{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,11,24]],"date-time":"2025-11-24T07:15:37Z","timestamp":1763968537229,"version":"3.41.2"},"publisher-location":"Cham","reference-count":70,"publisher":"Springer Nature Switzerland","isbn-type":[{"type":"print","value":"9783031385476"},{"type":"electronic","value":"9783031385483"}],"license":[{"start":{"date-parts":[[2023,1,1]],"date-time":"2023-01-01T00:00:00Z","timestamp":1672531200000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"},{"start":{"date-parts":[[2023,1,1]],"date-time":"2023-01-01T00:00:00Z","timestamp":1672531200000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2023]]},"DOI":"10.1007\/978-3-031-38548-3_11","type":"book-chapter","created":{"date-parts":[[2023,8,8]],"date-time":"2023-08-08T19:02:27Z","timestamp":1691521347000},"page":"305-339","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":7,"title":["Cryptanalysis of Symmetric Primitives over Rings and a Key Recovery Attack on Rubato"],"prefix":"10.1007","author":[{"given":"Lorenzo","family":"Grassi","sequence":"first","affiliation":[]},{"given":"Irati","family":"Manterola Ayala","sequence":"additional","affiliation":[]},{"given":"Martha Norberg","family":"Hovd","sequence":"additional","affiliation":[]},{"given":"Morten","family":"\u00d8ygarden","sequence":"additional","affiliation":[]},{"given":"H\u00e5vard","family":"Raddum","sequence":"additional","affiliation":[]},{"given":"Qingju","family":"Wang","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2023,8,9]]},"reference":[{"key":"11_CR1","unstructured":"Lattigo v4, August 2022. EPFL-LDS, Tune Insight SA. https:\/\/github.com\/tuneinsight\/lattigo"},{"key":"11_CR2","doi-asserted-by":"crossref","unstructured":"Adams, W.W., Loustaunau, P.: An Introduction to Gr\u00f6bner Bases, vol. 3. American Mathematical Society (1994)","DOI":"10.1090\/gsm\/003"},{"key":"11_CR3","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"371","DOI":"10.1007\/978-3-030-34618-8_13","volume-title":"Advances in Cryptology \u2013 ASIACRYPT 2019","author":"MR Albrecht","year":"2019","unstructured":"Albrecht, M.R., et al.: Algebraic cryptanalysis of\u00a0STARK-friendly designs: application to MARVELlous and MiMC. In: Galbraith, S.D., Moriai, S. (eds.) ASIACRYPT 2019. LNCS, vol. 11923, pp. 371\u2013397. Springer, Cham (2019). https:\/\/doi.org\/10.1007\/978-3-030-34618-8_13"},{"key":"11_CR4","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"191","DOI":"10.1007\/978-3-662-53887-6_7","volume-title":"Advances in Cryptology \u2013 ASIACRYPT 2016","author":"M Albrecht","year":"2016","unstructured":"Albrecht, M., Grassi, L., Rechberger, C., Roy, A., Tiessen, T.: MiMC: efficient encryption and cryptographic hashing with minimal multiplicative complexity. In: Cheon, J.H., Takagi, T. (eds.) ASIACRYPT 2016. LNCS, vol. 10031, pp. 191\u2013219. Springer, Heidelberg (2016). https:\/\/doi.org\/10.1007\/978-3-662-53887-6_7"},{"issue":"3","key":"11_CR5","doi-asserted-by":"publisher","first-page":"1","DOI":"10.46586\/tosc.v2020.i3.1-45","volume":"2020","author":"A Aly","year":"2020","unstructured":"Aly, A., Ashur, T., Ben-Sasson, E., Dhooghe, S., Szepieniec, A.: Design of symmetric-key primitives for advanced cryptographic protocols. IACR Trans. Symmetric Cryptol. 2020(3), 1\u201345 (2020)","journal-title":"IACR Trans. Symmetric Cryptol."},{"key":"11_CR6","doi-asserted-by":"crossref","unstructured":"Ashur, T., Mahzoun, M., Toprakhisar, D.: Chaghri - a FHE-friendly block cipher. In: Proceedings of the 2022 ACM SIGSAC Conference on Computer and Communications Security, CCS 2022, pp. 139\u2013150. ACM (2022)","DOI":"10.1145\/3548606.3559364"},{"key":"11_CR7","unstructured":"Bardet, M., Faug\u00e8re, J.