{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,3,26]],"date-time":"2026-03-26T11:21:30Z","timestamp":1774524090331,"version":"3.50.1"},"publisher-location":"Cham","reference-count":33,"publisher":"Springer International Publishing","isbn-type":[{"value":"9783030812928","type":"print"},{"value":"9783030812935","type":"electronic"}],"license":[{"start":{"date-parts":[[2021,1,1]],"date-time":"2021-01-01T00:00:00Z","timestamp":1609459200000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.springer.com\/tdm"},{"start":{"date-parts":[[2021,1,1]],"date-time":"2021-01-01T00:00:00Z","timestamp":1609459200000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.springer.com\/tdm"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2021]]},"DOI":"10.1007\/978-3-030-81293-5_7","type":"book-chapter","created":{"date-parts":[[2021,7,14]],"date-time":"2021-07-14T23:07:39Z","timestamp":1626304059000},"page":"117-132","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":8,"title":["Quantum Key Search for Ternary LWE"],"prefix":"10.1007","author":[{"given":"Iggy","family":"van Hoof","sequence":"first","affiliation":[]},{"ORCID":"https:\/\/orcid.org\/0000-0001-8924-7605","authenticated-orcid":false,"given":"Elena","family":"Kirshanova","sequence":"additional","affiliation":[]},{"ORCID":"https:\/\/orcid.org\/0000-0001-5965-5675","authenticated-orcid":false,"given":"Alexander","family":"May","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2021,7,15]]},"reference":[{"key":"7_CR1","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"351","DOI":"10.1007\/978-3-319-98113-0_19","volume-title":"Security and Cryptography for Networks","author":"MR Albrecht","year":"2018","unstructured":"Albrecht, M.R., Curtis, B.R., Deo, A., Davidson, A., Player, R., Postlethwaite, E.W., Virdia, F., Wunderer, T.: Estimate All the LWE, NTRU Schemes! In: Catalano, D., De Prisco, R. (eds.) SCN 2018. LNCS, vol. 11035, pp. 351\u2013367. Springer, Cham (2018). https:\/\/doi.org\/10.1007\/978-3-319-98113-0_19"},{"issue":"1","key":"7_CR2","doi-asserted-by":"publisher","first-page":"210","DOI":"10.1137\/S0097539705447311","volume":"37","author":"A Ambainis","year":"2007","unstructured":"Ambainis, A.: Quantum walk algorithm for element distinctness. SIAM J. Comput. 37(1), 210\u2013239 (2007)","journal-title":"SIAM J. Comput."},{"key":"7_CR3","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"633","DOI":"10.1007\/978-3-030-64834-3_22","volume-title":"Advances in Cryptology \u2013 ASIACRYPT 2020","author":"X Bonnetain","year":"2020","unstructured":"Bonnetain, X., Bricout, R., Schrottenloher, A., Shen, Y.: improved classical and quantum algorithms for subset-sum. In: Moriai, S., Wang, H. (eds.) ASIACRYPT 2020. LNCS, vol. 12492, pp. 633\u2013666. Springer, Cham (2020). https:\/\/doi.org\/10.1007\/978-3-030-64834-3_22"},{"key":"7_CR4","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"364","DOI":"10.1007\/978-3-642-20465-4_21","volume-title":"Advances in Cryptology \u2013 EUROCRYPT 2011","author":"A Becker","year":"2011","unstructured":"Becker, A., Coron, J.-S., Joux, A.: Improved generic algorithms for hard knapsacks. In: Paterson, K.G. (ed.) EUROCRYPT 2011. LNCS, vol. 6632, pp. 364\u2013385. Springer, Heidelberg (2011). https:\/\/doi.org\/10.1007\/978-3-642-20465-4_21"},{"key":"7_CR5","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"235","DOI":"10.1007\/978-3-319-72565-9_12","volume-title":"Selected Areas in Cryptography","author":"DJ Bernstein","year":"2018","unstructured":"Bernstein, D.J., Chuengsatiansup, C., Lange, T., van Vredendaal, C.: NTRU prime: reducing attack surface at low cost. In: Adams, C., Camenisch, J. (eds.) SAC 2017. LNCS, vol. 10719, pp. 235\u2013260. Springer, Cham (2018). https:\/\/doi.org\/10.1007\/978-3-319-72565-9_12"},{"issue":"6","key":"7_CR6","doi-asserted-by":"publisher","first-page":"1324","DOI":"10.1137\/S0097539702402780","volume":"34","author":"H Buhrman","year":"2005","unstructured":"Buhrman, H., et al.: Quantum algorithms for element distinctness. SIAM J. Comput. 