{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,5,5]],"date-time":"2026-05-05T07:01:06Z","timestamp":1777964466103,"version":"3.51.4"},"publisher-location":"Cham","reference-count":47,"publisher":"Springer International Publishing","isbn-type":[{"value":"9783030172589","type":"print"},{"value":"9783030172596","type":"electronic"}],"license":[{"start":{"date-parts":[[2019,1,1]],"date-time":"2019-01-01T00:00:00Z","timestamp":1546300800000},"content-version":"tdm","delay-in-days":0,"URL":"http:\/\/www.springer.com\/tdm"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2019]]},"DOI":"10.1007\/978-3-030-17259-6_19","type":"book-chapter","created":{"date-parts":[[2019,4,7]],"date-time":"2019-04-07T23:02:48Z","timestamp":1554678168000},"page":"565-598","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":47,"title":["Decryption Failure Attacks on IND-CCA Secure Lattice-Based Schemes"],"prefix":"10.1007","author":[{"given":"Jan-Pieter","family":"D\u2019Anvers","sequence":"first","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Qian","family":"Guo","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Thomas","family":"Johansson","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Alexander","family":"Nilsson","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Frederik","family":"Vercauteren","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Ingrid","family":"Verbauwhede","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"297","published-online":{"date-parts":[[2019,4,6]]},"reference":[{"key":"19_CR1","unstructured":"NIST Post-Quantum Cryptography Forum. https:\/\/groups.google.com\/a\/list.nist.gov\/forum\/#!forum\/pqc-forum. Accessed 11 Jan 2019"},{"key":"19_CR2","unstructured":"Submission requirements and evaluation criteria for the post-quantum cryptography standardization process (2016). https:\/\/csrc.nist.gov\/CSRC\/media\/Projects\/Post-Quantum-Cryptography\/documents\/call-for-proposals-final-dec-2016.pdf"},{"key":"19_CR3","doi-asserted-by":"publisher","first-page":"169","DOI":"10.1515\/jmc-2015-0016","volume":"9","author":"M Albrecht","year":"2015","unstructured":"Albrecht, M., Player, R., Scott, S.: On the concrete hardness of learning with errors. J. Math. Cryptol. 9, 169\u2013203 (2015)","journal-title":"J. Math. Cryptol."},{"key":"19_CR4","unstructured":"Albrecht, M.R., et al.: Estimate all the LWE, NTRU schemes! Cryptology ePrint Archive, Report 2018\/331 (2018). https:\/\/eprint.iacr.org\/2018\/331"},{"key":"19_CR5","unstructured":"Alkim, E., Ducas, L., P\u00f6ppelmann, T., Schwabe, P.: Post-quantum key exchange $$-$$ a new hope. In: USENIX Security 2016 (2016)"},{"key":"19_CR6","unstructured":"Baan, H., et al.: Round2: KEM and PKE based on GLWR. Cryptology ePrint Archive, Report 2017\/1183 (2017). https:\/\/eprint.iacr.org\/2017\/1183"},{"key":"19_CR7","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"719","DOI":"10.1007\/978-3-642-29011-4_42","volume-title":"Advances in Cryptology \u2013 EUROCRYPT 2012","author":"A Banerjee","year":"2012","unstructured":"Banerjee, A., Peikert, C., Rosen, A.: Pseudorandom functions and lattices. In: Pointcheval, D., Johansson, T. (eds.) EUROCRYPT 2012. LNCS, vol. 7237, pp. 719\u2013737. Springer, Heidelberg (2012). https:\/\/doi.org\/10.1007\/978-3-642-29011-4_42"},{"key":"19_CR8","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"203","DOI":"10.1007\/978-3-319-89339-6_12","volume-title":"Progress in Cryptology \u2013 AFRICACRYPT 2018","author":"DJ Bernstein","year":"2018","unstructured":"Bernstein, D.J., Bruinderink, L.G., Lange, T., Panny, L.: HILA5 pindakaas: on the CCA security of lattice-based encryption with error correction. In: Joux, A., Nitaj, A., Rachidi, T. (eds.) AFRICACRYPT 2018. LNCS, vol. 10831, pp. 203\u2013216. Springer, Cham (2018). https:\/\/doi.org\/10.1007\/978-3-319-89339-6_12"},{"key":"19_CR9","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"367","DOI":"10.1007\/978-3-662-43933-3_19","volume-title":"Fast Software Encryption","author":"A Boldyreva","year":"2014","unstructured":"Boldyreva, A., Degabriele, J.P., Paterson, K.G., Stam, M.: On symmetric encryption with distinguishable decryption failures. In: Moriai, S. (ed.) FSE 2013. LNCS, vol. 8424, pp. 367\u2013390. Springer, Heidelberg (2014). https:\/\/doi.org\/10.1007\/978-3-662-43933-3_19"},{"key":"19_CR10","unstructured":"Bos, J., et al.: CRYSTALS $$-$$ Kyber: a CCA-secure module-lattice-based KEM. Cryptology ePrint Archive, Report 2017\/634 (2017). http:\/\/eprint.iacr.org\/2017\/634"},{"key":"19_CR11","doi-asserted-by":"crossref","unstructured":"Brakerski, Z., Langlois, A., Peikert, C., Regev, O., Stehl\u00e9, D.: Classical hardness of learning with errors. In: Boneh, D., Roughgarden, T., Feigenbaum, J. (eds.) 45th Annual ACM Symposium on Theory of Computing, 1\u20134 June 2013, pp. 575\u2013584. ACM Press, Palo Alto (2013)","DOI":"10.1145\/2488608.2488680"},{"key":"19_CR12","unstructured":"Cheon, J.H., Kim, D., Lee, J., Song, Y.: Lizard: cut off the tail! Practical post-quantum public-key encryption from LWE and LWR. Cryptology ePrint Archive, Report 2016\/1126 (2016). http:\/\/eprint.iacr.org\/2016\/1126"},{"key":"19_CR13","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"282","DOI":"10.1007\/978-3-319-89339-6_16","volume-title":"Progress in Cryptology \u2013 AFRICACRYPT 2018","author":"JP D\u2019Anvers","year":"2018","unstructured":"D\u2019Anvers, J.P., Karmakar, A., Roy, S.S., Vercauteren, F.: Saber: module-LWR based key exchange, CPA-secure encryption and CCA-secure KEM. In: Joux, A., Nitaj, A., Rachidi, T. (eds.) AFRICACRYPT 2018. LNCS, vol. 10831, pp. 282\u2013305. Springer, Cham (2018). https:\/\/doi.org\/10.1007\/978-3-319-89339-6_16"},{"key":"19_CR14","unstructured":"D\u2019Anvers, J.P., Vercauteren, F., Verbauwhede, I.: On the impact of decryption failures on the security of LWE\/LWR based schemes. Cryptology ePrint Archive, Report 2018\/1089 (2018). https:\/\/eprint.iacr.org\/2018\/1089"},{"key":"19_CR15","doi-asserted-by":"crossref","unstructured":"Ding, J., Alsayigh, S., Saraswathy, R.V., Fluhrer, S., Lin, X.: Leakage of signal function with reused keys in RLWE key exchange. Cryptology ePrint Archive, Report 2016\/1176 (2016). http:\/\/eprint.iacr.org\/2016\/1176","DOI":"10.1109\/ICC.2017.7996806"},{"key":"19_CR16","doi-asserted-by":"crossref","unstructured":"Fabsic, T., Hromada, V., Stankovski, P., Zajac, P., Guo, Q., Johansson, T.: A reaction attack on the QC-LDPC McEliece cryptosystem. Cryptology ePrint Archive, Report 2017\/494 (2017). http:\/\/eprint.iacr.org\/2017\/494","DOI":"10.1007\/978-3-319-59879-6_4"},{"key":"19_CR17","unstructured":"Fluhrer, S.: Cryptanalysis of ring-LWE based key exchange with key share reuse. Cryptology ePrint Archive, Report 2016\/085 (2016). https:\/\/eprint.iacr.org\/2016\/085"},{"key":"19_CR18","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"537","DOI":"10.1007\/3-540-48405-1_34","volume-title":"Advances in Cryptology \u2014 CRYPTO 1999","author":"E Fujisaki","year":"1999","unstructured":"Fujisaki, E., Okamoto, T.: Secure integration of asymmetric and symmetric encryption schemes. In: Wiener, M.J. (ed.) CRYPTO 1999. LNCS, vol. 1666, pp. 537\u2013554. Springer, Heidelberg (1999). https:\/\/doi.org\/10.1007\/3-540-48405-1_34"},{"key":"19_CR19","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"89","DOI":"10.1007\/978-3-540-71677-8_7","volume-title":"Public Key Cryptography \u2013 PKC 2007","author":"N Gama","year":"2007","unstructured":"Gama, N., Nguyen, P.Q.: New chosen-ciphertext attacks on NTRU. In: Okamoto, T., Wang, X. (eds.) PKC 2007. LNCS, vol. 4450, pp. 89\u2013106. Springer, Heidelberg (2007). https:\/\/doi.org\/10.1007\/978-3-540-71677-8_7"},{"key":"19_CR20","doi-asserted-by":"publisher","unstructured":"Grover, L.K.: A fast quantum mechanical algorithm for database search. In: Proceedings of the Twenty-Eighth Annual ACM Symposium on Theory of Computing, pp. 212\u2013219. STOC 1996. ACM, New York (1996). https:\/\/doi.org\/10.1145\/237814.237866","DOI":"10.1145\/237814.237866"},{"key":"19_CR21","unstructured":"Guo, Q., Johansson, T., Nilsson, A.: A generic attack on lattice-based schemes using decryption errors with application to ss-ntru-pke. Cryptology ePrint Archive, Report 2019\/043 (2019). https:\/\/eprint.iacr.org\/2019\/043"},{"key":"19_CR22","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"789","DOI":"10.1007\/978-3-662-53887-6_29","volume-title":"Advances in Cryptology \u2013 ASIACRYPT 2016","author":"Q Guo","year":"2016","unstructured":"Guo, Q., Johansson, T., Stankovski, P.: A key recovery attack on MDPC with CCA security using decoding errors. In: Cheon, J.H., Takagi, T. (eds.) ASIACRYPT 2016. Part I. LNCS, vol. 10031, pp. 789\u2013815. Springer, Heidelberg (2016). https:\/\/doi.org\/10.1007\/978-3-662-53887-6_29"},{"key":"19_CR23","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"2","DOI":"10.1007\/978-3-540-47942-0_2","volume-title":"Information and Communication Security","author":"C Hall","year":"1999","unstructured":"Hall, C., Goldberg, I., Schneier, B.: Reaction attacks against several public-key cryptosystem. In: Varadharajan, V., Mu, Y. (eds.) ICICS 1999. LNCS, vol. 1726, pp. 2\u201312. Springer, Heidelberg (1999). https:\/\/doi.org\/10.1007\/978-3-540-47942-0_2"},{"key":"19_CR24","unstructured":"Hoffstein, J., Silverman, J.H.: NTRU Cryptosystems Technical Report Report# 016, Version 1 Title: Protecting NTRU Against Chosen Ciphertext and Reaction Attacks"},{"key":"19_CR25","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"341","DOI":"10.1007\/978-3-319-70500-2_12","volume-title":"Theory of Cryptography","author":"D Hofheinz","year":"2017","unstructured":"Hofheinz, D., H\u00f6velmanns, K., Kiltz, E.: A modular analysis of the Fujisaki-Okamoto transformation. In: Kalai, Y., Reyzin, L. (eds.) TCC 2017. Part I. LNCS, vol. 10677, pp. 341\u2013371. Springer, Cham (2017). https:\/\/doi.org\/10.1007\/978-3-319-70500-2_12"},{"key":"19_CR26","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"226","DOI":"10.1007\/978-3-540-45146-4_14","volume-title":"Advances in Cryptology - CRYPTO 2003","author":"N Howgrave-Graham","year":"2003","unstructured":"Howgrave-Graham, N., et al.: The impact of decryption failures on the security of NTRU encryption. In: Boneh, D. (ed.) CRYPTO 2003. LNCS, vol. 2729, pp. 226\u2013246. Springer, Heidelberg (2003). https:\/\/doi.org\/10.1007\/978-3-540-45146-4_14"},{"key":"19_CR27","unstructured":"Howgrave-Graham, N., Silverman, J.H., Singer, A., Whyte, W.: NAEP: provable security in the presence of decryption failures. Cryptology ePrint Archive, Report 2003\/172 (2003). http:\/\/eprint.iacr.org\/2003\/172"},{"key":"19_CR28","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"20","DOI":"10.1007\/3-540-44598-6_2","volume-title":"Advances in Cryptology \u2014 CRYPTO 2000","author":"\u00c9 Jaulmes","year":"2000","unstructured":"Jaulmes, \u00c9., Joux, A.: A chosen-ciphertext attack against NTRU. In: Bellare, M. (ed.) CRYPTO 2000. LNCS, vol. 1880, pp. 20\u201335. Springer, Heidelberg (2000). https:\/\/doi.org\/10.1007\/3-540-44598-6_2"},{"key":"19_CR29","unstructured":"Jiang, H., Zhang, Z., Chen, L., Wang, H., Ma, Z.: Post-quantum IND-CCA-secure KEM without additional hash. Cryptology ePrint Archive, Report 2017\/1096 (2017). https:\/\/eprint.iacr.org\/2017\/1096"},{"issue":"3","key":"19_CR30","doi-asserted-by":"publisher","first-page":"565","DOI":"10.1007\/s10623-014-9938-4","volume":"75","author":"A Langlois","year":"2015","unstructured":"Langlois, A., Stehl\u00e9, D.: Worst-case to average-case reductions for module lattices. Des. Codes Crypt. 