{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,2,8]],"date-time":"2026-02-08T09:42:33Z","timestamp":1770543753507,"version":"3.49.0"},"publisher-location":"Cham","reference-count":28,"publisher":"Springer Nature Switzerland","isbn-type":[{"value":"9783031159817","type":"print"},{"value":"9783031159824","type":"electronic"}],"license":[{"start":{"date-parts":[[2022,1,1]],"date-time":"2022-01-01T00:00:00Z","timestamp":1640995200000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.springer.com\/tdm"},{"start":{"date-parts":[[2022,1,1]],"date-time":"2022-01-01T00:00:00Z","timestamp":1640995200000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.springer.com\/tdm"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2022]]},"DOI":"10.1007\/978-3-031-15982-4_12","type":"book-chapter","created":{"date-parts":[[2022,10,11]],"date-time":"2022-10-11T04:40:54Z","timestamp":1665463254000},"page":"346-375","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":13,"title":["Partial Key Exposure Attacks on\u00a0BIKE, Rainbow and\u00a0NTRU"],"prefix":"10.1007","author":[{"ORCID":"https:\/\/orcid.org\/0000-0001-5806-3600","authenticated-orcid":false,"given":"Andre","family":"Esser","sequence":"first","affiliation":[]},{"ORCID":"https:\/\/orcid.org\/0000-0001-5965-5675","authenticated-orcid":false,"given":"Alexander","family":"May","sequence":"additional","affiliation":[]},{"ORCID":"https:\/\/orcid.org\/0000-0003-1388-6667","authenticated-orcid":false,"given":"Javier","family":"Verbel","sequence":"additional","affiliation":[]},{"given":"Weiqiang","family":"Wen","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2022,10,12]]},"reference":[{"key":"12_CR1","doi-asserted-by":"crossref","unstructured":"Albrecht, M.R., Deo, A., Paterson, K.G.: Cold boot attacks on ring and module LWE keys under the NTT. Cryptol. ePrint Arch. (3), 173\u2013213 (2018)","DOI":"10.46586\/tches.v2018.i3.173-213"},{"key":"12_CR2","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"717","DOI":"10.1007\/978-3-030-17656-3_25","volume-title":"Advances in Cryptology \u2013 EUROCRYPT 2019","author":"MR Albrecht","year":"2019","unstructured":"Albrecht, M.R., Ducas, L., Herold, G., Kirshanova, E., Postlethwaite, E.W., Stevens, M.: The general Sieve Kernel and new records in lattice reduction. In: Ishai, Y., Rijmen, V. (eds.) EUROCRYPT 2019. LNCS, vol. 11477, pp. 717\u2013746. Springer, Cham (2019). https:\/\/doi.org\/10.1007\/978-3-030-17656-3_25"},{"issue":"3","key":"12_CR3","doi-asserted-by":"publisher","first-page":"169","DOI":"10.1515\/jmc-2015-0016","volume":"9","author":"MR Albrecht","year":"2015","unstructured":"Albrecht, M.R., Player, R., Scott, S.: On the concrete hardness of learning with errors. J. Math. Cryptol. 9(3), 169\u2013203 (2015)","journal-title":"J. Math. Cryptol."},{"key":"12_CR4","unstructured":"Aragon, N., et al.: BIKE: bit flipping key encapsulation (2020)"},{"key":"12_CR5","unstructured":"Bellini, E., Makarim, R.H., Sanna, C., Verbel, J.: An estimator for the hardness of the MQ problem. Cryptology ePrint Archive, Paper 2022\/708 (2022). https:\/\/eprint.iacr.org\/2022\/708"},{"key":"12_CR6","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"27","DOI":"10.1007\/978-3-540-45146-4_2","volume-title":"Advances in Cryptology - CRYPTO 2003","author":"J Bl\u00f6mer","year":"2003","unstructured":"Bl\u00f6mer, J., May, A.: New partial key exposure attacks on RSA. In: Boneh, D. (ed.) CRYPTO 2003. LNCS, vol. 2729, pp. 27\u201343. Springer, Heidelberg (2003). https:\/\/doi.org\/10.1007\/978-3-540-45146-4_2"},{"key":"12_CR7","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"25","DOI":"10.1007\/3-540-49649-1_3","volume-title":"Advances in Cryptology \u2014 ASIACRYPT\u201998","author":"D Boneh","year":"1998","unstructured":"Boneh, D., Durfee, G., Frankel, Y.: An attack on RSA given a small fraction of the private key bits. In: Ohta, K., Pei, D. (eds.) ASIACRYPT 1998. LNCS, vol. 1514, pp. 25\u201334. Springer, Heidelberg (1998). https:\/\/doi.org\/10.1007\/3-540-49649-1_3"},{"key":"12_CR8","unstructured":"Chen, C., et al.: NTRU algorithm specifications and supporting documentation (2019). https:\/\/ntru.org\/f\/ntru-20190330.pdf"},{"issue":"4","key":"12_CR9","doi-asserted-by":"publisher","first-page":"233","DOI":"10.1007\/s001459900030","volume":"10","author":"D Coppersmith","year":"1997","unstructured":"Coppersmith, D.: Small solutions to polynomial equations, and low exponent RSA vulnerabilities. J. Cryptol. 10(4), 233\u2013260 (1997)","journal-title":"J. Cryptol."