{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,6,6]],"date-time":"2026-06-06T19:39:52Z","timestamp":1780774792268,"version":"3.54.1"},"publisher-location":"Cham","reference-count":60,"publisher":"Springer International Publishing","isbn-type":[{"value":"9783031069437","type":"print"},{"value":"9783031069444","type":"electronic"}],"license":[{"start":{"date-parts":[[2022,1,1]],"date-time":"2022-01-01T00:00:00Z","timestamp":1640995200000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.springer.com\/tdm"},{"start":{"date-parts":[[2022,1,1]],"date-time":"2022-01-01T00:00:00Z","timestamp":1640995200000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.springer.com\/tdm"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2022]]},"DOI":"10.1007\/978-3-031-06944-4_20","type":"book-chapter","created":{"date-parts":[[2022,5,27]],"date-time":"2022-05-27T19:51:47Z","timestamp":1653681107000},"page":"581-610","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":41,"title":["$$\\mathsf {Rubato}$$: Noisy Ciphers for Approximate Homomorphic Encryption"],"prefix":"10.1007","author":[{"given":"Jincheol","family":"Ha","sequence":"first","affiliation":[],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"Seongkwang","family":"Kim","sequence":"additional","affiliation":[],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"Byeonghak","family":"Lee","sequence":"additional","affiliation":[],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"Jooyoung","family":"Lee","sequence":"additional","affiliation":[],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"Mincheol","family":"Son","sequence":"additional","affiliation":[],"role":[{"vocabulary":"crossref","role":"author"}]}],"member":"297","published-online":{"date-parts":[[2022,5,25]]},"reference":[{"key":"20_CR1","unstructured":"Albrecht, M., Cid, C., Faug\u00e8re, J.C., Fitzpatrick, R., Perret, L.: On the complexity of the Arora-Ge algorithm against LWE. In: SCC 2012 - Third International Conference on Symbolic Computation and Cryptography, pp. 93\u201399, July 2012"},{"key":"20_CR2","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"732","DOI":"10.1007\/978-3-030-84245-1_25","volume-title":"Advances in Cryptology \u2013 CRYPTO 2021","author":"MR Albrecht","year":"2021","unstructured":"Albrecht, M.R., Bai, S., Li, J., Rowell, J.: Lattice reduction with approximate enumeration oracles. In: Malkin, T., Peikert, C. (eds.) CRYPTO 2021. LNCS, vol. 12826, pp. 732\u2013759. Springer, Cham (2021). https:\/\/doi.org\/10.1007\/978-3-030-84245-1_25"},{"issue":"2","key":"20_CR3","doi-asserted-by":"publisher","first-page":"325","DOI":"10.1007\/s10623-013-9864-x","volume":"74","author":"MR Albrecht","year":"2015","unstructured":"Albrecht, M.R., Cid, C., Faug\u00e8re, J.C., Fitzpatrick, R., Perret, L.: On the complexity of the BKW algorithm on LWE. Des. Codes Crypt. 74(2), 325\u2013354 (2015)","journal-title":"Des. Codes Crypt."},{"key":"20_CR4","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"293","DOI":"10.1007\/978-3-319-12160-4_18","volume-title":"Information Security and Cryptology \u2013 ICISC 2013","author":"MR Albrecht","year":"2014","unstructured":"Albrecht, M.R., Fitzpatrick, R., G\u00f6pfert, F.: On the efficacy of solving LWE by reduction to unique-SVP. In: Lee, H.-S., Han, D.