The project significantly advanced the state of the art in several directions.
Regarding cryptanalytic implementation, we showed early how to exploit the full potential of tensor-core hardware present in modern GPU to perform a core cryptanalytic task (lattice sieving), although future gains are now limited by memory constraints. At the end of the project we also demonstrated significant gains on a lesser optimized part, namely LLL itself, whose precise performance matter little in theory but a lot in practice.
The transfer of techniques between lattices and codes also produced important progress, notably through the adaptation of LLL and the exchange of smoothing methods. While no major cryptanalytic breakthroughs have yet emerged for codes, ongoing work aims either to improve attacks or to confirm the completeness of current approaches.
The new smoothing bounds also clarified recent claims of improved attacks against standardized schemes such as KYBER and DILITHIUM. Our results showed that the heuristic assumptions underlying these dual-sieve attacks fail in the relevant regime, a conclusion also supported experimentally. We followed-up on this work to provide a sound methodology to study and predict the success probability of these dual-sieve attacks. While still heuristic, this new methodology is this time experimentally validated.
The project has also lead to better understanding of many "corner cases" lattice in cryptanalysis, including the NTRU-overstrechted lattices, SIS lattices with small modulus, SIS lattices with the max-norm. The most surprising result of this class may be the cryptanalytic study of cyclotomic module-lattices of non power-of-two conductors, where we showed a sub-exponential security gap with unstructured lattices; while non-devastating this result should question the concrete security of the Korean lattice-based PQC standard NTRU+, and other concrete FHE schemes.
Another significant achievement -- this time regarding cryptographic design rather than cryptanalysis -- is the successful foundation of cryptographic scheme on the Lattice Isomorphism Problem (LIP), and the concrete proposal HAWK that followed. HAWK has been submitted to the NIST on-ramp PQC standardization process, and has passed the first round of selection.