34(6), 1324\u20131330 (2005)","journal-title":"SIAM J. Comput."},{"key":"7_CR7","doi-asserted-by":"crossref","unstructured":"Bos, W.J., et al.: Crystals - kyber: a CCA-secure module-lattice-based kem. In: EuroS&P, pp. 353\u2013367 (2018)","DOI":"10.1109\/EuroSP.2018.00032"},{"key":"7_CR8","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"322","DOI":"10.1007\/978-3-319-08344-5_21","volume-title":"Information Security and Privacy","author":"S Bai","year":"2014","unstructured":"Bai, S., Galbraith, S.D.: Lattice decoding attacks on binary LWE. In: Susilo, W., Mu, Y. (eds.) ACISP 2014. LNCS, vol. 8544, pp. 322\u2013337. Springer, Cham (2014). https:\/\/doi.org\/10.1007\/978-3-319-08344-5_21"},{"key":"7_CR9","doi-asserted-by":"publisher","first-page":"53","DOI":"10.1090\/conm\/305","volume":"305","author":"G Brassard","year":"2002","unstructured":"Brassard, G., H\u00f8yer, P., Mosca, M., Tapp, A.: Quantum amplitude amplification and estimation. Quantum Comput. Inf. 305, 53\u201374 (2002). https:\/\/doi.org\/10.1090\/conm\/305","journal-title":"Quantum Comput. Inf."},{"key":"7_CR10","series-title":"LNCS","doi-asserted-by":"publisher","first-page":"16","DOI":"10.1007\/978-3-642-38616-9_2","volume-title":"PQCrypto 2013","author":"DJ Bernstein","year":"2013","unstructured":"Bernstein, D.J., Jeffery, S., Lange, T., Meurer, A.: Quantum algorithms for the subset-sum problem. In: Gaborit, P. (ed.) PQCrypto 2013. LNCS, vol. 7932, pp. 16\u201333. Springer, Heidelberg (2013). https:\/\/doi.org\/10.1007\/978-3-642-38616-9_2"},{"key":"7_CR11","doi-asserted-by":"crossref","unstructured":"Brakerski, Z., Langlois, A., Peikert, C., Regev, O., Stehl\u00e9, D.: Classical hardness of learning with errors. In: Boneh, D., Roughgarden, T., Feigenbaum, J. (eds.) 45th ACM STOC. ACM Press, pp. 575\u2013584 (2013)","DOI":"10.1145\/2488608.2488680"},{"key":"7_CR12","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"40","DOI":"10.1007\/978-3-642-40041-4_3","volume-title":"Advances in Cryptology \u2013 CRYPTO 2013","author":"L Ducas","year":"2013","unstructured":"Ducas, L., Durmus, A., Lepoint, T., Lyubashevsky, V.: Lattice Signatures and Bimodal Gaussians. In: Canetti, R., Garay, J.A. (eds.) CRYPTO 2013. LNCS, vol. 8042, pp. 40\u201356. Springer, Heidelberg (2013). https:\/\/doi.org\/10.1007\/978-3-642-40041-4_3"},{"key":"7_CR13","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"23","DOI":"10.1007\/978-3-662-47989-6_2","volume-title":"Advances in Cryptology \u2013 CRYPTO 2015","author":"Q Guo","year":"2015","unstructured":"Guo, Q., Johansson, T., Stankovski, P.: Coded-BKW: solving LWE using lattice codes. In: Gennaro, R., Robshaw, M. (eds.) CRYPTO 2015. LNCS, vol. 9215, pp. 23\u201342. Springer, Heidelberg (2015). https:\/\/doi.org\/10.1007\/978-3-662-47989-6_2"},{"key":"7_CR14","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"530","DOI":"10.1007\/978-3-642-33027-8_31","volume-title":"Cryptographic Hardware and Embedded Systems \u2013 CHES 2012","author":"T G\u00fcneysu","year":"2012","unstructured":"G\u00fcneysu, T., Lyubashevsky, V., P\u00f6ppelmann, T.: Practical lattice-based cryptography: a