Yann Rotella


Associate Professor (Maître de Conférences) in Mathematics and Computer Science at Université Paris-Saclay

About me

I'm a Maître de Conférences (associate professor) at the Université Paris-Saclay (UVSQ) in the Computer Science Department and I'm affiliated with the Laboratoire de Mathématiques de Versailles.

As a teacher, I really enjoy pedagogical sciences and I'm always looking for ideas to improve my courses. You can see my courses in the Teaching section.

Doctor in Computer Science and specialized in Symmetric Cryptography, my research work focus mainly on design and analysis of cryptographic primitives. I really enjoy discrete mathematics (Finite Fields, Boolean functions). I am trying to identify different structures of mathematical objects that we use, in order to refine knowledge about the security of cryptographic constructions. I like to cryptanalyze ciphers.

I'm really invested in scientific mediation. Besides giving some talks here and there about cryptography, I'm a co-designer of the exercices for the very exciting Alkindi competition for 15 year old students.

Because my life is not entirely dedicated to research and teaching cryptography, I also have some hobbies. Here they are: hiking, paragliding, skiing. In other words if there is the mountains, I'm in, and if there is the snow, I'm in twice!


I wish my students can find back the knowledge without learning it by heart. More precisely, I like to instil into my students an in-depth understanding of concepts by minimizing the size of the data stored in their brain. I also really like to teach the students to work in groups, mainly because it's a skill I find extremely usefull but unfortunately very little mastered. At the end of my courses, I wish my students don't need anyone to reinforce their knowledge in the field of expertise I teach them. If you have any ideas or just want to discuss on this, don't hesitate to contact me. I'm constantly looking for improving myself on this, which is a hard topic.


PhD students: Internships: Long projects for Master students (TER):

