Yann Rotella (original) (raw)

Cryptographer

Associate Professor (Maître de Conférences) in Mathematics and Computer Science at Université Paris-Saclay

About me

Doctor in Computer Science and specialized in Symmetric Cryptography, my research work focus mainly on design and analysis of cryptographic primitives. I really enjoy discrete mathematics (Finite Fields, Boolean functions). I am trying to identify different structures of mathematical objects that we use, in order to refine knowledge about the security of cryptographic constructions. I like to cryptanalyze ciphers.

I'm really invested in scientific mediation. Besides giving some talks here and there about cryptography, I'm a co-designer of the exercices for the very exciting Alkindi competition for 15 year old students.

Because my life is not entirely dedicated to research and teaching cryptography, I also have some hobbies. Here they are: hiking, paragliding, skiing. In other words if there is the mountains, I'm in, and if there is the snow, I'm in twice!

teaching

I wish my students can find back the knowledge without learning it by heart. More precisely, I like to instil into my students an in-depth understanding of concepts by minimizing the size of the data stored in their brain. I also really like to teach the students to work in groups, mainly because it's a skill I find extremely usefull but unfortunately very little mastered. At the end of my courses, I wish my students don't need anyone to reinforce their knowledge in the field of expertise I teach them. If you have any ideas or just want to discuss on this, don't hesitate to contact me. I'm constantly looking for improving myself on this, which is a hard topic.

News

WCC 2026, the 14th Workshop on Coding and Cryptography will be in Paris

Recently in Versailles we're mounting videos on cryptography ! Stay tuned when the first ones will appear !

Students

PhD students:

• Margot Funk, from September 2021 to September 2024, with Christina Boura and Louis Goubin on automatic tools and analysis of Symmetric primitives. Defended on October 14, 2024 [HAL link]
• Rachelle Heim Boissier, from September 2021 to September 2024 on the cryptanalysis of Symmetric Key primitives. Defended on October 15, 2024 [HAL link]

Internships:

• Mariana Moll De Alba, from October 2024 to May 2025, Master internship on the algebraic and satistical cryptanalysis of VDLPN.
• Maé Miachon-Lemeulle, from March 2024 to August 2024, Master internship on Cryptanalysis of WPRFs.
• Gaël Chopin, from March 2024 to August 2024, Master internship on the caracterization of bijective binomial mappings over Finite Fields.
• Yann Le Dore, from March 2023 to August 2023, Master internship on accelerating key search depending on S-boxes.
• Margot Funk, from March 2021 to September 2021, with Christina Boura on the ternary hash function Troïka.
• Rachelle Heim Boissier, from March 2020 to September 2020 on the cryptanalysis of Keccak hash function.

Long projects for Master students (TER):

• Analysis of Symmetric Searchable Encryption Schemes, 2025, Hedil Meddeb, Amine Mohamed, Laetitia Tiberghien, Sophie Wu.
• A Forensic-Resistant Ransomware, 2024, Yenal Baysan, Imad Boukedjani, Oscar Cornejo Guillen, Ahmed Yahia Meribout, Youcef El Khodr Metane.
• Attack on GEA-1 and GEA-2, 2023, Mohand Arezki, Acherir Corentin Brice, Hugo Chanas, Louis Delahaye, William Magalhaes Monteiro, Niels Merceron.

Random stuff

• Médiation Scientifique: I really like to talk and entertain high school students through scientific interventions, I'm also part of Alkindi-competition (see below). I did some livestream interventions with Parlons-Maths, at the prizes for les Olympiades de Mathématiques or in some science forums.
• Administrative stuff: entirely intevested in University's life, I'm elected and part of the board of UFR des Sciences, and also elected member with Union SNESUP-FSU (Conseil Social d'Administration) and at the Graduate School ISN Paris-Saclay. I also organize two seminars at the University of Versailles, one in cryptography that mainly focus on recent research results and is adressed to Master students. The second recently launched is the multi disciplinar seminar that aim researchers not only in specific domain but in science in general to communicate their results and their subjects to other researchers but also students.

research

Habilitation à Diriger des Recherches:

