{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,3,7]],"date-time":"2026-03-07T10:20:15Z","timestamp":1772878815373,"version":"3.50.1"},"publisher-location":"Cham","reference-count":78,"publisher":"Springer International Publishing","isbn-type":[{"value":"9783030778699","type":"print"},{"value":"9783030778705","type":"electronic"}],"license":[{"start":{"date-parts":[[2021,1,1]],"date-time":"2021-01-01T00:00:00Z","timestamp":1609459200000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"},{"start":{"date-parts":[[2021,1,1]],"date-time":"2021-01-01T00:00:00Z","timestamp":1609459200000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2021]]},"DOI":"10.1007\/978-3-030-77870-5_19","type":"book-chapter","created":{"date-parts":[[2021,6,15]],"date-time":"2021-06-15T23:11:50Z","timestamp":1623798710000},"page":"528-558","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":24,"title":["On Bounded Distance Decoding with Predicate: Breaking the \u201cLattice Barrier\u201d for the Hidden Number Problem"],"prefix":"10.1007","author":[{"given":"Martin R.","family":"Albrecht","sequence":"first","affiliation":[]},{"given":"Nadia","family":"Heninger","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2021,6,16]]},"reference":[{"key":"19_CR1","doi-asserted-by":"crossref","unstructured":"Ajtai, M., Kumar, R., Sivakumar, D.: A sieve algorithm for the shortest lattice vector problem. In: 33rd ACM STOC, pp. 601\u2013610. ACM Press, July 2001","DOI":"10.1145\/380752.380857"},{"key":"19_CR2","doi-asserted-by":"crossref","unstructured":"Albrecht, M.R., Bai, S., Fouque, P.A., Kirchner, P., Stehl\u00e9, D., Wen, W.: Faster enumeration-based lattice reduction: Root hermite factor $$k^{1\/(2k)}$$ time $$k^{k\/8+o(k)}$$. In: Micciancio and Ristenpart [5], pp. 186\u2013212","DOI":"10.1007\/978-3-030-56880-1_7"},{"issue":"2","key":"19_CR3","doi-asserted-by":"publisher","first-page":"325","DOI":"10.1007\/s10623-013-9864-x","volume":"74","author":"MR Albrecht","year":"2015","unstructured":"Albrecht, M.R., Cid, C., Faug\u00e8re, J., Fitzpatrick, R., Perret, L.: On the complexity of the BKW algorithm on LWE. Des. Codes Cryptogr. 74(2), 325\u2013354 (2015)","journal-title":"Des. Codes Cryptogr."},{"key":"19_CR4","doi-asserted-by":"crossref","unstructured":"Albrecht, M.R., Deo, A., Paterson, K.G.: Cold boot attacks on ring and module LWE keys under the NTT. IACR TCHES 2018(3), 173\u2013213 (2018). https:\/\/tches.iacr.org\/index.php\/TCHES\/article\/view\/7273","DOI":"10.46586\/tches.v2018.i3.173-213"},{"key":"19_CR5","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"717","DOI":"10.1007\/978-3-030-17656-3_25","volume-title":"Advances in Cryptology \u2013 EUROCRYPT 2019","author":"MR Albrecht","year":"2019","unstructured":"Albrecht, M.R., Ducas, L., Herold, G., Kirshanova, E., Postlethwaite, E.W., Stevens, M.: The general sieve kernel and new records in lattice reduction. In: Ishai, Y., Rijmen, V. (eds.) EUROCRYPT 2019, Part II. LNCS, vol. 11477, pp. 717\u2013746. Springer, Cham (2019). https:\/\/doi.org\/10.1007\/978-3-030-17656-3_25"},{"key":"19_CR6","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"297","DOI":"10.1007\/978-3-319-70694-8_11","volume-title":"Advances in Cryptology \u2013 ASIACRYPT 2017","author":"MR Albrecht","year":"2017","unstructured":"Albrecht, M.R., G\u00f6pfert, F., Virdia, F., Wunderer, T.: Revisiting the expected cost of solving uSVP and applications to LWE. In: Takagi, T., Peyrin, T. (eds.) ASIACRYPT 2017, Part I. LNCS, vol. 10624, pp. 297\u2013322. Springer, Cham (2017). https:\/\/doi.org\/10.1007\/978-3-319-70694-8_11"},{"key":"19_CR7","unstructured":"Albrecht, M.R., Heninger, N.: Bounded distance decoding with predicate source code, December 2020. https:\/\/github.com\/malb\/bdd-predicate\/"},{"issue":"3","key":"19_CR8","doi-asserted-by":"publisher","first-page":"169","DOI":"10.1515\/jmc-2015-0016","volume":"9","author":"MR Albrecht","year":"2015","unstructured":"Albrecht, M.R., Player, R., Scott, S.: On the concrete hardness of Learning with Errors. J. Math. Cryptol. 