},{"key":"12_CR10","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"329","DOI":"10.1007\/978-3-030-56880-1_12","volume-title":"Advances in Cryptology \u2013 CRYPTO 2020","author":"D Dachman-Soled","year":"2020","unstructured":"Dachman-Soled, D., Ducas, L., Gong, H., Rossi, M.: LWE with side information: attacks and concrete security estimation. In: Micciancio, D., Ristenpart, T. (eds.) CRYPTO 2020. LNCS, vol. 12171, pp. 329\u2013358. Springer, Cham (2020). https:\/\/doi.org\/10.1007\/978-3-030-56880-1_12"},{"key":"12_CR11","unstructured":"Ding, J., Chen, M.S., Petzoldt, A., Schmidt, D., Yang, B.Y.: Rainbow. NIST CSRC (2020). https:\/\/csrc.nist.gov\/Projects\/post-quantum-cryptography\/round-3-submissions"},{"key":"12_CR12","doi-asserted-by":"crossref","unstructured":"Espitau, T., Fouque, P.A., G\u00e9rard, B., Tibouchi, M.: Side-channel attacks on BLISS lattice-based signatures: exploiting branch tracing against strongswan and electromagnetic emanations in microcontrollers. In: Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security, pp. 1857\u20131874 (2017)","DOI":"10.1145\/3133956.3134028"},{"key":"12_CR13","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"112","DOI":"10.1007\/978-3-030-97121-2_5","volume-title":"International Workshopon Public Key Cryptography","author":"A Esser","year":"2022","unstructured":"Esser, A., Bellini, E.: Syndrome decoding estimator. In: Hanaoka, G., Shikata, J., Watanabe, Y. (eds.) PKC 2022. LNCS, vol. 13177, pp. 112\u2013141. Springer, Heidelberg (2022). https:\/\/doi.org\/10.1007\/978-3-030-97121-2_5"},{"key":"12_CR14","doi-asserted-by":"crossref","unstructured":"Esser, A., May, A., Verbel, J., Wen, W.: Partial key exposure attacks on BIKE, Rainbow and NTRU. Cryptology ePrint Archive (2022)","DOI":"10.1007\/978-3-031-15982-4_12"},{"key":"12_CR15","unstructured":"Goldwasser, S., Kalai, Y.T., Peikert, C., Vaikuntanathan, V.: Robustness of the learning with errors assumption. In: ICS, pp. 230\u2013240. Tsinghua University Press, Beijing (2010)"},{"issue":"5","key":"12_CR16","doi-asserted-by":"publisher","first-page":"91","DOI":"10.1145\/1506409.1506429","volume":"52","author":"JA Halderman","year":"2009","unstructured":"Halderman, J.A., et al.: Lest we remember: cold-boot attacks on encryption keys. Commun. ACM 52(5), 91\u201398 (2009)","journal-title":"Commun. ACM"},{"key":"12_CR17","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"351","DOI":"10.1007\/978-3-642-14623-7_19","volume-title":"Advances in Cryptology \u2013 CRYPTO 2010","author":"W Henecka","year":"2010","unstructured":"Henecka, W., May, A., Meurer, A.: Correcting errors in RSA private keys. In: Rabin, T. (ed.) CRYPTO 2010. LNCS, vol. 6223, pp. 351\u2013369. Springer, Heidelberg (2010). https:\/\/doi.org\/10.1007\/978-3-642-14623-7_19"},{"key":"12_CR18","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1007\/978-3-642-03356-8_1","volume-title":"Advances in Cryptology - CRYPTO 2009","author":"N Heninger","year":"2009","unstructured":"Heninger, N., Shacham, H.: Reconstructing RSA private keys from random key bits. In: Halevi, S. (ed.) CRYPTO 2009. LNCS, vol. 5677, pp. 1\u201317. Springer, Heidelberg (2009). https:\/\/doi.org\/10.1007\/978-3-642-03356-8_1"},{"key":"12_CR19","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"60","DOI":"10.1007\/978-3-030-98365-9_4","volume-title":"International Workshop on Code-Based Cryptography (CBCrypto)","author":"A Horlemann","year":"2021","unstructured":"Horlemann, A., Puchinger, S., Renner, J., Schamberger, T., Wachter-Zeh, A.: Information-set decoding with hints. In: Wachter-Zeh, A., Bartz, H., Liva, G. (eds.) CBCrypto 2021. LNCS, vol. 13150, pp. 60\u201383. Springer, Heidelberg (2021). https:\/\/doi.org\/10.1007\/978-3-030-98365-9_4"},{"key":"12_CR20","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"206","DOI":"10.1007\/3-540-48910-X_15","volume-title":"Advances in Cryptology \u2014 EUROCRYPT \u201999","author":"A Kipnis","year":"1999","unstructured":"Kipnis, A., Patarin, J., Goubin, L.: Unbalanced oil and vinegar signature schemes. In: Stern, J. (ed.) EUROCRYPT 1999. LNCS, vol. 1592, pp. 206\u2013222. Springer, Heidelberg (1999). https:\/\/doi.org\/10.1007\/3-540-48910-X_15"},{"key":"12_CR21","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"701","DOI":"10.1007\/978-3-030-84245-1_24","volume-title":"Advances in Cryptology \u2013 CRYPTO 2021","author":"A May","year":"2021","unstructured":"May, A.: How to meet ternary LWE keys. In: Malkin, T., Peikert, C. (eds.) CRYPTO 2021. LNCS, vol. 12826, pp. 