{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,1,24]],"date-time":"2026-01-24T23:57:05Z","timestamp":1769299025607,"version":"3.49.0"},"publisher-location":"Cham","reference-count":34,"publisher":"Springer International Publishing","isbn-type":[{"value":"9783030652760","type":"print"},{"value":"9783030652777","type":"electronic"}],"license":[{"start":{"date-parts":[[2020,1,1]],"date-time":"2020-01-01T00:00:00Z","timestamp":1577836800000},"content-version":"tdm","delay-in-days":0,"URL":"http:\/\/www.springer.com\/tdm"},{"start":{"date-parts":[[2020,1,1]],"date-time":"2020-01-01T00:00:00Z","timestamp":1577836800000},"content-version":"vor","delay-in-days":0,"URL":"http:\/\/www.springer.com\/tdm"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2020]]},"DOI":"10.1007\/978-3-030-65277-7_19","type":"book-chapter","created":{"date-parts":[[2020,12,7]],"date-time":"2020-12-07T12:17:34Z","timestamp":1607343454000},"page":"417-439","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":9,"title":["Making the BKW Algorithm Practical for LWE"],"prefix":"10.1007","author":[{"given":"Alessandro","family":"Budroni","sequence":"first","affiliation":[]},{"given":"Qian","family":"Guo","sequence":"additional","affiliation":[]},{"given":"Thomas","family":"Johansson","sequence":"additional","affiliation":[]},{"given":"Erik","family":"M\u00e5rtensson","sequence":"additional","affiliation":[]},{"given":"Paul Stankovski","family":"Wagner","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2020,12,8]]},"reference":[{"key":"19_CR1","unstructured":"NIST Post-Quantum Cryptography Standardization. https:\/\/csrc.nist.gov\/Projects\/Post-Quantum-Cryptography\/Post-Quantum-Cryptography-Standardization. Accessed 24 Sep 2018"},{"key":"19_CR2","unstructured":"TU Darmstadt Learning with Errors Challenge. https:\/\/www.latticechallenge.org\/lwe_challenge\/challenge.php. Accessed 01 May 2020"},{"key":"19_CR3","unstructured":"Albrecht, M., Cid, C., Faugere, J.C., Fitzpatrick, R., Perret, L.: On the complexity of the arora-Ge algorithm against LWE (2012)"},{"issue":"2","key":"19_CR4","doi-asserted-by":"publisher","first-page":"325","DOI":"10.1007\/s10623-013-9864-x","volume":"74","author":"MR Albrecht","year":"2013","unstructured":"Albrecht, M.R., Cid, C., Faug\u00e8re, J.-C., Fitzpatrick, R., Perret, L.: On the complexity of the BKW algorithm on LWE. Des. Codes Crypt. 74(2), 325\u2013354 (2013). https:\/\/doi.org\/10.1007\/s10623-013-9864-x","journal-title":"Des. Codes Crypt."},{"key":"19_CR5","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"717","DOI":"10.1007\/978-3-030-17656-3_25","volume-title":"Advances in Cryptology \u2013 EUROCRYPT 2019","author":"MR Albrecht","year":"2019","unstructured":"Albrecht, M.R., Ducas, L., Herold, G., Kirshanova, E., Postlethwaite, E.W., Stevens, M.: The general sieve kernel and new records in lattice reduction. In: Ishai, Y., Rijmen, V. (eds.) EUROCRYPT 2019. LNCS, vol. 11477, pp. 717\u2013746. Springer, Cham (2019). https:\/\/doi.org\/10.1007\/978-3-030-17656-3_25"},{"key":"19_CR6","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"429","DOI":"10.1007\/978-3-642-54631-0_25","volume-title":"Public-Key Cryptography \u2013 PKC 2014","author":"MR Albrecht","year":"2014","unstructured":"Albrecht, M.R., Faug\u00e8re, J.-C., Fitzpatrick, R., Perret, L.: Lazy modulus switching for the BKW algorithm on LWE. In: Krawczyk, H. (ed.) PKC 2014. LNCS, vol. 8383, pp. 429\u2013445. Springer, Heidelberg (2014). https:\/\/doi.org\/10.1007\/978-3-642-54631-0_25"},{"issue":"3","key":"19_CR7","doi-asserted-by":"crossref","first-page":"169","DOI":"10.1515\/jmc-2015-0016","volume":"9","author":"MR Albrecht","year":"2015","unstructured":"Albrecht, M.R., Player, R., Scott, S.: On the concrete hardness of learning with errors. J. Math. Crypt. 