-C., Salvy, B.: On the complexity of Gr\u00f6bner basis computation of semi-regular overdetermined algebraic equations. In: Proceedings of the International Conference on Polynomial System Solving, pp. 71\u201374 (2004)"},{"key":"11_CR8","doi-asserted-by":"crossref","unstructured":"Baum, C., Braun, L., Munch-Hansen, A., Razet, B., Scholl, P.: Appenzeller to Brie: efficient zero-knowledge proofs for mixed-mode arithmetic and $$\\mathbb{Z} _{2^k}$$. In: Proceedings of the 2021 ACM SIGSAC Conference on Computer and Communications Security, pp. 192\u2013211 (2021)","DOI":"10.1145\/3460120.3484812"},{"key":"11_CR9","doi-asserted-by":"publisher","unstructured":"Baum, C., Braun, L., Munch-Hansen, A., Scholl, P.: Moz$$\\mathbb{Z} _{2^k}$$arella: efficient vector-OLE and zero-knowledge proofs over $$\\mathbb{Z} _{2^k}$$. In: Dodis, Y., Shrimpton, T. (eds.) Advances in Cryptology - CRYPTO 2022. LNCS, vol. 13510, pp. 329\u2013358. Springer, Cham (2022). https:\/\/doi.org\/10.1007\/978-3-031-15985-5_12","DOI":"10.1007\/978-3-031-15985-5_12"},{"key":"11_CR10","doi-asserted-by":"crossref","unstructured":"Beaulieu, R., Shors, D., Smith, J., Treatman-Clark, S., Weeks, B., Wingers, L.: The SIMON and SPECK lightweight block ciphers. In: Proceedings of the 52nd Annual Design Automation Conference, pp. 175:1\u2013175:6. ACM (2015)","DOI":"10.1145\/2744769.2747946"},{"key":"11_CR11","unstructured":"Beierle, C., et al.: Lightweight AEAD and hashing using the SPARKLE permutation family. Submission to the NIST lightweight cryptographic standardization process (Finalist)"},{"key":"11_CR12","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"84","DOI":"10.1007\/978-3-540-68351-3_8","volume-title":"New Stream Cipher Designs","author":"DJ Bernstein","year":"2008","unstructured":"Bernstein, D.J.: The Salsa20 family of stream ciphers. In: Robshaw, M., Billet, O. (eds.) New Stream Cipher Designs. LNCS, vol. 4986, pp. 84\u201397. Springer, Heidelberg (2008). https:\/\/doi.org\/10.1007\/978-3-540-68351-3_8"},{"key":"11_CR13","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"299","DOI":"10.1007\/978-3-030-56877-1_11","volume-title":"Advances in Cryptology \u2013 CRYPTO 2020","author":"T Beyne","year":"2020","unstructured":"Beyne, T., et al.: Out of oddity \u2013 new cryptanalytic techniques against symmetric primitives optimized for integrity proof systems. In: Micciancio, D., Ristenpart, T. (eds.) CRYPTO 2020. LNCS, vol. 12172, pp. 299\u2013328. Springer, Cham (2020). https:\/\/doi.org\/10.1007\/978-3-030-56877-1_11"},{"key":"11_CR14","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"12","DOI":"10.1007\/3-540-48910-X_2","volume-title":"Advances in Cryptology \u2014 EUROCRYPT 1999","author":"E Biham","year":"1999","unstructured":"Biham, E., Biryukov, A., Shamir, A.: Cryptanalysis of skipjack reduced to 31 rounds using impossible differentials. In: Stern, J. (ed.) EUROCRYPT 1999. LNCS, vol. 1592, pp. 12\u201323. Springer, Heidelberg (1999). https:\/\/doi.org\/10.1007\/3-540-48910-X_2"},{"key":"11_CR15","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"340","DOI":"10.1007\/3-540-44987-6_21","volume-title":"Advances in Cryptology \u2014 EUROCRYPT 2001","author":"E Biham","year":"2001","unstructured":"Biham, E., Dunkelman, O., Keller, N.: The rectangle attack \u2014 rectangling the serpent. In: Pfitzmann, B. (ed.) EUROCRYPT 2001. LNCS, vol. 2045, pp. 340\u2013357. Springer, Heidelberg (2001). https:\/\/doi.org\/10.1007\/3-540-44987-6_21"},{"issue":"1","key":"11_CR16","doi-asserted-by":"publisher","first-page":"3","DOI":"10.1007\/BF00630563","volume":"4","author":"E Biham","year":"1991","unstructured":"Biham, E., Shamir, A.: Differential cryptanalysis of DES-like cryptosystems. J. Cryptol. 4(1), 3\u201372 (1991)","journal-title":"J. Cryptol."