Random stuff


International conferences and journals papers:
  • Learning with Physical Rounding for Linear and Quadratic Leakage Functions.Clément Hoffmann and Pierrick Méaux and Charles Momin and Yann Rotella and François-Xavier Standaert and Balazs Udvarhelyi, Crypto Group, ICTEAM Institute, UCLouvain, Louvain-la-Neuve, Belgium and Luxembourg University, SnT, Luxembourg and Université Paris-Saclay, UVSQ, CNRS, LMV,Versailles, France Crypto 2023August 2023 [published version]
  • On the Security of Keyed Hashing Based on Public Permutations Joan Daemen and Jonathan Fuchs and Yann Rotella Crypto 2023August 2023 [eprint version][published version]
  • Generic Attack on Duplex-Based AEAD Modes Using Random Fuction Statistics. Henri Gilbert and Rachelle Heim Boissier and Louiza Khati and Yann Rotella, UVSQ, Université Paris-Saclay, LMV, Versailles, France and ANSSI, France Eurocrypt 2023April 2023 [eprint version][published version]
  • Differential analysis of the ternary hash function Troika. Christina Boura and Margot Funk and Yann Rotella, UVSQ, Université Paris-Saclay, LMV, Versailles, France SAC 2022August 2022 [eprint version]
  • Breaking Panther Christina Boura and Rachelle Heim Boissier and Yann Rotella, UVSQ, Université Paris-Saclay, LMV, Versailles, France Africacrypt 2022July 2022 [eprint version]
  • Cryptanalysis of the GPRS Encryption Algorithms GEA-1 and GEA-2 Christof Beierle, Patrick Derbez, Gregor Leander, Gaëtan Leurent, Håvard Raddum, Yann Rotella, David Rupprecht, Lukas Stennes, Ruhr University Bochum, Bochum, Germany and Univ Rennes, CNRS, IRISA, Rennes, France and Inria, Paris, France and Simula UiB, Bergen, Norway and Université Paris-Saclay, UVSQ, CNRS, Laboratoire de Math´ematiques de Versailles, Versailles, France. Eurocrypt 2021 October 2021 [Final published version][eprint Version][Video]
  • Algebraic Collision Attacks on Keccak Rachelle Heim Boissier and Camille Noûs and Yann Rotella ToSC 2020 Special Issue (1) May 2021 [Final published version][Video]
  • The Subterranean 2.0 Cipher Suite Joan Daemen, Pedro Maat Costa Massolino, Alireza Mehrdad and Yann Rotella, Radboud University, Nijmegen, Netherlands and UVSQ, LMV, Université Paris Saclay, Versailles, France, ToSC 2020 Special Issue (1) May 2020 [Final published version][Video]
  • Algebraic and Higher-Order Differential Cryptanalysis of Pyjamask-96 Christoph Dobraunig, Yann Rotella and Jan Schoone, Radboud University, Nijmegen, Nehterlands and UVSQ, LMV, Université Paris Saclay, Versailles, France, ToSC 2020 (1) March 2020 [Final published version][Video]
  • On the Concrete Security of Goldreich's Pseudorandom Generator Geoffroy Couteau, Aurélien Dupin, Pierrick Méaux, Mélissa Rossi and Yann Rotella, Karlsruhe Institute of Technology, CentraleSupélec Rennes and Irisa Rennes and ICTEAM/ELEN/Crypto Group Université catholique de Louvain, ENS de Paris, Digital Security Group Radboud University, Asiacrypt 2018 December 2018 [eprint Full Version]
  • Cryptanalysis of MORUS Tomer Ashur, Maria Eichlseder, Martin M. Lauridsen, Gaëtan Leurent, Brice Minaud, Yann Rotella, Yu Sasaki and Benoît Viguier, imec-COSIC, KU Leuven, Graz University of Technology, Inria de Paris, Royal Holloway University of London, NTT Tokyo, Radboud University, Nijmegen, Inria de Paris, Asiacrypt 2018 December 2018 [eprint]
  • State-Recovery Attacks on Modified Ketje Jr Thomas Fuhr, María Naya-Plasencia and Yann Rotella, ANSSI, Inria de Paris - SECRET, ToSC 2018 (1) March 2018 [Final published version]
  • Boolean functions with restricted input and their robustness; application to the FLIP cipher Claude Carlet, Pierrick Méaux and Yann Rotella, LAGA, Department of mathematics, University Paris 8, Paris 13 and CNRS - Inria, CNRS, ENS and PSL Research University, Inria de Paris - SECRET, ToSC 2017 (3) November 2017 [Final published version]
  • Proving Resistance against Invariant Attacks: How to Choose the Round Constants Christof Beierle, Anne Canteaut, Gregor Leander and Yann Rotella, HG Institute for IT security, Ruhr-Universitat Bochum, Inria de Paris - SECRET, Crypto 2017 August 2017 [eprint]
  • Cryptanalysis of the FLIP Family of Stream Ciphers. Sébastien Duval, Virginie Lallemand and Yann Rotella, Inria de Paris - SECRET,Crypto 2016 August 2016 [eprint]
  • Attacks against Filter Generators Exploiting Monomial Mappings. Anne Canteaut and Yann Rotella, Inria de Paris - SECRET, FSE 2016 March 2016 [eprint][Video][Slides]
Reviews, Subreviews and Boards Involved Projects:
  • ANR SWAP, started in 2022, Sboxes for Symmetric-Key Primitives. The goal is to design and analyze Sboxes for specific applications such as masking schemes or FHE and MPC applications, coordinated by Christina Boura.