9(3), 169\u2013203 (2015)","journal-title":"J. Math. Cryptol."},{"key":"19_CR9","doi-asserted-by":"crossref","unstructured":"Aldaya, A.C., Brumley, B.B., ul Hassan, S., Garc\u00eda, C.P., Tuveri, N.: Port contention for fun and profit. In: 2019 IEEE Symposium on Security and Privacy, pp. 870\u2013887. IEEE Computer Society Press, May 2019","DOI":"10.1109\/SP.2019.00066"},{"key":"19_CR10","unstructured":"Alkim, E., Ducas, L., P\u00f6ppelmann, T., Schwabe, P.: Post-quantum key exchange - a new hope. In: Holz, T., Savage, S. (eds.) USENIX Security 2016, pp. 327\u2013343. USENIX Association, August 2016"},{"key":"19_CR11","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"595","DOI":"10.1007\/978-3-642-03356-8_35","volume-title":"Advances in Cryptology - CRYPTO 2009","author":"B Applebaum","year":"2009","unstructured":"Applebaum, B., Cash, D., Peikert, C., Sahai, A.: Fast cryptographic primitives and circular-secure encryption based on hard learning problems. In: Halevi, S. (ed.) CRYPTO 2009. LNCS, vol. 5677, pp. 595\u2013618. Springer, Heidelberg (2009). https:\/\/doi.org\/10.1007\/978-3-642-03356-8_35"},{"key":"19_CR12","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"262","DOI":"10.1007\/978-3-662-45611-8_14","volume-title":"Advances in Cryptology \u2013 ASIACRYPT 2014","author":"DF Aranha","year":"2014","unstructured":"Aranha, D.F., Fouque, P.-A., G\u00e9rard, B., Kammerer, J.-G., Tibouchi, M., Zapalowicz, J.-C.: GLV\/GLS decomposition, power analysis, and attacks on ECDSA signatures with single-bit nonce bias. In: Sarkar, P., Iwata, T. (eds.) ASIACRYPT 2014, Part I. LNCS, vol. 8873, pp. 262\u2013281. Springer, Heidelberg (2014). https:\/\/doi.org\/10.1007\/978-3-662-45611-8_14"},{"key":"19_CR13","doi-asserted-by":"crossref","unstructured":"Aranha, D.F., Novaes, F.R., Takahashi, A., Tibouchi, M., Yarom, Y.: LadderLeak: reaking ECDSA with less than one bit of nonce leakage. Cryptology ePrint Archive, Report 2020\/615 (2020). https:\/\/eprint.iacr.org\/2020\/615","DOI":"10.1145\/3372297.3417268"},{"key":"19_CR14","unstructured":"Bai, S., Stehl\u00e9, D., Wen, W.: Improved reduction from the bounded distance decoding problem to the unique shortest vector problem in lattices. In: Chatzigiannakis, I., Mitzenmacher, M., Rabani, Y., Sangiorgi, D. (eds.) ICALP 2016. LIPIcs, vol. 55, pp. 76:1\u201376:12. Schloss Dagstuhl, July 2016"},{"key":"19_CR15","doi-asserted-by":"crossref","unstructured":"Becker, A., Ducas, L., Gama, N., Laarhoven, T.: New directions in nearest neighbor searching with applications to lattice sieving. In: Krauthgamer, R. (ed.) 27th SODA, pp. 10\u201324. ACM-SIAM, January 2016","DOI":"10.1137\/1.9781611974331.ch2"},{"key":"19_CR16","unstructured":"Becker, A., Gama, N., Joux, A.: Speeding-up lattice sieving without increasing the memory, using sub-quadratic nearest neighbor search. Cryptology ePrint Archive, Report 2015\/522 (2015). http:\/\/eprint.iacr.org\/2015\/522"},{"key":"19_CR17","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"75","DOI":"10.1007\/978-3-662-44709-3_5","volume-title":"Cryptographic Hardware and Embedded Systems \u2013 CHES 2014","author":"N Benger","year":"2014","unstructured":"Benger, N., van de Pol, J., Smart, N.P., Yarom, Y.: \u201cOoh Aah... just a little bit\u2019\u2019\u202f: a small amount of side channel can go a long way. In: Batina, L., Robshaw, M. (eds.) CHES 2014. LNCS, vol. 8731, pp. 75\u201392. Springer, Heidelberg (2014). https:\/\/doi.org\/10.1007\/978-3-662-44709-3_5"},{"key":"19_CR18","unstructured":"Bleichenbacher, D.: On the generation of one-time keys in DL signature schemes. In: Presentation at IEEE P1363 working Group Meeting, p. 81 (2000)"},{"key":"19_CR19","unstructured":"Bleichenbacher, D.: Experiments with DSA. CRYPTO 2005-Rump Session (2005)"},{"key":"19_CR20","doi-asserted-by":"crossref","unstructured":"Blum, A., Kalai, A., Wasserman, H.: Noise-tolerant learning, the parity problem, and the statistical query model. In: 32nd ACM STOC, pp. 435\u2013440. ACM Press, May 2000","DOI":"10.1145\/335305.335355"},{"key":"19_CR21","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"129","DOI":"10.1007\/3-540-68697-5_11","volume-title":"Advances in Cryptology \u2014 CRYPTO \u201996","author":"D Boneh","year":"1996","unstructured":"Boneh, D., Venkatesan, R.: Hardness of computing the most significant bits of secret keys in Diffie-Hellman and related schemes. In: Koblitz, N. (ed.) CRYPTO 1996. LNCS, vol. 1109, pp. 129\u2013142. Springer, Heidelberg (1996). https:\/\/doi.org\/10.1007\/3-540-68697-5_11"},{"key":"19_CR22","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"3","DOI":"10.1007\/978-3-030-32101-7_1","volume-title":"Financial Cryptography and Data Security","author":"J Breitner","year":"2019","unstructured":"Breitner, J., Heninger, N.: Biased nonce sense: lattice attacks against weak ECDSA signatures in cryptocurrencies. In: Goldberg, I., Moore, T. (eds.) FC 2019. LNCS, vol. 11598, pp. 3\u201320. Springer, Cham (2019). https:\/\/doi.org\/10.1007\/978-3-030-32101-7_1"},{"key":"19_CR23","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"355","DOI":"10.1007\/978-3-642-23822-2_20","volume-title":"Computer Security \u2013 ESORICS 2011","author":"BB Brumley","year":"2011","unstructured":"Brumley, B.B., Tuveri, N.: Remote timing attacks are still practical. In: Atluri, V., Diaz, C. (eds.) ESORICS 2011. LNCS, vol. 6879, pp. 355\u2013371. Springer, Heidelberg (2011). https:\/\/doi.org\/10.1007\/978-3-642-23822-2_20"},{"key":"19_CR24","doi-asserted-by":"crossref","unstructured":"Cabrera Aldaya, A., Pereida Garc\u00eda, C., Brumley, B.B.: From A to Z: projective coordinates leakage in the wild. IACR TCHES 2020(3), 428\u2013453 (2020). https:\/\/tches.iacr.org\/index.php\/TCHES\/article\/view\/8596","DOI":"10.46586\/tches.v2020.i3.428-453"},{"key":"19_CR25","unstructured":"Capkun, S., Roesner, F. (eds.): USENIX Security 2020. USENIX Association, August 2020"},{"key":"19_CR26","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"178","DOI":"10.1007\/3-540-68339-9_16","volume-title":"Advances in Cryptology \u2014 EUROCRYPT \u201996","author":"D Coppersmith","year":"1996","unstructured":"Coppersmith, D.: Finding a small root of a bivariate integer equation; factoring with high bits known. In: Maurer, U. (ed.) EUROCRYPT 1996. LNCS, vol. 1070, pp. 178\u2013189. Springer, Heidelberg (1996). https:\/\/doi.org\/10.1007\/3-540-68339-9_16"},{"key":"19_CR27","doi-asserted-by":"crossref","unstructured":"Dachman-Soled, D., Ducas, L., Gong, H., Rossi, M.: LWE with side information: attacks and concrete security estimation. In: Micciancio and Ristenpart [56], pp. 329\u2013358","DOI":"10.1007\/978-3-030-56880-1_12"},{"key":"19_CR28","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"211","DOI":"10.1007\/978-3-642-15291-7_21","volume-title":"Euro-Par 2010 - Parallel Processing","author":"\u00d6 Dagdelen","year":"2010","unstructured":"Dagdelen, \u00d6., Schneider, M.: Parallel enumeration of shortest lattice vectors. In: D\u2019Ambra, P., Guarracino, M., Talia, D. (eds.) Euro-Par 2010. LNCS, vol. 6272, pp. 211\u2013222. Springer, Heidelberg (2010). https:\/\/doi.org\/10.1007\/978-3-642-15291-7_21"},{"key":"19_CR29","doi-asserted-by":"crossref","unstructured":"Dall, F., et al.: CacheQuote: efficiently recovering long-term secrets of SGX EPID via cache attacks. IACR TCHES 2018(2), 171\u2013191 (2018). https:\/\/tches.iacr.org\/index.php\/TCHES\/article\/view\/879","DOI":"10.46586\/tches.v2018.i2.171-191"},{"key":"19_CR30","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"435","DOI":"10.1007\/978-3-642-40349-1_25","volume-title":"Cryptographic Hardware and Embedded Systems - CHES 2013","author":"E De Mulder","year":"2013","unstructured":"De Mulder, E., Hutter, M., Marson, M.E., Pearson, P.: Using Bleichenbacher\u2019s solution to the hidden number problem to attack nonce leaks in 384-Bit ECDSA. In: Bertoni, G., Coron, J.