2025-12-16
11:00
Salle 2
Animating quadratic and bilinear maps on abelian varieties
If $A/k$ is an abelian variety, there are no non trivial maps (linear, bilinear, quadratic) from $A$ (or $A×B$) to $G_m$. However, seeing these objects as fppf sheafs of anima (i.e., ∞-groupoids) rather than fppf sheafs of sets, the space/anima of linear maps, bilinear and quadratic maps are highly non trivial. Using the Dold-Kan correspondance, we can interpret their $π_1$ as, respectively: linear maps $A→BG_m$, i.e. as elements of the dual abelian variety $A^=\mathrm{Hom}(A,BG_m)$; biextensions of $A×B$ by $G_m$; cubical structures on $G_m$-torsors on $A$. This talk will be divided into three parts. In the first elementary part, we will sketch the many analogies between bilinear and quadratic maps on one hand, and polarisations and line bundles on an abelian variety on the other hand. In the second part, we will give a sketch of the animation procedure and why it explains the above analogies. Finally, in the third part, we will give algorithmic applications. In particular, cubical arithmetic serves as a swiss-knife toolbox for abelian varieties, since it can be used to recover the biextension arithmetic and theta group arithmetic, and allows to compute pairings, isogenies, radical isogenies, isogeny preimages, change of level... If time permits, we'll also give an example on how it sheds new lights on the DLP, notably via the monodromy leak attack.
2025-12-09
11:00
Salle 2
Locally symmetric space with and without short closed geodesics
Locally symmetric spaces arise in several areas of mathematics and are among the most structured spaces, exhibiting special harmony between geometry, analysis, arithmetic, algebra, and topology. Building on his celebrated arithmeticity theorem, Margulis conjectured that torsion-free cocompact arithmetic lattices of semisimple Lie groups are uniformly discrete. Geometrically, this means a uniform lower bound on the lengths of all closed geodesics for arithmetic locally symmetric spaces. This conjecture is widely open, even in the simplest case of compact arithmetic hyperbolic surfaces obtained as quotients of the hyperbolic plane. In joint work with M. Fraczyk, we proved that this is enough to prove Margulis' conjecture for all locally symmetric spaces of higher rank simple Lie groups. In fact, we establish uniform lower bounds on the lengths of "most" closed geodesics and prove that the main difficulty lies in rank one. The proof exploits in an essential way the arithmetic structure of these spaces.
2025-12-02
11:00
Salle 2
Lorenzo Furio (Institut de Mathématiques de Jussieu-Paris Rive Gauche)
7-adic Galois representations and generalised Fermat equations
The study of Galois representations attached to elliptic curves is a highly fruitful branch of number theory, leading to the resolution of deep problems such as Fermat’s Last Theorem. In 1972, Serre proved his foundational Open Image Theorem, which states that for every non-CM elliptic curve defined over a number field, the image of the adelic Galois representation on its torsion points has finite index. This result soon inspired Mazur to propose his famous Program B, aiming to classify all possible images of such representations. In recent years, substantial progress has been made toward Mazur’s Program B, with several authors undertaking a systematic classification of all possible images of p-adic Galois representations attached to elliptic curves over $Q$. At present, the classification is complete only for $p∈\{2,3,13,17\}$. The main obstacle for other primes arises from the difficulty of understanding elliptic curves whose mod-$p^n$ Galois representations are contained in the normalizer of a non-split Cartan subgroup. Equivalently, this amounts to determining the rational points on the modular curves $X_{\mathrm{ns}}^+(p^n)$. In this talk, we focus on the case $p=7$ and show that the modular curve $X_{\mathrm{ns}}^+(49)$, which has genus 69, has no non-CM rational points. To achieve this, we establish a correspondence between the rational points on $X_{\mathrm{ns}}^+(49)$ and the primitive integer solutions of the generalized Fermat equation $a^2+28b^3=27c^7$, the resolution of which can be reduced to determining the rational points on several genus-three curves. Furthermore, we reduce the complete classification of 7-adic images to the determination of the rational points on a single plane quartic. This is joint work with Davide Lombardo.