  • ANR OREO, started in 2023, Tools for cryptography. Mixed Integer Linear Programming, models, designing better MILP models for cryptanalysis, coordinated by Patrick Derbez.
  • PEPR CyberSecurity, Cryptanalysis, started in 2023.
Seminar and other presentations:
  • Cryptographie, en quoi avons-nous confiance ? Séminaire laboratoire DAVID, Novembre 2023, Versailles, France[Slides]
  • S-boxes for Fully Homomorphic encryption, WISG 2023, March, 2023, Marseille, France
  • Generic Attacks on Duplex-based AEAD modes, Frisiacrypt Workshop, September, 2022 [Slides]
  • Open Problems in boolean functions, Frisiacrypt Workshop, September, 2022 [Slides]
  • Cryptanalysis of GEA-1 and GEA-2 ciphers, backdoor and proprietary ciphers, ENS Crypto Seminar May, 2022 [Slides]
  • Higher Order Derivatives, cubes, algebraic, integral, Invited talk at Journées Codage et Cryptographie, April, 2022 [Slides]
  • Cryptanalysis of GEA-1 and GEA-2 ciphers, backdoor and proprietary ciphers, Versailles CRYPTO Seminar and ENS Cypto SeminarFebruary and May, 2022 [Slides]
  • Algebraic Cryptanalysis of Keccak 2 round, CWI Seminar May, 2021 [Slides]
  • Subterranean 2.0, and a closer look at XoodYak, Special Crypto-Seminar of Versailles on NIST-lightweight Cryptography Competition December 19, 2020 [Subterranean-short][XoodYak-short]
  • On generating collisions in blinded keyed hashing, Crypto-Seminar of Versailles, France. January 21, 2020 [Slides]
  • How to use Differential Trails to attack compression functions, Dagstuhl Seminar, Germany. January 21, 2020 [Slides]
  • Cryptanalysis of Full Pyjamask-96, Laboratory of Mathematics of Versailles Seminar, Paris-Saclay University, France. September 4, 2019 [Slides]
  • Attacks Against Filter Generators Exploiting Monomial Mappings, SIAM, Bern, Switzerland, Finite Fields and Cryptography workshop. July 12, 2019 [Slides]
  • Finding collisions using differentials, Invited Seminar CASYS-team, Grenoble, France, Jean Kuntzmann Laboratory June 27, 2019 [Slides]
  • Invariant attacks; how to choose the round constants, Invited Seminar team GRACE, Laboratoire d'Informatique de l'X, Saclay, France April 9, 2019 [Slides]
  • Subterranean 2.0: a lightweight proposal for the NIST Lightweight Crypto Competition for Standardisation Radboud University, Nijmegen, Netherlands, Digital Security March 12, 2019 [Slides]
  • On the concrete security of Goldreich's Pseudorandom Generator Invited talk CARAMBA-team Inria Nancy, January 31, 2019 [Slides]
  • Choosing Round Constants in Lightweight Block Ciphers Seminar CRYPTO UVSQ, PRISM Laboratory, January 2019 [Slides]
  • Discrete Mathematics Applied to Symmetric Cryptography PhD defense, Sorbonne Université September 19, 2018 [Slides]
  • Algebraic Attacks Revisited CCA (now C2), June 15, 2018 [Slides]
  • Boolean functions with restricted input and their robustness; application to the FLIP cipher FSE 2018, March 2018 [Slides]
  • New directions in attacks against stream ciphers (LFSR and FLIP) Invited talk EPFL, February 2018
  • Attacks against Filter Generators Exploiting Monomial Mappings (extended) GT BAC, October 20, 2017 [Slides]
  • Attaques par invariant: Comment s'en protéger? JC2 2017 April 2017 [Slides]
  • Des nouvelles attaques sur les registres filtrés exploitant la structure des corps finis. Seminar CRYPTO UVSQ, PRISM Laboratory May 2016 [Slides]
  • Cryptanalysis of the stream cipher FLIP Seminar ANR BLOC, Inria de Paris, March 2016. [Slides]
  • Attacks against Filter Generators Exploiting Monomial Mappings. FSE 2016 March 2016 [Video][Slides]
  • Attaques exploitant les représentations équivalentes des LFSR filtrés. JC2 2015 October 2015 [HAL][PDF][Slides]
PhD thesis:
  • Discrete Mathematics applied to Symmetric Cryptology (French). Yann Rotella, Inria - SECRET, Sorbonne Université. September 2018 [HAL][10 pages english summary]
Master thesis:
  • Equivalent representations of LFSR and their impact in cryptanalysis (only in French). Yann Rotella, Inria de Paris - SECRET, Paris Diderot university, MPRI September 2015 [HAL][PDF]


Since 2021, the Crypto-Seminar of Versailles has been refurbished into an hybrid version and the presentations are recorded and put online on Youtube. Christina Boura and myself are organizing. If you have something interesting about cryptography, don't hesitate to contact us!

I really like to do scientific interventions outside the university for explaining cryptography. I gave some talks in high school. A wanderfull competition in France: Alkindi, competition for 14 and 15 year old students on cryptanalysis. very interesting!