{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,4,9]],"date-time":"2025-04-09T13:40:08Z","timestamp":1744206008307,"version":"3.40.3"},"publisher-location":"Cham","reference-count":61,"publisher":"Springer Nature Switzerland","isbn-type":[{"value":"9783031875403","type":"print"},{"value":"9783031875410","type":"electronic"}],"license":[{"start":{"date-parts":[[2025,1,1]],"date-time":"2025-01-01T00:00:00Z","timestamp":1735689600000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"},{"start":{"date-parts":[[2025,1,1]],"date-time":"2025-01-01T00:00:00Z","timestamp":1735689600000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2025]]},"DOI":"10.1007\/978-3-031-87541-0_7","type":"book-chapter","created":{"date-parts":[[2025,4,9]],"date-time":"2025-04-09T12:59:36Z","timestamp":1744203576000},"page":"147-174","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":0,"title":["$$\\text {Scloud}^+$$: An Efficient LWE-Based KEM Without Ring\/Module Structure"],"prefix":"10.1007","author":[{"given":"Anyu","family":"Wang","sequence":"first","affiliation":[]},{"given":"Zhongxiang","family":"Zheng","sequence":"additional","affiliation":[]},{"given":"Chunhuan","family":"Zhao","sequence":"additional","affiliation":[]},{"given":"Zhiyuan","family":"Qiu","sequence":"additional","affiliation":[]},{"given":"Guang","family":"Zeng","sequence":"additional","affiliation":[]},{"given":"Ye","family":"Yuan","sequence":"additional","affiliation":[]},{"given":"Changchun","family":"Mu","sequence":"additional","affiliation":[]},{"given":"Xiaoyun","family":"Wang","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2025,4,10]]},"reference":[{"key":"7_CR1","doi-asserted-by":"crossref","unstructured":"Shor, P.W.: Algorithms for quantum computation: discrete logarithms and factoring, pp. 124\u2013134 (1994)","DOI":"10.1109\/SFCS.1994.365700"},{"key":"7_CR2","doi-asserted-by":"crossref","unstructured":"Regev, O.: On lattices, learning with errors, random linear codes, and cryptography, pp. 84\u201393 (2005)","DOI":"10.1145\/1060590.1060603"},{"key":"7_CR3","unstructured":"Naehrig, M., et al.: FrodoKEM, Technical report, National Institute of Standards and Technology (2020)"},{"key":"7_CR4","doi-asserted-by":"crossref","unstructured":"Lyubashevsky, V., Peikert, C., Regev, O.: On ideal lattices and learning with errors over rings, pp. 1\u201323 (2010)","DOI":"10.1007\/978-3-642-13190-5_1"},{"key":"7_CR5","doi-asserted-by":"crossref","unstructured":"Peikert, C., Regev, O., Stephens-Davidowitz, N.: Pseudorandomness of ring-LWE for any ring and modulus, pp. 461\u2013473 (2017)","DOI":"10.1145\/3055399.3055489"},{"issue":"3","key":"7_CR6","doi-asserted-by":"publisher","first-page":"565","DOI":"10.1007\/s10623-014-9938-4","volume":"75","author":"A Langlois","year":"2015","unstructured":"Langlois, A., Stehl\u00e9, D.: Worst-case to average-case reductions for module lattices. Des. Codes Cryptogr. 75(3), 565\u2013599 (2015)","journal-title":"Des. Codes Cryptogr."},{"key":"7_CR7","unstructured":"Schwabe, P., et al.: CRYSTALS-KYBER, Technical report, National Institute of Standards and Technology (2022)"},{"key":"7_CR8","unstructured":"D\u2019Anvers, J.-P., et al.: SABER, Technical report, National Institute of Standards and Technology (2020)"},{"key":"7_CR9","unstructured":"Xianhui, L., et al.: LAC, Technical report, National Institute of Standards and Technology (2019)"},{"key":"7_CR10","doi-asserted-by":"crossref","unstructured":"Zhang, J., Yu, Y., Fan, S., Zhang, Z., Yang, K.: Tweaking the asymmetry of asymmetric-key cryptography on lattices: KEMs and signatures of smaller sizes, pp. 37\u201365 (2020)","DOI":"10.1007\/978-3-030-45388-6_2"},{"key":"7_CR11","doi-asserted-by":"crossref","unstructured":"Cramer, R., Ducas, L., Peikert, C. and Regev, O.: Recovering short generators of principal ideals in cyclotomic rings, pp. 559\u2013585 (2016)","DOI":"10.1007\/978-3-662-49896-5_20"},{"key":"7_CR12","doi-asserted-by":"publisher","first-page":"201","DOI":"10.1016\/0304-3975(87)90064-8","volume":"53","author":"C-P Schnorr","year":"1987","unstructured":"Schnorr, C.