701\u2013731. Springer, Cham (2021). https:\/\/doi.org\/10.1007\/978-3-030-84245-1_24"},{"key":"12_CR22","unstructured":"Melchor, C.A., et al.: Hamming quasi-cyclic (HQC) (2020)"},{"key":"12_CR23","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"386","DOI":"10.1007\/978-3-642-34961-4_24","volume-title":"Advances in Cryptology \u2013 ASIACRYPT 2012","author":"KG Paterson","year":"2012","unstructured":"Paterson, K.G., Polychroniadou, A., Sibborn, D.L.: A coding-theoretic approach to recovering noisy RSA keys. In: Wang, X., Sako, K. (eds.) ASIACRYPT 2012. LNCS, vol. 7658, pp. 386\u2013403. Springer, Heidelberg (2012). https:\/\/doi.org\/10.1007\/978-3-642-34961-4_24"},{"key":"12_CR24","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"107","DOI":"10.1007\/978-3-319-71667-1_6","volume-title":"Progress in Cryptology \u2013 INDOCRYPT 2017","author":"KG Paterson","year":"2017","unstructured":"Paterson, K.G., Villanueva-Polanco, R.: Cold boot attacks on NTRU. In: Patra, A., Smart, N.P. (eds.) INDOCRYPT 2017. LNCS, vol. 10698, pp. 107\u2013125. Springer, Cham (2017). https:\/\/doi.org\/10.1007\/978-3-319-71667-1_6"},{"key":"12_CR25","unstructured":"Polanco, R.V.: Cold boot attacks on post-quantum schemes. Ph.D. thesis, Royal Holloway. University of London (2019)"},{"issue":"5","key":"12_CR26","doi-asserted-by":"publisher","first-page":"5","DOI":"10.1109\/TIT.1962.1057777","volume":"8","author":"E Prange","year":"1962","unstructured":"Prange, E.: The use of information sets in decoding cyclic codes. IRE Trans. Inf. Theory 8(5), 5\u20139 (1962)","journal-title":"IRE Trans. Inf. Theory"},{"key":"12_CR27","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"40","DOI":"10.1007\/978-3-030-30530-7_3","volume-title":"Progress in Cryptology \u2013 LATINCRYPT 2019","author":"R Villanueva-Polanco","year":"2019","unstructured":"Villanueva-Polanco, R.: Cold boot attacks on bliss. In: Schwabe, P., Th\u00e9riault, N. (eds.) LATINCRYPT 2019. LNCS, vol. 11774, pp. 40\u201361. Springer, Cham (2019). https:\/\/doi.org\/10.1007\/978-3-030-30530-7_3"},{"key":"12_CR28","doi-asserted-by":"crossref","unstructured":"Villanueva-Polanco, R.: Cold boot attacks on LUOV. Appl. Sci. 10(12), 4106 (2020). http:\/\/orcid.org\/10.3390\/app10124106","DOI":"10.3390\/app10124106"}],"container-title":["Lecture Notes in Computer Science","Advances in Cryptology \u2013 CRYPTO 2022"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-031-15982-4_12","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,10,10]],"date-time":"2025-10-10T22:04:59Z","timestamp":1760133899000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/978-3-031-15982-4_12"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2022]]},"ISBN":["9783031159817","9783031159824"],"references-count":28,"URL":"https:\/\/doi.org\/10.1007\/978-3-031-15982-4_12","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"value":"0302-9743","type":"print"},{"value":"1611-3349","type":"electronic"}],"subject":[],"published":{"date-parts":[[2022]]},"assertion":[{"value":"12 October 2022","order":1,"name":"first_online","label":"First Online","group":{"name":"ChapterHistory","label":"Chapter History"}},{"value":"CRYPTO","order":1,"name":"conference_acronym","label":"Conference Acronym","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Annual International Cryptology Conference","order":2,"name":"conference_name","label":"Conference Name","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Santa Barbara, CA","order":3,"name":"conference_city","label":"Conference City","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"USA","order":4,"name":"conference_country","label":"Conference Country","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"2022","order":5,"name":"conference_year","label":"Conference Year","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"15 August 2022","order":7,"name":"conference_start_date","label":"Conference Start Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"18 August 2022","order":8,"name":"conference_end_date","label":"Conference End Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"42","order":9,"name":"conference_number","label":"Conference Number","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"crypto2022","order":10,"name":"conference_id","label":"Conference ID","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"https:\/\/crypto.iacr.org\/2022\/","order":11,"name":"conference_url","label":"Conference URL","group":{"name":"ConferenceInfo","label":"Conference Information"}}]}}