-S. (eds.) CHES 2013. LNCS, vol. 8086, pp. 435\u2013452. Springer, Heidelberg (2013). https:\/\/doi.org\/10.1007\/978-3-642-40349-1_25"},{"key":"19_CR31","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"3","DOI":"10.1007\/978-3-030-25510-7_1","volume-title":"Post-Quantum Cryptography","author":"E Doulgerakis","year":"2019","unstructured":"Doulgerakis, E., Laarhoven, T., de Weger, B.: Finding closest lattice vectors using approximate Voronoi cells. In: Ding, J., Steinwandt, R. (eds.) PQCrypto 2019. LNCS, vol. 11505, pp. 3\u201322. Springer, Cham (2019). https:\/\/doi.org\/10.1007\/978-3-030-25510-7_1"},{"key":"19_CR32","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"125","DOI":"10.1007\/978-3-319-78381-9_5","volume-title":"Advances in Cryptology \u2013 EUROCRYPT 2018","author":"L Ducas","year":"2018","unstructured":"Ducas, L.: Shortest vector from lattice sieving: a few dimensions for free. In: Nielsen, J.B., Rijmen, V. (eds.) EUROCRYPT 2018. LNCS, vol. 10820, pp. 125\u2013145. Springer, Cham (2018). https:\/\/doi.org\/10.1007\/978-3-319-78381-9_5"},{"issue":"170","key":"19_CR33","doi-asserted-by":"publisher","first-page":"463","DOI":"10.1090\/S0025-5718-1985-0777278-8","volume":"44","author":"U Fincke","year":"1985","unstructured":"Fincke, U., Pohst, M.: Improved methods for calculating vectors of short length in a lattice, including a complexity analysis. Math. Comput. 44(170), 463\u2013471 (1985)","journal-title":"Math. Comput."},{"key":"19_CR34","doi-asserted-by":"crossref","unstructured":"Gama, N., Nguyen, P.Q.: Finding short lattice vectors within Mordell\u2019s inequality. In: Ladner, R.E., Dwork, C. (eds.) 40th ACM STOC, pp. 207\u2013216. ACM Press, May 2008","DOI":"10.1145\/1374376.1374408"},{"key":"19_CR35","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"257","DOI":"10.1007\/978-3-642-13190-5_13","volume-title":"Advances in Cryptology \u2013 EUROCRYPT 2010","author":"N Gama","year":"2010","unstructured":"Gama, N., Nguyen, P.Q., Regev, O.: Lattice enumeration using extreme pruning. In: Gilbert, H. (ed.) EUROCRYPT 2010. LNCS, vol. 6110, pp. 257\u2013278. Springer, Heidelberg (2010). https:\/\/doi.org\/10.1007\/978-3-642-13190-5_13"},{"key":"19_CR36","unstructured":"Garc\u00eda, C.P., Brumley, B.B.: Constant-time callees with variable-time callers. In: Kirda, E., Ristenpart, T. (eds.) USENIX Security 2017, pp. 83\u201398. USENIX Association, August 2017"},{"key":"19_CR37","doi-asserted-by":"crossref","unstructured":"Genkin, D., Pachmanov, L., Pipman, I., Tromer, E., Yarom, Y.: ECDSA key extraction from mobile devices via nonintrusive physical side channels. In: Weippl, E.R., Katzenbeisser, S., Kruegel, C., Myers, A.C., Halevi, S. (eds.) ACM CCS 2016, pp. 1626\u20131638. ACM Press (Oct 2016)","DOI":"10.1145\/2976749.2978353"},{"key":"19_CR38","doi-asserted-by":"publisher","unstructured":"Gennaro, R., Robshaw, M.J.B. (eds.): CRYPTO 2015, Part I, LNCS, vol. 9215. Springer, Heidelberg (2015). https:\/\/doi.org\/10.1007\/978-3-662-48000-7","DOI":"10.1007\/978-3-662-48000-7"},{"key":"19_CR39","doi-asserted-by":"crossref","unstructured":"Guo, Q., Johansson, T., Stankovski, P.: Coded-BKW: Solving LWE using lattice codes. In: Gennaro and Robshaw [38], pp. 23\u201342","DOI":"10.1007\/978-3-662-47989-6_2"},{"key":"19_CR40","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"170","DOI":"10.1007\/978-3-540-74143-5_10","volume-title":"Advances in Cryptology - CRYPTO 2007","author":"G Hanrot","year":"2007","unstructured":"Hanrot, G., Stehl\u00e9, D.: