems. Factoring integers and computing discrete logarithms are the most prominent for the cryptographic observer, but the same framework can also be applied to the computation of class groups.

The state of the art with NFS is built from numerous improvements of its inner steps. In terms of algorithmic improvements, the recent research activity on the NFS family has been rather intense. Several new algorithms have been discovered in over the 2014–2016 period, and their practical reach has been demonstrated by actual experiments.

The algorithmic contributions of the CARAMBA members to NFS would
hardly be possible without access to a dependable software
implementation. To this end, members of the CARAMBA team have been
developing the Cado-NFS software suite since 2007. Cado-NFS is now the
most widely visible open source implementation of NFS, and is a crucial
platform for developing prototype implementations for new ideas for the
many sub-algorithms of NFS. Cado-NFS is free software (LGPL) and
follows an open development model, with publicly accessible development
repository and regular software releases. Competing free software
implementations exist, such as `msieve`, developed by J.
Papadopoulos. In Lausanne, T. Kleinjung develops his own code base, which
is unfortunately not public.

The work plan of CARAMBA on the topic of the Number Field Sieve algorithm and its cousins includes the following aspects:

Pursue the work on NFS, which entails in particular making it ready to tackle larger challenges. Several of the important computational steps of NFS that are currently identified as stumbling blocks will require algorithmic advances and implementation improvements. We will illustrate the importance of this work by computational records.

Work on the specific aspects of the computation of discrete logarithms in finite fields.

As a side topic, the application of the broad methodology of NFS to the treatment of “ideal lattices” and their use in cryptographic proposals based on Euclidean lattices is also relevant.

The challenges associated to algebraic curves in cryptology are diverse, because of the variety of mathematical objects to be considered. These challenges are also connected to each other. On the cryptographic side, efficiency matters. As of 2016, the most widely used set of elliptic curves, the so-called NIST curves, are in the process of being replaced by a new set of candidate elliptic curves for future standardization. This is the topic of RFC 7748 .

On the cryptanalytic side, the discrete logarithm problem on (Jacobians
of) curves has resisted all attempts for many years. Among the currently
active topics, the decomposition algorithms raise interesting problems
related to polynomial system solving, as do attempts to solve the
discrete logarithm problem on curves defined over binary fields. In
particular, while it is generally accepted that the so-called Koblitz
curves (base field extensions of curves defined over

The research objectives of CARAMBA on the topic of algebraic curves for cryptology are as follows:

Work on the practical realization of some of the rich mathematical theory behind algebraic curves. In particular, some of the fundamental mathematical objects have potentially important connections to the broad topic of cryptology: Abel-Jacobi map, Theta functions, computation of isogenies, computation of endomorphisms, complex multiplication.

Improve the point counting algorithms so as to be able to tackle larger problems. This includes significant work connected to polynomial systems.

Seek improvements on the computation of discrete logarithms on curves, including by identifying weak instances of this problem.

Computer arithmetic is part of the common background of all team members, and is naturally ubiquitous in the two previous application domains mentioned. However involved the mathematical objects considered may be, dealing with them first requires to master more basic objects: integers, finite fields, polynomials, and real and complex floating-point numbers. Libraries such as GNU MP, GNU MPFR, GNU MPC do an excellent job for these, both for small and large sizes (we rarely, if ever, focus on small-precision floating-point data, which explains our lack of mention of libraries relevant to it).

Most of our involvement in subjects related to computer arithmetic is to
be understood in connection to our applications to the Number Field Sieve
and to abelian varieties. As such, much of the research work we envision
will appear as side-effects of developments in these contexts. On the
topic of arithmetic work *per se*:

We will seek algorithmic and practical improvements to the most basic algorithms. That includes for example the study of advanced algorithms for integer multiplication, and their practical reach.

We will continue to work on the arithmetic libraries in which we have crucial involvement, such as GNU MPFR, GNU MPC, GF2X, MPFQ, and also GMP-ECM.

Since the recruiting of Marine Minier in September 2016 as a Professor at Université of Lorraine, a new research domain has emerged in the CARAMBA team: symmetric key cryptology. The aim is to design and analyze symmetric key cryptographic primitives focusing on the following particular aspects:

the use of constraint programming for the cryptanalysis, especially of block ciphers and the AES standard;

the design of lightweight cryptographic primitives well-suited for constraint environment such as micro-controllers, wireless sensors, etc.

white-box cryptography and software obfuscation methods to protect services execution on dedicated platforms.