signature scheme for embedded systems. In: Prouff, E., Schaumont, P. (eds.) CHES 2012. LNCS, vol. 7428, pp. 530\u2013547. Springer, Heidelberg (2012). https:\/\/doi.org\/10.1007\/978-3-642-33027-8_31"},{"key":"7_CR15","doi-asserted-by":"crossref","unstructured":"Grover, L.K.: A fast quantum mechanical algorithm for database search. In: 28th ACM STOC, pp. 212\u2013219. ACM Press (1996)","DOI":"10.1145\/237814.237866"},{"key":"7_CR16","unstructured":"Howgrave-Graham, N., Silverman, J.H., Whyte, W.: A meet-in-the-middle attack on an NTRU private key, Technical report, NTRU Cryptosystems, June 2003. Report (2003)"},{"key":"7_CR17","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"235","DOI":"10.1007\/978-3-642-13190-5_12","volume-title":"Advances in Cryptology \u2013 EUROCRYPT 2010","author":"N Howgrave-Graham","year":"2010","unstructured":"Howgrave-Graham, N., Joux, A.: New generic algorithms for hard knapsacks. In: Gilbert, H. (ed.) EUROCRYPT 2010. LNCS, vol. 6110, pp. 235\u2013256. Springer, Heidelberg (2010). https:\/\/doi.org\/10.1007\/978-3-642-13190-5_12"},{"key":"7_CR18","unstructured":"Helm, A., May, A.: Subset sum quantumly in $$1.17^n$$ .In: 13th Conference on the Theory of Quantum Computation, Communication and Cryptography (TQC 2018), Leibniz International Proceedings in Informatics (LIPIcs), vol. 111, Schloss Dagstuhl-Leibniz-Zentrum fuer Informatik, pp. 5:1\u20135:15 (2018)"},{"key":"7_CR19","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"150","DOI":"10.1007\/978-3-540-74143-5_9","volume-title":"Advances in Cryptology - CRYPTO 2007","author":"N Howgrave-Graham","year":"2007","unstructured":"Howgrave-Graham, N.: A hybrid lattice-reduction and meet-in-the-middle attack against NTRU. In: Menezes, A. (ed.) CRYPTO 2007. LNCS, vol. 4622, pp. 150\u2013169. Springer, Heidelberg (2007). https:\/\/doi.org\/10.1007\/978-3-540-74143-5_9"},{"key":"7_CR20","doi-asserted-by":"publisher","first-page":"267","DOI":"10.1007\/BFb0054868","volume-title":"International Algorithmic Number Theory Symposium, Springer","author":"J Hoffstein","year":"1998","unstructured":"Hoffstein, J., Pipher, J., Silverman, J.H.: NTRU: a ring-based public key cryptosystem. In: Buhler, J.P. (ed.) International Algorithmic Number Theory Symposium, Springer, vol. 1423, pp. 267\u2013288. Springer, Berlin, Heidelberg (1998). https:\/\/doi.org\/10.1007\/BFb0054868"},{"key":"7_CR21","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"232","DOI":"10.1007\/978-3-319-66787-4_12","volume-title":"Cryptographic Hardware and Embedded Systems \u2013 CHES 2017","author":"A H\u00fclsing","year":"2017","unstructured":"H\u00fclsing, A., Rijneveld, J., Schanck, J., Schwabe, P.: High-speed key encapsulation from NTRU. In: Fischer, W., Homma, N. (eds.) CHES 2017. LNCS, vol. 10529, pp. 232\u2013252. Springer, Cham (2017). https:\/\/doi.org\/10.1007\/978-3-319-66787-4_12"},{"key":"7_CR22","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"43","DOI":"10.1007\/978-3-662-47989-6_3","volume-title":"Advances in Cryptology \u2013 CRYPTO 2015","author":"P Kirchner","year":"2015","unstructured":"Kirchner, P., Fouque, P.-A.: An improved BKW algorithm for LWE with applications to cryptography and lattices. In: Gennaro, R., Robshaw, M. (eds.) CRYPTO 2015. LNCS, vol. 9215, pp. 43\u201362. Springer, Heidelberg (2015). https:\/\/doi.org\/10.1007\/978-3-662-47989-6_3"},{"key":"7_CR23","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"69","DOI":"10.1007\/978-3-319-59879-6_5","volume-title":"Post-Quantum Cryptography","author":"G Kachigar","year":"2017","unstructured":"Kachigar, G., Tillich, J.