9(3), 169\u2013203 (2015)","journal-title":"J. Math. Crypt."},{"key":"19_CR8","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"595","DOI":"10.1007\/978-3-642-03356-8_35","volume-title":"Advances in Cryptology - CRYPTO 2009","author":"B Applebaum","year":"2009","unstructured":"Applebaum, B., Cash, D., Peikert, C., Sahai, A.: Fast cryptographic primitives and circular-secure encryption based on hard learning problems. In: Halevi, S. (ed.) CRYPTO 2009. LNCS, vol. 5677, pp. 595\u2013618. Springer, Heidelberg (2009). https:\/\/doi.org\/10.1007\/978-3-642-03356-8_35"},{"key":"19_CR9","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"403","DOI":"10.1007\/978-3-642-22006-7_34","volume-title":"Automata, Languages and Programming","author":"S Arora","year":"2011","unstructured":"Arora, S., Ge, R.: New algorithms for learning in presence of errors. In: Aceto, L., Henzinger, M., Sgall, J. (eds.) ICALP 2011. LNCS, vol. 6755, pp. 403\u2013415. Springer, Heidelberg (2011). https:\/\/doi.org\/10.1007\/978-3-642-22006-7_34"},{"key":"19_CR10","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"432","DOI":"10.1007\/978-3-540-30539-2_31","volume-title":"Advances in Cryptology - ASIACRYPT 2004","author":"T Baign\u00e8res","year":"2004","unstructured":"Baign\u00e8res, T., Junod, P., Vaudenay, S.: How far can we go beyond linear cryptanalysis? In: Lee, P.J. (ed.) ASIACRYPT 2004. LNCS, vol. 3329, pp. 432\u2013450. Springer, Heidelberg (2004). https:\/\/doi.org\/10.1007\/978-3-540-30539-2_31"},{"key":"19_CR11","doi-asserted-by":"crossref","unstructured":"Becker, A., Ducas, L., Gama, N., Laarhoven, T.: New directions in nearest neighbor searching with applications to lattice sieving. In: Krauthgamer, R. (ed.) 27th Annual ACM-SIAM Symposium on Discrete Algorithms, pp. 10\u201324. ACM-SIAM, Arlington, VA, USA, 10\u201312 January 2016","DOI":"10.1137\/1.9781611974331.ch2"},{"key":"19_CR12","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"278","DOI":"10.1007\/3-540-48329-2_24","volume-title":"Advances in Cryptology \u2014 CRYPTO\u20191993","author":"A Blum","year":"1994","unstructured":"Blum, A., Furst, M., Kearns, M., Lipton, R.J.: Cryptographic primitives based on hard learning problems. In: Stinson, D.R. (ed.) CRYPTO 1993. LNCS, vol. 773, pp. 278\u2013291. Springer, Heidelberg (1994). https:\/\/doi.org\/10.1007\/3-540-48329-2_24"},{"key":"19_CR13","doi-asserted-by":"crossref","unstructured":"Blum, A., Kalai, A., Wasserman, H.: Noise-tolerant learning, the parity problem, and the statistical query model. In: 32nd Annual ACM Symposium on Theory of Computing, pp. 435\u2013440. ACM Press, Portland, OR, USA, 21\u201323 May 2000","DOI":"10.1145\/335305.335355"},{"key":"19_CR14","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"209","DOI":"10.1007\/3-540-46035-7_14","volume-title":"Advances in Cryptology \u2014 EUROCRYPT 2002","author":"P Chose","year":"2002","unstructured":"Chose, P., Joux, A., Mitton, M.: Fast correlation attacks: an algorithmic point of view. In: Knudsen, L.R. (ed.) EUROCRYPT 2002. LNCS, vol. 2332, pp. 209\u2013221. Springer, Heidelberg (2002). https:\/\/doi.org\/10.1007\/3-540-46035-7_14"},{"key":"19_CR15","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"178","DOI":"10.1007\/978-3-030-35199-1_9","volume-title":"Cryptography and Coding","author":"C Delaplace","year":"2019","unstructured":"Delaplace, C., Esser, A., May, A.: Improved low-memory subset sum and LPN algorithms via multiple collisions. In: Albrecht, M. (ed.) IMACC 2019. LNCS, vol. 11929, pp. 178\u2013199. Springer, Cham (2019). https:\/\/doi.org\/10.1007\/978-3-030-35199-1_9"},{"key":"19_CR16","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"173","DOI":"10.1007\/978-3-662-46800-5_8","volume-title":"Advances