Improved analysis of Kannan\u2019s shortest lattice vector algorithm. In: Menezes, A. (ed.) CRYPTO 2007. LNCS, vol. 4622, pp. 170\u2013186. Springer, Heidelberg (2007). https:\/\/doi.org\/10.1007\/978-3-540-74143-5_10"},{"key":"19_CR41","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"16","DOI":"10.1007\/978-3-662-54365-8_2","volume-title":"Public-Key Cryptography \u2013 PKC 2017","author":"G Herold","year":"2017","unstructured":"Herold, G., Kirshanova, E.: Improved algorithms for the approximate k-list problem in Euclidean Norm. In: Fehr, S. (ed.) PKC 2017, Part I. LNCS, vol. 10174, pp. 16\u201340. Springer, Heidelberg (2017). https:\/\/doi.org\/10.1007\/978-3-662-54365-8_2"},{"issue":"1","key":"19_CR42","doi-asserted-by":"publisher","first-page":"55","DOI":"10.1007\/s10623-016-0326-0","volume":"86","author":"G Herold","year":"2018","unstructured":"Herold, G., Kirshanova, E., May, A.: On the asymptotic complexity of solving LWE. Des. Codes Cryptogr. 86(1), 55\u201383 (2018)","journal-title":"Des. Codes Cryptogr."},{"issue":"3","key":"19_CR43","doi-asserted-by":"publisher","first-page":"283","DOI":"10.1023\/A:1011214926272","volume":"23","author":"N Howgrave-Graham","year":"2001","unstructured":"Howgrave-Graham, N., Smart, N.P.: Lattice attacks on digital signature schemes. Des. Codes Cryptogr. 23(3), 283\u2013290 (2001)","journal-title":"Des. Codes Cryptogr."},{"key":"19_CR44","doi-asserted-by":"crossref","unstructured":"Jancar, J., Sedlacek, V., Svenda, P., Sys, M.: Minerva: he curse of ECDSA nonces. IACR TCHES 2020(4), 281\u2013308 (2020). https:\/\/tches.iacr.org\/index.php\/TCHES\/article\/view\/8684","DOI":"10.46586\/tches.v2020.i4.281-308"},{"key":"19_CR45","doi-asserted-by":"crossref","unstructured":"Kannan, R.: Improved algorithms for integer programming and related lattice problems. In: 15th ACM STOC, pp. 193\u2013206. ACM Press, April 1983","DOI":"10.1145\/800061.808749"},{"issue":"3","key":"19_CR46","doi-asserted-by":"publisher","first-page":"415","DOI":"10.1287\/moor.12.3.415","volume":"12","author":"R Kannan","year":"1987","unstructured":"Kannan, R.: Minkowski\u2019s convex body theorem and integer programming. Math. Oper. Res. 12(3), 415\u2013440 (1987)","journal-title":"Math. Oper. Res."},{"key":"19_CR47","doi-asserted-by":"crossref","unstructured":"Kirchner, P., Fouque, P.A.: An improved BKW algorithm for LWE with applications to cryptography and lattices. In: Gennaro and Robshaw [38], pp. 43\u201362","DOI":"10.1007\/978-3-662-47989-6_3"},{"key":"19_CR48","unstructured":"Klein, P.N.: Finding the closest lattice vector when it\u2019s unusually close. In: Shmoys, D.B. (ed.) 11th SODA. pp. 937\u2013941. ACM-SIAM, January 2000"},{"key":"19_CR49","unstructured":"Laarhoven, T.: Search problems in cryptography: from fingerprinting to lattice sieving. Ph.D. thesis, Eindhoven University of Technology (2015)"},{"key":"19_CR50","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"292","DOI":"10.1007\/978-3-319-79063-3_14","volume-title":"Post-Quantum Cryptography","author":"T Laarhoven","year":"2018","unstructured":"Laarhoven, T., Mariano, A.: Progressive lattice sieving. In: Lange, T., Steinwandt, R. (eds.) PQCrypto 2018. LNCS, vol. 10786, pp. 292\u2013311. Springer, Cham (2018). https:\/\/doi.org\/10.1007\/978-3-319-79063-3_14"},{"key":"19_CR51","doi-asserted-by":"publisher","first-page":"366","DOI":"10.1007\/BF01457454","volume":"261","author":"AK Lenstra","year":"1982","unstructured":"Lenstra, A.K., Lenstra, H.W., Jr., Lov\u00e1sz, L.: Factoring polynomials with rational coefficients. Math. Ann. 261, 366\u2013389 (1982)","journal-title":"Math. Ann."