• Éléments de Cryptanalyse. Rapporteurs: Alain Couvreur, Pierre-Alain Fouque et Thomas Peyrin. Jury: Orr Dunkelman, Caroline Fontaine et María Naya-Plasencia. [Memoire HDR] [Slides]

International conferences and journals papers:

• Transistor - a TFHE-friendly Stream Cipher. Jules Baudrin, Sonia Belaïd, Nicolas Bon, Christina Boura, Anne Canteaut, Gaëtan Leurent, Pascal Paillier, Léo Perrin, Matthieu Rivain, Yann Rotella, Samuel Tap eprint VersionJanuary 2025
• Learning with Physical Rounding for Linear and Quadratic Leakage Functions.Clément Hoffmann and Pierrick Méaux and Charles Momin and Yann Rotella and François-Xavier Standaert and Balazs Udvarhelyi, Crypto Group, ICTEAM Institute, UCLouvain, Louvain-la-Neuve, Belgium and Luxembourg University, SnT, Luxembourg and Université Paris-Saclay, UVSQ, CNRS, LMV,Versailles, France Crypto 2023August 2023 [published version]
• On the Security of Keyed Hashing Based on Public Permutations Joan Daemen and Jonathan Fuchs and Yann Rotella Crypto 2023August 2023 [eprint version][published version]
• Generic Attack on Duplex-Based AEAD Modes Using Random Fuction Statistics. Henri Gilbert and Rachelle Heim Boissier and Louiza Khati and Yann Rotella, UVSQ, Université Paris-Saclay, LMV, Versailles, France and ANSSI, France Eurocrypt 2023April 2023 [eprint version][published version]
• Differential analysis of the ternary hash function Troika. Christina Boura and Margot Funk and Yann Rotella, UVSQ, Université Paris-Saclay, LMV, Versailles, France SAC 2022August 2022 [eprint version]
• Breaking Panther Christina Boura and Rachelle Heim Boissier and Yann Rotella, UVSQ, Université Paris-Saclay, LMV, Versailles, France Africacrypt 2022July 2022 [eprint version]
• Cryptanalysis of the GPRS Encryption Algorithms GEA-1 and GEA-2 Christof Beierle, Patrick Derbez, Gregor Leander, Gaëtan Leurent, Håvard Raddum, Yann Rotella, David Rupprecht, Lukas Stennes, Ruhr University Bochum, Bochum, Germany and Univ Rennes, CNRS, IRISA, Rennes, France and Inria, Paris, France and Simula UiB, Bergen, Norway and Université Paris-Saclay, UVSQ, CNRS, Laboratoire de Math´ematiques de Versailles, Versailles, France. Eurocrypt 2021 October 2021 [Final published version][eprint Version][Video]
• Algebraic Collision Attacks on Keccak Rachelle Heim Boissier and Camille Noûs and Yann Rotella ToSC 2020 Special Issue (1) May 2021 [Final published version][Video]
• The Subterranean 2.0 Cipher Suite Joan Daemen, Pedro Maat Costa Massolino, Alireza Mehrdad and Yann Rotella, Radboud University, Nijmegen, Netherlands and UVSQ, LMV, Université Paris Saclay, Versailles, France, ToSC 2020 Special Issue (1) May 2020 [Final published version][Video]
• Algebraic and Higher-Order Differential Cryptanalysis of Pyjamask-96 Christoph Dobraunig, Yann Rotella and Jan Schoone, Radboud University, Nijmegen, Nehterlands and UVSQ, LMV, Université Paris Saclay, Versailles, France, ToSC 2020 (1) March 2020 [Final published version][Video]
• On the Concrete Security of Goldreich's Pseudorandom Generator Geoffroy Couteau, Aurélien Dupin, Pierrick Méaux, Mélissa Rossi and Yann Rotella, Karlsruhe Institute of Technology, CentraleSupélec Rennes and Irisa Rennes and ICTEAM/ELEN/Crypto Group Université catholique de Louvain, ENS de Paris, Digital Security Group Radboud University, Asiacrypt 2018 December 2018 [eprint Full Version]
• Cryptanalysis of MORUS Tomer Ashur, Maria Eichlseder, Martin M. Lauridsen, Gaëtan Leurent, Brice Minaud, Yann Rotella, Yu Sasaki and Benoît Viguier, imec-COSIC, KU Leuven, Graz University of Technology, Inria de Paris, Royal Holloway University of London, NTT Tokyo, Radboud University, Nijmegen, Inria de Paris, Asiacrypt 2018 December 2018 [eprint]
• State-Recovery Attacks on Modified Ketje Jr Thomas Fuhr, María Naya-Plasencia and Yann Rotella, ANSSI, Inria de Paris - SECRET, ToSC 2018 (1) March 2018 [Final published version]
• Boolean functions with restricted input and their robustness; application to the FLIP cipher Claude Carlet, Pierrick Méaux and Yann Rotella, LAGA, Department of mathematics, University Paris 8, Paris 13 and CNRS - Inria, CNRS, ENS and PSL Research University, Inria de Paris - SECRET, ToSC 2017 (3) November 2017 [Final published version]
• Proving Resistance against Invariant Attacks: How to Choose the Round Constants Christof Beierle, Anne Canteaut, Gregor Leander and Yann Rotella, HG Institute for IT security, Ruhr-Universitat Bochum, Inria de Paris - SECRET, Crypto 2017 August 2017 [eprint]
• Cryptanalysis of the FLIP Family of Stream Ciphers. Sébastien Duval, Virginie Lallemand and Yann Rotella, Inria de Paris - SECRET,Crypto 2016 August 2016 [eprint]
• Attacks against Filter Generators Exploiting Monomial Mappings. Anne Canteaut and Yann Rotella, Inria de Paris - SECRET, FSE 2016 March 2016 [eprint][Video][Slides]