Systems of polynomial equations have been part of the cryptographic landscape for quite some time, with applications to the cryptanalysis of block and stream ciphers, as well as multivariate cryptographic primitives.

Polynomial systems arising from cryptology are usually not generic, in the sense that they have some distinct structural properties, such as symmetries, or bi-linearity for example. During the last decades, several results have shown that identifying and exploiting these structures can lead to dedicated Gröbner bases algorithms that can achieve large speedups compared to generic implementations , .

Solving polynomial systems is well done by existing software, and duplicating this effort is not relevant. However we develop test-bed open-source software for ideas relevant to the specific polynomial systems that arise in the context of our applications. The TinyGB software, that we describe further in , is our platform to test new ideas.

We aim to work on the topic of polynomial system solving in connection with our involvement in the aforementioned topics.

We have high expertise on Elliptic Curve Discrete Logarithm Problem on small characteristic finite fields, because it also involves highly structured polynomial systems. While so far we have not contributed to this hot topic, this could of course change in the future.

The recent hiring of Minier is likely to lead the team to study particular polynomial systems in contexts related to symmetric key cryptography.

More centered on polynomial systems *per se*, we will
mainly pursue the study of the specificities of the polynomial
systems that are strongly linked to our targeted applications,
and for which we have significant expertise
, . We also want to see these recent
results provide practical benefits compared to existing software,
in particular for systems relevant for cryptanalysis.

Our study of the Number Field Sieve family of algorithms aims at showing
how the threats underlying various supposedly hard problems are real. Our
record computations, as well as new algorithms, contribute to having a
scientifically accurate assessment of the feasibility limit for these
problems, given academic computing resources. The data we provide in this
way is a primary ingredient for government agencies whose purpose
includes guidance for the choice of appropriate cryptographic primitives.
For example the French ANSSI

The software we make available to achieve these cryptanalytic computations also allows us to give cost estimates for potential attacks to cryptographic systems that are taking the security/efficiency/legacy compatibility trade-offs too lightly. Attacks such as LogJam are understood as being serious concerns thanks to our convincing proof-of-concepts. In the LogJam context, this impact has led to rapid worldwide security advisories and software updates that eventually defeat some potential intelligence threats and improve confidentiality of communications.

We also promote the switch to algebraic curves as cryptographic primitives. Those offer nice speed and excellent security, while primitives based on elementary number theory (integer factorization, discrete logarithm in finite fields), which underpin e.g., RSA, are gradually forced to adopt unwieldy key sizes so as to comply with the desired security guarantees of modern cryptography. Our contributions to the ultimate goal of having algebraic curves eventually take over the cryptographic landscape lie in our fast arithmetic contributions, our contributions to the point counting problem, and more generally our expertise on the diverse surrounding mathematical objects, or on the special cases where the discrete logarithm problem is not hard enough and should be avoided.

We also promote cryptographically sound electronic voting, for which we develop the Belenios prototype software, (licensed under the AGPL). It depends on research made in collaboration with the PESTO team, and provides stronger guarantees than current state of the art.

The vast majority of our work is eventually realized as software. We can roughly categorize it in two groups. Some of our software covers truly fundamental objects, such as the GNU MPFR, GNU MPC, GF2X, or MPFQ packages. To their respective extent, these software packages are meant to be included or used in broader projects. For this reason, it is important that the license chosen for this software allows proper reuse, and we favor licenses such as the LGPL, which is not restrictive. We can measure the impact of this software by the way it is used in e.g., the GNU Compiler Collection (GCC), in Victor Shoup's Number Theory Library (NTL), or in the Sage computer algebra system. The availability of these software packages in most Linux distributions is also a good measure for the impact of our work.

We also develop more specialized software. Our flagship software package is Cado-NFS, and we also develop some others with various levels of maturity, such as GMP-ECM, CMH, or Belenios, aiming at quite diverse targets. Within the lifespan of the CARAMBA project, we expect more software packages of this kind to be developed, specialized towards tasks relevant to our research targets: important mathematical structures attached to genus 2 curves, generation of cryptographically secure curves, or tools for attacking cryptographically hard problems. Such software both illustrates our algorithms, and provides a base on which further research work can be established. Because of the very nature of these specialized software packages as research topics in their own right, needing both to borrow material from other projects, and being possible source of inspiring material for others, it is again important that these be developed in a free and open-source development model.

