techno-social and
Access and

In the wake of the Snowden revelations, public trust in the Internet has eroded.

NEXTLEAP aims to create, validate, and deploy communication and computation protocols that can serve as pillars for a secure, trust-worthy, annotable and privacy-respecting Internet that ensures citizens fundamental rights. For this purpose NEXTLEAP will develop an interdisciplinary internet science of decentralisation that provides the basis on which these protocols will be built.

Why and how does it matter?

Francesca Musiani

Georges Danezis

Carmela Toncoso

NEXTLEAP Team group photo.
Holger Krekel, Georges Danezis, Bruno Blanchet, Francesca Musiani, Carmela Troncoso, Karthikeyan Bhargavan, Marios Isaakidis and Harry Halpin (not the entire team).

Meet the NEXTLEAP team

NEXTLEAP combines expertise from across different disciplines in order to develop a set comprehensive answers to questions surrounding privacy and society. Our team is spread across Europe and includes specialists in computer science, formal protocol verification, sociology, social philosophy, cryptography and engineering.


The political Significance of Cryptography

Although historically cryptography has been restricted to government and industrial use, there has recently, after revelations of mass surveillance by Snowden, been increased interest in securing the everyday communications of citizens: Applications such WhatsApp, Telegram, Silence,, Signal, and even PGP all claim to use end-to-end encrypted messaging to secure the content of communication. There has been discussion in France after the Bataclan attacks of banning end-to-end encryption, and in recent weeks, political parties have declared their desire to keep end-to-end encryption legal but have a backdoor or passwords available to the government. Rumors of hacking now dominate the news, and are claimed even influence elections. Given that cryptography has moved from an obscure branch of mathematical number theory to a real-world problem, the NEXTLEAP project is drawing together an interdisciplinary group of cryptographers, activists, and philosophers to discuss the political significance of cryptography.


2017 - Decrypting Algorithms

28.03.2017 14:00-17:00
What is "good encryption"? A pragmatic turn from a tool-centered to a user-centered approach
  • Ksenia Ermoshina (CNRS)
  • Francesca Musiani (CNRS)
  • Mykola Kostynyan (Digital security trainer and expert, ISCproject)
19.04.2017 18:30-20:00
Cryptography and Usability
18.05.2017 14:30-18:00
Decentralized systems and new urban territories
  • Bernard Stiegler - IRI
  • Franck Cormerais - Bordeaux-Montaigne University, Etudes Digitales
  • Julien Rossi - UTC
28.06.2017 15:00-18:00
Decentralized certification and blockchain systems
  • Christian Fauré (OCTO Technologies, Ars Industrialis)
  • Adli Takkal Bataille (La voie du Bitcoin)
  • Lyse Brillouet (Orange Labs)
  • André Reinald (PeerStorage, former Mozilla)

We are open source

Repositories of various deliverables worked on by NEXTLEAP are available as open source materials. Feel free to download, replicate, share, remix and provide us some feedbacks.

Consult our github repository


As part of bringing privacy-preserving end-to-end encryption to decentralized messaging, researchers and implementers in NEXTLEAP have co-founded and are participating in the new Autocrypt effort. It aims to leverage the email ecosystem, the largest federated identity and messaging network, and bring encryption to a wider audience than other failed efforts in the last 15 years.
In order to be decentralized, secure messaging requires an ability to discover key material and guarantee its integrity. Typically, today this is done via a single centralized and unstandardised service provider. In order to create an interoperable standard around secure messaging, key discovery needs to be decentralized. Blockchain-based approaches have been suggested in previous work in the security research community such as CONIKS, but have failed to take off due to the high deployment cost on centralized servers. We've designed a new protocol, ClaimChain, that builds on both existing work on blockchains while adding new optimizations and providing a decentralized logic based on Rivest and Lampson's SDSI to identify and discovery key material without a trusted third party. Joint work with CNRS to understand the social and economic considerations led to a publication in Internet Science and the existing design will be submitted to a top-notch security conference. Currently, we are discussing early use of this design with codebases used by secure messaging and email providers, and a security and privacy analysis of these codbases was published in CANS. Over the next year we plan for all of these protocols to have formally verified code for their cryptographic functionality and to present a design on how to integrate this work on key discovery into secure messaging with improved privacy.
UnlimitID is a method for enhancing the privacy of commodity OAuth and applications such as OpenID Connect, using anonymous attribute-based credentials based on algebrai Message Authentication Codes (aMACs). OAuth is one of the most widely used protocols on the Web, but it exposes each of the requests of a user for data by each relying party (RP) to the identity provider (IdP). Our approach allows for the creation of multiple persistent and unlinkable pseudo-identities and requires no change in the deployed code of relying parties, only in identity providers and the client.


EuroUSec 2017 - 2nd European Workshop on Usable Security
Paris, UPMC, Paris 6, Sorbonne Universités / 29.04.2017
Brussels / 29-31.03.2017
CryptoAction Symposium
Amsterdam / 27-28.03.2017
Internet Freedom Festival
Valencia / 06-10.03.2017
F2F Meeting
Madrid / 03.03.2017
Sciences à coeur
Paris / 01.12.2016
Amsterdam / 25.11.2016
ELEVATE Festival
Graz / 22.10.2016
The Internet Rules, But How?
Berlin / 05.10.2016
CAPSSI Community Workshop
Bratislava / 28.09.2016
Internet Science 2016
Florence / 12-14.09.2016
4S/EASST Conference -
Barcelona / 01-02.092016
W3C Blockchains and the Web Workshop
Cambridge / 29-30.07.2016
See other highlights


INRIA IMDEA CNRS IRI (Centre Pompidou) UCL Merlinux