-G. (eds.) ICISC 2013. LNCS, vol. 8565, pp. 293\u2013310. Springer, Cham (2014). https:\/\/doi.org\/10.1007\/978-3-319-12160-4_18"},{"key":"20_CR5","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"297","DOI":"10.1007\/978-3-319-70694-8_11","volume-title":"Advances in Cryptology \u2013 ASIACRYPT 2017","author":"MR Albrecht","year":"2017","unstructured":"Albrecht, M.R., G\u00f6pfert, F., Virdia, F., Wunderer, T.: Revisiting the expected cost of solving uSVP and applications to LWE. In: Takagi, T., Peyrin, T. (eds.) ASIACRYPT 2017. LNCS, vol. 10624, pp. 297\u2013322. Springer, Cham (2017). https:\/\/doi.org\/10.1007\/978-3-319-70694-8_11"},{"key":"20_CR6","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"430","DOI":"10.1007\/978-3-662-46800-5_17","volume-title":"Advances in Cryptology \u2013 EUROCRYPT 2015","author":"MR Albrecht","year":"2015","unstructured":"Albrecht, M.R., Rechberger, C., Schneider, T., Tiessen, T., Zohner, M.: Ciphers for MPC and FHE. In: Oswald, E., Fischlin, M. (eds.) EUROCRYPT 2015. LNCS, vol. 9056, pp. 430\u2013454. Springer, Heidelberg (2015). https:\/\/doi.org\/10.1007\/978-3-662-46800-5_17"},{"key":"20_CR7","unstructured":"Alkim, E., Ducas, L., P\u00f6ppelmann, T., Schwabe, P.: Post-quantum key exchange: a new hope. In: SEC 2016, pp. 327\u2013343. USENIX Association, USA (2016)"},{"key":"20_CR8","doi-asserted-by":"crossref","unstructured":"Aly, A., Ashur, T., Ben-Sasson, E., Dhooghe, S., Szepieniec, A.: Design of symmetric-key primitives for advanced cryptographic protocols. IACR Trans. Symmetric Cryptol. 2020(3) (2020)","DOI":"10.46586\/tosc.v2020.i3.1-45"},{"key":"20_CR9","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"403","DOI":"10.1007\/978-3-642-22006-7_34","volume-title":"Automata, Languages and Programming","author":"S Arora","year":"2011","unstructured":"Arora, S., Ge, R.: New algorithms for learning in presence of errors. In: Aceto, L., Henzinger, M., Sgall, J. (eds.) ICALP 2011. LNCS, vol. 6755, pp. 403\u2013415. Springer, Heidelberg (2011). https:\/\/doi.org\/10.1007\/978-3-642-22006-7_34"},{"key":"20_CR10","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"322","DOI":"10.1007\/978-3-319-08344-5_21","volume-title":"Information Security and Privacy","author":"S Bai","year":"2014","unstructured":"Bai, S., Galbraith, S.D.: Lattice decoding attacks on binary LWE. In: Susilo, W., Mu, Y. (eds.) ACISP 2014. LNCS, vol. 8544, pp. 322\u2013337. Springer, Cham (2014). https:\/\/doi.org\/10.1007\/978-3-319-08344-5_21"},{"key":"20_CR11","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"184","DOI":"10.1007\/978-3-540-77360-3_13","volume-title":"Selected Areas in Cryptography","author":"T Baign\u00e8res","year":"2007","unstructured":"Baign\u00e8res, T., Stern, J., Vaudenay, S.: Linear cryptanalysis of non binary ciphers. In: Adams, C., Miri, A., Wiener, M. (eds.) SAC 2007. LNCS, vol. 4876, pp. 184\u2013211. Springer, Heidelberg (2007). https:\/\/doi.org\/10.1007\/978-3-540-77360-3_13"},{"key":"20_CR12","doi-asserted-by":"crossref","unstructured":"Becker, A., Ducas, L., Gama, N., Laarhoven, T.: New directions in nearest neighbor searching with applications to lattice sieving. In: Proceedings of the Twenty-Seventh Annual ACM-SIAM Symposium on Discrete Algorithms, pp. 10\u201324. SIAM (2016)","DOI":"10.1137\/1.9781611974331.ch2"},{"issue":"3","key":"20_CR13","doi-asserted-by":"publisher","first-page":"177","DOI":"10.1515\/JMC.2009.009","volume":"3","author":"L Bettale","year":"2009","unstructured":"Bettale, L., Faugere, J.C., Perret, L.: Hybrid approach for solving multivariate systems over finite fields. J. Math. Cryptol. 3(3), 177\u2013197 (2009)","journal-title":"J. Math. Cryptol."