The CARAMBA team organized the “Journées Codage et Cryptographie 2017”, whose objective is to regroup the French speaking community working on error-correcting codes and on cryptography. It is affiliated with the “Groupe de travail C2” of the GDR-IM.

*Belenios - Verifiable online voting system*

Keyword: E-voting

Functional Description: Belenios is an online voting system that provides confidentiality and verifiability. End-to-end verifiablity relies on the fact that the ballot box is public (voters can check that their ballots have been received) and on the fact that the tally is publicly verifiable (anyone can recount the votes). Confidentiality relies on the encryption of the votes and the distribution of the decryption key.

Belenios builds upon Helios, a voting protocol used in several elections. The main design enhancement of Belenios vs Helios is that the ballot box can no longer add (fake) ballots, due to the use of credentials.

Participants: Pierrick Gaudry, Stéphane Glondu and Véronique Cortier

Partners: CNRS - Inria

Contact: Stéphane Glondu

Keyword: Gröbner bases

Functional Description: Tinygb is a free software which implements tools for computing Gröbner bases with Faugère's F4 algorithm.

News Of The Year: The code has been largely rewritten and optimized. A new release is planned for the beginning of 2018.

Author: Pierre-Jean Spaenlehauer

Contact: Pierre-Jean Spaenlehauer

*Crible Algébrique: Distribution, Optimisation - Number Field Sieve*

Keywords: Cryptography - Number theory

Functional Description: CADO-NFS is a complete implementation in C/C++ of the Number Field Sieve (NFS) algorithm for factoring integers and computing discrete logarithms in finite fields. It consists in various programs corresponding to all the phases of the algorithm, and a general script that runs them, possibly in parallel over a network of computers.

Participants: Pierrick Gaudry, Emmanuel Thomé and Paul Zimmermann

Contact: Emmanuel Thomé

This paper is joint work with Jean-Philippe Échard, Curator at the Cité de la Musique, Paris.

The study of three ledgers from the archives of a prominent Parisian violin maker's workshop (active from 1796 to 1948) reveals that some of their content was encrypted. We present the deciphering of the code, and a discussion of its use in the context of the workshop. Charles-Adolphe Gand introduced this code around 1847 to encrypt values of antique/used violins he would buy and resell. His successors maintained the use of this code at least until 1921. Taking a few examples of instruments by Stradivari and other violin makers, we illustrate how the decoded ledgers – listing transactions for more than 2,500 instruments – are of high interest as historical sources documenting the margins, rebates, and commercial practices of these violin dealers. More generally, we contribute to better describing the evolution of the market for antique instruments of the violin family.

Together with F. Morain from the GRACE team, we reached new record sizes for the discrete logarithm problems over non-prime finite fields of small extension degrees , . Assessing the hardness of the discrete logarithm problem in such fields is highly relevant to the security of cryptographic pairings. Our computations are not terribly large computations compared to other record-size computations for integer factoring or discrete logarithm over prime fields, but on the other hand more novelty is present in these contexts: use of automorphisms, higher degree sieving, for example.

Further research in this direction is needed, especially regarding the effectiveness of the variants of the “tower” number field sieve variants.

Furthermore, A. Guillevic and L. Grémy have gathered in a database all
published records of discrete logarithm computations in all kinds of
finite fields. The database is hosted on gitlab and is open to
external contributions. A web interface for browsing the database is
available at
http://

Together with Vincent Lefèvre (ARIC team, Inria Rhône-Alpes), Paul Zimmermann wrote an article “Optimized Binary64 and Binary128 Arithmetic with GNU MPFR”, and presented it at the 24th IEEE Symposium on Computer Arithmetic . This article describes algorithms used to optimize the GNU MPFR library when the operands fit into one or two words. On modern processors, a correctly rounded addition of two quadruple precision numbers is now performed in 22 cycles, a subtraction in 24 cycles, a multiplication in 32 cycles, a division in 64 cycles, and a square root in 69 cycles. It also introduces a new faithful rounding mode, which enables even faster computations. These optimizations will be available in version 4 of MPFR.