in Cryptology \u2013 EUROCRYPT 2015","author":"A Duc","year":"2015","unstructured":"Duc, A., Tram\u00e8r, F., Vaudenay, S.: Better algorithms for LWE and LWR. In: Oswald, E., Fischlin, M. (eds.) EUROCRYPT 2015. LNCS, vol. 9056, pp. 173\u2013202. Springer, Heidelberg (2015). https:\/\/doi.org\/10.1007\/978-3-662-46800-5_8"},{"key":"19_CR17","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"638","DOI":"10.1007\/978-3-319-96881-0_22","volume-title":"Advances in Cryptology \u2013 CRYPTO 2018","author":"A Esser","year":"2018","unstructured":"Esser, A., Heuer, F., K\u00fcbler, R., May, A., Sohler, C.: Dissection-BKW. In: Shacham, H., Boldyreva, A. (eds.) CRYPTO 2018. LNCS, vol. 10992, pp. 638\u2013666. Springer, Cham (2018). https:\/\/doi.org\/10.1007\/978-3-319-96881-0_22"},{"key":"19_CR18","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"486","DOI":"10.1007\/978-3-319-63715-0_17","volume-title":"Advances in Cryptology \u2013 CRYPTO 2017","author":"A Esser","year":"2017","unstructured":"Esser, A., K\u00fcbler, R., May, A.: LPN decoded. In: Katz, J., Shacham, H. (eds.) CRYPTO 2017. LNCS, vol. 10402, pp. 486\u2013514. Springer, Cham (2017). https:\/\/doi.org\/10.1007\/978-3-319-63715-0_17"},{"key":"19_CR19","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1007\/978-3-662-45611-8_1","volume-title":"Advances in Cryptology \u2013 ASIACRYPT 2014","author":"Q Guo","year":"2014","unstructured":"Guo, Q., Johansson, T., L\u00f6ndahl, C.: Solving LPN using covering codes. In: Sarkar, P., Iwata, T. (eds.) ASIACRYPT 2014. LNCS, vol. 8873, pp. 1\u201320. Springer, Heidelberg (2014). https:\/\/doi.org\/10.1007\/978-3-662-45611-8_1"},{"issue":"1","key":"19_CR20","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1007\/s00145-019-09338-8","volume":"33","author":"Q Guo","year":"2020","unstructured":"Guo, Q., Johansson, T., L\u00f6ndahl, C.: Solving LPN using covering codes. J. Cryptol. 33(1), 1\u201333 (2020)","journal-title":"J. Cryptol."},{"key":"19_CR21","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"323","DOI":"10.1007\/978-3-319-70694-8_12","volume-title":"Advances in Cryptology \u2013 ASIACRYPT 2017","author":"Q Guo","year":"2017","unstructured":"Guo, Q., Johansson, T., M\u00e5rtensson, E., Stankovski, P.: Coded-BKW with sieving. In: Takagi, T., Peyrin, T. (eds.) ASIACRYPT 2017. LNCS, vol. 10624, pp. 323\u2013346. Springer, Cham (2017). https:\/\/doi.org\/10.1007\/978-3-319-70694-8_12"},{"issue":"8","key":"19_CR22","doi-asserted-by":"publisher","first-page":"5243","DOI":"10.1109\/TIT.2019.2906233","volume":"65","author":"Q Guo","year":"2019","unstructured":"Guo, Q., Johansson, T., M\u00e5rtensson, E., Stankovski Wagner, P.: On the asymptotics of solving the LWE problem using coded-BKW with sieving. IEEE Trans. Inf. Theory 65(8), 5243\u20135259 (2019)","journal-title":"IEEE Trans. Inf. Theory"},{"key":"19_CR23","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"23","DOI":"10.1007\/978-3-662-47989-6_2","volume-title":"Advances in Cryptology \u2013 CRYPTO 2015","author":"Q Guo","year":"2015","unstructured":"Guo, Q., Johansson, T., Stankovski, P.: Coded-BKW: solving LWE using lattice codes. In: Gennaro, R., Robshaw, M. (eds.) CRYPTO 2015. LNCS, vol. 9215, pp. 23\u201342. Springer, Heidelberg (2015). https:\/\/doi.org\/10.1007\/978-3-662-47989-6_2"},{"issue":"1","key":"19_CR24","doi-asserted-by":"publisher","first-page":"55","DOI":"10.1007\/s10623-016-0326-0","volume":"86","author":"G Herold","year":"2017","unstructured":"Herold, G., Kirshanova, E., May, A.: On the asymptotic complexity of solving LWE. Des. Codes Crypt. 86(1), 55\u201383 (2017). https:\/\/doi.org\/10.1007\/s10623-016-0326-0","journal-title":"Des. Codes Crypt."