Thomas ⠵ Espitau

I will be presenting Efficient Threshold ML-DSA with Sofia Celi at RWC 2026 !

I am in Japan for January/February; drop me a line if you want to meet there !

our former student Guilhem Niot received the Kudelski prize🏆 for his master work on the Squirrels signature , congratulations !

Efficient Threshold ML-DSA (with Sofia Celi,Rafaël del Pino, Guilhem Niot and Thomas Prest) Usenix 2026

Recursive lattice reduction--A framework for finding short lattice vectors (with D. Aggarwal, S. Peters, N. Stephens-Davidowitz) SOSA 2025

Two-round threshold signature from algebraic one-more learning with errors (with K. Takemure, S. Katsumata) | Crypto 2024

On Gaussian sampling, smoothing parameter and application to signatures (with A. Wallet, Y. Yu) Best paper award, Asiacrypt 2023

Witch Hunt ! Demistifying lattice security ICMC 2025 (also in pdf)

The big picture of lattice threshold ICMC 2025 (also in pdf)

Finding short integer solutions when the modulus is small, Crypto 2023

Mitaka. A Simpler, Parallelizable, Maskable Variant of Falcon, Eurocrypt 2022

Algebraic techniques for the reduction of algebraic lattices, Simons Institute 2020

geometry of numbers and lattices (theta functions, discrete geometry, Arakelov theory on F₁)

(algorithmic) number theory (reduction of vector bundles over arithmetic curves curves, effective Arakelov)

lattice-based cryptography (cryptanalysis, threshold cryptography, secure implementation)

NIST threshold signature mithril🏔️

NIST proposal signature raccoon 🦝

NIST proposal signature squirrels 🐿️

Mathilde Kermorgant | Master student 2026

Sara Sahraee | Master student, 2024

Георгій Пляцок (Georgii Platsiok) | Ph.D student, 2024

Guilhem Niot | Master student, 2023

42. Hermine: An Efficient Lattice-based FROST-like Threshold Signature (with Giacomo Borin, Sofía Celi, Rafael del Pino, Shuichi Katsumata, Guilhem Niot, Thomas Prest and Kaoru Takemure) Submitted

41. Efficient Threshold ML-DSA (with Sofia Celi,Rafaël del Pino, Guilhem Niot and Thomas Prest) Usenix 2026

40. Generating Falcon Trapdoors via Gibbs Sampler (with Chao Sun, Junjie Song, Jinguang Han and Mehdi Tibouchi) | PQCrpyto 2026

39. A reduction from hawk to the principal ideal problem in a quaternion algebra (with C. Chevignard, G Mureau, A. Pellet-Mary and A. Wallet) | Eurocrypt 2025

38. Two-round threshold signature from algebraic one-more learning with errors (with K. Takemure, S. Katsumata) | Journal of Cryptology 2025

37. Recursive lattice reduction--A framework for finding short lattice vectors (with D. Aggarwal, S. Peters, N. Stephens-Davidowitz) | SOSA 2025

36.Flood and Submerse: Distributed Key Generation and Robust Threshold Signature from Lattices (with G. Niot, T. Prest) | Crypto 2024

35.Two-round threshold signature from algebraic one-more learning with errors (with K. Takemure, S. Katsumata) | Crypto 2024

34.Plover : masking-friendly hash-and-sign lattice signatures (with MF. Esgin, G. Niot, T. Prest, A. Sakzad, R. Steinfeld) | Eurocrypt 2024

33.On hermitian decomposition lattices and the module-LIP problem in rank 2 (with G. Pliiatsok)

32.Statistical key recovery attack against the Peregrine lattice signature (with M. Suzuki, X. Lin, S. Zhang, Y. Yu, M. Tibouchi, M. Abe) | PKC 2024

31.Masking the GLP lattice-based signature scheme at any order (with G. Barthe, S. Belaïd, P. Fouque, B. Grégoire, M. Rossi, M. Tibouchi) | Journal of Cryptology 2024

29.On Gaussian Sampling, Smoothing Parameter and Application to Signatures (with A .Wallet, Y. Yu) | Asiacrypt 2023 Best paper Award

28.Antrag: Annular NTRU Trapdoor Generation: Making Mitaka as Secure as Falcon (with T. Nguyen, C. Sun, M. Tibouchi, A. Wallet) Asiacrypt 2023

27.Finding short integer solutions when the modulus is small (with L. Ducas, E. Postlethwaite) Crypto 2023

26.Square Unstructured Integer Euclidean Lattice Signature (with G. Niot, C. Sun, M. Tibouchi) Submission to the NIST’s post-quantum cryptography standardization process 2023

25.Recursive lattice reduction--A framework for finding short lattice vectors (with D. Aggarwal, S. Peters, N. Stephens-Davidowitz)

