{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,4,28]],"date-time":"2026-04-28T00:49:23Z","timestamp":1777337363851,"version":"3.51.4"},"publisher-location":"Cham","reference-count":34,"publisher":"Springer Nature Switzerland","isbn-type":[{"value":"9783031587504","type":"print"},{"value":"9783031587511","type":"electronic"}],"license":[{"start":{"date-parts":[[2024,1,1]],"date-time":"2024-01-01T00:00:00Z","timestamp":1704067200000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"},{"start":{"date-parts":[[2024,1,1]],"date-time":"2024-01-01T00:00:00Z","timestamp":1704067200000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2024]]},"DOI":"10.1007\/978-3-031-58751-1_15","type":"book-chapter","created":{"date-parts":[[2024,4,28]],"date-time":"2024-04-28T03:01:57Z","timestamp":1714273317000},"page":"418-446","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":10,"title":["Evaluating the\u00a0Security of\u00a0CRYSTALS-Dilithium in\u00a0the\u00a0Quantum Random Oracle Model"],"prefix":"10.1007","author":[{"ORCID":"https:\/\/orcid.org\/0000-0002-7586-6111","authenticated-orcid":false,"given":"Kelsey A.","family":"Jackson","sequence":"first","affiliation":[]},{"ORCID":"https:\/\/orcid.org\/0000-0003-1917-1531","authenticated-orcid":false,"given":"Carl A.","family":"Miller","sequence":"additional","affiliation":[]},{"ORCID":"https:\/\/orcid.org\/0000-0001-5472-1207","authenticated-orcid":false,"given":"Daochen","family":"Wang","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2024,4,29]]},"reference":[{"key":"15_CR1","doi-asserted-by":"publisher","unstructured":"Ajtai, M.: Generating hard instances of lattice problems. In: Proceedings of the 28th ACM Symposium on the Theory of Computing (STOC). Philadelphia, Pennsylvania, USA: Association for Computing Machinery, pp. 99\u2013108 (1996). ISBN: 0897917855. https:\/\/doi.org\/10.1145\/237814.237838","DOI":"10.1145\/237814.237838"},{"key":"15_CR2","doi-asserted-by":"publisher","unstructured":"Alagic, G., et al.: Status report on the third round of the NIST postquantum cryptography standardization process. In: US Department of Commerce, NIST (2022). https:\/\/doi.org\/10.6028\/NIST.IR.8413-upd1","DOI":"10.6028\/NIST.IR.8413-upd1"},{"key":"15_CR3","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"297","DOI":"10.1007\/978-3-319-70694-8_11","volume-title":"Advances in Cryptology \u2013 ASIACRYPT 2017","author":"MR Albrecht","year":"2017","unstructured":"Albrecht, M.R., G\u00f6pfert, F., Virdia, F., Wunderer, T.: Revisiting the expected cost of solving uSVP and applications to LWE. In: Takagi, T., Peyrin, T. (eds.) ASIACRYPT 2017. LNCS, vol. 10624, pp. 297\u2013322. Springer, Cham (2017). https:\/\/doi.org\/10.1007\/978-3-319-70694-8_11"},{"key":"15_CR4","unstructured":"Alkim, Ducas, L., P\u00f6ppelmann, T., Schwabe, P.: Post-quantum key exchange\u2014a new hope. In: 25th USENIX Security Symposium (USENIX Security 16). Austin, TX: USENIX Association, pp. 327\u2013343 (2016). ISBN: 978-1-931971-32-4"},{"key":"15_CR5","unstructured":"Bai, S., et al.: CRYSTALSDilithium: algorithm specifications and supporting documentation (Version 3.1). Current: https:\/\/pq-crystals.org\/dilithium\/resources.shtml; Stable: https:\/\/doi.org\/10.13154\/tches.v2018.i1.238-268 (2021)"},{"key":"15_CR6","doi-asserted-by":"publisher","unstructured":"Barbosa, M., et al.: Fixing and mechanizing the security proof of Fiat-Shamir with aborts and Dilithium. In: Handschuh, H., Lysyanskaya, A., ed. Advances in Cryptology \u2013 CRYPTO 2023, pp. 358\u2013389. Springer Nature Switzerland, Cham (2023). ISBN: 978-3-031-38554-4. https:\/\/doi.org\/10.1007\/978-3-031-38554-4_12","DOI":"10.1007\/978-3-031-38554-4_12"},{"key":"15_CR7","doi-asserted-by":"publisher","unstructured":"Bellare, M., Neven, G.: Multi-signatures in the plain public-key model and a general forking lemma. In: Proceedings of the 13th ACM Conference on Computer and Communications Security. CCS \u201906. Alexandria, Virginia, USA: Association for Computing Machinery, pp. 390\u2013399 (2006). ISBN: 1595935185. https:\/\/doi.org\/10.1145\/1180405.1180453","DOI":"10.1145\/1180405.1180453"},{"key":"15_CR8","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"41","DOI":"10.1007\/978-3-642-25385-0_3","volume-title":"Advances in Cryptology \u2013 ASIACRYPT 2011","author":"D Boneh","year":"2011","unstructured":"Boneh, D., Dagdelen, \u00d6., Fischlin, M., Lehmann, A., Schaffner, C., Zhandry, M.: Random oracles in a quantum world. In: Lee, D.H., Wang, X. (eds.) ASIACRYPT 2011. LNCS, vol. 7073, pp. 41\u201369. Springer, Heidelberg (2011). https:\/\/doi.org\/10.1007\/978-3-642-25385-0_3"},{"key":"15_CR9","doi-asserted-by":"publisher","unstructured":"Chen, Y., Nguyen, P.Q.: BKZ 2.0: better lattice security estimates. In: Lee, H.D., Wang, X. ed. Advances in Cryptology \u2013 ASIACRYPT 2011, pp. 1\u201320. Springer Berlin Heidelberg, Berlin, Heidelberg (2011). ISBN: 978-3-642-25385-0. https:\/\/doi.org\/10.1007\/978-3-642-25385-0_1","DOI":"10.1007\/978-3-642-25385-0_1"},{"key":"15_CR10","doi-asserted-by":"publisher","unstructured":"Devevey, J., Fallahpour, P., Passel\u00e8gue, A., Stehl\u00e9, D.: A detailed analysis of Fiat-Shamir with aborts. In: Handschuh, H., Lysyanskaya, A. ed. Advances in Cryptology \u2013 CRYPTO 2023, pp. 327\u2013357. Springer Nature Switzerland, Cham (2023). ISBN: 978-3-031-38554-4. https:\/\/doi.org\/10.1007\/978-3-031-38554-4_11","DOI":"10.1007\/978-3-031-38554-4_11"},{"key":"15_CR11","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"602","DOI":"10.1007\/978-3-030-56877-1_21","volume-title":"Advances in Cryptology \u2013 CRYPTO 2020","author":"J Don","year":"2020","unstructured":"Don, J., Fehr, S., Majenz, C.: The measure-and-reprogram technique 2.0: multi-round Fiat-Shamir and more. In: Micciancio, D., Ristenpart, T. (eds.) CRYPTO 2020. LNCS, vol. 12172, pp. 602\u2013631. Springer, Cham (2020). https:\/\/doi.org\/10.1007\/978-3-030-56877-1_21"},{"key":"15_CR12","doi-asserted-by":"publisher","unstructured":"Dall\u2019Agnol, M., Spooner, N.: On the necessity of collapsing for post-quantum and quantum commitments. In: Fawzi, O., Walter, M., 18th Conference on the Theory of Quantum Computation, Communication and Cryptography (TQC 2023), vol. 266. Leibniz International Proceedings in Informatics (LIPIcs). Dagstuhl, Germany: Schloss Dagstuhl \u2013 Leibniz-Zentrum f\u00fcr Informatik, pp. 2:1\u20132:23 (2023). ISBN: 978-3-95977-283-9. https:\/\/doi.org\/10.4230\/LIPIcs.TQC.2023.2","DOI":"10.4230\/LIPIcs.TQC.2023.2"},{"key":"15_CR13","doi-asserted-by":"publisher","unstructured":"Grover, L.K.: A fast quantum mechanical algorithm for database search. In: Proceedings of the 28th ACM Symposium on the Theory of Computing (STOC), pp. 212\u2013219 (1996). https:\/\/doi.org\/10.1145\/237814.237866","DOI":"10.1145\/237814.237866"},{"key":"15_CR14","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"280","DOI":"10.1007\/978-3-030-45724-2_10","volume-title":"Advances