-P.: Quantum information set decoding algorithms. In: Lange, T., Takagi, T. (eds.) PQCrypto 2017. LNCS, vol. 10346, pp. 69\u201389. Springer, Cham (2017). https:\/\/doi.org\/10.1007\/978-3-319-59879-6_5"},{"key":"7_CR24","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1007\/978-3-642-13190-5_1","volume-title":"Advances in Cryptology \u2013 EUROCRYPT 2010","author":"V Lyubashevsky","year":"2010","unstructured":"Lyubashevsky, V., Peikert, C., Regev, O.: On ideal lattices and learning with errors over rings. In: Gilbert, H. (ed.) EUROCRYPT 2010. LNCS, vol. 6110, pp. 1\u201323. Springer, Heidelberg (2010). https:\/\/doi.org\/10.1007\/978-3-642-13190-5_1"},{"key":"7_CR25","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"738","DOI":"10.1007\/978-3-642-29011-4_43","volume-title":"Advances in Cryptology \u2013 EUROCRYPT 2012","author":"V Lyubashevsky","year":"2012","unstructured":"Lyubashevsky, V.: Lattice signatures without trapdoors. In: Pointcheval, D., Johansson, T. (eds.) EUROCRYPT 2012. LNCS, vol. 7237, pp. 738\u2013755. Springer, Heidelberg (2012). https:\/\/doi.org\/10.1007\/978-3-642-29011-4_43"},{"key":"7_CR26","doi-asserted-by":"crossref","unstructured":"May, A.: How to meet ternary lwe keys, Cryptology ePrint Archive, Report 2021\/216 (2021). https:\/\/eprint.iacr.org\/2021\/216","DOI":"10.1007\/978-3-030-84245-1_24"},{"issue":"1","key":"7_CR27","doi-asserted-by":"publisher","first-page":"142","DOI":"10.1137\/090745854","volume":"40","author":"F Magniez","year":"2011","unstructured":"Magniez, F., Nayak, A., Roland, J., Santha, M.: Search via quantum walk. SIAM J. Comput. 40(1), 142\u2013164 (2011)","journal-title":"SIAM J. Comput."},{"key":"7_CR28","doi-asserted-by":"publisher","first-page":"135","DOI":"10.1016\/j.ipl.2004.01.016","volume":"90","author":"G Nivasch","year":"2004","unstructured":"Nivasch, G.: Cycle detection using a stack. Inf. Process. Lett. 90, 135\u2013140 (2004)","journal-title":"Inf. Process. Lett."},{"key":"7_CR29","unstructured":"Prest, T., et al.: Falcon, Technical report, National Institute of Standards and Technology (2019). https:\/\/csrc.nist.gov\/projects\/post-quantum-cryptography\/round-2-submissions"},{"key":"7_CR30","doi-asserted-by":"publisher","first-page":"331","DOI":"10.1007\/BF01933667","volume":"15","author":"JM Pollard","year":"1975","unstructured":"Pollard, J.M.: A Monte Carlo method for factorization. BIT Numer. Math. 15, 331\u2013334 (1975)","journal-title":"BIT Numer. Math."},{"key":"7_CR31","doi-asserted-by":"crossref","unstructured":"Regev, O.: New lattice based cryptographic constructions. In: 35th ACM STOC, pp. 407\u2013416. ACM Press (2003)","DOI":"10.1145\/780542.780603"},{"key":"7_CR32","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"617","DOI":"10.1007\/978-3-642-10366-7_36","volume-title":"Advances in Cryptology \u2013 ASIACRYPT 2009","author":"D Stehl\u00e9","year":"2009","unstructured":"Stehl\u00e9, D., Steinfeld, R., Tanaka, K., Xagawa, K.: Efficient public key encryption based on ideal lattices. In: Matsui, M. (ed.) ASIACRYPT 2009. LNCS, vol. 5912, pp. 617\u2013635. Springer, Heidelberg (2009). https:\/\/doi.org\/10.1007\/978-3-642-10366-7_36"},{"key":"7_CR33","first-page":"536","volume":"2007","author":"S Tani","year":"2007","unstructured":"Tani, S.: In improved claw finding algorithm using quantum walk. Math. Found. Comput. Sci. 2007, 536\u2013547 (2007)","journal-title":"Math. Found. Comput. Sci."