},{"key":"19_CR25","unstructured":"Kirchner, P.: Improved generalized birthday attack. Cryptology ePrint Archive, Report 2011\/377 (2011). http:\/\/eprint.iacr.org\/2011\/377"},{"key":"19_CR26","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"43","DOI":"10.1007\/978-3-662-47989-6_3","volume-title":"Advances in Cryptology \u2013 CRYPTO 2015","author":"P Kirchner","year":"2015","unstructured":"Kirchner, P., Fouque, P.-A.: An improved BKW algorithm for LWE with applications to cryptography and lattices. In: Gennaro, R., Robshaw, M. (eds.) CRYPTO 2015. LNCS, vol. 9215, pp. 43\u201362. Springer, Heidelberg (2015). https:\/\/doi.org\/10.1007\/978-3-662-47989-6_3"},{"key":"19_CR27","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"348","DOI":"10.1007\/11832072_24","volume-title":"Security and Cryptography for Networks","author":"\u00c9 Levieil","year":"2006","unstructured":"Levieil, \u00c9., Fouque, P.-A.: An improved LPN algorithm. In: De Prisco, R., Yung, M. (eds.) SCN 2006. LNCS, vol. 4116, pp. 348\u2013359. Springer, Heidelberg (2006). https:\/\/doi.org\/10.1007\/11832072_24"},{"key":"19_CR28","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"319","DOI":"10.1007\/978-3-642-19074-2_21","volume-title":"Topics in Cryptology \u2013 CT-RSA 2011","author":"R Lindner","year":"2011","unstructured":"Lindner, R., Peikert, C.: Better key sizes (and attacks) for LWE\u2013based encryption. In: Kiayias, A. (ed.) CT-RSA 2011. LNCS, vol. 6558, pp. 319\u2013339. Springer, Heidelberg (2011). https:\/\/doi.org\/10.1007\/978-3-642-19074-2_21"},{"key":"19_CR29","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"97","DOI":"10.1007\/11535218_7","volume-title":"Advances in Cryptology \u2013 CRYPTO 2005","author":"Y Lu","year":"2005","unstructured":"Lu, Y., Meier, W., Vaudenay, S.: The conditional correlation attack: a practical attack on Bluetooth encryption. In: Shoup, V. (ed.) CRYPTO 2005. LNCS, vol. 3621, pp. 97\u2013117. Springer, Heidelberg (2005). https:\/\/doi.org\/10.1007\/11535218_7"},{"key":"19_CR30","doi-asserted-by":"crossref","unstructured":"M\u00e5rtensson, E.: The asymptotic complexity of coded-BKW with sieving using increasing reduction factors. In: 2019 IEEE International Symposium on Information Theory (ISIT), pp. 2579\u20132583 (2019)","DOI":"10.1109\/ISIT.2019.8849218"},{"issue":"3","key":"19_CR31","doi-asserted-by":"publisher","first-page":"159","DOI":"10.1007\/BF02252874","volume":"1","author":"W Meier","year":"1988","unstructured":"Meier, W., Staffelbach, O.: Fast correlation attacks on certain stream ciphers. J. Cryptol. 1(3), 159\u2013176 (1988). https:\/\/doi.org\/10.1007\/BF02252874","journal-title":"J. Cryptol."},{"issue":"1","key":"19_CR32","doi-asserted-by":"publisher","first-page":"33","DOI":"10.1007\/s13389-014-0072-z","volume":"4","author":"ED Mulder","year":"2014","unstructured":"Mulder, E.D., Hutter, M., Marson, M.E., Pearson, P.: Using bleichenbacher\u2019s solution to the hidden number problem to attack nonce leaks in 384-bit ECDSA: extended version. J. Cryptographic Eng. 4(1), 33\u201345 (2014)","journal-title":"J. Cryptographic Eng."},{"key":"19_CR33","doi-asserted-by":"crossref","unstructured":"Regev, O.: On lattices, learning with errors, random linear codes, and cryptography. In: Gabow, H.N., Fagin, R. (eds.) 37th Annual ACM Symposium on Theory of Computing, pp. 84\u201393. ACM Press, Baltimore, MA, USA, 22\u201324 May 2005","DOI":"10.1145\/1060590.1060603"},{"key":"19_CR34","unstructured":"Shor, P.W.: Algorithms for quantum computation: discrete logarithms and factoring. In: 35th Annual Symposium on Foundations of Computer Science, pp. 124\u2013134. IEEE Computer Society Press, Santa Fe, New Mexico, 20\u201322 November 1994"}],"container-title":["Lecture Notes in Computer Science","Progress in