},{"key":"11_CR17","doi-asserted-by":"publisher","unstructured":"Biham, E., Shamir, A.: Differential Cryptanalysis of the Data Encryption Standard. Springer, New York (1993). https:\/\/doi.org\/10.1007\/978-1-4613-9314-6","DOI":"10.1007\/978-1-4613-9314-6"},{"key":"11_CR18","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"344","DOI":"10.1007\/978-3-642-25385-0_19","volume-title":"Advances in Cryptology \u2013 ASIACRYPT 2011","author":"A Bogdanov","year":"2011","unstructured":"Bogdanov, A., Khovratovich, D., Rechberger, C.: Biclique cryptanalysis of the full AES. In: Lee, D.H., Wang, X. (eds.) ASIACRYPT 2011. LNCS, vol. 7073, pp. 344\u2013371. Springer, Heidelberg (2011). https:\/\/doi.org\/10.1007\/978-3-642-25385-0_19"},{"key":"11_CR19","unstructured":"Bosma, W., Cannon, J.J., Fieker, C., Steel, A. (eds.): Gr\u00f6bner bases over Euclidean rings. In: Magma Handbook, vol. 2.27. Computational Algebra Group, School of Mathematics and Statistics, University of Sydney. https:\/\/magma.maths.usyd.edu.au\/magma\/handbook\/text\/1259#14396"},{"key":"11_CR20","unstructured":"Bouvier, C., et al.: New design techniques for efficient arithmetization-oriented hash functions: anemoi permutations and Jive compression mode. Cryptology ePrint Archive, Paper 2022\/840 (2022). https:\/\/eprint.iacr.org\/2022\/840"},{"key":"11_CR21","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"3","DOI":"10.1007\/978-3-030-68869-1_1","volume-title":"Arithmetic of Finite Fields","author":"A Caminata","year":"2021","unstructured":"Caminata, A., Gorla, E.: Solving multivariate polynomial systems and an invariant from commutative algebra. In: Bajard, J.C., Topuzo\u011flu, A. (eds.) WAIFI 2020. LNCS, vol. 12542, pp. 3\u201336. Springer, Cham (2021). https:\/\/doi.org\/10.1007\/978-3-030-68869-1_1"},{"key":"11_CR22","doi-asserted-by":"crossref","unstructured":"Chen, H., Laine, K., Player, R.: Simple encrypted arithmetic library - SEAL v2.1. Cryptology ePrint Archive, Paper 2017\/224 (2017). https:\/\/eprint.iacr.org\/2017\/224","DOI":"10.1007\/978-3-319-70278-0_1"},{"key":"11_CR23","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"640","DOI":"10.1007\/978-3-030-92078-4_22","volume-title":"Advances in Cryptology \u2013 ASIACRYPT 2021","author":"J Cho","year":"2021","unstructured":"Cho, J., et al.: Transciphering framework for approximate homomorphic encryption. In: Tibouchi, M., Wang, H. (eds.) ASIACRYPT 2021. LNCS, vol. 13092, pp. 640\u2013669. Springer, Cham (2021). https:\/\/doi.org\/10.1007\/978-3-030-92078-4_22"},{"key":"11_CR24","doi-asserted-by":"publisher","unstructured":"Cosseron, O., Hoffmann, C., M\u00e9aux, P., Standaert, F.: Towards case-optimized hybrid homomorphic encryption - featuring the Elisabeth stream cipher. In: Agrawal, S., Lin, D. (eds.) Advances in Cryptology - ASIACRYPT 2022. LNCS, vol. 13793, pp. 32\u201367. Springer, Cham (2022). https:\/\/doi.org\/10.1007\/978-3-031-22969-5_2","DOI":"10.1007\/978-3-031-22969-5_2"},{"key":"11_CR25","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"769","DOI":"10.1007\/978-3-319-96881-0_26","volume-title":"Advances in Cryptology \u2013 CRYPTO 2018","author":"R Cramer","year":"2018","unstructured":"Cramer, R., Damg\u00e5rd, I., Escudero, D., Scholl, P., Xing, C.: SPD$$\\mathbb{Z}_{2^k}$$: efficient MPC mod $$2^k$$ for dishonest majority. In: Shacham, H., Boldyreva, A. (eds.) CRYPTO 2018. LNCS, vol. 10992, pp. 769\u2013798. Springer, Cham (2018). https:\/\/doi.org\/10.1007\/978-3-319-96881-0_26"},{"key":"11_CR26","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"222","DOI":"10.1007\/3-540-45325-3_20","volume-title":"Cryptography and Coding","author":"J Daemen","year":"2001","unstructured":"Daemen, J., Rijmen, V.: The wide trail design strategy. In: Honary, B. (ed.) Cryptography and Coding 2001. LNCS, vol. 2260, pp. 222\u2013238. Springer, Heidelberg (2001). https:\/\/doi.org\/10.1007\/3-540-45325-3_20"},{"key":"11_CR27","unstructured":"Dalskov, A.P., Escudero, D., Keller, M.: Fantastic four: honest-majority four-party secure computation with malicious security. In: USENIX Security Symposium, pp. 2183\u20132200 (2021)"},{"issue":"1","key":"11_CR28","doi-asserted-by":"publisher","first-page":"137","DOI":"10.1007\/BF01459082","volume":"40","author":"JD Dixon","year":"1982","unstructured":"Dixon, J.D.: Exact solution of linear equations using P-Adic expansions. Numer. Math. 40(1), 137\u2013141 (1982)","journal-title":"Numer. Math."