Reviews, Subreviews and Boards

• Board for CRYPTO 2024 and CRYPTO 2025
• Board for IACR Transaction on Symmetric Cryptology (ToSC) from 2020 to 2024 and from 2025
• Board for SAC 2022 and SAC 2023
• Board for Africacrypt 2022 and Africacrypt 2023 and Africacrypt 2025
• Board for Indocrypt 2021
• Member Programm Committee of JC2 2023
• Reviewer for The Computer Journal
• Reviewer for Finite Fields and Applications
• Reviewer for IEEE on Information Theory since 2019
• Reviewer for Design Codes and Cryptography since 2017
• Subreviewer for CRYPTO 2018, ASIACRYPT 2018, ISIT, EUROCRYPT 2019, NutMiC 2019, AfricaCrypt 2019, ASIACRYPT 2019, CRYPTO 2020, EUROCRYPT 2020, ISIT 2021, CRYPTO 2021, Eurocrypt 2021, Asiacrypt 2021 and 2022, Eurocrypt 2023, Crypto 2023.
• Reviewer for Theoretical Computer Science since 2022

Involved Projects:

• PEPR Cryptanalyse, started in 2023, Gaëtan Leurent and Emmanuel Thomé, on the intensive analysis of the security level of cryptographic schemes and problems.
• ANR SWAP, started in 2022, Sboxes for Symmetric-Key Primitives. The goal is to design and analyze Sboxes for specific applications such as masking schemes or FHE and MPC applications, coordinated by Christina Boura.
• ANR OREO, started in 2023, Tools for cryptography. Mixed Integer Linear Programming, models, designing better MILP models for cryptanalysis, coordinated by Patrick Derbez.
• PEPR CyberSecurity, Cryptanalysis, started in 2023.

Organizations:

• Co-organizer of the Journées Codage et Cryptographie 2025.
• General chair of Workshop on Coding and Cryptography 2026.

Seminar and other presentations:

• Cryptographie, en quoi avons-nous confiance ? Séminaire laboratoire DAVID, Novembre 2023, Versailles, France[Slides]
• S-boxes for Fully Homomorphic encryption, WISG 2023, March, 2023, Marseille, France
• Generic Attacks on Duplex-based AEAD modes, Frisiacrypt Workshop, September, 2022 [Slides]
• Open Problems in boolean functions, Frisiacrypt Workshop, September, 2022 [Slides]
• Cryptanalysis of GEA-1 and GEA-2 ciphers, backdoor and proprietary ciphers, ENS Crypto Seminar May, 2022 [Slides]
• Higher Order Derivatives, cubes, algebraic, integral, Invited talk at Journées Codage et Cryptographie, April, 2022 [Slides]
• Cryptanalysis of GEA-1 and GEA-2 ciphers, backdoor and proprietary ciphers, Versailles CRYPTO Seminar and ENS Cypto SeminarFebruary and May, 2022 [Slides]
• Algebraic Cryptanalysis of Keccak 2 round, CWI Seminar May, 2021 [Slides]
• Subterranean 2.0, and a closer look at XoodYak, Special Crypto-Seminar of Versailles on NIST-lightweight Cryptography Competition December 19, 2020 [Subterranean-short][XoodYak-short]
• On generating collisions in blinded keyed hashing, Crypto-Seminar of Versailles, France. January 21, 2020 [Slides]
• How to use Differential Trails to attack compression functions, Dagstuhl Seminar, Germany. January 21, 2020 [Slides]
• Cryptanalysis of Full Pyjamask-96, Laboratory of Mathematics of Versailles Seminar, Paris-Saclay University, France. September 4, 2019 [Slides]
• Attacks Against Filter Generators Exploiting Monomial Mappings, SIAM, Bern, Switzerland, Finite Fields and Cryptography workshop. July 12, 2019 [Slides]
• Finding collisions using differentials, Invited Seminar CASYS-team, Grenoble, France, Jean Kuntzmann Laboratory June 27, 2019 [Slides]
• Invariant attacks; how to choose the round constants, Invited Seminar team GRACE, Laboratoire d'Informatique de l'X, Saclay, France April 9, 2019 [Slides]
• Subterranean 2.0: a lightweight proposal for the NIST Lightweight Crypto Competition for Standardisation Radboud University, Nijmegen, Netherlands, Digital Security March 12, 2019 [Slides]
• On the concrete security of Goldreich's Pseudorandom Generator Invited talk CARAMBA-team Inria Nancy, January 31, 2019 [Slides]
• Choosing Round Constants in Lightweight Block Ciphers Seminar CRYPTO UVSQ, PRISM Laboratory, January 2019 [Slides]
• Discrete Mathematics Applied to Symmetric Cryptography PhD defense, Sorbonne Université September 19, 2018 [Slides]
• Algebraic Attacks Revisited CCA (now C2), June 15, 2018 [Slides]
• Boolean functions with restricted input and their robustness; application to the FLIP cipher FSE 2018, March 2018 [Slides]
• New directions in attacks against stream ciphers (LFSR and FLIP) Invited talk EPFL, February 2018
• Attacks against Filter Generators Exploiting Monomial Mappings (extended) GT BAC, October 20, 2017 [Slides]
• Attaques par invariant: Comment s'en protéger? JC2 2017 April 2017 [Slides]
• Des nouvelles attaques sur les registres filtrés exploitant la structure des corps finis. Seminar CRYPTO UVSQ, PRISM Laboratory May 2016 [Slides]
• Cryptanalysis of the stream cipher FLIP Seminar ANR BLOC, Inria de Paris, March 2016. [Slides]
• Attacks against Filter Generators Exploiting Monomial Mappings. FSE 2016 March 2016 [Video][Slides]
• Attaques exploitant les représentations équivalentes des LFSR filtrés. JC2 2015 October 2015 [HAL][PDF][Slides]

PhD thesis:

• Discrete Mathematics applied to Symmetric Cryptology (French). Yann Rotella, Inria - SECRET, Sorbonne Université. September 2018 [HAL][10 pages english summary]

Master thesis:

• Equivalent representations of LFSR and their impact in cryptanalysis (only in French). Yann Rotella, Inria de Paris - SECRET, Paris Diderot university, MPRI September 2015 [HAL][PDF]

Others

Since 2021, the Crypto-Seminar of Versailles has been refurbished into an hybrid version and the presentations are recorded. I'm the organizer of this seminar. If you have something interesting about cryptography, don't hesitate to contact me!

Since 2024, I'm also organizing the Seminar of the UFR des Sciences! If you have something to say interesting about anything that is some science, or any of your teammates that you think has something interesting to say contact me ! I'm always looking forward to diffuse and learn some stuff.

I really like to do scientific interventions outside the university for explaining cryptography. I gave some talks in high school. A wanderfull competition in France: Alkindi, competition for 14 and 15 year old students on cryptanalysis. very interesting!