},{"key":"20_CR14","doi-asserted-by":"crossref","unstructured":"Bettale, L., Faug\u00e8re, J.C., Perret, L.: Solving polynomial systems over finite fields: improved analysis of the hybrid approach. In: Proceedings of the 37th International Symposium on Symbolic and Algebraic Computation, ISSAC 2012. Association for Computing Machinery (2012)","DOI":"10.1145\/2442829.2442843"},{"key":"20_CR15","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"299","DOI":"10.1007\/978-3-030-56877-1_11","volume-title":"Advances in Cryptology \u2013 CRYPTO 2020","author":"T Beyne","year":"2020","unstructured":"Beyne, T., et al.: Out of oddity \u2013 new cryptanalytic techniques against symmetric primitives optimized for integrity proof systems. In: Micciancio, D., Ristenpart, T. (eds.) CRYPTO 2020. LNCS, vol. 12172, pp. 299\u2013328. Springer, Cham (2020). https:\/\/doi.org\/10.1007\/978-3-030-56877-1_11"},{"issue":"4","key":"20_CR16","doi-asserted-by":"publisher","first-page":"506","DOI":"10.1145\/792538.792543","volume":"50","author":"A Blum","year":"2003","unstructured":"Blum, A., Kalai, A., Wasserman, H.: Noise-tolerant learning, the parity problem, and the statistical query model. J. ACM 50(4), 506\u2013519 (2003)","journal-title":"J. ACM"},{"key":"20_CR17","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"212","DOI":"10.1007\/978-3-030-20951-3_20","volume-title":"Cyber Security Cryptography and Machine Learning","author":"C Boura","year":"2019","unstructured":"Boura, C., Gama, N., Georgieva, M., Jetchev, D.: Simulating homomorphic evaluation of deep learning predictions. In: Dolev, S., Hendler, D., Lodha, S., Yung, M. (eds.) CSCML 2019. LNCS, vol. 11527, pp. 212\u2013230. Springer, Cham (2019). https:\/\/doi.org\/10.1007\/978-3-030-20951-3_20"},{"key":"20_CR18","doi-asserted-by":"crossref","unstructured":"Brakerski, Z., Gentry, C., Vaikuntanathan, V.: (Leveled) Fully homomorphic encryption without bootstrapping. In: Proceedings of the 3rd Innovations in Theoretical Computer Science Conference, pp. 309\u2013325. ACM (2012)","DOI":"10.1145\/2090236.2090262"},{"issue":"3","key":"20_CR19","doi-asserted-by":"publisher","first-page":"885","DOI":"10.1007\/s00145-017-9273-9","volume":"31","author":"A Canteaut","year":"2018","unstructured":"Canteaut, A., et al.: Stream ciphers: a practical solution for efficient homomorphic-ciphertext compression. J. Cryptol. 31(3), 885\u2013916 (2018)","journal-title":"J. Cryptol."},{"issue":"1","key":"20_CR20","doi-asserted-by":"publisher","first-page":"37","DOI":"10.1215\/S0012-7094-57-02406-7","volume":"24","author":"L Carlitz","year":"1957","unstructured":"Carlitz, L., Uchiyama, S.: Bounds for exponential sums. Duke Math. J. 24(1), 37\u201341 (1957)","journal-title":"Duke Math. J."},{"key":"20_CR21","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"460","DOI":"10.1007\/978-3-030-78372-3_18","volume-title":"Applied Cryptography and Network Security","author":"H Chen","year":"2021","unstructured":"Chen, H., Dai, W., Kim, M., Song, Y.: Efficient homomorphic conversion between (Ring) LWE ciphertexts. In: Sako, K., Tippenhauer, N.O. (eds.) ACNS 2021. LNCS, vol. 12726, pp. 460\u2013479. Springer, Cham (2021). https:\/\/doi.org\/10.1007\/978-3-030-78372-3_18"},{"key":"20_CR22","unstructured":"Chen, Y.: R\u00e9duction de R\u00e9seau et S\u00e9curit\u00e9 Concr\u00e8te du Chiffrement Compl\u00e8tement Homomorphe. Ph.D. thesis (2013). th\u00e8se de doctorat dirig\u00e9e par Nguyen, Phong-Quang Informatique Paris 7 2013"},{"key":"20_CR23","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1007\/978-3-642-25385-0_1","volume-title":"Advances in Cryptology \u2013 ASIACRYPT 2011","author":"Y Chen","year":"2011","unstructured":"Chen, Y., Nguyen, P.Q.: BKZ 2.0: better lattice security estimates. In: Lee, D.H., Wang, X. (eds.) ASIACRYPT 2011. LNCS, vol. 7073, pp. 1\u201320. Springer, Heidelberg (2011). https:\/\/doi.org\/10.1007\/978-3-642-25385-0_1"},{"key":"20_CR24","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"409","DOI":"10.1007\/978-3-319-70694-8_15","volume-title":"Advances in Cryptology \u2013 ASIACRYPT 2017","author":"JH Cheon","year":"2017","unstructured":"Cheon, J.H., Kim, A., Kim, M., Song, Y.: Homomorphic encryption for arithmetic of approximate numbers. In: Takagi, T., Peyrin, T. (eds.) ASIACRYPT 2017. LNCS, vol. 10624, pp. 409\u2013437. Springer, Cham (2017). https:\/\/doi.org\/10.1007\/978-3-319-70694-8_15"},{"key":"20_CR25","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"640","DOI":"10.1007\/978-3-030-92078-4_22","volume-title":"Advances in Cryptology \u2013 ASIACRYPT 2021","author":"J Cho","year":"2021","unstructured":"Cho, J., et al.: Transciphering framework for approximate homomorphic encryption. In: Tibouchi, M., Wang, H. (eds.) ASIACRYPT 2021. LNCS, vol. 13092, pp. 640\u2013669. Springer, Cham (2021). https:\/\/doi.org\/10.1007\/978-3-030-92078-4_22"},{"key":"20_CR26","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"535","DOI":"10.1007\/978-3-662-48800-3_22","volume-title":"Advances in Cryptology \u2013 ASIACRYPT 2015","author":"I Dinur","year":"2015","unstructured":"Dinur, I., Liu, Y., Meier, W., Wang, Q.: Optimized interpolation attacks on LowMC. In: Iwata, T., Cheon, J.H. (eds.) ASIACRYPT 2015. LNCS, vol. 9453, pp. 535\u2013560. Springer, Heidelberg (2015). https:\/\/doi.org\/10.1007\/978-3-662-48800-3_22"},{"key":"20_CR27","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"662","DOI":"10.1007\/978-3-319-96884-1_22","volume-title":"Advances in Cryptology \u2013 CRYPTO 2018","author":"C Dobraunig","year":"2018","unstructured":"Dobraunig, C., et al.: Rasta: a cipher with low ANDdepth and few ANDs per bit. In: Shacham, H., Boldyreva, A. (eds.) CRYPTO 2018. LNCS, vol. 10991, pp. 662\u2013692. Springer, Cham (2018). https:\/\/doi.org\/10.1007\/978-3-319-96884-1_22"},{"key":"20_CR28","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"87","DOI":"10.1007\/978-3-319-30840-1_6","volume-title":"Information Security and Cryptology - ICISC 2015","author":"C Dobraunig","year":"2016","unstructured":"Dobraunig, C., Eichlseder, M., Mendel, F.: Higher-order cryptanalysis of LowMC. In: Kwon, S., Yun, A. (eds.) ICISC 2015. LNCS, vol. 9558, pp. 87\u2013101. Springer, Cham (2016). https:\/\/doi.org\/10.1007\/978-3-319-30840-1_6"},{"key":"20_CR29","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"3","DOI":"10.1007\/978-3-030-77886-6_1","volume-title":"Advances in Cryptology \u2013 EUROCRYPT 2021","author":"C Dobraunig","year":"2021","unstructured":"Dobraunig, C., Grassi, L., Guinet, A., Kuijsters, D.: Ciminion: symmetric encryption based on Toffoli-gates over large finite fields. In: Canteaut, A., Standaert, F.-X. (eds.) EUROCRYPT 2021. LNCS, vol. 12697, pp. 3\u201334. Springer, Cham (2021). https:\/\/doi.org\/10.1007\/978-3-030-77886-6_1"},{"key":"20_CR30","unstructured":"Dobraunig, C., Grassi, L., Helminger, L., Rechberger, C., Schofnegger, M., Walch, R.: Pasta: a case for hybrid homomorphic encryption. Cryptology ePrint Archive, Report 2021\/731 (2021). https:\/\/ia.cr\/2021\/731"},{"key":"20_CR31","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"208","DOI":"10.1007\/978-3-662-44774-1_17","volume-title":"Financial Cryptography and Data Security","author":"Y Dor\u00f6z","year":"2014","unstructured":"Dor\u00f6z, Y., Shahverdi, A., Eisenbarth, T., Sunar, B.: Toward practical homomorphic evaluation of block ciphers using prince. In: B\u00f6hme, R., Brenner, M., Moore, T., Smith, M. (eds.) FC 2014. LNCS, vol. 8438, pp. 208\u2013220. Springer, Heidelberg (2014). https:\/\/doi.org\/10.1007\/978-3-662-44774-1_17"},{"key":"20_CR32","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"617","DOI":"10.1007\/978-3-662-46800-5_24","volume-title":"Advances in Cryptology \u2013 EUROCRYPT 2015","author":"L Ducas","year":"2015","unstructured":"Ducas, L., Micciancio, D.: FHEW: bootstrapping homomorphic encryption in less than a second. In: Oswald, E., Fischlin, M. (eds.) EUROCRYPT 2015. LNCS, vol. 9056, pp. 617\u2013640. Springer, Heidelberg (2015). https:\/\/doi.org\/10.1007\/978-3-662-46800-5_24"},{"key":"20_CR33","unstructured":"Dworkin, M.J.: SHA-3 standard: permutation-based hash and extendable-output functions. Technical report. National Institute of Standards and Technology (2015)"},{"key":"20_CR34","unstructured":"Fan, J., Vercauteren, F.: Somewhat practical fully homomorphic encryption. IACR Cryptology ePrint Archive, Report 2012\/144 (2012). https:\/\/eprint.iacr.org\/2012\/144"},{"key":"20_CR35","doi-asserted-by":"publisher","first-page":"117","DOI":"10.7146\/math.scand.a-12092","volume":"56","author":"R Fr\u00f6berg","year":"1985","unstructured":"Fr\u00f6berg, R.: An inequality for Hilbert series of graded algebras. Mathematica Scandinavica 56, 117\u2013144 (1985)","journal-title":"Mathematica Scandinavica"},{"key":"20_CR36","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"31","DOI":"10.1007\/978-3-540-78967-3_3","volume-title":"Advances in Cryptology \u2013 EUROCRYPT 2008","author":"N Gama","year":"2008","unstructured":"Gama, N., Nguyen, P.Q.: Predicting lattice reduction. In: Smart, N. (ed.) EUROCRYPT 2008. LNCS, vol. 4965, pp. 31\u201351. Springer, Heidelberg (2008). https:\/\/doi.org\/10.1007\/978-3-540-78967-3_3"},{"key":"20_CR37","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"257","DOI":"10.1007\/978-3-642-13190-5_13","volume-title":"Advances in Cryptology \u2013 EUROCRYPT 2010","author":"N Gama","year":"2010","unstructured":"Gama, N., Nguyen, P.Q., Regev, O.: Lattice enumeration using extreme pruning. In: Gilbert, H. (ed.) EUROCRYPT 2010. LNCS, vol. 6110, pp. 257\u2013278. Springer, Heidelberg (2010). https:\/\/doi.org\/10.1007\/978-3-642-13190-5_13"},{"key":"20_CR38","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"850","DOI":"10.1007\/978-3-642-32009-5_49","volume-title":"Advances in Cryptology \u2013 CRYPTO 2012","author":"C Gentry","year":"2012","unstructured":"Gentry, C., Halevi, S., Smart, N.P.: Homomorphic evaluation of the AES circuit. In: Safavi-Naini, R., Canetti, R. (eds.) CRYPTO 2012. LNCS, vol. 7417, pp. 850\u2013867. Springer, Heidelberg (2012). https:\/\/doi.org\/10.1007\/978-3-642-32009-5_49"},{"key":"20_CR39","unstructured":"G\u00f6pfert, F.: Securely instantiating cryptographic schemes based on the learning with errors assumption. Ph.D. thesis, Technische Universit\u00e4t, Darmstadt (2016)"},{"key":"20_CR40","unstructured":"Grassi, L., Khovratovich, D., Rechberger, C., Roy, A., Schofnegger, M.: POSEIDON: a new hash function for zero-knowledge proof systems. In: 30th USENIX Security Symposium (USENIX Security 2021), pp. 519\u2013535. USENIX Association, August 2021"},{"key":"20_CR41","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"222","DOI":"10.1007\/978-3-642-22792-9_13","volume-title":"Advances in Cryptology \u2013 CRYPTO 2011","author":"J Guo","year":"2011","unstructured":"Guo, J., Peyrin, T., Poschmann, A.: The PHOTON family of lightweight hash functions. In: Rogaway, P. (ed.) CRYPTO 2011. LNCS, vol. 6841, pp. 222\u2013239. Springer, Heidelberg (2011). https:\/\/doi.org\/10.1007\/978-3-642-22792-9_13"},{"key":"20_CR42","doi-asserted-by":"publisher","first-page":"194741","DOI":"10.1109\/ACCESS.2020.3033564","volume":"8","author":"J Ha","year":"2020","unstructured":"Ha, J., et