},{"key":"11_CR29","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"662","DOI":"10.1007\/978-3-319-96884-1_22","volume-title":"Advances in Cryptology \u2013 CRYPTO 2018","author":"C Dobraunig","year":"2018","unstructured":"Dobraunig, C., et al.: Rasta: a cipher with low ANDdepth and few ANDs per bit. In: Shacham, H., Boldyreva, A. (eds.) CRYPTO 2018. LNCS, vol. 10991, pp. 662\u2013692. Springer, Cham (2018). https:\/\/doi.org\/10.1007\/978-3-319-96884-1_22"},{"key":"11_CR30","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"3","DOI":"10.1007\/978-3-030-77886-6_1","volume-title":"Advances in Cryptology \u2013 EUROCRYPT 2021","author":"C Dobraunig","year":"2021","unstructured":"Dobraunig, C., Grassi, L., Guinet, A., Kuijsters, D.: Ciminion: symmetric encryption based on Toffoli-gates over large finite fields. In: Canteaut, A., Standaert, F.-X. (eds.) EUROCRYPT 2021. LNCS, vol. 12697, pp. 3\u201334. Springer, Cham (2021). https:\/\/doi.org\/10.1007\/978-3-030-77886-6_1"},{"key":"11_CR31","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"477","DOI":"10.1007\/978-3-030-64837-4_16","volume-title":"Advances in Cryptology \u2013 ASIACRYPT 2020","author":"M Eichlseder","year":"2020","unstructured":"Eichlseder, M., et al.: An algebraic attack on ciphers with low-degree round functions: application to full MiMC. In: Moriai, S., Wang, H. (eds.) ASIACRYPT 2020. LNCS, vol. 12491, pp. 477\u2013506. Springer, Cham (2020). https:\/\/doi.org\/10.1007\/978-3-030-64837-4_16"},{"key":"11_CR32","unstructured":"Fan, J., Vercauteren, F.: Somewhat practical fully homomorphic encryption. Cryptology ePrint Archive, Paper 2012\/144 (2012). https:\/\/eprint.iacr.org\/2012\/144"},{"issue":"1\u20133","key":"11_CR33","doi-asserted-by":"publisher","first-page":"61","DOI":"10.1016\/S0022-4049(99)00005-5","volume":"139","author":"J-C Faug\u00e8re","year":"1999","unstructured":"Faug\u00e8re, J.-C.: A new efficient algorithm for computing Gr\u00f6bner bases (F$$_4$$). J. Pure Appl. Algebra 139(1\u20133), 61\u201388 (1999)","journal-title":"J. Pure Appl. Algebra"},{"issue":"4","key":"11_CR34","doi-asserted-by":"publisher","first-page":"329","DOI":"10.1006\/jsco.1993.1051","volume":"16","author":"J-C Faug\u00e8re","year":"1993","unstructured":"Faug\u00e8re, J.-C., Gianni, P., Lazard, D., Mora, T.: Efficient computation of zero-dimensional Gr\u00f6bner bases by change of ordering. J. Symb. Comput. 16(4), 329\u2013344 (1993)","journal-title":"J. Symb. Comput."},{"key":"11_CR35","unstructured":"Ganesh, C., Nitulescu, A., Soria-Vazquez, E.: Rinocchio: SNARKs for ring arithmetic. Cryptology ePrint Archive, Paper 2021\/322 (2021). https:\/\/eprint.iacr.org\/2021\/322"},{"key":"11_CR36","doi-asserted-by":"publisher","unstructured":"Geelen, R., Iliashenko, I., Kang, J., Vercauteren, F.: On polynomial functions modulo $$p^e$$ and faster bootstrapping for homomorphic encryption. In: Hazay, C., Stam, M. (eds.) Advances in Cryptology - EUROCRYPT 2023. LNCS, vol. 14006, pp. 257\u2013286. Springer, Cham (2023). https:\/\/doi.org\/10.1007\/978-3-031-30620-4_9","DOI":"10.1007\/978-3-031-30620-4_9"},{"issue":"3","key":"11_CR37","doi-asserted-by":"publisher","first-page":"1033","DOI":"10.1137\/060661259","volume":"38","author":"P Gopalan","year":"2008","unstructured":"Gopalan, P.: Query-efficient algorithms for polynomial interpolation over composites. SIAM J. Comput. 38(3), 1033\u20131057 (2008)","journal-title":"SIAM J. Comput."