In the General Number Field Sieve (GNFS) for integer factorization or
discrete logarithm, the first stage is polynomial selection.
Polynomial selection itself consists in two steps: size-optimization and
root-optimization. The classical measures used to rank polynomials
during the root-optimization
are the so-called

Starting in March, Paul Zimmermann coordinated the English translation of the
book “Calcul mathématique avec Sage”, and the update from version 5.9 to
8.0 of Sage. He also translated several chapters and proof-read the
translation of all chapters.
The current state of the English translation is available under a
Creative Commons license (CC BY-SA) at
https://

Emmanuel Thomé and Paul Zimmermann contributed two chapters of the book “Topics in Computational Number Theory Inspired by Peter L. Montgomery”, coordinated by Arjen Lenstra and Joppe Bos, and published by Cambridge University Press. Together with Richard P. Brent and Alexander Kruppa, Paul Zimmermann wrote a chapter entitled “FFT extension for algebraic-group factorization algorithms” . Emmanuel Thomé contributed a chapter entitled “The block Lanczos algorithm” .

In , we describe a method improving on the
exhaustive search algorithm developed
in . We are able to compute new optimal
formulae for the short product modulo

In colloboration with L. Chen, D. Mohajerani and M. Moreno Maza,
in , we compare various methods for the
multiplication of polynomials, using the GPU. We compare the CRT
method, using

As a by-product of his PhD thesis defended in late 2016, Hugo
Labrande contributed to a joint work with several authors, leading to
an article that provides examples of
smooth plane quartics over

In , the previous work on
speeding-up the first phase of the individual discrete logarithm computation,
the initial splitting, a.k.a. smoothing phase, is extended to any non-prime
finite field

A paper detailing the implementation of the ECM factoring algorithm on the Kalray MPPA-256 many-core processor, written as a collaboration between Jérémie Detrey and Pierrick Gaudry from CARAMBA, and Masahiro Ishii, Atsuo Inomata, and Kazutoshi Fujikawa from NAIST (Nara, Japan), was published in IEEE Transaction on Computers .

In , we improve the existing impossible-differential attacks against Rijndael-160 and Rijndael-224.

We have training and consulting activities with the French Ministry of Defense.

Together with the PESTO team, we have a contract with the Docapost company, the purpose of which is to impove their e-voting solution, adding some verifiability properties and switching to elliptic curve cryptography.

In this contract the goal is to audit and prove security properties of a new e-voting protocol to be used in a few cantons of Switzerland.

This contract with Orange Gardens at Chatillon-Montrouge is dedicated to the supervision of Sandra Rasoamiaramanana's PhD thesis about security in the white box context.

This contract, called PACLIDO, is an FUI project with many companies dedicated to the definition of new lightweight cryptographic primitives for the IoT.

The PEPS CHARIoT (“CHiffrement Authentifié pour Renforcer l'IoT”) project is dedicated to the study of authenticated encryption schemes, especially the CAESAR candidates, and to the performance analysis of those schemes on dedicated embedded architectures such as micro-controllers (MSP430, ARM and AVR). It involves Marine Minier (CARAMBA), Franck Rousseau (IMAG - Grenoble) and Pascal Lafourcade (LIMOS-UCA - Clermont-Ferrand).

Thorsten Kleinjung from EPFL visited the team from 6 to 10 February to work on the Number Field Sieve algorithm.

Together with Anne-Lise Charbonnier (Inria Nancy – Grand Est), the Caramba team organized the “Journées Codage et Cryptographie 2017”, whose objective is to regroup the French speaking community working on error-correcting codes and on cryptography. It is affiliated with the “Groupe de travail C2” of the GDR-IM.

Pierrick Gaudry is a member of the steering committee of the Workshop on Elliptic Curve Cryptography (ECC).

Emmanuel Thomé is a member of the steering committee of the conference series “Algorithmic Number Theory Symposium” (ANTS).

Emmanuel Thomé is a member of the scientific directorate of the Dagstuhl computer science seminar series.

Jérémie Detrey was a member of the Program Committee of ECC 2017.

Pierrick Gaudry was a member of the Program Committee of EUROCRYPT 2017.

Aurore Guillevic was a member of the Program Commitee of PKC 2018, Latincrypt 2017 and JC2 2017.

Marine Minier was a member of the Program Commitee of WCC 2017 and JC2 2017.

Pierre-Jean Spaenlehauer was a member of the Program Commitee of ISSAC 2017.