al.: Masta: an HE-friendly cipher using modular arithmetic. IEEE Access 8, 194741\u2013194751 (2020)","journal-title":"IEEE Access"},{"key":"20_CR43","doi-asserted-by":"crossref","unstructured":"Ha, J., Kim, S., Lee, B., Lee, J., Son, M.: Rubato: noisy ciphers for approximate homomorphic encryption (Full Version). To appear in the IACR Cryptology ePrint Archive (2022)","DOI":"10.1007\/978-3-031-06944-4_20"},{"issue":"3","key":"20_CR44","doi-asserted-by":"publisher","first-page":"46","DOI":"10.46586\/tosc.v2020.i3.46-86","volume":"2020","author":"P Hebborn","year":"2020","unstructured":"Hebborn, P., Leander, G.: Dasta - alternative linear layer for Rasta. IACR Trans. Symmetric Cryptol. 2020(3), 46\u201386 (2020)","journal-title":"IACR Trans. Symmetric Cryptol."},{"key":"20_CR45","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"39","DOI":"10.1007\/978-3-030-65277-7_3","volume-title":"Progress in Cryptology \u2013 INDOCRYPT 2020","author":"C Hoffmann","year":"2020","unstructured":"Hoffmann, C., M\u00e9aux, P., Ricosset, T.: Transciphering, using FiLIP and TFHE for an efficient delegation of computation. In: Bhargavan, K., Oswald, E., Prabhakaran, M. (eds.) INDOCRYPT 2020. LNCS, vol. 12578, pp. 39\u201361. Springer, Cham (2020). https:\/\/doi.org\/10.1007\/978-3-030-65277-7_3"},{"key":"20_CR46","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"28","DOI":"10.1007\/BFb0052332","volume-title":"Fast Software Encryption","author":"T Jakobsen","year":"1997","unstructured":"Jakobsen, T., Knudsen, L.R.: The interpolation attack on block ciphers. In: Biham, E. (ed.) FSE 1997. LNCS, vol. 1267, pp. 28\u201340. Springer, Heidelberg (1997). https:\/\/doi.org\/10.1007\/BFb0052332"},{"key":"20_CR47","unstructured":"Laarhoven, T.: Search problems in cryptography: from fingerprinting to lattice sieving. Ph.D. thesis, Mathematics and Computer Science, February 2016, proefschrift"},{"key":"20_CR48","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"318","DOI":"10.1007\/978-3-319-06734-6_20","volume-title":"Progress in Cryptology \u2013 AFRICACRYPT 2014","author":"T Lepoint","year":"2014","unstructured":"Lepoint, T., Naehrig, M.: A comparison of the homomorphic encryption schemes FV and YASHE. In: Pointcheval, D., Vergnaud, D. (eds.) AFRICACRYPT 2014. LNCS, vol. 8469, pp. 318\u2013335. Springer, Cham (2014). https:\/\/doi.org\/10.1007\/978-3-319-06734-6_20"},{"key":"20_CR49","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"319","DOI":"10.1007\/978-3-642-19074-2_21","volume-title":"Topics in Cryptology \u2013 CT-RSA 2011","author":"R Lindner","year":"2011","unstructured":"Lindner, R., Peikert, C.: Better key sizes (and attacks) for LWE-based encryption. In: Kiayias, A. (ed.) CT-RSA 2011. LNCS, vol. 6558, pp. 319\u2013339. Springer, Heidelberg (2011). https:\/\/doi.org\/10.1007\/978-3-642-19074-2_21"},{"key":"20_CR50","doi-asserted-by":"crossref","unstructured":"Lu, W., Huang, Z., Hong, C., Ma, Y., Qu, H.: PEGASUS: bridging polynomial and non-polynomial evaluations in homomorphic encryption. In: 2021 IEEE Symposium on Security and Privacy (SP), pp. 1057\u20131073. IEEE Computer Society, May 2021","DOI":"10.1109\/SP40001.2021.00043"},{"key":"20_CR51","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"386","DOI":"10.1007\/3-540-48285-7_33","volume-title":"Advances in Cryptology \u2014 EUROCRYPT \u201993","author":"M Matsui","year":"1994","unstructured":"Matsui, M.: Linear cryptanalysis method for DES cipher. In: Helleseth, T. (ed.) EUROCRYPT 1993. LNCS, vol. 765, pp. 386\u2013397. Springer, Heidelberg (1994). https:\/\/doi.org\/10.1007\/3-540-48285-7_33"},{"key":"20_CR52","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"68","DOI":"10.1007\/978-3-030-35423-7_4","volume-title":"Progress in Cryptology \u2013 INDOCRYPT 2019","author":"P M\u00e9aux","year":"2019","unstructured":"M\u00e9aux, P., Carlet, C., Journault, A., Standaert, F.