},{"key":"11_CR38","unstructured":"Grassi, L.: Bounded surjective quadratic functions over $$\\mathbb{F} _p^n$$ for MPC-\/ZK-\/HE-friendly symmetric primitives. Cryptology ePrint Archive, Paper 2022\/1313 (2022). https:\/\/eprint.iacr.org\/2022\/1313"},{"key":"11_CR39","doi-asserted-by":"crossref","unstructured":"Grassi, L., Ayala, I.M., Hovd, M.N., \u00d8ygarden, M., Raddum, H., Wang, Q.: Cryptanalysis of symmetric primitives over rings and a key recovery attack on Rubato. Cryptology ePrint Archive, Paper 2023\/822 (2023). https:\/\/eprint.iacr.org\/2023\/822","DOI":"10.1007\/978-3-031-38548-3_11"},{"key":"11_CR40","unstructured":"Grassi, L., Hao, Y., Rechberger, C., Schofnegger, M., Walch, R., Wang, Q.: Horst meets fluid-SPN: Griffin for zero-knowledge applications. Cryptology ePrint Archive, Paper 2022\/403 (2022). https:\/\/eprint.iacr.org\/2022\/403"},{"key":"11_CR41","doi-asserted-by":"crossref","unstructured":"Grassi, L., Khovratovich, D., L\u00fcftenegger, R., Rechberger, C., Schofnegger, M., Walch, R.: Reinforced concrete: a fast hash function for verifiable computation. In: Proceedings of the 2022 ACM SIGSAC Conference on Computer and Communications Security, CCS 202, pp. 1323\u20131335. ACM (2022)","DOI":"10.1145\/3548606.3560686"},{"key":"11_CR42","unstructured":"Grassi, L., Khovratovich, D., Rechberger, C., Roy, A., Schofnegger, M.: Poseidon: a new hash function for zero-knowledge proof systems. In: 30th USENIX Security Symposium, USENIX Security 2021, pp. 519\u2013535. USENIX Association (2021)"},{"issue":"1","key":"11_CR43","doi-asserted-by":"publisher","first-page":"5","DOI":"10.46586\/tosc.v2022.i1.5-37","volume":"2022","author":"L Grassi","year":"2022","unstructured":"Grassi, L., Khovratovich, D., R\u00f8njom, S., Schofnegger, M.: The Legendre symbol and the Modulo-2 operator in symmetric schemes over $$\\mathbb{F} ^n_p$$ preimage attack on full Grendel. IACR Trans. Symmetric Cryptol. 2022(1), 5\u201337 (2022)","journal-title":"IACR Trans. Symmetric Cryptol."},{"key":"11_CR44","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"674","DOI":"10.1007\/978-3-030-45724-2_23","volume-title":"Advances in Cryptology \u2013 EUROCRYPT 2020","author":"L Grassi","year":"2020","unstructured":"Grassi, L., L\u00fcftenegger, R., Rechberger, C., Rotaru, D., Schofnegger, M.: On a generalization of substitution-permutation networks: the HADES design strategy. In: Canteaut, A., Ishai, Y. (eds.) EUROCRYPT 2020. LNCS, vol. 12106, pp. 674\u2013704. Springer, Cham (2020). https:\/\/doi.org\/10.1007\/978-3-030-45724-2_23"},{"issue":"3","key":"11_CR45","doi-asserted-by":"publisher","first-page":"20","DOI":"10.46586\/tosc.v2022.i3.20-72","volume":"2022","author":"L Grassi","year":"2022","unstructured":"Grassi, L., Onofri, S., Pedicini, M., Sozzi, L.: Invertible quadratic non-linear layers for MPC-\/FHE-\/ZK-friendly schemes over $$\\mathbb{F} ^n_p$$ application to Poseidon. IACR Trans. Symmetric Cryptol. 2022(3), 20\u201372 (2022)","journal-title":"IACR Trans. Symmetric Cryptol."},{"key":"11_CR46","doi-asserted-by":"publisher","unstructured":"Grassi, L., \u00d8ygarden, M., Schofnegger, M., Walch, R.: From Farfalle to Megafono via Ciminion: the PRF hydra for MPC applications. In: Hazay, C., Stam, M. (eds.) Advances in Cryptology - EUROCRYPT 2023. LNCS, vol. 14007, pp. 255\u2013286. Springer, Cham (2023). https:\/\/doi.org\/10.1007\/978-3-031-30634-1_9","DOI":"10.1007\/978-3-031-30634-1_9"},{"key":"11_CR47","doi-asserted-by":"publisher","unstructured":"Ha, J., Kim, S., Lee, B., Lee, J., Son, M.: Rubato: noisy ciphers for approximate homomorphic encryption. In: Dunkelman, O., Dziembowski, S. (eds.) Advances in Cryptology - EUROCRYPT 2022. LNCS, vol. 13275, pp. 581\u2013610. Springer, Cham (2022). https:\/\/doi.org\/10.1007\/978-3-031-06944-4_20","DOI":"10.1007\/978-3-031-06944-4_20"},{"key":"11_CR48","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"28","DOI":"10.1007\/BFb0052332","volume-title":"Fast