24.Shorter hash-and-sign lattice-based signatures (with M. Tibouchi, A. Wallet, Y. Yu) Crypto 2022

23.Mitaka: a simpler, parallelizable, maskable variant of falcon (with P. Fouque, F. Gérard, M. Rossi, A. Takahashi, M. Tibouchi, A. Wallet, Y. Yu) Eurocrypt 2022

22.Guessing bits: improved lattice attacks on (EC)DSA with nonce leakage (with C. Sun, M. Tibouchi, M. Abe) IACR Transactions on Symmetric Cryptology 2022

21.Towards Faster Polynomial-Time Lattice Reduction (with P Kirchner, P-A Fouque) Crypto 2021

20.Fast Reduction of Algebraic Lattices over Cyclotomic Fieldsn (with P Kirchner, P-A Fouque) Crypto 2020

19.Certified lattice reduction (with A. Joux) Adv. Math. Commun

18.On a Dual/Hybrid Approach to Small Secret LWE - A Dual/Enumeration Technique for Learning with Errors and Application to Security Estimates of FHE Schemes (with N. Karchenko, A. Joux) Indocrypt 2020

17.Relational ⋆⋆ tar-Liftings for Differential Privacy(with G. Barthe, B. Grégoire, T. Sato, P-Y. Strub) [Log. Methods Comput. Sci.]

16.GALACTICS: Gaussian Sampling for Lattice-Based Constant-Time Implementation of Cryptographic Signatures, Revisited(with G. Barthe, S. Belaïd, P. Fouque, B. Grégoire, M. Rossi, M. Tibouchi) Eurocrpyt 2019

15.Proving expected sensitivity of probabilistic programs. (with G. Barthe, B. Grégoire, J. Hsu, P-Y. Strub ) POPL 2018

14.Loop-Abort Faults on Lattice-Based Signature Schemes and Key Exchange Protocols (with P-A. Fouque, B. Gerard, M. Tibouchi) IEEE Trans. Computers

13.LWE Without Modular Reduction and Improved Side-Channel Attacks Against BLISS(with J. Bootle, C. Delaplace, P. Fouque, M. Tibouchi) Asiacrypt 2018

12.An Assertion-Based Program Logic for Probabilistic Programs(with G. Barthe, M. Gaboardi, B. Grégoire, J Hsu, P-Y Strub:) ESOP 2018

11.Masking the GLP Lattice-Based Signature Scheme at Any Order(with G. Barthe, S. Belaïd, P. Fouque, B. Grégoire, M. Rossi, M. Tibouchi) Eurocrypt 2018

10.Side-channel attacks on BLISS lattice-based signatures: Exploiting branch tracing against strongswan and electromagnetic emanations in microcontrollers (with P. Fouque, B. Gérard, M. Tibouchi) CCS 2017

9.Liftings for differential privacy (with G. Barthe, J. Hsu, T. Sato, P. Strub) ICALP 2017

8.Computing Generator in Cyclotomic Integer Rings - A Subfield Algorithm for the Principal Ideal Problem in L_Δ(½) and Application to the Cryptanalysis of a FHE Scheme (with JF Biasse, PA Fouque, A Gélin, P Kirchner) _{hard merge} Eurocrypt 2017

7.Proving expected sensitivity of probabilistic programs (with G. Barthe, B. Grégoire, J. Hsu, P. Strub) POPL 2017

5.Loop-abort faults on lattice-based fiat-shamir and hash-and-sign signatures (with P. Fouque, B. Gérard, M. Tibouchi) SAC 2016

4.Synthesizing probabilistic invariants via Doob’s decomposition (with G. Barthe, L. Ferrer Fioriti, J. Hsu) CAV 2016

3.Formal Certification of Randomized Algorithms (with G. Barthe, M. Gaboardi, B. Grégoire, J. Hsu, P. Strub) Preprint 2016

2.Relational reasoning via probabilistic coupling (with G. Barthe, B. Grégoire, J. Hsu, L. Stefanesco, P. Strub) LPAR 2015

1.Higher-Order Differential Meet-in-The-Middle Preimage Attacks on SHA-1 and BLAKE (with P-A. Fouque, P. Karpman) Crypto 2015

-1.Quantum binary quadratic form reduction (with N. David, A. Hosoyamada) 2022

-2.Algebraic and Euclidean Lattices: Optimal Lattice Reduction and Beyond (with P-A. Fouque and P. Kirchner) 2019

-3.Random integer lattices, theory and practice (with Y. Aono, P. Nguyen) 2018

-4.Proving uniformity and independence by self-composition and coupling (with G. Barthe, B. Grégoire, J. Hsu, P. Strub) 2017