Members of the project-team did their share in reviewing submissions to renowned conferences and journals. Actual publications venues are not disclosed for anonymity reasons.

Jérémie Detrey was invited to give a talk at the Rencontres “Arithmétique de l'Informatique Mathématique” (RAIM 2017), Lyon, France.

Aurore Guillevic was invited to give a talk at the Elliptic Curve Cryptography Conference (ECC17), Nijmegen, Netherlands.

Emmanuel Thomé was invited to give a talk at the Elliptic Curve Cryptography Conference (ECC17), Nijmegen, Netherlands.

Marine Minier was invited to give a talk at the Journées Nationales du pré-GDR Sécurité, Paris, France and at the CCA seminar, Paris, France.

Jérémie Detrey is chairing the *Commission des Utilisateurs
des Moyens Informatiques* (CUMI) of the Inria Nancy – Grand Est research
center.

Emmanuel Thomé

is a member of the management committee for the research project “CPER Cyberentreprises” (co-chair).

is a member of
the *Comité Local Hygiène,
Sécurité, et Conditions de Travail* of the Inria Nancy – Grand
Est research center.

was a member of the hiring committee for the 2015 junior research positions (CR2) at Inria Bordeaux.

Pierrick Gaudry is vice-head of the *Commission de mention
Informatique* of the *École doctorale IAEM* of the University
of Lorraine;

Pierre-Jean Spaenlehauer is a member of the *Commission
développement technologique* (CDT) of the Inria Nancy – Grand Est
research center.

Paul Zimmermann is member of the Scientific Committee of the EXPLOR
*Mésocentre*, of the “groupe de réflexion”
*Calcul, Codage, Information* of the GDR-IM, of the
advisory board of the OpenDreamKit european project, of the
scientific council of the LIRMM laboratory in Montpellier, and chair of
the organizing committee of the EJCIM
(*École Jeunes Chercheurs Informatique Informatique Mathématique*)
which will take place in Nancy in 2018.

Marine Minier is

member of the CoS, poste MCF number 27MCF4376, Université de Rouen, November 2017.

member of the CoS, poste MCF number 27MCF575, Université de Grenoble Alpes, May 2017.

president of the CoS, poste MCF number 27MCF0955, Université de Lorraine, May 2017.

member of the CoS, poste MCF number 27MCF4191, Université de Lyon, May 2017.

member of the CoS, poste PR number 27PR0154, Université de Toulouse, May 2017.

in charge of the redaction for the LORIA of the Impact Project *Digital Trust*.

Laurent Grémy was a member of the *Conseil de laboratoire* of the
Loria.

Master: Marine Minier, *Sécurité des systèmes d'information*, 40h eq. TD, M2 Informatique, Université de Lorraine,
Faculté des sciences et technologies, Vandœuvre-les-Nancy, France.

Master: Marine Minier, *Introduction à la
cryptographie*, 18h eq. TD, M1 Informatique, Université de Lorraine,
Faculté des sciences et technologies, Vandœuvre-les-Nancy, France.

Master: Marine Minier, *Introduction à la
sécurité des systèmes et à la cryptographie*, 32h eq. TD, M2 Mathématiques
IMOI, Université de Lorraine, Faculté des sciences et technologies,
Vandœuvre-les-Nancy, France.

Master: Emmanuel Thomé, *Introduction to Cryptography*,
24 hours (lectures + exercises), M1, Télécom Nancy, Villers-lès-Nancy, France.

Master: Emmanuel Thomé, *Cryptography and Security*,
20 hours (lectures + exercises), M2, Télécom Nancy and École des Mines de
Nancy, France.

Master: Pierre-Jean Spaenlehauer, *Initiation aux méthodes analytiques de
la théorie des nombres, applications à la cryptographie*, 15h eq. TD, M2
Mathématiques MFA, Université de Lorraine, Faculté des sciences et technologies,
Vandœuvre-les-Nancy, France.

Licence: Jérémie Detrey, *Méthodologie*, 24 hours (practical
sessions), L1, Université de Lorraine, Faculté des sciences et
technologies, Vandœuvre-les-Nancy, France.

Licence: Jérémie Detrey, *Sécurité des applications Web*, 2 hours
(lecture), L1, Université de Lorraine, IUT Charlemagne, Nancy, France.