Software Encryption","author":"T Jakobsen","year":"1997","unstructured":"Jakobsen, T., Knudsen, L.R.: The interpolation attack on block ciphers. In: Biham, E. (ed.) FSE 1997. LNCS, vol. 1267, pp. 28\u201340. Springer, Heidelberg (1997). https:\/\/doi.org\/10.1007\/BFb0052332"},{"key":"11_CR49","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"35","DOI":"10.1007\/978-3-030-77886-6_2","volume-title":"Advances in Cryptology \u2013 EUROCRYPT 2021","author":"N Keller","year":"2021","unstructured":"Keller, N., Rosemarin, A.: Mind the middle layer: the HADES design strategy revisited. In: Canteaut, A., Standaert, F.-X. (eds.) EUROCRYPT 2021. LNCS, vol. 12697, pp. 35\u201363. Springer, Cham (2021). https:\/\/doi.org\/10.1007\/978-3-030-77886-6_2"},{"issue":"2","key":"11_CR50","doi-asserted-by":"publisher","first-page":"240","DOI":"10.1090\/S0002-9947-1921-1501173-4","volume":"22","author":"AJ Kempner","year":"1921","unstructured":"Kempner, A.J.: Polynomials and their residue systems. Trans. Am. Math. Soc. 22(2), 240\u2013266 (1921)","journal-title":"Trans. Am. Math. Soc."},{"key":"11_CR51","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"19","DOI":"10.1007\/3-540-48405-1_2","volume-title":"Advances in Cryptology \u2014 CRYPTO 1999","author":"A Kipnis","year":"1999","unstructured":"Kipnis, A., Shamir, A.: Cryptanalysis of the HFE public key cryptosystem by relinearization. In: Wiener, M. (ed.) CRYPTO 1999. LNCS, vol. 1666, pp. 19\u201330. Springer, Heidelberg (1999). https:\/\/doi.org\/10.1007\/3-540-48405-1_2"},{"key":"11_CR52","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"196","DOI":"10.1007\/3-540-60590-8_16","volume-title":"Fast Software Encryption","author":"LR Knudsen","year":"1995","unstructured":"Knudsen, L.R.: Truncated and higher order differentials. In: Preneel, B. (ed.) FSE 1994. LNCS, vol. 1008, pp. 196\u2013211. Springer, Heidelberg (1995). https:\/\/doi.org\/10.1007\/3-540-60590-8_16"},{"key":"11_CR53","unstructured":"Koti, N., Pancholi, M., Patra, A., Suresh, A.: SWIFT: super-fast and robust privacy-preserving machine learning. In: USENIX Security Symposium, pp. 2651\u20132668 (2021)"},{"key":"11_CR54","doi-asserted-by":"publisher","DOI":"10.1007\/978-1-4615-2694-0_23","volume-title":"Higher Order Derivatives and Differential Cryptanalysis","author":"X Lai","year":"1994","unstructured":"Lai, X.: Higher Order Derivatives and Differential Cryptanalysis. Springer, New York (1994). https:\/\/doi.org\/10.1007\/978-1-4615-2694-0_23"},{"key":"11_CR55","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"206","DOI":"10.1007\/978-3-642-22792-9_12","volume-title":"Advances in Cryptology \u2013 CRYPTO 2011","author":"G Leander","year":"2011","unstructured":"Leander, G., Abdelraheem, M.A., AlKhzaimi, H., Zenner, E.: A cryptanalysis of PRINTcipher: the invariant subspace attack. In: Rogaway, P. (ed.) CRYPTO 2011. LNCS, vol. 6841, pp. 206\u2013221. Springer, Heidelberg (2011). https:\/\/doi.org\/10.1007\/978-3-642-22792-9_12"},{"key":"11_CR56","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"254","DOI":"10.1007\/978-3-662-46800-5_11","volume-title":"Advances in Cryptology \u2013 EUROCRYPT 2015","author":"G Leander","year":"2015","unstructured":"Leander, G., Minaud, B., R\u00f8njom, S.: A generic approach to invariant subspace attacks: cryptanalysis of Robin, iSCREAM and Zorro. In: Oswald, E., Fischlin, M. (eds.) EUROCRYPT 2015. LNCS, vol. 9056, pp. 254\u2013283. Springer, Heidelberg (2015). https:\/\/doi.org\/10.1007\/978-3-662-46800-5_11"},{"key":"11_CR57","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"386","DOI":"10.1007\/3-540-48285-7_33","volume-title":"Advances in Cryptology \u2014 EUROCRYPT 1993","author":"M Matsui","year":"1994","unstructured":"Matsui, M.: Linear cryptanalysis method for DES cipher. In: Helleseth, T. (ed.) EUROCRYPT 1993. LNCS, vol. 