75(3), 565\u2013599 (2015). https:\/\/doi.org\/10.1007\/s10623-014-9938-4","journal-title":"Des. Codes Crypt."},{"key":"19_CR31","unstructured":"Lu, X., Liu, Y., Jia, D., Xue, H., He, J., Zhang, Z.: LAC. Technical report, National Institute of Standards and Technology (2017). https:\/\/csrc.nist.gov\/projects\/post-quantum-cryptography\/round-1-submissions"},{"key":"19_CR32","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1007\/978-3-642-13190-5_1","volume-title":"Advances in Cryptology \u2013 EUROCRYPT 2010","author":"V Lyubashevsky","year":"2010","unstructured":"Lyubashevsky, V., Peikert, C., Regev, O.: On ideal lattices and learning with errors over rings. In: Gilbert, H. (ed.) EUROCRYPT 2010. LNCS, vol. 6110, pp. 1\u201323. Springer, Heidelberg (2010). https:\/\/doi.org\/10.1007\/978-3-642-13190-5_1"},{"key":"19_CR33","unstructured":"Naehrig, M., et al.: Frodokem. Technical report, National Institute of Standards and Technology (2017). https:\/\/frodokem.org\/files\/FrodoKEM-specification-20171130.pdf"},{"issue":"1","key":"19_CR34","doi-asserted-by":"publisher","first-page":"238","DOI":"10.13154\/tches.v2019.i1.238-258","volume":"2019","author":"A Nilsson","year":"2019","unstructured":"Nilsson, A., Johansson, T., Stankovski, P.: Error amplification in code-based cryptography. IACR Trans. Crypt. Hardw. Embed. Syst. 2019(1), 238\u2013258 (2019). https:\/\/doi.org\/10.13154\/tches.v2019.i1.238-258","journal-title":"IACR Trans. Crypt. Hardw. Embed. Syst."},{"key":"19_CR35","doi-asserted-by":"publisher","unstructured":"Peikert, C.: Public-key cryptosystems from the worst-case shortest vector problem: extended abstract. In: Proceedings of the Forty-first Annual ACM Symposium on Theory of Computing, pp. 333\u2013342. STOC 2009. ACM, New York (2009). https:\/\/doi.org\/10.1145\/1536414.1536461","DOI":"10.1145\/1536414.1536461"},{"key":"19_CR36","doi-asserted-by":"crossref","unstructured":"Regev, O.: On lattices, learning with errors, random linear codes, and cryptography. In: Gabow, H.N., Fagin, R. (eds.) 37th Annual ACM Symposium on Theory of Computing, 22\u201324 May 2005, pp. 84\u201393. ACM Press, Baltimore (2005)","DOI":"10.1145\/1060590.1060603"},{"key":"19_CR37","unstructured":"Saarinen, M.J.O.: HILA5. Technical report, National Institute of Standards and Technology (2017). https:\/\/csrc.nist.gov\/projects\/post-quantum-cryptography\/round-1-submissions"},{"key":"19_CR38","unstructured":"Saito, T., Xagawa, K., Yamakawa, T.: Tightly-secure key-encapsulation mechanism in the quantum random oracle model. Cryptology ePrint Archive, Report 2017\/1005 (2017). https:\/\/eprint.iacr.org\/2017\/1005"},{"key":"19_CR39","unstructured":"Schanck, J.M., Hulsing, A., Rijneveld, J., Schwabe, P.: NTRU-HRSS-KEM. Technical report, National Institute of Standards and Technology (2017). https:\/\/csrc.nist.gov\/projects\/post-quantum-cryptography\/round-1-submissions"},{"key":"19_CR40","unstructured":"Schwabe, P., et al.: CRYSTALS-Kyber. Technical report, National Institute of Standards and Technology (2017). https:\/\/csrc.nist.gov\/projects\/post-quantum-cryptography\/round-1-submissions"},{"key":"19_CR41","unstructured":"Schwabe, P., et al.: Newhope. Technical report, National Institute of Standards and Technology (2017). https:\/\/csrc.nist.gov\/projects\/post-quantum-cryptography\/round-1-submissions"},{"key":"19_CR42","unstructured":"Seo, M., Park, J.H., Lee, D.H., Kim, S., Lee., S.J.: Emblem and R.Emblem. Technical report, National Institute of Standards and Technology (2017). https:\/\/csrc.nist.gov\/projects\/post-quantum-cryptography\/round-1-submissions"},{"key":"19_CR43","unstructured":"Smart, N.P., et