Cryptology \u2013 INDOCRYPT 2020"],"original-title":[],"language":"en","link":[{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-030-65277-7_19","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2023,10,14]],"date-time":"2023-10-14T18:30:33Z","timestamp":1697308233000},"score":1,"resource":{"primary":{"URL":"http:\/\/link.springer.com\/10.1007\/978-3-030-65277-7_19"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2020]]},"ISBN":["9783030652760","9783030652777"],"references-count":34,"URL":"https:\/\/doi.org\/10.1007\/978-3-030-65277-7_19","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"value":"0302-9743","type":"print"},{"value":"1611-3349","type":"electronic"}],"subject":[],"published":{"date-parts":[[2020]]},"assertion":[{"value":"8 December 2020","order":1,"name":"first_online","label":"First Online","group":{"name":"ChapterHistory","label":"Chapter History"}},{"value":"INDOCRYPT","order":1,"name":"conference_acronym","label":"Conference Acronym","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"International Conference on Cryptology in India","order":2,"name":"conference_name","label":"Conference Name","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Bangalore","order":3,"name":"conference_city","label":"Conference City","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"India","order":4,"name":"conference_country","label":"Conference Country","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"2020","order":5,"name":"conference_year","label":"Conference Year","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"13 December 2020","order":7,"name":"conference_start_date","label":"Conference Start Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"16 December 2020","order":8,"name":"conference_end_date","label":"Conference End Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"21","order":9,"name":"conference_number","label":"Conference Number","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"indocrypt2020","order":10,"name":"conference_id","label":"Conference ID","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"https:\/\/indocrypt2020.iiitb.ac.in\/","order":11,"name":"conference_url","label":"Conference URL","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Double-blind","order":1,"name":"type","label":"Type","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"EasyChair","order":2,"name":"conference_management_system","label":"Conference Management System","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"84","order":3,"name":"number_of_submissions_sent_for_review","label":"Number of Submissions Sent for Review","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"39","order":4,"name":"number_of_full_papers_accepted","label":"Number of Full Papers Accepted","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"3","order":5,"name":"number_of_short_papers_accepted","label":"Number of Short Papers Accepted","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"46% - The value is computed by the equation \"Number of Full Papers Accepted \/ Number of Submissions Sent for Review * 100\" and then rounded to a whole number.","order":6,"name":"acceptance_rate_of_full_papers","label":"Acceptance Rate of Full Papers","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"3.0","order":7,"name":"average_number_of_reviews_per_paper","label":"Average Number of Reviews per Paper","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"4.3","order":8,"name":"average_number_of_papers_per_reviewer","label":"Average Number of Papers per Reviewer","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"Yes","order":9,"name":"external_reviewers_involved","label":"External Reviewers Involved","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}}]}}