765, pp. 386\u2013397. Springer, Heidelberg (1994). https:\/\/doi.org\/10.1007\/3-540-48285-7_33"},{"key":"11_CR58","doi-asserted-by":"crossref","unstructured":"Mohassel, P., Rindal, P.: ABY3: a mixed protocol framework for machine learning. In: Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security, pp. 35\u201352 (2018)","DOI":"10.1145\/3243734.3243760"},{"key":"11_CR59","unstructured":"National Institute of Standards and Technology. FIPS-46: Data Encryption Standard (DES) (1999). https:\/\/csrc.nist.gov\/csrc\/media\/publications\/fips\/46\/3\/archive\/1999-10-25\/documents\/fips46-3.pdf"},{"issue":"7","key":"11_CR60","doi-asserted-by":"publisher","first-page":"287","DOI":"10.1006\/ffta.2000.0282","volume":"2001","author":"RL Rivest","year":"2001","unstructured":"Rivest, R.L.: Permutation polynomials modulo $$2^w$$. Finite Fields Appl. 2001(7), 287\u2013292 (2001)","journal-title":"Finite Fields Appl."},{"key":"11_CR61","unstructured":"Singh, R.P., Maity, S.: Permutation polynomials modulo $$p^n$$. Cryptology ePrint Archive, Paper 2009\/393 (2009). https:\/\/eprint.iacr.org\/2009\/393"},{"issue":"5","key":"11_CR62","doi-asserted-by":"publisher","first-page":"345","DOI":"10.1016\/0022-314X(74)90031-6","volume":"6","author":"D Singmaster","year":"1974","unstructured":"Singmaster, D.: On polynomial functions (mod m). J. Num. Theory 6(5), 345\u2013352 (1974)","journal-title":"J. Num. Theory"},{"key":"11_CR63","unstructured":"Smart, N.: Bootstrapping for dummies. Zama Research Blog (2022). https:\/\/www.zama.ai\/post\/what-is-bootstrapping-homomorphic-encryption"},{"issue":"4","key":"11_CR64","doi-asserted-by":"publisher","first-page":"354","DOI":"10.1007\/BF02165411","volume":"13","author":"V Strassen","year":"1969","unstructured":"Strassen, V.: Gaussian elimination is not optimal. Numer. Math. 13(4), 354\u2013356 (1969)","journal-title":"Numer. Math."},{"issue":"6","key":"11_CR65","doi-asserted-by":"publisher","first-page":"845","DOI":"10.1007\/s10958-015-2531-1","volume":"209","author":"NN Vasiliev","year":"2015","unstructured":"Vasiliev, N.N., Kanzheleva, O.: Polynomial interpolation over the residue rings $$\\mathbb{Z} _n$$. J. Math. Sci. 209(6), 845\u2013850 (2015)","journal-title":"J. Math. Sci."},{"key":"11_CR66","doi-asserted-by":"crossref","unstructured":"von zur Gathen, J., Hartlieb, S.: Factoring modular polynomials. J. Symbol. Comput. 26, 583\u2013606 (1998)","DOI":"10.1006\/jsco.1998.0228"},{"issue":"1","key":"11_CR67","doi-asserted-by":"publisher","first-page":"188","DOI":"10.2478\/popets-2021-0011","volume":"2021","author":"S Wagh","year":"2021","unstructured":"Wagh, S., Tople, S., Benhamouda, F., Kushilevitz, E., Mittal, P., Rabin, T.: Falcon: honest-majority maliciously secure framework for private deep learning. Proc. Privacy Enhancing Technol. 2021(1), 188\u2013208 (2021)","journal-title":"Proc. Privacy Enhancing Technol."},{"key":"11_CR68","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"156","DOI":"10.1007\/3-540-48519-8_12","volume-title":"Fast Software Encryption","author":"D Wagner","year":"1999","unstructured":"Wagner, D.: The boomerang attack. In: Knudsen, L. (ed.) FSE 1999. LNCS, vol. 1636, pp. 156\u2013170. Springer, Heidelberg (1999). https:\/\/doi.org\/10.1007\/3-540-48519-8_12"},{"key":"11_CR69","unstructured":"Yu, Y., Wang, M.: Permutation polynomials and their differential properties over residue class rings. Cryptology ePrint Archive, Paper 2013\/251 (2013). https:\/\/eprint.iacr.org\/2013\/251"},{"key":"11_CR70","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"461","DOI":"10.1007\/0-387-34805-0_42","volume-title":"Advances in Cryptology \u2014 CRYPTO 1989 Proceedings","author":"Y Zheng","year":"1990","unstructured":"Zheng, Y., Matsumoto, T., Imai, H.: On the construction of block ciphers provably secure and not relying on any unproved hypotheses. In: Brassard, G. (ed.) CRYPTO 1989. LNCS, vol. 435, pp. 461\u2013480. Springer, New York (1990). https:\/\/doi.org\/10.1007\/0-387-34805-0_42"}],"container-title":["Lecture Notes in Computer Science","Advances in Cryptology \u2013 CRYPTO 2023"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-031-38548-3_11","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,7,26]],"date-time":"2025-07-26T22:02:40Z","timestamp":1753567360000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/978-3-031-38548-3_11"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2023]]},"ISBN":["9783031385476","9783031385483"],"references-count":70,"URL":"https:\/\/doi.org\/10.1007\/978-3-031-38548-3_11","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"type":"print","value":"0302-9743"},{"type":"electronic","value":"1611-3349"}],"subject":[],"published":{"date-parts":[[2023]]},"assertion":[{"value":"9 August 2023","order":1,"name":"first_online","label":"First Online","group":{"name":"ChapterHistory","label":"Chapter History"}},{"value":"CRYPTO","order":1,"name":"conference_acronym","label":"Conference Acronym","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Annual International Cryptology Conference","order":2,"name":"conference_name","label":"Conference Name","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Santa Barbara, CA","order":3,"name":"conference_city","label":"Conference City","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"USA","order":4,"name":"conference_country","label":"Conference Country","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"2023","order":5,"name":"conference_year","label":"Conference Year","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"20 August 2023","order":7,"name":"conference_start_date","label":"Conference Start Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"24 August 2023","order":8,"name":"conference_end_date","label":"Conference End Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"43","order":9,"name":"conference_number","label":"Conference Number","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"crypto2023","order":10,"name":"conference_id","label":"Conference ID","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"https:\/\/crypto.iacr.org\/2023\/","order":11,"name":"conference_url","label":"Conference URL","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Double-blind","order":1,"name":"type","label":"Type","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"HotCRP","order":2,"name":"conference_management_system","label":"Conference Management System","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"479","order":3,"name":"number_of_submissions_sent_for_review","label":"Number of Submissions Sent for Review","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"124","order":4,"name":"number_of_full_papers_accepted","label":"Number of Full Papers Accepted","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"0","order":5,"name":"number_of_short_papers_accepted","label":"Number of Short Papers Accepted","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"26% - The value is computed by the equation \"Number of Full Papers Accepted \/ Number of Submissions Sent for Review * 100\" and then rounded to a whole number.","order":6,"name":"acceptance_rate_of_full_papers","label":"Acceptance Rate of Full Papers","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"3","order":7,"name":"average_number_of_reviews_per_paper","label":"Average Number of Reviews per Paper","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"15","order":8,"name":"average_number_of_papers_per_reviewer","label":"Average Number of Papers per Reviewer","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"Yes","order":9,"name":"external_reviewers_involved","label":"External Reviewers Involved","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}}]}}