-X.: Improved filter permutators for efficient FHE: better instances and implementations. In: Hao, F., Ruj, S., Sen Gupta, S. (eds.) INDOCRYPT 2019. LNCS, vol. 11898, pp. 68\u201391. Springer, Cham (2019). https:\/\/doi.org\/10.1007\/978-3-030-35423-7_4"},{"key":"20_CR53","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"311","DOI":"10.1007\/978-3-662-49890-3_13","volume-title":"Advances in Cryptology \u2013 EUROCRYPT 2016","author":"P M\u00e9aux","year":"2016","unstructured":"M\u00e9aux, P., Journault, A., Standaert, F.-X., Carlet, C.: Towards stream ciphers for efficient FHE with low-noise ciphertexts. In: Fischlin, M., Coron, J.-S. (eds.) EUROCRYPT 2016. LNCS, vol. 9665, pp. 311\u2013343. Springer, Heidelberg (2016). https:\/\/doi.org\/10.1007\/978-3-662-49890-3_13"},{"key":"20_CR54","doi-asserted-by":"crossref","unstructured":"Naehrig, M., Lauter, K., Vaikuntanathan, V.: Can homomorphic encryption be practical? In: Proceedings of the 3rd ACM Workshop on Cloud Computing Security Workshop, pp. 113\u2013124. ACM (2011)","DOI":"10.1145\/2046660.2046682"},{"key":"20_CR55","doi-asserted-by":"publisher","first-page":"57414","DOI":"10.1109\/ACCESS.2020.2981818","volume":"8","author":"S Park","year":"2020","unstructured":"Park, S., Byun, J., Lee, J., Cheon, J.H., Lee, J.: HE-friendly algorithm for privacy-preserving SVM training. IEEE Access 8, 57414\u201357425 (2020)","journal-title":"IEEE Access"},{"key":"20_CR56","unstructured":"Player, R.: Parameter selection in lattice-based cryptography. Ph.D. thesis, Royal Holloway, University of London (2018)"},{"issue":"3","key":"20_CR57","doi-asserted-by":"publisher","first-page":"163","DOI":"10.46586\/tosc.v2018.i3.163-181","volume":"2018","author":"C Rechberger","year":"2018","unstructured":"Rechberger, C., Soleimany, H., Tiessen, T.: Cryptanalysis of low-data instances of full LowMCv2. IACR Trans. Symmetric Cryptol. 2018(3), 163\u2013181 (2018)","journal-title":"IACR Trans. Symmetric Cryptol."},{"issue":"6","key":"20_CR58","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1145\/1568318.1568324","volume":"56","author":"O Regev","year":"2009","unstructured":"Regev, O.: On lattices, learning with errors, random linear codes, and cryptography. J. ACM 56(6), 1\u201340 (2009)","journal-title":"J. ACM"},{"issue":"1","key":"20_CR59","doi-asserted-by":"publisher","first-page":"181","DOI":"10.1007\/BF01581144","volume":"66","author":"CP Schnorr","year":"1994","unstructured":"Schnorr, C.P., Euchner, M.: Lattice basis reduction: improved practical algorithms and solving subset sum problems. Math. Program. 66(1), 181\u2013199 (1994)","journal-title":"Math. Program."},{"key":"20_CR60","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"145","DOI":"10.1007\/3-540-36494-3_14","volume-title":"STACS 2003","author":"CP Schnorr","year":"2003","unstructured":"Schnorr, C.P.: Lattice reduction by random sampling and birthday methods. In: Alt, H., Habib, M. (eds.) STACS 2003. LNCS, vol. 2607, pp. 145\u2013156. Springer, Heidelberg (2003). https:\/\/doi.org\/10.1007\/3-540-36494-3_14"}],"container-title":["Lecture Notes in Computer Science","Advances in Cryptology \u2013 EUROCRYPT 