-P.: A hierarchy of polynomial time lattice basis reduction algorithms. Theor. Comput. Sci. 53, 201\u2013224 (1987)","journal-title":"Theor. Comput. Sci."},{"key":"7_CR13","doi-asserted-by":"crossref","unstructured":"Cramer, R., Ducas, L., Wesolowski, B.: Short stickelberger class relations and application to ideal-SVP, pp. 324\u2013348 (2017)","DOI":"10.1007\/978-3-319-56620-7_12"},{"key":"7_CR14","doi-asserted-by":"crossref","unstructured":"Ducas, L., Plan\u00e7on, M., Wesolowski, B.: On the shortness of vectors to be found by the ideal-SVP quantum algorithm, pp. 322\u2013351 (2019)","DOI":"10.1007\/978-3-030-26948-7_12"},{"key":"7_CR15","doi-asserted-by":"crossref","unstructured":"Cramer, R., Ducas, L., Wesolowski, B.: Mildly short vectors in cyclotomic ideal lattices in quantum polynomial time. J. ACM 68(2), 8:1\u20138:26 (2021)","DOI":"10.1145\/3431725"},{"key":"7_CR16","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"559","DOI":"10.1007\/978-3-030-77870-5_20","volume-title":"Advances in Cryptology \u2013 EUROCRYPT 2021","author":"Y Pan","year":"2021","unstructured":"Pan, Y., Xu, J., Wadleigh, N., Cheng, Q.: On the ideal shortest vector problem over random rational primes. In: Canteaut, A., Standaert, F.-X. (eds.) EUROCRYPT 2021. LNCS, vol. 12696, pp. 559\u2013583. Springer, Cham (2021). https:\/\/doi.org\/10.1007\/978-3-030-77870-5_20"},{"key":"7_CR17","doi-asserted-by":"crossref","unstructured":"Pellet-Mary, A., Hanrot, G., Stehl\u00e9, D.: Approx-SVP in ideal lattices with pre-processing, pp. 685\u2013716 (2019)","DOI":"10.1007\/978-3-030-17656-3_24"},{"key":"7_CR18","doi-asserted-by":"crossref","unstructured":"Bernard, O., Roux-Langlois, A.: Twisted-PHS: using the product formula to solve Approx-SVP in ideal lattices, pp. 349\u2013380 (2020)","DOI":"10.1007\/978-3-030-64834-3_12"},{"key":"7_CR19","unstructured":"ANSSI (2022). https:\/\/cyber.gouv.fr\/en\/publications\/anssi-views-post-quantum-cryptography-transition"},{"key":"7_CR20","unstructured":"BSI\u2013Technical Guideline. Cryptographic Mechanisms: Recommendations and Key Lengths (2024)"},{"key":"7_CR21","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"595","DOI":"10.1007\/978-3-642-03356-8_35","volume-title":"Advances in Cryptology - CRYPTO 2009","author":"B Applebaum","year":"2009","unstructured":"Applebaum, B., Cash, D., Peikert, C., Sahai, A.: Fast cryptographic primitives and circular-secure encryption based on hard learning problems. In: Halevi, S. (ed.) CRYPTO 2009. LNCS, vol. 5677, pp. 595\u2013618. Springer, Heidelberg (2009). https:\/\/doi.org\/10.1007\/978-3-642-03356-8_35"},{"key":"7_CR22","doi-asserted-by":"crossref","unstructured":"Brakerski, Z., Gentry, C., Vaikuntanathan, V.: (Leveled) fully homomorphic encryption without bootstrapping, pp. 309\u2013325 (2012)","DOI":"10.1145\/2090236.2090262"},{"key":"7_CR23","unstructured":"Fan, J., Vercauteren, F.: Somewhat practical fully homomorphic encryption. Cryptology ePrint Archive Report 2012\/144 (2012)"},{"key":"7_CR24","doi-asserted-by":"crossref","unstructured":"Cheon, J.H., Kim, A., Kim, M., Song, Y.: Homomorphic encryption for arithmetic of approximate numbers, pp. 409\u2013437 (2017)","DOI":"10.1007\/978-3-319-70694-8_15"},{"key":"7_CR25","unstructured":"Zheng, Z., et\u00a0al.: SCloud: public key encryption and key encapsulation mechanism based on learning