in Cryptology \u2013 EUROCRYPT 2020","author":"S Jaques","year":"2020","unstructured":"Jaques, S., Naehrig, M., Roetteler, M., Virdia, F.: Implementing Grover oracles for quantum key search on AES and LowMC. In: Canteaut, A., Ishai, Y. (eds.) EUROCRYPT 2020. LNCS, vol. 12106, pp. 280\u2013310. Springer, Cham (2020). https:\/\/doi.org\/10.1007\/978-3-030-45724-2_10"},{"key":"15_CR15","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"552","DOI":"10.1007\/978-3-319-78372-7_18","volume-title":"Advances in Cryptology \u2013 EUROCRYPT 2018","author":"E Kiltz","year":"2018","unstructured":"Kiltz, E., Lyubashevsky, V., Schaffner, C.: A concrete treatment of Fiat-Shamir signatures in the quantum random-oracle model. In: Nielsen, J.B., Rijmen, V. (eds.) EUROCRYPT 2018. LNCS, vol. 10822, pp. 552\u2013586. Springer, Cham (2018). https:\/\/doi.org\/10.1007\/978-3-319-78372-7_18"},{"key":"15_CR16","unstructured":"Laarhoven, T.: Search problems in cryptography: from fingerprinting to lattice sieving. English. PhD Thesis. Mathematics and Computer Science (2016). ISBN: 978-90-386-4021-1"},{"key":"15_CR17","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"415","DOI":"10.1007\/978-3-030-71852-7_28","volume-title":"Information Security and Cryptology","author":"Z Liang","year":"2021","unstructured":"Liang, Z., et al.: Number theoretic transform: generalization, optimization, concrete analysis and applications. In: Wu, Y., Yung, M. (eds.) Inscrypt 2020. LNCS, vol. 12612, pp. 415\u2013432. Springer, Cham (2021). https:\/\/doi.org\/10.1007\/978-3-030-71852-7_28"},{"key":"15_CR18","doi-asserted-by":"publisher","unstructured":"Liu, J., Montgomery, H., Zhandry, M.: Another round of breaking and making quantum money: how to not build it from lattices, and more. In: Hazay, C., Stam, M., ed. Advances in Cryptology \u2013 EUROCRYPT 2023, pp. 611\u2013638. Springer Nature Switzerland, Cham (2023). ISBN: 978-3-031-30545-0. https:\/\/doi.org\/10.1007\/978-3-031-30545-0_21","DOI":"10.1007\/978-3-031-30545-0_21"},{"key":"15_CR19","doi-asserted-by":"publisher","unstructured":"Lyubashevsky, V., Neven, G.: One-shot verifiable encryption from lattices. In: Coron, J.-S., Nielsen, J.B., Advances in Cryptology \u2013 EUROCRYPT 2017. Springer International Publishing, Cham (2017). ISBN: 978-3-319-56620-7. https:\/\/doi.org\/10.1007\/978-3-319-56620-7_11","DOI":"10.1007\/978-3-319-56620-7_11"},{"key":"15_CR20","doi-asserted-by":"publisher","unstructured":"Langlois, A., Stehl\u00e9, D.: Worst-case to average-case reductions for module lattices. In: Designs, Codes and Cryptography 75 (2015), pp. 565\u2013599. https:\/\/doi.org\/10.1007\/s10623-014-9938-4","DOI":"10.1007\/s10623-014-9938-4"},{"key":"15_CR21","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"738","DOI":"10.1007\/978-3-642-29011-4_43","volume-title":"Advances in Cryptology \u2013 EUROCRYPT 2012","author":"V Lyubashevsky","year":"2012","unstructured":"Lyubashevsky, V.: Lattice signatures without trapdoors. In: Pointcheval, D., Johansson, T. (eds.) EUROCRYPT 2012. LNCS, vol. 7237, pp. 738\u2013755. Springer, Heidelberg (2012). https:\/\/doi.org\/10.1007\/978-3-642-29011-4_43"},{"key":"15_CR22","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"326","DOI":"10.1007\/978-3-030-26951-7_12","volume-title":"Advances in Cryptology \u2013 CRYPTO 2019","author":"Q Liu","year":"2019","unstructured":"Liu, Q., Zhandry, M.: Revisiting post-quantum Fiat-Shamir. In: Boldyreva, A., Micciancio, D. (eds.) CRYPTO 2019. LNCS, vol. 11693, pp. 326\u2013355. Springer, Cham (2019). https:\/\/doi.org\/10.1007\/978-3-030-26951-7_12"},{"key":"15_CR23","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"21","DOI":"10.1007\/978-3-642-40041-4_2","volume-title":"Advances in Cryptology \u2013 CRYPTO 2013","author":"D Micciancio","year":"2013","unstructured":"Micciancio, D., Peikert, C.: Hardness of SIS and LWE with small parameters. In: Canetti, R., Garay, J.A. (eds.) CRYPTO 2013. LNCS, vol. 8042, pp. 21\u201339. Springer, Heidelberg (2013). https:\/\/doi.org\/10.1007\/978-3-642-40041-4_2"},{"key":"15_CR24","doi-asserted-by":"publisher","unstructured":"Micciancio, D., Regev, O.: Lattice-based cryptography. In: Bernstein, D.J., Buchmann, J., Dahmen, E., ed. Post-Quantum Cryptography, pp. 147\u2013191. Springer, Berlin, Heidelberg (2009). ISBN: 978-3-540-88702-7. https:\/\/doi.org\/10.1007\/978-3-540-88702-7_5","DOI":"10.1007\/978-3-540-88702-7_5"},{"key":"15_CR25","doi-asserted-by":"publisher","unstructured":"National Institute of Standards and Technology. Module-Lattice-Based Digital Signature Standard. Tech. rep. Federal Information Processing Standards Publications (FIPS PUBS) 204. Washington, D.C.: U.S. Department of Commerce (2023). https:\/\/doi.org\/10.6028\/NIST.FIPS.204.ipd","DOI":"10.6028\/NIST.FIPS.204.ipd"},{"key":"15_CR26","doi-asserted-by":"publisher","unstructured":"Peikert, C.: Limits on the hardness of lattice problems in LP norms. In: Twenty-Second Annual IEEE Conference on Computational Complexity (CCC\u201907), pp. 333\u2013346 (2007). https:\/\/doi.org\/10.1109\/CCC.2007.12","DOI":"10.1109\/CCC.2007.12"},{"key":"15_CR27","doi-asserted-by":"publisher","unstructured":"Peikert, C.: A decade of lattice cryptography. Found. Trends Theor. Comput. Sci. 10(4), 283\u2013424 (2016). ISSN: 1551-305X. https:\/\/doi.org\/10.1561\/0400000074","DOI":"10.1561\/0400000074"},{"key":"15_CR28","doi-asserted-by":"publisher","unstructured":"Regev, O.: On lattices, learning with errors, random linear codes, and cryptography. J. ACM 56(6) (2009). ISSN: 0004-5411. https:\/\/doi.org\/10.1145\/1568318.1568324","DOI":"10.1145\/1568318.1568324"},{"issue":"1","key":"15_CR29","doi-asserted-by":"publisher","first-page":"181","DOI":"10.1007\/BF01581144","volume":"66","author":"CP Schnorr","year":"1994","unstructured":"Schnorr, C.P., Euchner, M.: Lattice basis reduction: improved practical algorithms and solving subset sum problems. Math. Program. 66(1), 181\u2013199 (1994). https:\/\/doi.org\/10.1007\/BF01581144","journal-title":"Math. Program."},{"key":"15_CR30","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"135","DOI":"10.1007\/978-3-642-29011-4_10","volume-title":"Advances in Cryptology \u2013 EUROCRYPT 2012","author":"D Unruh","year":"2012","unstructured":"Unruh, D.: Quantum Proofs of Knowledge. In: Pointcheval, D., Johansson, T. (eds.) EUROCRYPT 2012. LNCS, vol. 7237, pp. 135\u2013152. Springer, Heidelberg (2012). https:\/\/doi.org\/10.1007\/978-3-642-29011-4_10"},{"key":"15_CR31","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"166","DOI":"10.1007\/978-3-662-53890-6_6","volume-title":"Advances in Cryptology \u2013 ASIACRYPT 2016","author":"D Unruh","year":"2016","unstructured":"Unruh, D.: Collapse-binding quantum commitments without random oracles. In: Cheon, J.H., Takagi, T. (eds.) ASIACRYPT 