2025-11-25
11:00
Salle 385
Compact, Efficient and CCA-Secure Updatable Encryption from Isogenies
Updatable Encryption (UE) allows ciphertexts to be updated under new keys without decryption, enabling efficient key rotation. Constructing post-quantum UE with strong security guarantees is challenging: The only known CCA-secure scheme, COM-UE, uses bitwise encryption, resulting in large ciphertexts and high computational costs. We introduce DINE, a CCA-secure, isogeny-based post-quantum UE scheme that is both compact and efficient. Each encryption, decryption, or update requires only a few power-of-2 isogeny computations in dimension 2 to encrypt 28B messages, yielding 320B ciphertexts and 224B update tokens at NIST security level 1 — significantly smaller than prior constructions. Our full C implementation demonstrates practical performances: updates in 7ms, encryptions in 48ms, and decryptions in 86ms. Our design builds on recent advances in isogeny-based cryptography, combining high-dimensional isogeny representations with the Deuring correspondence. We also introduce new algorithms for the Deuring correspondence which may be of independent interest. Moreover, the security of our scheme relies on new problems that might open interesting perspectives in isogeny-based cryptography.
2025-11-18
11:00
Salle 2
Dynamics of the Hessian transformation
The determinant of the Hessian matrix of a homogeneous polynomial $f$ defines a hypersurface $H(f)=0$. When $f$ is either a ternary cubic or a binary quartic, $H$ descends to a rational self-map on the moduli space $X(1)$. This talk explores the resulting dynamical systems, showing how they arise from the dynamics of suitable group homomorphisms, and how this dictates their remarkably symmetric structure. Joint work with E. Broggini, M. Houben, D. Lazzarini, R. Lolato, F. Pintore, and D. Taufer.
2025-11-04
11:00
Salle 2
Modular polynomial-based proofs of knowledge for isogeny paths
We present an overview of modular polynomial-based proofs of knowledge for isogeny paths. The general recipe encodes each step of an isogeny path via a modular polynomial, which is then translated into a rank-1 constraint system and plugged into a suitable zero-knowledge succinct non-interactive argument of knowledge. This approach was originally introduced by Cong–Lai–Levin (ACNS 2023) using the classical modular polynomial, but other modular polynomials can be used to achieve smaller and more efficient proofs: In joint work with T. den Hollander, S. Kleine, M. Mula and D. Slamanig (CRYPTO 2025) we explored the use of the canonical modular polynomial for significant improvements, and in ongoing follow-up work we found that both the Atkin and Weber modular polynomials yield further improvements. As these three classes of modular polynomials are less prominent than the classical modular polynomial, especially in the context of isogeny-based cryptography, we will briefly explain how they are constructed and will then investigate how they can be used to encode a step of an isogeny path. Finally, we detail the practical improvements obtained from each of these classes.
2025-10-14
11:00
Salle 2
Geometric approach to the cryptanalysis of UOV
We present results concerning the security of post-quantum multivariate signature schemes based on UOV, in particular those submitted to NIST. We motivate our approach by a geometric interpretation of the trapdoor, based on the work of Kipnis and Shamir and more recently by Beullens. The geometric properties we exhibit are naturally translated into algebraic problems, which can be solved using standard algebraic cryptanalysis tools, such as efficient linear algebra and Gröbner basis algorithms. As an example, we show that the varieties defined by the public keys of UOV schemes admit large singular locii. These singularities enable us to introduce new algebraic attacks against UOV-based schemes, and to re-interpret the Kipnis-Shamir attack in an algebraic framework. Our attacks lower the security of UOV and VOX showing in particular that the parameters sets proposed for these schemes do not meet the NIST security requirements. At level V, we show that the security falls short by a factor of 229 logical gates. We also present on-going work with S. Abelard and M. Safey el Din enabling a generic analysis of the polynomial systems arising in the study of UOV.
