Despite the emergence of post-quantum schemes, the RSA cryptosystem and the Diffie-Hellman key exchange protocol in finite fields are still widely deployed. The main cryptanalytic tool for assessing the hardness of their underlying mathematical problems (e.g., integer factorization) is the Number Field Sieve (NFS) algorithm. The main objective of the KLEPTOMANIAC project is to investigate it further to evaluate as accurately as possible the security of these common asymmetric schemes.

Who can I contact?

Dr. Sonia Belaïd

Sonia Belaïd , PhD

Senior Cryptography Expert


Dr. Matthieu Rivain

Matthieu Rivain , PhD

CEO, Senior Cryptography Expert



3 Partners

Related service


A fresh pair of eyes on your design.

The development of a cryptographic product, from a whiteboard protocol to an industrial grade implementation, is a long and complex process. Our experts will help you avoid common (and less common) pitfalls at any stage of the development.



Recent records have demonstrated that breaking the RSA cryptosystem could be cheaper than initially expected (e.g., the record on 795-bit keys using Cado-NFS software in 2020). Accurately assessing the security of such a widely deployed cryptosystem is of paramount importance in determining the size of keys that should be used in everyday devices or in governmental products.

While post-quantum schemes will likely replace current cryptosystems in a few decades, it is important to accurately assess how long current products, with potentially very long lifecycles, will remain secure.


With partners either already involved in recent records, or directly concerned by the precise measurement of the security of the cryptosystems deployed, the KLEPTOMANIAC project can be split into three main objectives.

First, the partners aim to determine accurate hardness estimates for the RSA cryptosystem and the Diffie-Hellman key exchange protocol in finite fields. Similarly, they aim to determine accurate hardness estimates for elliptic-curve cryptosystems relying on small-degree extension fields, especially for key sizes relevant for zero-knowledge proofs used by current blockchain technology. Finally, the idea will be to build simulation tools to calculate previous estimates and which can be easily adapted in the event of a new breakthrough.