Personal data has long been considered the fuel of the digital economy, and has been collected behind individuals' backs. Thanks to the General Data Protection Regulation (GDPR), which came into force in May 2018, Europe has equipped itself with legislation capable of on the one hand protecting individuals, and on the other enabling players in the digital economy to build services that are more respectful of personal data. This is the context for our work in this field, with the aim of enabling the use of digital applications and services, while protecting personal data.

As part of J. Barrier's thesis, we focused on the Private Information Retrieval (PIR) mechanism, which enables a user to retrieve an element from a database without anyone, in particular the server or an intruder, being able to know which element has been accessed. The mechanism we built and implemented improved state-of-the-art performance by several orders of magnitude. To achieve this, we first built a library for manipulating polynomials in a ring, where coefficients are represented modulo an integer and polynomials modulo a polynomial, called NFLlib for NTT Fast Lattice Library. This library is designed to optimize the computational performance of arithmetic operations carried out between polynomials: valuated representation of polynomials, discrete Fourier transform and its inverse, Chinese remainder theorem, etc. 
Next, we used the latest developments in Euclidean network cryptography, in particular homomorphic cryptography schemes based on the Ring-Learning-with-errors problem, which we implemented on NFLlib. Finally, we have produced a library dedicated to the construction of PIR protocols, named XPIR, which is built on NFLlib. This library instantiates a PIR and guides the user through the many cryptographic parameters associated with the various protocols. Both the NFLlib and XPIR libraries are available on GitHub, where they have met with great success.

PIR is just one of many privacy protection mechanisms, and recent advances in homomorphic cryptography make it possible to envisage the creation of many more. In U. Aïvodji's thesis, we have sought to build such mechanisms to enable the provision of a privacy-friendly dynamic car-sharing service, in particular one that does not require users' location data to be leaked. The solutions proposed in this thesis combine multimodal route calculation algorithms with several privacy protection techniques such as homomorphic encryption, secure set intersection, shared secret and secure integer comparison. They guarantee privacy properties including anonymity, unchainability and data minimization. The experiments conducted in this thesis show that privacy constraints can be taken into account in car-sharing services without degrading their performance.

The problem of privacy-friendly car-pooling involves a number of sub-problems: firstly, participants need to be matched efficiently, i.e. assigned a passenger to a vehicle without inducing too great a detour for either of them; secondly, for each passenger-vehicle pair, pick-up and drop-off points need to be calculated to best satisfy the travel constraints of each individual. Solving these problems in an efficient and relevant way, while protecting the personal data (including the location of each participant) was a particularly interesting challenge. This work was carried out in collaboration with the ROC team.