{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,3,10]],"date-time":"2026-03-10T14:57:04Z","timestamp":1773154624541,"version":"3.50.1"},"publisher-location":"Cham","reference-count":35,"publisher":"Springer Nature Switzerland","isbn-type":[{"value":"9783032018540","type":"print"},{"value":"9783032018557","type":"electronic"}],"license":[{"start":{"date-parts":[[2025,1,1]],"date-time":"2025-01-01T00:00:00Z","timestamp":1735689600000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"},{"start":{"date-parts":[[2025,1,1]],"date-time":"2025-01-01T00:00:00Z","timestamp":1735689600000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2025]]},"DOI":"10.1007\/978-3-032-01855-7_15","type":"book-chapter","created":{"date-parts":[[2025,8,16]],"date-time":"2025-08-16T19:41:40Z","timestamp":1755373300000},"page":"444-476","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":3,"title":["Assessing the\u00a0Impact of\u00a0a\u00a0Variant of\u00a0MATZOV\u2019s Dual Attack on\u00a0Kyber"],"prefix":"10.1007","author":[{"given":"Kevin","family":"Carrier","sequence":"first","affiliation":[]},{"given":"Charles","family":"Meyer-Hilfiger","sequence":"additional","affiliation":[]},{"given":"Yixin","family":"Shen","sequence":"additional","affiliation":[]},{"given":"Jean-Pierre","family":"Tillich","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2025,8,17]]},"reference":[{"key":"15_CR1","doi-asserted-by":"crossref","unstructured":"Lattice Attacks on NTRU and LWE: A History of Refinements, pp. 15\u201340. London Mathematical Society Lecture Note Series, Cambridge University Press (2021)","DOI":"10.1017\/9781108854207.004"},{"key":"15_CR2","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"583","DOI":"10.1007\/978-3-030-64834-3_20","volume-title":"Advances in Cryptology \u2013 ASIACRYPT 2020","author":"MR Albrecht","year":"2020","unstructured":"Albrecht, M.R., Gheorghiu, V., Postlethwaite, E.W., Schanck, J.M.: Estimating quantum speedups for lattice sieves. In: Moriai, S., Wang, H. (eds.) ASIACRYPT 2020, Part II. LNCS, vol. 12492, pp. 583\u2013613. Springer, Cham (2020). https:\/\/doi.org\/10.1007\/978-3-030-64834-3_20"},{"key":"15_CR3","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"103","DOI":"10.1007\/978-3-319-56614-6_4","volume-title":"Advances in Cryptology \u2013 EUROCRYPT 2017","author":"MR Albrecht","year":"2017","unstructured":"Albrecht, M.R.: On dual lattice attacks against small-secret LWE and parameter choices in HElib and SEAL. In: Coron, J.-S., Nielsen, J.B. (eds.) EUROCRYPT 2017, Part II. LNCS, vol. 10211, pp. 103\u2013129. Springer, Cham (2017). https:\/\/doi.org\/10.1007\/978-3-319-56614-6_4"},{"key":"15_CR4","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"717","DOI":"10.1007\/978-3-030-17656-3_25","volume-title":"Advances in Cryptology \u2013 EUROCRYPT 2019","author":"MR Albrecht","year":"2019","unstructured":"Albrecht, M.R., Ducas, L., Herold, G., Kirshanova, E., Postlethwaite, E.W., Stevens, M.: The general sieve kernel and new records in lattice reduction. In: Ishai, Y., Rijmen, V. (eds.) EUROCRYPT 2019. LNCS, vol. 11477, pp. 717\u2013746. Springer, Cham (2019). https:\/\/doi.org\/10.1007\/978-3-030-17656-3_25"},{"key":"15_CR5","series-title":"LNCS","first-page":"429","volume-title":"PKC 2014","author":"MR Albrecht","year":"2014","unstructured":"Albrecht, M.R., Faug\u00e8re, J.C., Fitzpatrick, R., Perret, L.: modulus switching for the BKW algorithm on LWE. In: Krawczyk, H. (ed.) PKC 2014. LNCS, vol. 8383, pp. 429\u2013445. Springer, Heidelberg (Mar (2014)"},{"key":"15_CR6","unstructured":"Albrecht, M.R., Shen, Y.: Quantum augmented dual attack. Cryptology ePrint Archive, Paper 2022\/656 (2022). https:\/\/eprint.iacr.org\/2022\/656"},{"key":"15_CR7","unstructured":"Alkim, E., Ducas, L., P\u00f6ppelmann, T., Schwabe, P.: Post-quantum key exchange - a new hope. In: Holz, T., Savage, S. (eds.) USENIX Security 2016, pp. 327\u2013343. USENIX Association (2016)"},{"key":"15_CR8","doi-asserted-by":"publisher","unstructured":"Becker, A., Ducas, L., Gama, N., Laarhoven, T.: New directions in nearest neighbor searching with applications to lattice sieving. In: Krauthgamer, R. (ed.) Proceedings of the Twenty-Seventh Annual ACM-SIAM Symposium on Discrete Algorithms, SODA 2016, Arlington, VA, USA, 10\u201312 January 2016, pp. 10\u201324. SIAM (2016).https:\/\/doi.org\/10.1137\/1.9781611974331.ch2","DOI":"10.1137\/1.9781611974331.ch2"},{"key":"15_CR9","doi-asserted-by":"publisher","unstructured":"Brakerski, Z., Vaikuntanathan, V.: Efficient fully homomorphic encryption from (standard) LWE. In: Ostrovsky, R. (ed.) IEEE 52nd Annual Symposium on Foundations of Computer Science, FOCS 2011, Palm Springs, CA, USA, 22\u201325 October 2011, pp. 97\u2013106. IEEE Computer Society (2011). https:\/\/doi.org\/10.1109\/FOCS.2011.12","DOI":"10.1109\/FOCS.2011.12"},{"key":"15_CR10","doi-asserted-by":"crossref","unstructured":"Carrier, K., Debris-Alazard, T., Meyer-Hilfiger, C., Tillich, J.: Statistical decoding 2.0: reducing decoding to LPN. In: Advances in Cryptology - ASIACRYPT\u00a02022. LNCS, Springer, Cham (2022). https:\/\/eprint.iacr.org\/2022\/1000","DOI":"10.1007\/978-3-031-22972-5_17"},{"key":"15_CR11","series-title":"LNCS","doi-asserted-by":"publisher","first-page":"286","DOI":"10.1007\/978-3-031-58754-2_11","volume-title":"EUROCRYPT 2024, Part VI","author":"K Carrier","year":"2024","unstructured":"Carrier, K., Debris-Alazard, T., Meyer-Hilfiger, C., Tillich, J.P.: Reduction from sparse LPN to LPN, dual attack 3.0. In: Joye, M., Leander, G. (eds.) EUROCRYPT 2024, Part VI. LNCS, vol. 14656, pp. 286\u2013315. Springer, Cham (2024). https:\/\/doi.org\/10.1007\/978-3-031-58754-2_11"},{"key":"15_CR12","unstructured":"Carrier, K., Meyer-Hilfiger, C., Shen, Y., Tillich, J.P.: Assessing the impact of a variant of MATZOV\u2019s attack. Cryptology ePrint Archive, Paper 2022\/1750 (2025). https:\/\/eprint.iacr.org\/2022\/1750"},{"key":"15_CR13","unstructured":"Chen, Y.: R\u00e9duction de r\u00e9seau et s\u00e9curit\u00e9 concr\u00e8te du chiffrement compl\u00e8tement homomorphe (2013). https:\/\/api.semanticscholar.org\/CorpusID:170791320"},{"key":"15_CR14","doi-asserted-by":"publisher","unstructured":"Conway, J.H., Sloane, N.J.A.: Sphere Packings, Lattices and Groups, Grundlehren der mathematischen Wissenschaften, vol.\u00a0290. Springer, Cham (1988). https:\/\/doi.org\/10.1007\/978-1-4757-2016-7","DOI":"10.1007\/978-1-4757-2016-7"},{"key":"15_CR15","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"125","DOI":"10.1007\/978-3-319-78381-9_5","volume-title":"Advances in Cryptology \u2013 EUROCRYPT 2018","author":"L Ducas","year":"2018","unstructured":"Ducas, L.: Shortest vector from lattice sieving: a few dimensions for free. In: Nielsen, J.B., Rijmen, V. (eds.) EUROCRYPT 2018. LNCS, vol. 10820, pp. 125\u2013145. Springer, Cham (2018). https:\/\/doi.org\/10.1007\/978-3-319-78381-9_5"},{"key":"15_CR16","series-title":"LNCS","doi-asserted-by":"publisher","first-page":"480","DOI":"10.1007\/978-3-031-17234-2_22","volume-title":"PQCrypto 2022","author":"L Ducas","year":"2022","unstructured":"Ducas, L.: Estimating the hidden overheads in the BDGL lattice sieving algorithm. In: Cheon, J.H., Johansson, T. (eds.) PQCrypto 2022. LNCS, vol. 13512, pp. 480\u2013497. Springer, Heidelberg (2022). https:\/\/doi.org\/10.1007\/978-3-031-17234-2_22"},{"key":"15_CR17","unstructured":"Ducas, L., Pulles, L.N.: Accurate score prediction for dual attacks. preprint (2023, preprint)"},{"key":"15_CR18","series-title":"LNCS","doi-asserted-by":"publisher","first-page":"37","DOI":"10.1007\/978-3-031-38548-3_2","volume-title":"CRYPTO 2023","author":"L Ducas","year":"2023","unstructured":"Ducas, L., Pulles, L.N.: Does the dual-sieve attack on learning with errors even work? In: Handschuh, H., Lysyanskaya, A. (eds.) CRYPTO 2023. LNCS, vol. 14083, pp. 37\u201369. Springer, Cham (2023). https:\/\/doi.org\/10.1007\/978-3-031-38548-3_2"},{"key":"15_CR19","unstructured":"Dudgeon, D.E., Mersereau, R.M.: Multidimensional Digital Signal Processing. Prentice Hall Professional Technical Reference (1990)"},{"key":"15_CR20","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"440","DOI":"10.1007\/978-3-030-65277-7_20","volume-title":"Progress in Cryptology \u2013 INDOCRYPT 2020","author":"T Espitau","year":"2020","unstructured":"Espitau, T., Joux, A., Kharchenko, N.: On a dual\/hybrid approach to small secret LWE. In: Bhargavan, K., Oswald, E., Prabhakaran, M. (eds.) INDOCRYPT 2020. LNCS, vol. 12578, pp. 440\u2013462. Springer, Cham (2020). https:\/\/doi.org\/10.1007\/978-3-030-65277-7_20"},{"key":"15_CR21","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"33","DOI":"10.1007\/978-3-030-92068-5_2","volume-title":"Advances in Cryptology \u2013 ASIACRYPT 2021","author":"Q Guo","year":"2021","unstructured":"Guo, Q., Johansson, T.: Faster dual lattice attacks for\u00a0solving LWE with\u00a0applications to\u00a0CRYSTALS. In: Tibouchi, M., Wang, H. (eds.) ASIACRYPT 2021. LNCS, vol. 13093, pp. 33\u201362. Springer, Cham (2021). https:\/\/doi.org\/10.1007\/978-3-030-92068-5_2"},{"key":"15_CR22","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"23","DOI":"10.1007\/978-3-662-47989-6_2","volume-title":"Advances in Cryptology \u2013 CRYPTO 2015","author":"Q Guo","year":"2015","unstructured":"Guo, Q., Johansson, T., Stankovski, P.: Coded-BKW: solving LWE using lattice codes. In: Gennaro, R., Robshaw, M. (eds.) CRYPTO 2015. LNCS, vol. 9215, pp. 23\u201342. Springer, Heidelberg (2015). https:\/\/doi.org\/10.1007\/978-3-662-47989-6_2"},{"key":"15_CR23","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1007\/3-540-45325-3_1","volume-title":"Cryptography and Coding","author":"AA Jabri","year":"2001","unstructured":"Jabri, A.A.: A statistical decoding algorithm for general linear block codes. In: Honary, B. (ed.) Cryptography and Coding 2001. LNCS, vol. 2260, pp. 1\u20138. Springer, Heidelberg (2001). https:\/\/doi.org\/10.1007\/3-540-45325-3_1"},{"key":"15_CR24","doi-asserted-by":"publisher","unstructured":"Jaques, S.: Memory adds no cost to lattice sieving for computers in 3 or more spatial dimensions. IACR Commun. Cryptol. (2024). https:\/\/doi.org\/10.62056\/ay4fbn2hd","DOI":"10.62056\/ay4fbn2hd"},{"issue":"4","key":"15_CR25","doi-asserted-by":"publisher","first-page":"1751","DOI":"10.1109\/TIT.2010.2040961","volume":"56","author":"SB Korada","year":"2010","unstructured":"Korada, S.B., Urbanke, R.: Polar codes are optimal for lossy source coding. IEEE Trans. Inform. Theory 56(4), 1751\u20131768 (2010)","journal-title":"IEEE Trans. Inform. Theory"},{"key":"15_CR26","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1007\/978-3-642-13190-5_1","volume-title":"Advances in Cryptology \u2013 EUROCRYPT 2010","author":"V Lyubashevsky","year":"2010","unstructured":"Lyubashevsky, V., Peikert, C., Regev, O.: On ideal lattices and learning with errors over rings. In: Gilbert, H. (ed.) EUROCRYPT 2010. LNCS, vol. 6110, pp. 1\u201323. Springer, Heidelberg (2010). https:\/\/doi.org\/10.1007\/978-3-642-13190-5_1"},{"key":"15_CR27","doi-asserted-by":"publisher","unstructured":"MATZOV: Report on the Security of LWE: Improved Dual Lattice Attack (2022). https:\/\/doi.org\/10.5281\/zenodo.6412487","DOI":"10.5281\/zenodo.6412487"},{"key":"15_CR28","unstructured":"Matzov, Apon, D., Bernstein, D.J., Mitchell, C., Ducas, L., Albrecht, M., Peikert, C.: Improved Dual Lattice Attack (2022). https:\/\/groups.google.com\/a\/list.nist.gov\/g\/pqc-forum\/c\/Fm4cDfsx65s"},{"key":"15_CR29","doi-asserted-by":"crossref","unstructured":"Meyer-Hilfiger, C., Tillich, J.P.: Rigorous foundations for dual attacks in coding theory. In: Theory of Cryptography Conference, TCC 2023. LNCS, vol. 14372, pp. 3\u201332. Springer, Cham (2023). https:\/\/eprint.iacr.org\/2023\/1460","DOI":"10.1007\/978-3-031-48624-1_1"},{"key":"15_CR30","doi-asserted-by":"crossref","unstructured":"Micciancio, D., Regev, O.: Lattice-based cryptography. In: Post-quantum Cryptography, pp. 147\u2013191. Springer, Cham (2009)","DOI":"10.1007\/978-3-540-88702-7_5"},{"key":"15_CR31","doi-asserted-by":"publisher","unstructured":"Pouly, A., Shen, Y.: Provable dual attacks on learning with errors. In: Joye, M., Leander, G. (eds.) EUROCRYPT 2024, Part VI. LNCS, vol. 14656, pp. 256\u2013285. Springer, Cham (2024). https:\/\/doi.org\/10.1007\/978-3-031-58754-2_10","DOI":"10.1007\/978-3-031-58754-2_10"},{"key":"15_CR32","doi-asserted-by":"publisher","unstructured":"Regev, O.: On lattices, learning with errors, random linear codes, and cryptography. In: Proceedings of the 37th Annual ACM Symposium on Theory of Computing, Baltimore, MD, USA, 22\u201324 May 2005, pp. 84\u201393 (2005). https:\/\/doi.org\/10.1145\/1060590.1060603","DOI":"10.1145\/1060590.1060603"},{"key":"15_CR33","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"145","DOI":"10.1007\/3-540-36494-3_14","volume-title":"STACS 2003","author":"CP Schnorr","year":"2003","unstructured":"Schnorr, C.P.: Lattice reduction by random sampling and birthday methods. In: Alt, H., Habib, M. (eds.) STACS 2003. LNCS, vol. 2607, pp. 145\u2013156. Springer, Heidelberg (2003). https:\/\/doi.org\/10.1007\/3-540-36494-3_14"},{"key":"15_CR34","unstructured":"Schwabe, P., et al.: CRYSTALS-KYBER. Technical report, National Institute of Standards and Technology (2020). https:\/\/csrc.nist.gov\/projects\/post-quantum-cryptography\/round-3-submissions"},{"key":"15_CR35","doi-asserted-by":"publisher","unstructured":"Zamir, R., Feder, M.: On lattice quantization noise. IEEE Trans. Inform. Theory 42(4), 1152\u20131159 (1996). https:\/\/doi.org\/10.1109\/18.508838","DOI":"10.1109\/18.508838"}],"container-title":["Lecture Notes in Computer Science","Advances in Cryptology \u2013 CRYPTO 2025"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-032-01855-7_15","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2026,1,27]],"date-time":"2026-01-27T13:29:11Z","timestamp":1769520551000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/978-3-032-01855-7_15"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2025]]},"ISBN":["9783032018540","9783032018557"],"references-count":35,"URL":"https:\/\/doi.org\/10.1007\/978-3-032-01855-7_15","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"value":"0302-9743","type":"print"},{"value":"1611-3349","type":"electronic"}],"subject":[],"published":{"date-parts":[[2025]]},"assertion":[{"value":"17 August 2025","order":1,"name":"first_online","label":"First Online","group":{"name":"ChapterHistory","label":"Chapter History"}},{"value":"CRYPTO","order":1,"name":"conference_acronym","label":"Conference Acronym","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Annual International Cryptology Conference","order":2,"name":"conference_name","label":"Conference Name","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Santa Barbara, CA","order":3,"name":"conference_city","label":"Conference City","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"USA","order":4,"name":"conference_country","label":"Conference Country","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"2025","order":5,"name":"conference_year","label":"Conference Year","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"17 August 2025","order":7,"name":"conference_start_date","label":"Conference Start Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"21 August 2025","order":8,"name":"conference_end_date","label":"Conference End Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"45","order":9,"name":"conference_number","label":"Conference Number","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"crypto2025","order":10,"name":"conference_id","label":"Conference ID","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"https:\/\/crypto.iacr.org\/2025\/","order":11,"name":"conference_url","label":"Conference URL","group":{"name":"ConferenceInfo","label":"Conference Information"}}]}}