}],"container-title":["Lecture Notes in Computer Science","Post-Quantum Cryptography"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-030-81293-5_7","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2022,7,22]],"date-time":"2022-07-22T19:45:48Z","timestamp":1658519148000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/978-3-030-81293-5_7"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2021]]},"ISBN":["9783030812928","9783030812935"],"references-count":33,"URL":"https:\/\/doi.org\/10.1007\/978-3-030-81293-5_7","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"value":"0302-9743","type":"print"},{"value":"1611-3349","type":"electronic"}],"subject":[],"published":{"date-parts":[[2021]]},"assertion":[{"value":"15 July 2021","order":1,"name":"first_online","label":"First Online","group":{"name":"ChapterHistory","label":"Chapter History"}},{"value":"PQCrypto","order":1,"name":"conference_acronym","label":"Conference Acronym","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"International Conference on Post-Quantum Cryptography","order":2,"name":"conference_name","label":"Conference Name","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Daejeon","order":3,"name":"conference_city","label":"Conference City","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Korea (Republic of)","order":4,"name":"conference_country","label":"Conference Country","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"2021","order":5,"name":"conference_year","label":"Conference Year","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"20 July 2021","order":7,"name":"conference_start_date","label":"Conference Start Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"22 July 2021","order":8,"name":"conference_end_date","label":"Conference End Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"12","order":9,"name":"conference_number","label":"Conference Number","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"pqcrypto2021","order":10,"name":"conference_id","label":"Conference ID","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"http:\/\/pqcrypto2021.kr\/","order":11,"name":"conference_url","label":"Conference URL","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Double-blind","order":1,"name":"type","label":"Type","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"EasyChair","order":2,"name":"conference_management_system","label":"Conference Management System","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"65","order":3,"name":"number_of_submissions_sent_for_review","label":"Number of Submissions Sent for Review","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"25","order":4,"name":"number_of_full_papers_accepted","label":"Number of Full Papers Accepted","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"0","order":5,"name":"number_of_short_papers_accepted","label":"Number of Short Papers Accepted","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"38% - The value is computed by the equation \"Number of Full Papers Accepted \/ Number of Submissions Sent for Review * 100\" and then rounded to a whole number.","order":6,"name":"acceptance_rate_of_full_papers","label":"Acceptance Rate of Full Papers","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"3.2","order":7,"name":"average_number_of_reviews_per_paper","label":"Average Number of Reviews per Paper","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"2","order":8,"name":"average_number_of_papers_per_reviewer","label":"Average Number of Papers per Reviewer","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"Yes","order":9,"name":"external_reviewers_involved","label":"External Reviewers Involved","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}}]}}