},{"key":"19_CR52","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"343","DOI":"10.1007\/978-3-319-12087-4_22","volume-title":"Information Security and Cryptology","author":"M Liu","year":"2014","unstructured":"Liu, M., Chen, J., Li, H.: Partially known nonces and fault injection attacks on SM2 signature algorithm. In: Lin, D., Xu, S., Yung, M. (eds.) Inscrypt 2013. LNCS, vol. 8567, pp. 343\u2013358. Springer, Cham (2014). https:\/\/doi.org\/10.1007\/978-3-319-12087-4_22"},{"key":"19_CR53","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"293","DOI":"10.1007\/978-3-642-36095-4_19","volume-title":"Topics in Cryptology \u2013 CT-RSA 2013","author":"M Liu","year":"2013","unstructured":"Liu, M., Nguyen, P.Q.: Solving BDD by enumeration: an update. In: Dawson, E. (ed.) CT-RSA 2013. LNCS, vol. 7779, pp. 293\u2013309. Springer, Heidelberg (2013). https:\/\/doi.org\/10.1007\/978-3-642-36095-4_19"},{"key":"19_CR54","unstructured":"Merget, R., Brinkmann, M., Aviram, N., Somorovsky, J., Mittmann, J., Schwenk, J.: Raccoon attack: finding and exploiting most-significant-bit-oracles in TLS-DH(E), September 2020. https:\/\/raccoon-attack.com\/RacoonAttack.pdf. Accessed 11 Sept 2020"},{"key":"19_CR55","doi-asserted-by":"publisher","first-page":"147","DOI":"10.1007\/978-3-540-88702-7_5","volume-title":"Post-Quantum Cryptography","author":"D Micciancio","year":"2009","unstructured":"Micciancio, D., Regev, O.: Lattice-based cryptography. In: Bernstein, D.J., Buchmann, J., Dahmen, E. (eds.) Post-Quantum Cryptography, pp. 147\u2013191. Springer, Heidelberg (2009). https:\/\/doi.org\/10.1007\/978-3-540-88702-7_5"},{"key":"19_CR56","doi-asserted-by":"publisher","unstructured":"Micciancio, D., Ristenpart, T. (eds.): CRYPTO 2020, Part II, LNCS, vol. 12171. Springer, Heidelberg (2020). https:\/\/doi.org\/10.1007\/978-3-030-56880-1","DOI":"10.1007\/978-3-030-56880-1"},{"key":"19_CR57","doi-asserted-by":"crossref","unstructured":"Micciancio, D., Voulgaris, P.: Faster exponential time algorithms for the shortest vector problem. In: Charika, M. (ed.) 21st SODA,pp. 1468\u20131480. ACM-SIAM (2010)","DOI":"10.1137\/1.9781611973075.119"},{"key":"19_CR58","doi-asserted-by":"crossref","unstructured":"Micciancio, D., Walter, M.: Fast lattice point enumeration with minimal overhead. In: Indyk, P. (ed.) 26th SODA, pp. 276\u2013294. ACM-SIAM, January 2015","DOI":"10.1137\/1.9781611973730.21"},{"key":"19_CR59","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"820","DOI":"10.1007\/978-3-662-49890-3_31","volume-title":"Advances in Cryptology \u2013 EUROCRYPT 2016","author":"D Micciancio","year":"2016","unstructured":"Micciancio, D., Walter, M.: Practical, predictable lattice basis reduction. In: Fischlin, M., Coron, J.-S. (eds.) EUROCRYPT 2016, Part I. LNCS, vol. 9665, pp. 820\u2013849. Springer, Heidelberg (2016). https:\/\/doi.org\/10.1007\/978-3-662-49890-3_31"},{"key":"19_CR60","unstructured":"Moghimi, D., Lipp, M., Sunar, B., Schwarz, M.: Medusa: Microarchitectural data leakage via automated attack synthesis. In: Capkun and Roesner [25], pp. 1427\u20131444"},{"key":"19_CR61","unstructured":"Moghimi, D., Sunar, B., Eisenbarth, T., Heninger, N.: TPM-FAIL: TPM meets timing and lattice attacks. In: Capkun and Roesner [25], pp. 2057\u20132073"},{"key":"19_CR62","doi-asserted-by":"crossref","unstructured":"Nemec, M., S\u00fds, M., Svenda, P., Klinec, D., Matyas, V.: The return of coppersmith\u2019s attack: practical factorization of widely used RSA moduli. In: Thuraisingham, B.M., Evans, D., Malkin, T., Xu, D. (eds.) ACM CCS 2017, pp. 1631\u20131648. ACM Press (2017)","DOI":"10.1145\/3133956.3133969"},{"issue":"3","key":"19_CR63","doi-asserted-by":"publisher","first-page":"151","DOI":"10.1007\/s00145-002-0021-3","volume":"15","author":"PQ Nguyen","year":"2002","unstructured":"Nguyen, P.Q., Shparlinski, I.: The insecurity of the digital signature algorithm with partially known nonces. J. Cryptol. 15(3), 151\u2013176 (2002)","journal-title":"J. Cryptol."