Thomas Espitau

lead researcher @pqshield

.about & misc

I pursued my Ph.D. in algorithmic number theory and cryptography at Sorbonne University in Paris, advised by prof. Antoine Joux and prof. Pierre-Alain Fouque. I then joined NTT laboratories in Tokyo, Japan. I joined the PQShield research team in 2023.

I am an enthusiastic surfer and freeride skier. Please drop me a line if you need some infos/tips/guiding on the best hidden gems of Japanese mountains and breaks.my Erdős number is 3 (by Joux>>Odlyzko>>Erdős)

.: news

our former student Guilhem Niot received the Kudelski prize🏆 for his master work on the Squirrels signature , congratulations !
check this interview I gave for Quanta magazine on recent progresses on the LLL algorithm by Nadia and Keegan!
our paper "On Gaussian sampling, smoothing parameter & application to signatures" won the best paper award 🏆 at Asiacrypt 2023!

.: (some) recent publications

Recursive lattice reduction--A framework for finding short lattice vectors (with D. Aggarwal, S. Peters, N. Stephens-Davidowitz) SOSA 2025
Two-round threshold signature from algebraic one-more learning with errors (with K. Takemure, S. Katsumata) | Crypto 2024
On Gaussian sampling, smoothing parameter and application to signatures (with A. Wallet, Y. Yu) Best paper award, Asiacrypt 2023

All pub

.: (some) selected talks

Finding short integer solutions when the modulus is small, Crypto 2023
Mitaka. A Simpler, Parallelizable, Maskable Variant of Falcon, Eurocrypt 2022
Algebraic techniques for the reduction of algebraic lattices, Simons Institute 2020

.: research interests

My ongoing explorations are about the algorithmic classification of low dimensional hermitian forms over number fields. Drop me a line if you want to have a chat !

geometry of numbers and lattices (theta functions, discrete geometry, Arakelov theory on F₁)
(algorithmic) number theory (reduction of vector bundles over arithmetic curves curves, effective Arakelov)
lattice-based cryptography (cryptanalysis, threshold cryptography, secure implementation)

.: projects

NIST proposal signature raccoon 🦝
NIST proposal signature squirrels 🐿️

.: students

Sara Sahraee | Master student, 2024
Георгій Пляцок (Georgii Platsiok) | Ph.D student, 2024
Guilhem Niot | Master student, 2023

Have a look at the careers page of PQShield. We are looking for excellent permanent as well as PhD/post-doctoral researchers to work within our research team. Funding is available. I am also looking for very talented interns (master or PhD students). Please send your resume and background!

.about

.: phd thesis

Algorithmic aspects of algebraic lattices. (Aspects algorithmiques des réseaux algébriques) 2020, Sorbonne University.
Prepared under the supervision of Prof. Pierre Alain Fouque and Prof. Antoine Joux

.: publication list, by year

2024

36.Flood and Submerse: Distributed Key Generation and Robust Threshold Signature from Lattices (with G. Niot, T. Prest) | Crypto 2024
35.Two-round threshold signature from algebraic one-more learning with errors (with K. Takemure, S. Katsumata) | Crypto 2024
34.Plover : masking-friendly hash-and-sign lattice signatures (with MF. Esgin, G. Niot, T. Prest, A. Sakzad, R. Steinfeld) | Eurocrypt 2024
33.On hermitian decomposition lattices and the module-LIP problem in rank 2 (with G. Pliiatsok)
32.Statistical key recovery attack against the Peregrine lattice signature (with M. Suzuki, X. Lin, S. Zhang, Y. Yu, M. Tibouchi, M. Abe) | PKC 2024
31.Masking the GLP lattice-based signature scheme at any order (with G. Barthe, S. Belaïd, P. Fouque, B. Grégoire, M. Rossi, M. Tibouchi) | Journal of Cryptology 2024

2023

29.On Gaussian Sampling, Smoothing Parameter and Application to Signatures (with A .Wallet, Y. Yu) | Asiacrypt 2023 Best paper Award
28.Antrag: Annular NTRU Trapdoor Generation: Making Mitaka as Secure as Falcon (with T. Nguyen, C. Sun, M. Tibouchi, A. Wallet) Asiacrypt 2023
27.Finding short integer solutions when the modulus is small (with L. Ducas, E. Postlethwaite) Crypto 2023
26.Square Unstructured Integer Euclidean Lattice Signature (with G. Niot, C. Sun, M. Tibouchi) Submission to the NIST’s post-quantum cryptography standardization process 2023
25.Recursive lattice reduction--A framework for finding short lattice vectors (with D. Aggarwal, S. Peters, N. Stephens-Davidowitz)