al.: LIMA. Technical report, National Institute of Standards and Technology (2017). https:\/\/csrc.nist.gov\/projects\/post-quantum-cryptography\/round-1-submissions"},{"key":"19_CR44","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"27","DOI":"10.1007\/978-3-642-20465-4_4","volume-title":"Advances in Cryptology \u2013 EUROCRYPT 2011","author":"D Stehl\u00e9","year":"2011","unstructured":"Stehl\u00e9, D., Steinfeld, R.: Making NTRU as secure as worst-case problems over ideal lattices. In: Paterson, K.G. (ed.) EUROCRYPT 2011. LNCS, vol. 6632, pp. 27\u201347. Springer, Heidelberg (2011). https:\/\/doi.org\/10.1007\/978-3-642-20465-4_4"},{"key":"19_CR45","unstructured":"Szepieniec, A.: Ramstake. Technical report, National Institute of Standards and Technology (2017). https:\/\/csrc.nist.gov\/projects\/post-quantum-cryptography\/round-1-submissions"},{"key":"19_CR46","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"192","DOI":"10.1007\/978-3-662-53644-5_8","volume-title":"Theory of Cryptography","author":"EE Targhi","year":"2016","unstructured":"Targhi, E.E., Unruh, D.: Post-quantum security of the Fujisaki-Okamoto and OAEP transforms. In: Hirt, M., Smith, A. (eds.) TCC 2016. LNCS, vol. 9986, pp. 192\u2013216. Springer, Heidelberg (2016). https:\/\/doi.org\/10.1007\/978-3-662-53644-5_8"},{"key":"19_CR47","unstructured":"Zhang, Z., Chen, C., Hoffstein, J., Whyte, W.: NTRUEncrypt. Technical report, National Institute of Standards and Technology (2017). https:\/\/csrc.nist.gov\/projects\/post-quantum-cryptography\/round-1-submissions"}],"container-title":["Lecture Notes in Computer Science","Public-Key Cryptography \u2013 PKC 2019"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-030-17259-6_19","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2024,3,7]],"date-time":"2024-03-07T12:39:57Z","timestamp":1709815197000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/978-3-030-17259-6_19"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2019]]},"ISBN":["9783030172589","9783030172596"],"references-count":47,"URL":"https:\/\/doi.org\/10.1007\/978-3-030-17259-6_19","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"value":"0302-9743","type":"print"},{"value":"1611-3349","type":"electronic"}],"subject":[],"published":{"date-parts":[[2019]]},"assertion":[{"value":"6 April 2019","order":1,"name":"first_online","label":"First Online","group":{"name":"ChapterHistory","label":"Chapter History"}},{"value":"PKC","order":1,"name":"conference_acronym","label":"Conference Acronym","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"IACR International Workshop on Public Key Cryptography","order":2,"name":"conference_name","label":"Conference Name","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Beijing","order":3,"name":"conference_city","label":"Conference City","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"China","order":4,"name":"conference_country","label":"Conference Country","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"2019","order":5,"name":"conference_year","label":"Conference Year","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"14 April 2019","order":7,"name":"conference_start_date","label":"Conference Start Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"17 April 2019","order":8,"name":"conference_end_date","label":"Conference End Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"22","order":9,"name":"conference_number","label":"Conference Number","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"pkc2019","order":10,"name":"conference_id","label":"Conference ID","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"https:\/\/pkc.iacr.org\/2019\/","order":11,"name":"conference_url","label":"Conference URL","group":{"name":"ConferenceInfo","label":"Conference Information"}}]}}