},{"key":"19_CR64","series-title":"Information Security and Cryptography","doi-asserted-by":"publisher","first-page":"201","DOI":"10.1007\/978-3-642-29656-7_12","volume-title":"Fault Analysis in Cryptography","author":"PQ Nguyen","year":"2012","unstructured":"Nguyen, P.Q., Tibouchi, M.: Lattice-based fault attacks on signatures. In: Joye, M., Tunstall, M. (eds.) Fault Analysis in Cryptography. ISC, pp. 201\u2013220. Springer, Heidelberg (2012). https:\/\/doi.org\/10.1007\/978-3-642-29656-7_12"},{"issue":"2","key":"19_CR65","doi-asserted-by":"publisher","first-page":"181","DOI":"10.1515\/JMC.2008.009","volume":"2","author":"PQ Nguyen","year":"2008","unstructured":"Nguyen, P.Q., Vidick, T.: Sieve algorithms for the shortest vector problem are practical. J. Math. Cryptol. 2(2), 181\u2013207 (2008)","journal-title":"J. Math. Cryptol."},{"key":"19_CR66","doi-asserted-by":"publisher","first-page":"37","DOI":"10.1145\/1089242.1089247","volume":"15","author":"M Phost","year":"1981","unstructured":"Phost, M.: On the computation of lattice vectors of minimal length, successive minima and reduced bases with applications. SIGSAM Bull. 15, 37\u201344 (1981)","journal-title":"SIGSAM Bull."},{"key":"19_CR67","doi-asserted-by":"crossref","unstructured":"Regev, O.: On lattices, learning with errors, random linear codes, and cryptography. In: Gabow, H.N., Fagin, R. (eds.) 37th ACM STOC, pp. 84\u201393. ACM Press, May 2005","DOI":"10.1145\/1060590.1060603"},{"key":"19_CR68","doi-asserted-by":"crossref","unstructured":"Ryan, K.: Return of the hidden number problem. IACR TCHES 2019(1), 146\u2013168 (2018).https:\/\/tches.iacr.org\/index.php\/TCHES\/article\/view\/7337","DOI":"10.46586\/tches.v2019.i1.146-168"},{"key":"19_CR69","doi-asserted-by":"crossref","unstructured":"Ryan, K.: Hardware-backed heist: extracting ECDSA keys from qualcomm\u2019s TrustZone. In: Cavallaro, L., Kinder, J., Wang, X., Katz, J. (eds.) ACM CCS 2019, pp. 181\u2013194. ACM Press, November 2019","DOI":"10.1145\/3319535.3354197"},{"key":"19_CR70","doi-asserted-by":"publisher","first-page":"201","DOI":"10.1016\/0304-3975(87)90064-8","volume":"53","author":"CP Schnorr","year":"1987","unstructured":"Schnorr, C.P.: A hierarchy of polynomial time lattice basis reduction algorithms. Theor. Comput. Sci. 53, 201\u2013224 (1987)","journal-title":"Theor. Comput. Sci."},{"key":"19_CR71","doi-asserted-by":"publisher","first-page":"181","DOI":"10.1007\/BF01581144","volume":"66","author":"C Schnorr","year":"1994","unstructured":"Schnorr, C., Euchner, M.: Lattice basis reduction: improved practical algorithms and solving subset sum problems. Math. Program. 66, 181\u2013199 (1994)","journal-title":"Math. Program."},{"key":"19_CR72","unstructured":"Stein, W., et al.: Sage Mathematics Software Version 9.0. The Sage Development Team (2019). http:\/\/www.sagemath.org"},{"key":"19_CR73","doi-asserted-by":"crossref","unstructured":"Takahashi, A., Tibouchi, M., Abe, M.: New Bleichenbacher records: fault attacks on qDSA signatures. IACR TCHES 2018(3), 331\u2013371 (2018). https:\/\/tches.iacr.org\/index.php\/TCHES\/article\/view\/7278","DOI":"10.46586\/tches.v2018.i3.331-371"},{"key":"19_CR74","unstructured":"The FPLLL development team: FPLLL, a lattice reduction library (2020). https:\/\/github.com\/fplll\/fplll"},{"key":"19_CR75","unstructured":"The FPLLL development team: FPyLLL, a Python interface to FPLLL (2020). https:\/\/github.com\/fplll\/fpylll"},{"key":"19_CR76","unstructured":"The G6K development team: G6K (2020). https:\/\/github.com\/fplll\/g6k"},{"key":"19_CR77","unstructured":"Tibouchi, M.: Attacks on (ec)dsa with biased nonces (2017). https:\/\/ecc2017.cs.ru.nl\/slides\/ecc2017-tibouchi.pdf, elliptic Curve Cryptography Workshop"},{"key":"19_CR78","unstructured":"Weiser, S., Schrammel, D., Bodner, L., Spreitzer, R.: Big numbers - big troubles: Systematically analyzing nonce leakage in (EC)DSA implementations. In: Capkun and Roesner [25], pp. 1767\u20131784"}],"container-title":["Lecture