Master: Jérémie Detrey, *Introduction à la cryptographie*, 8 hours
(lectures) + 10 hours (tutorial sessions) + 12 hours (practical sessions),
Master Spécialisé, École des Mines de Nancy, France.

Licence: Marine Minier, *Introduction à la sécurité et à la
cryptographie*, 10 hours (lectures) + 10 hours (tutorial sessions) + 10
hours (practical sessions), L3, Université de Lorraine, Faculté des
sciences et technologies, Vandœuvre-les-Nancy, France.

Licence: Pierrick Gaudry, *Méthodologie*, 24 hours (practical
sessions), L1, Université de Lorraine, Faculté des sciences et
technologies, Vandœuvre-lès-Nancy, France.

2e année École Polytechnique, Aurore Guillevic, *Les bases
de la programmation et de l'algorithmique*, (INF411), 32 hours
(lab sessions), Palaiseau, France (“chargée d'enseignement”).

Internship: Léo Barré, *cube attacks and cube testers*, Université de Bordeaux,
March–September (6 months), Pierre-Jean Spaenlehauer and Marine Minier.

Internship: Nicolas David, *Impact des racines réelles sur la
sélection polynomiale pour le crible algébrique*, ENS Cachan,
June–July (6 weeks), Paul Zimmermann.

Internship: Quentin Deschamps, *Étude de la sécurité
du logarithme discret dans $GF\left({p}^{n}\right)$ lorsque $n$ est
composé*, ENS Lyon, July–August (6 weeks), Aurore Guillevic.

Internship: Joël Felderhoff, *infrastructures in complex cubic
fields*, ENS-Lyon, June–July (6 weeks), Pierre-Jean Spaenlehauer.

Ph.D. in progress: Sandra Rasoamiaramanana, *Délivrance de contextes sécurisés par des approches hybrides*,
since May 2017, Ph.D. CIFRE Orange Gardens, Marine Minier.

Ph.D. in progress: Paul Huynh, *analyse et conception de chiffrements authentifiés à bas coût*, since October 2017, Marine Minier.

Ph.D. in progress: Simon Abelard, *Comptage de points de courbes algébriques sur
les corps finis et interactions avec les systèmes polynomiaux*, Univ.
Lorraine; since Sep. 2015, Pierrick Gaudry & Pierre-Jean Spaenlehauer.

Ph.D. in progress: Svyatoslav Covanov, *Algorithmes de multiplication :
complexité bilinéaire et méthodes asymptotiquement rapides*,
since Sep. 2014, Jérémie Detrey et Emmanuel Thomé.

Marine Minier: president of the jury of the PhD: *Synchronisation et systèmes dynamiques : application à la cryptographie* defended by Brandon Dravie, July 2017, Université de Lorraine.

Marine Minier: president of the jury of the PhD: *Réseaux de capteurs et vie privée* defended by Jessye Dos Santos, August 2017, Université de Grenoble Alpes.

Marine Minier: president of the jury of the PhD: *Système de détection d'intrusion adapté au système de communication aéronautique ACARS* defended by Eric Asselin, June 2017, Université de Toulouse.

Marine Minier: president of the jury of the PhD: *Probabilistic models of partial enforcement in distributed systems* defended by Jordi Martori-Adrian, June 2017, Université de Lorraine.

Marine Minier: president of the jury of the PhD: *Méthodes
de calculs sur les données chiffrées* defended by Marie Paindavoine,
January 2017, Université de Lyon.

Emmanuel Thomé: reviewer of the PhD thesis: *Formules de
Thomae pour les courbes algébriques résolubles* defended by
Alexandre Le Meur, August 2017, Université de Rennes 1.

Paul Zimmermann: member of the jury of the PhD thesis:
*Investigations in Computer-Aider Mathematics:
Experimentation, Computation, and Certification* defended by
Thomas Sibut-Pinote, December 2017, École polytechnique.

Pierrick Gaudry organized and participated in a debate fed by excerpts from movies on the topic of cryptography and privacy in March 2017. He also gave a podcast interview about electronic voting for Interstices .

Pierre-Jean Spaenlehauer did a short presentation of asymetric cryptography to middle school students who were award winners of the Alkindi competition.

Paul Zimmermann co-animated a “Math-en-Jeans” atelier with lycée Vauban in Luxembourg city (Luxembourg).