with errors. Cryptology ePrint Archive, Report 2020\/095 (2020)"},{"key":"7_CR26","doi-asserted-by":"crossref","unstructured":"Fritzmann, T., P\u00f6ppelmann, T., Sep\u00falveda, J.: Analysis of error-correcting codes for lattice-based key exchange, pp. 369\u2013390 (2019)","DOI":"10.1007\/978-3-030-10970-7_17"},{"key":"7_CR27","doi-asserted-by":"crossref","unstructured":"Saarinen, M.J.O.: HILA5: on reliability, reconciliation, and error correction for ring-LWE encryption, pp. 192\u2013212 (2017)","DOI":"10.1007\/978-3-319-72565-9_10"},{"key":"7_CR28","unstructured":"Zhao, Y., Jin, Z., Gong, B., Sui, G.: KCL (pka OKCN\/AKCN\/CNKE), Technical report, National Institute of Standards and Technology (2017)"},{"key":"7_CR29","unstructured":"Hamburg, M.: Three Bears, Technical report, National Institute of Standards and Technology (2017)"},{"key":"7_CR30","unstructured":"Alkim, E., Ducas, L., P\u00f6ppelmann, T., Schwabe, P.: Post-quantum key $$\\{$$Exchange\u2013A$$\\}$$ new hope. In: 25th USENIX Security Symposium (USENIX Security 16), pp. 327\u2013343 (2016)"},{"key":"7_CR31","unstructured":"Jin, Z., Zhao, Y.: AKCN-E8: compact and flexible KEM from ideal lattice. Cryptology ePrint Archive, Report 2020\/056 (2020)"},{"key":"7_CR32","unstructured":"Saliba, C., Luzzi, L., Ling, C.: Error correction for Frodokem using the Gosset lattice. arXiv preprint arXiv:2110.01740 (2021)"},{"key":"7_CR33","unstructured":"van Poppelen, A.: Cryptographic decoding of the leech lattice. Cryptology ePrint Archive, Report 2016\/1050 (2016). https:\/\/eprint.iacr.org\/2016\/1050"},{"key":"7_CR34","unstructured":"Lyu, S., Liu, L., Lai, J., Ling, C., Chen, H.: Lattice codes for lattice-based PKE. Cryptology ePrint Archive, Report 2022\/874 (2022)"},{"key":"7_CR35","doi-asserted-by":"crossref","unstructured":"Micciancio, D., Nicolosi, A.: Efficient bounded distance decoders for Barnes-wall lattices. In: ISIT 2008, Toronto, ON, Canada, July 6-11, 2008, pp. 2484\u20132488. IEEE (2008)","DOI":"10.1109\/ISIT.2008.4595438"},{"issue":"5","key":"7_CR36","doi-asserted-by":"publisher","first-page":"1152","DOI":"10.1109\/18.21246","volume":"34","author":"GD Forney Jr","year":"1988","unstructured":"Forney, G.D., Jr.: Coset codes-ii: binary lattices and related codes. IEEE Trans. Inf. Theory 34(5), 1152\u20131187 (1988)","journal-title":"IEEE Trans. Inf. Theory"},{"key":"7_CR37","doi-asserted-by":"crossref","unstructured":"Ran, M., Snyders, J.: Efficient decoding of the Gosset, Coxeter-Todd and the Barnes-wall lattices. In: Proceedings of the 1998 IEEE International Symposium on Information Theory (Cat. No. 98CH36252), p. 92. IEEE (1998)","DOI":"10.1109\/ISIT.1998.708678"},{"key":"7_CR38","doi-asserted-by":"crossref","unstructured":"Wang, C., Shen, B., Tzeng, K.K.: Generalised minimum distance decoding of Reed-Muller codes and Barnes-wall lattices. In: Proceedings of 1995 IEEE International Symposium on Information Theory, p. 186. IEEE (1995)","DOI":"10.1109\/ISIT.1995.531535"},{"key":"7_CR39","doi-asserted-by":"crossref","unstructured":"Corlay, V., Boutros, J.J., Ciblat, P., Brunel, L.: On the decoding of Barnes-Wall lattices. In: 2020 IEEE International Symposium on Information Theory (ISIT), pp. 519\u2013524. IEEE (2020)","DOI":"10.1109\/ISIT44484.2020.9173976"},{"key":"7_CR40","unstructured":"Corlay, V.: Decoding algorithms for Lattices. (Algorithmes de d\u00e9codage pour les r\u00e9seaux de points), PhD thesis, Polytechnic Institute of Paris, France (2020)"},{"key":"7_CR41","doi-asserted-by":"crossref","unstructured":"Grigorescu, E., Peikert, C.: List decoding Barnes-Wall lattices. In: 2012 IEEE 27th Conference on Computational Complexity, pp. 316\u2013325. IEEE (2012)","DOI":"10.1109\/CCC.2012.33"},{"issue":"6","key":"7_CR42","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1145\/1568318.1568324","volume":"56","author":"O Regev","year":"2009","unstructured":"Regev, O.: On lattices, learning with errors, random linear codes, and cryptography. JACM 56(6), 1\u201340 (2009)","journal-title":"JACM"},{"key":"7_CR43","doi-asserted-by":"crossref","unstructured":"Bai, S., Lepoint, T., Roux-Langlois, A., Sakzad, A., Stehl\u00e9, D., Steinfeld, R.: Improved security proofs in lattice-based cryptography: using the R\u00e9nyi divergence rather than the statistical distance, pp. 3\u201324 (2015)","DOI":"10.1007\/978-3-662-48797-6_1"},{"key":"7_CR44","doi-asserted-by":"crossref","unstructured":"Bos, J.W., et al.: Frodo: take off the ring! Practical, quantum-secure key exchange from LWE, pp. 1006\u20131018 (2016)","DOI":"10.1145\/2976749.2978425"},{"key":"7_CR45","doi-asserted-by":"crossref","unstructured":"Hofheinz, D., H\u00f6velmanns, K., Kiltz, E.: A modular analysis of the Fujisaki-Okamoto transformation, pp. 341\u2013371 (2017)","DOI":"10.1007\/978-3-319-70500-2_12"},{"key":"7_CR46","unstructured":"Zheng, Z., Wang, A., Fan, H., Zhao, C., Liu, C., Zhang, X.: Scloud: public key encryption and key encapsulation mechanism based on learning with errors. IACR Cryptology ePrint Archive, p. 95 (2020)"},{"key":"7_CR47","doi-asserted-by":"crossref","unstructured":"Jiang, H., Zhang, Z., Chen, L., Wang, H., Ma, Z.: IND-CCA-secure key encapsulation mechanism in the quantum random oracle model, pp. 96\u2013125 (2018)","DOI":"10.1007\/978-3-319-96878-0_4"},{"key":"7_CR48","doi-asserted-by":"crossref","unstructured":"Jiang, H., Zhang, Z., Ma, Z.: Tighter security proofs for generic key encapsulation mechanism in the quantum random oracle model, pp. 227\u2013248 (2019)","DOI":"10.1007\/978-3-030-25510-7_13"},{"key":"7_CR49","doi-asserted-by":"crossref","unstructured":"Chen, Y., Nguyen, P.Q.: BKZ 2.0: better lattice security estimates, pp. 1\u201320 (2011)","DOI":"10.1007\/978-3-642-25385-0_1"},{"key":"7_CR50","doi-asserted-by":"crossref","unstructured":"Becker, A., Ducas, L., Gama, N., Laarhoven, T.: New directions in nearest neighbor searching with applications to lattice sieving, pp. 10\u201324 (2016)","DOI":"10.1137\/1.9781611974331.ch2"},{"key":"7_CR51","unstructured":"Laarhoven, T.: Search problems in cryptography: from fingerprinting to lattice sieving (2016)"},{"key":"7_CR52","doi-asserted-by":"crossref","unstructured":"Chailloux, A., Loyer, J.: Lattice sieving via quantum random walks, pp. 63\u201391 (2021)","DOI":"10.1007\/978-3-030-92068-5_3"},{"key":"7_CR53","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"103","DOI":"10.1007\/978-3-319-56614-6_4","volume-title":"Advances in Cryptology \u2013 EUROCRYPT 2017","author":"MR Albrecht","year":"2017","unstructured":"Albrecht, M.R.: On dual lattice attacks against small-secret LWE and parameter choices in HElib and SEAL. In: Coron, J.-S., Nielsen, J.B. (eds.) EUROCRYPT 2017. LNCS, vol. 10211, pp. 103\u2013129. Springer, Cham (2017). https:\/\/doi.org\/10.1007\/978-3-319-56614-6_4"},{"key":"7_CR54","doi-asserted-by":"crossref","unstructured":"Guo, Q., Johansson, T.: Faster dual lattice attacks for solving LWE with applications to CRYSTALS, pp. 33\u201362 (2021)","DOI":"10.1007\/978-3-030-92068-5_2"},{"key":"7_CR55","unstructured":"MATZOV: Report on the security of LWE: improved dual lattice attack (2022)"},{"key":"7_CR56","doi-asserted-by":"crossref","unstructured":"Ducas, L., Pulles, L.N.: Does the dual-sieve attack on learning with errors even work? In: Annual International Cryptology Conference, pp. 37\u201369. Springer (2023)","DOI":"10.1007\/978-3-031-38548-3_2"},{"issue":"1","key":"7_CR57","doi-asserted-by":"publisher","first-page":"15","DOI":"10.1186\/s42400-022-00115-y","volume":"5","author":"L Bi","year":"2022","unstructured":"Bi, L., Xianhui, L., Luo, J., Wang, K., Zhang, Z.: Hybrid dual attack on LWE with arbitrary secrets. Cybersecurity 5(1), 15 (2022)","journal-title":"Cybersecurity"},{"key":"7_CR58","doi-asserted-by":"publisher","first-page":"89497","DOI":"10.1109\/ACCESS.2019.2925425","volume":"7","author":"JH Cheon","year":"2019","unstructured":"Cheon, J.H., Hhan, M., Hong, S., Son, Y.: A hybrid of dual and meet-in-the-middle attack on sparse and ternary secret LWE. IEEE Access 7, 89497\u201389506 (2019)","journal-title":"IEEE Access"},{"key":"7_CR59","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"701","DOI":"10.1007\/978-3-030-84245-1_24","volume-title":"Advances in Cryptology \u2013 CRYPTO 2021","author":"A May","year":"2021","unstructured":"May, A.: How to meet Ternary LWE keys. In: Malkin, T., Peikert, C. (eds.) CRYPTO 2021. LNCS, vol. 12826, pp. 701\u2013731. Springer, Cham (2021). https:\/\/doi.org\/10.1007\/978-3-030-84245-1_24"},{"key":"7_CR60","doi-asserted-by":"crossref","unstructured":"Bi, L., Lu, X., Luo, J., Wang, K.: Hybrid dual and meet-LWE attack. In: Australasian Conference on Information Security and Privacy, pp. 168\u2013188. Springer (2022)","DOI":"10.1007\/978-3-031-22301-3_9"},{"key":"7_CR61","unstructured":"Optimized\u00a0Implementation of\u00a0FrodoKEM (2023). https:\/\/github.com\/microsoft\/pqcrypto-lweke"}],"container-title":["Lecture Notes in Computer Science","Security Standardisation Research"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-031-87541-0_7","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,4,9]],"date-time":"2025-04-09T13:00:48Z","timestamp":1744203648000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/978-3-031-87541-0_7"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2025]]},"ISBN":["9783031875403","9783031875410"],"references-count":61,"URL":"https:\/\/doi.org\/10.1007\/978-3-031-87541-0_7","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"value":"0302-9743","type":"print"},{"value":"1611-3349","type":"electronic"}],"subject":[],"published":{"date-parts":[[2025]]},"assertion":[{"value":"10 April 2025","order":1,"name":"first_online","label":"First Online","group":{"name":"ChapterHistory","label":"Chapter History"}},{"value":"SSR","order":1,"name":"conference_acronym","label":"Conference Acronym","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"International Conference on Research in Security Standardisation","order":2,"name":"conference_name","label":"Conference Name","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Kunming","order":3,"name":"conference_city","label":"Conference City","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"China","order":4,"name":"conference_country","label":"Conference Country","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"2024","order":5,"name":"conference_year","label":"Conference Year","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"16 December 2024","order":7,"name":"conference_start_date","label":"Conference Start Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"16 December 2024","order":8,"name":"conference_end_date","label":"Conference End Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"9","order":9,"name":"conference_number","label":"Conference Number","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"ssr2024","order":10,"name":"conference_id","label":"Conference ID","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"https:\/\/ssresearch24.github.io\/index.html","order":11,"name":"conference_url","label":"Conference URL","group":{"name":"ConferenceInfo","label":"Conference Information"}}]}}