2025-10-09
14:00
Salle 1
Towards Post-Quantum Bitcoin Blockchain using Dilithium Signature
Bitcoin is one of the famous cryptocurrencies in the world. It is a permissionless blockchain, and all transactions are stored in a public decentralized ledger. In its security design, Bitcoin utilizes various cryptographic primitives, such as hash functions and signature schemes. In the current version of Bitcoin, the Elliptic Curve Digital Signature Algorithm (ECDSA) is employed, which is not considered post-quantum secure due to Shor’s algorithm. In this talk, we will analyze the potential replacement of ECDSA with Dilithium, which is a postquantum digital signature based on lattices and recently standardized by NIST as ML-DSA. Bitcoin operates on a pseudonymous system rather than providing complete anonymity. To enhance privacy protection, the Bitcoin community has adopted a special type of deterministic wallet as outlined in Bitcoin Improvement Proposal 32 (BIP32). We will show how to construct deterministic wallets from Dilithium by first designingDilithiumRK, a signature scheme with rerandomizable keys build on top of Dilithium. We will then discuss the unlinkability, unforgeability and efficiency of DilithiumRK and the resulting wallets. This is joint work with Adeline Roux-Langlois.
2025-10-07
11:00
Salle 2
Reduction of plane quartics and Cayley octads
For a long time, number theorists have been interested in studying the reduction modulo $p$ of algebraic varieties defined over number fields. For example, in the case of an elliptic curve $E$, where we distinguish between good, multiplicative, and additive reduction, the Birch and Swinnerton-Dyer conjecture predicts that the reduction plays a crucial role in understanding the rank of $E(Q)$. For hyperelliptic curves $y^2 = f(x)$, the reduction has been studied extensively through the Weierstrass points, i.e. the roots of $f(x)$. In this talk, I will tell about recent work joint with Jordan Docking, Vladimir Dokchitser, Reynald Lercier, Elisa Lorenzo Garcia, and Andreas Pieper, in which we study the situation for the first case of non-hyperelliptic curves: plane quartics. As a result of numerous computations, we made a prediction how the reduction type of a plane quartic can be determined from the Cayley octad, a set of eight points in $P^3$ associated to the curve.
2025-09-30
11:00
Salle 2
The lattice packing problem in dimension 9 by Voronoi’s algorithm
In 1908 Voronoi introduced an algorithm that solves the lattice packing problem in any dimension in finite time. Voronoi showed that any lattice with optimal packing density must be a so-called perfect lattice, and his algorithm enumerates the finitely many perfect lattices up to similarity in a fixed dimension. However, due to the high complexity of the algorithm this enumeration had, until now, only been completed up to dimension 8. In this talk we will present our work on a full enumeration of all 2,237,251,040 perfect lattices in dimension 9 via Voronoi's algorithm. As a corollary, this shows that the laminated lattice gives the densest lattice packing in dimension 9. Furthermore, as a byproduct of the computation, we classify the set of possible kissing numbers in dimension 9. We will discuss Voronoi's algorithm and the many algorithmic, implementation, and parallelization efforts that were required for this computation to succeed. This is joint work with Mathieu Dutour Sikirić.
2025-09-23
11:00
Salle 2
Exponential sums and Linear cryptanalysis: Analysis of Butterfly-like constructions
This presentation focuses on the recently identified links between algebraic geometry and symmetric cryptography. Specifically, we demonstrate how bounds on exponential sums, based on results from Deligne, Denef–Loeser and Rojas–León, can be used to evaluate the correlations of linear approximations in cryptographic constructions with a low algebraic degree. This yields concrete bounds for Butterfly-like designs, such as the Flystel. These results reinforce security arguments against linear cryptanalysis, notably by resolving a conjecture on the Flystel construction.
2025-09-16
11:00
Salle 2
The Poincaré Biextension
I will describe the elliptic net structure of the Poincaré biextension for elliptic curves. I will explain how this can be generalized to $R$-biextensions, where $R$ is an order in an imaginary quadratic field, and how it respects the CM structure of an elliptic curve and relates to sesquilinear Weil and Tate pairings.