Notes in Computer Science","Advances in Cryptology \u2013 EUROCRYPT 2021"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-030-77870-5_19","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2024,6,16]],"date-time":"2024-06-16T00:13:21Z","timestamp":1718496801000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/978-3-030-77870-5_19"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2021]]},"ISBN":["9783030778699","9783030778705"],"references-count":78,"URL":"https:\/\/doi.org\/10.1007\/978-3-030-77870-5_19","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"value":"0302-9743","type":"print"},{"value":"1611-3349","type":"electronic"}],"subject":[],"published":{"date-parts":[[2021]]},"assertion":[{"value":"16 June 2021","order":1,"name":"first_online","label":"First Online","group":{"name":"ChapterHistory","label":"Chapter History"}},{"value":"EUROCRYPT","order":1,"name":"conference_acronym","label":"Conference Acronym","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Annual International Conference on the Theory and Applications of Cryptographic Techniques","order":2,"name":"conference_name","label":"Conference Name","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Zagreb","order":3,"name":"conference_city","label":"Conference City","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Croatia","order":4,"name":"conference_country","label":"Conference Country","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"2021","order":5,"name":"conference_year","label":"Conference Year","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"17 October 2021","order":7,"name":"conference_start_date","label":"Conference Start Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"21 October 2021","order":8,"name":"conference_end_date","label":"Conference End Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"40","order":9,"name":"conference_number","label":"Conference Number","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"eurocrypt2021","order":10,"name":"conference_id","label":"Conference ID","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"https:\/\/eurocrypt.iacr.org\/2021\/","order":11,"name":"conference_url","label":"Conference URL","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Double-blind","order":1,"name":"type","label":"Type","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"HotCRP","order":2,"name":"conference_management_system","label":"Conference Management System","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"400","order":3,"name":"number_of_submissions_sent_for_review","label":"Number of Submissions Sent for Review","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"78","order":4,"name":"number_of_full_papers_accepted","label":"Number of Full Papers Accepted","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"0","order":5,"name":"number_of_short_papers_accepted","label":"Number of Short Papers Accepted","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"20% - The value is computed by the equation \"Number of Full Papers Accepted \/ Number of Submissions Sent for Review * 100\" and then rounded to a whole number.","order":6,"name":"acceptance_rate_of_full_papers","label":"Acceptance Rate of Full Papers","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"at least 3","order":7,"name":"average_number_of_reviews_per_paper","label":"Average Number of Reviews per Paper","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"21","order":8,"name":"average_number_of_papers_per_reviewer","label":"Average Number of Papers per Reviewer","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"Yes","order":9,"name":"external_reviewers_involved","label":"External Reviewers Involved","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"This content has been made available to all.","name":"free","label":"Free to read"}]}}