2022

24.Shorter hash-and-sign lattice-based signatures (with M. Tibouchi, A. Wallet, Y. Yu) Crypto 2022
23.Mitaka: a simpler, parallelizable, maskable variant of falcon (with P. Fouque, F. Gérard, M. Rossi, A. Takahashi, M. Tibouchi, A. Wallet, Y. Yu) Eurocrypt 2022
22.Guessing bits: improved lattice attacks on (EC)DSA with nonce leakage (with C. Sun, M. Tibouchi, M. Abe) IACR Transactions on Symmetric Cryptology 2022

2021

21.Towards Faster Polynomial-Time Lattice Reduction (with P Kirchner, P-A Fouque) Crypto 2021

2020

20.Fast Reduction of Algebraic Lattices over Cyclotomic Fieldsn (with P Kirchner, P-A Fouque) Crypto 2020
19.Certified lattice reduction (with A. Joux) Adv. Math. Commun
18.On a Dual/Hybrid Approach to Small Secret LWE - A Dual/Enumeration Technique for Learning with Errors and Application to Security Estimates of FHE Schemes (with N. Karchenko, A. Joux) Indocrypt 2020

2019

17.Relational ⋆⋆ tar-Liftings for Differential Privacy(with G. Barthe, B. Grégoire, T. Sato, P-Y. Strub) [Log. Methods Comput. Sci.]
16.GALACTICS: Gaussian Sampling for Lattice-Based Constant-Time Implementation of Cryptographic Signatures, Revisited(with G. Barthe, S. Belaïd, P. Fouque, B. Grégoire, M. Rossi, M. Tibouchi) Eurocrpyt 2019

2018

15.Proving expected sensitivity of probabilistic programs. (with G. Barthe, B. Grégoire, J. Hsu, P-Y. Strub ) POPL 2018
14.Loop-Abort Faults on Lattice-Based Signature Schemes and Key Exchange Protocols (with P-A. Fouque, B. Gerard, M. Tibouchi) IEEE Trans. Computers
13.LWE Without Modular Reduction and Improved Side-Channel Attacks Against BLISS(with J. Bootle, C. Delaplace, P. Fouque, M. Tibouchi) Asiacrypt 2018
12.An Assertion-Based Program Logic for Probabilistic Programs(with G. Barthe, M. Gaboardi, B. Grégoire, J Hsu, P-Y Strub:) ESOP 2018
11.Masking the GLP Lattice-Based Signature Scheme at Any Order(with G. Barthe, S. Belaïd, P. Fouque, B. Grégoire, M. Rossi, M. Tibouchi) Eurocrypt 2018

2017

10.Side-channel attacks on BLISS lattice-based signatures: Exploiting branch tracing against strongswan and electromagnetic emanations in microcontrollers (with P. Fouque, B. Gérard, M. Tibouchi) CCS 2017
9.Liftings for differential privacy (with G. Barthe, J. Hsu, T. Sato, P. Strub) ICALP 2017
8.Computing Generator in Cyclotomic Integer Rings - A Subfield Algorithm for the Principal Ideal Problem in L_Δ(½) and Application to the Cryptanalysis of a FHE Scheme (with JF Biasse, PA Fouque, A Gélin, P Kirchner) _{hard merge} Eurocrypt 2017
7.Proving expected sensitivity of probabilistic programs (with G. Barthe, B. Grégoire, J. Hsu, P. Strub) POPL 2017

2016

5.Loop-abort faults on lattice-based fiat-shamir and hash-and-sign signatures (with P. Fouque, B. Gérard, M. Tibouchi) SAC 2016
4.Synthesizing probabilistic invariants via Doob’s decomposition (with G. Barthe, L. Ferrer Fioriti, J. Hsu) CAV 2016
3.Formal Certification of Randomized Algorithms (with G. Barthe, M. Gaboardi, B. Grégoire, J. Hsu, P. Strub) Preprint 2016

2015

2.Relational reasoning via probabilistic coupling (with G. Barthe, B. Grégoire, J. Hsu, L. Stefanesco, P. Strub) LPAR 2015
1.Higher-Order Differential Meet-in-The-Middle Preimage Attacks on SHA-1 and BLAKE (with P-A. Fouque, P. Karpman) Crypto 2015

.: unpublished manuscripts

-1.Quantum binary quadratic form reduction (with N. David, A. Hosoyamada) 2022
-2.Algebraic and Euclidean Lattices: Optimal Lattice Reduction and Beyond (with P-A. Fouque and P. Kirchner) 2019
-3.Random integer lattices, theory and practice (with Y. Aono, P. Nguyen) 2018
-4.Proving uniformity and independence by self-composition and coupling (with G. Barthe, B. Grégoire, J. Hsu, P. Strub) 2017

Ripley Creek, British Columbia, march 2024

Hakuba valley, Japan, feb 2023

Niseko, Hokkaido, jan 2022

Anglet, La Barre june 2024