2022"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-031-06944-4_20","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,5,26]],"date-time":"2025-05-26T22:03:20Z","timestamp":1748297000000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/978-3-031-06944-4_20"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2022]]},"ISBN":["9783031069437","9783031069444"],"references-count":60,"URL":"https:\/\/doi.org\/10.1007\/978-3-031-06944-4_20","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"value":"0302-9743","type":"print"},{"value":"1611-3349","type":"electronic"}],"subject":[],"published":{"date-parts":[[2022]]},"assertion":[{"value":"25 May 2022","order":1,"name":"first_online","label":"First Online","group":{"name":"ChapterHistory","label":"Chapter History"}},{"value":"EUROCRYPT","order":1,"name":"conference_acronym","label":"Conference Acronym","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Annual International Conference on the Theory and Applications of Cryptographic Techniques","order":2,"name":"conference_name","label":"Conference Name","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Trondheim","order":3,"name":"conference_city","label":"Conference City","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Norway","order":4,"name":"conference_country","label":"Conference Country","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"2022","order":5,"name":"conference_year","label":"Conference Year","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"30 May 2022","order":7,"name":"conference_start_date","label":"Conference Start Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"3 June 2022","order":8,"name":"conference_end_date","label":"Conference End Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"41","order":9,"name":"conference_number","label":"Conference Number","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"eurocrypt2022","order":10,"name":"conference_id","label":"Conference ID","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"https:\/\/eurocrypt.iacr.org\/2022\/","order":11,"name":"conference_url","label":"Conference URL","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Double-blind","order":1,"name":"type","label":"Type","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"HotCRP","order":2,"name":"conference_management_system","label":"Conference Management System","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"372","order":3,"name":"number_of_submissions_sent_for_review","label":"Number of Submissions Sent for Review","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"85","order":4,"name":"number_of_full_papers_accepted","label":"Number of Full Papers Accepted","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"0","order":5,"name":"number_of_short_papers_accepted","label":"Number of Short Papers Accepted","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"23% - The value is computed by the equation \"Number of Full Papers Accepted \/ Number of Submissions Sent for Review * 100\" and then rounded to a whole number.","order":6,"name":"acceptance_rate_of_full_papers","label":"Acceptance Rate of Full Papers","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"3","order":7,"name":"average_number_of_reviews_per_paper","label":"Average Number of Reviews per Paper","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"18","order":8,"name":"average_number_of_papers_per_reviewer","label":"Average Number of Papers per Reviewer","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"Yes","order":9,"name":"external_reviewers_involved","label":"External Reviewers Involved","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"Peer review was double-blind with rebuttal.","order":10,"name":"additional_info_on_review_process","label":"Additional Info on Review Process","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}}]}}