2016. LNCS, vol. 10032, pp. 166\u2013195. Springer, Heidelberg (2016). https:\/\/doi.org\/10.1007\/978-3-662-53890-6_6"},{"key":"15_CR32","unstructured":"Wang, G., Xia, W., Shi, G., Wan, M., Zhang, Y., Gu, D.: Revisiting the concrete hardness of SelfTargetMSIS in CRYSTALS-Dilithium. Cryptology ePrint Archive, Paper 2022\/1601 (2022)"},{"key":"15_CR33","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"758","DOI":"10.1007\/978-3-642-32009-5_44","volume-title":"Advances in Cryptology \u2013 CRYPTO 2012","author":"M Zhandry","year":"2012","unstructured":"Zhandry, M.: Secure identity-based encryption in the quantum random oracle model. In: Safavi-Naini, R., Canetti, R. (eds.) CRYPTO 2012. LNCS, vol. 7417, pp. 758\u2013775. Springer, Heidelberg (2012). https:\/\/doi.org\/10.1007\/978-3-642-32009-5_44"},{"key":"15_CR34","doi-asserted-by":"publisher","unstructured":"Zhandry, M.: A note on the quantum collision and set equality problems. Quantum Inf. Comput. 15(7-8), 557\u2013567 (2015). ISSN: 1533\u20137146. https:\/\/doi.org\/10.26421\/QIC15.7-8-2","DOI":"10.26421\/QIC15.7-8-2"}],"container-title":["Lecture Notes in Computer Science","Advances in Cryptology \u2013 EUROCRYPT 2024"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-031-58751-1_15","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2026,4,28]],"date-time":"2026-04-28T00:03:53Z","timestamp":1777334633000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/978-3-031-58751-1_15"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2024]]},"ISBN":["9783031587504","9783031587511"],"references-count":34,"URL":"https:\/\/doi.org\/10.1007\/978-3-031-58751-1_15","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"value":"0302-9743","type":"print"},{"value":"1611-3349","type":"electronic"}],"subject":[],"published":{"date-parts":[[2024]]},"assertion":[{"value":"29 April 2024","order":1,"name":"first_online","label":"First Online","group":{"name":"ChapterHistory","label":"Chapter History"}},{"value":"EUROCRYPT","order":1,"name":"conference_acronym","label":"Conference Acronym","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Annual International Conference on the Theory and Applications of Cryptographic Techniques","order":2,"name":"conference_name","label":"Conference Name","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Zurich","order":3,"name":"conference_city","label":"Conference City","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Switzerland","order":4,"name":"conference_country","label":"Conference Country","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"2024","order":5,"name":"conference_year","label":"Conference Year","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"26 May 2024","order":7,"name":"conference_start_date","label":"Conference Start Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"30 May 2024","order":8,"name":"conference_end_date","label":"Conference End Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"43","order":9,"name":"conference_number","label":"Conference Number","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"eurocrypt2024","order":10,"name":"conference_id","label":"Conference ID","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"https:\/\/eurocrypt.iacr.org\/2024\/","order":11,"name":"conference_url","label":"Conference URL","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"This content has been made available to all.","name":"free","label":"Free to read"}]}}