{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,1,9]],"date-time":"2026-01-09T19:30:39Z","timestamp":1767987039296,"version":"3.49.0"},"publisher-location":"Cham","reference-count":70,"publisher":"Springer Nature Switzerland","isbn-type":[{"value":"9783032019004","type":"print"},{"value":"9783032019011","type":"electronic"}],"license":[{"start":{"date-parts":[[2025,1,1]],"date-time":"2025-01-01T00:00:00Z","timestamp":1735689600000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"},{"start":{"date-parts":[[2025,1,1]],"date-time":"2025-01-01T00:00:00Z","timestamp":1735689600000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2025]]},"DOI":"10.1007\/978-3-032-01901-1_17","type":"book-chapter","created":{"date-parts":[[2025,8,16]],"date-time":"2025-08-16T08:45:00Z","timestamp":1755333900000},"page":"530-565","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":2,"title":["Transistor: a\u00a0TFHE-Friendly Stream Cipher"],"prefix":"10.1007","author":[{"given":"Jules","family":"Baudrin","sequence":"first","affiliation":[]},{"given":"Sonia","family":"Bela\u00efd","sequence":"additional","affiliation":[]},{"given":"Nicolas","family":"Bon","sequence":"additional","affiliation":[]},{"given":"Christina","family":"Boura","sequence":"additional","affiliation":[]},{"given":"Anne","family":"Canteaut","sequence":"additional","affiliation":[]},{"given":"Ga\u00ebtan","family":"Leurent","sequence":"additional","affiliation":[]},{"given":"Pascal","family":"Paillier","sequence":"additional","affiliation":[]},{"given":"L\u00e9o","family":"Perrin","sequence":"additional","affiliation":[]},{"given":"Matthieu","family":"Rivain","sequence":"additional","affiliation":[]},{"given":"Yann","family":"Rotella","sequence":"additional","affiliation":[]},{"given":"Samuel","family":"Tap","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2025,8,17]]},"reference":[{"issue":"3","key":"17_CR1","doi-asserted-by":"publisher","first-page":"169","DOI":"10.1515\/jmc-2015-0016","volume":"9","author":"MR Albrecht","year":"2015","unstructured":"Albrecht, M.R., Player, R., Scott, S.: On the concrete hardness of learning with errors. J. Math. Cryptol. 9(3), 169\u2013203 (2015). https:\/\/doi.org\/10.1515\/jmc-2015-0016","journal-title":"J. Math. Cryptol."},{"key":"17_CR2","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"430","DOI":"10.1007\/978-3-662-46800-5_17","volume-title":"Advances in Cryptology \u2013 EUROCRYPT 2015","author":"MR Albrecht","year":"2015","unstructured":"Albrecht, M.R., Rechberger, C., Schneider, T., Tiessen, T., Zohner, M.: Ciphers for MPC and FHE. In: Oswald, E., Fischlin, M. (eds.) EUROCRYPT 2015. LNCS, vol. 9056, pp. 430\u2013454. Springer, Heidelberg (2015). https:\/\/doi.org\/10.1007\/978-3-662-46800-5_17"},{"key":"17_CR3","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"137","DOI":"10.1007\/3-540-60590-8_11","volume-title":"Fast Software Encryption","author":"R Anderson","year":"1995","unstructured":"Anderson, R.: Searching for the optimum correlation attack. In: Preneel, B. (ed.) FSE 1994. LNCS, vol. 1008, pp. 137\u2013143. Springer, Heidelberg (1995). https:\/\/doi.org\/10.1007\/3-540-60590-8_11"},{"key":"17_CR4","unstructured":"Aranha, D.F., Guimar\u00e3es, A., Hoffmann, C., M\u00e9aux, P.: Secure and efficient transciphering for FHE-based MPC. Cryptology ePrint Archive, Paper 2024\/1702 (2024). https:\/\/eprint.iacr.org\/2024\/1702"},{"key":"17_CR5","doi-asserted-by":"crossref","unstructured":"Babbage, S.: A space\/time tradeoff in exhaustive search attacks on stream ciphers. In: European Convention on Security and Detection, IEE Conference Publication No. 408 (1995)","DOI":"10.1049\/cp:19950490"},{"key":"17_CR6","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"432","DOI":"10.1007\/978-3-540-30539-2_31","volume-title":"Advances in Cryptology - ASIACRYPT 2004","author":"T Baign\u00e8res","year":"2004","unstructured":"Baign\u00e8res, T., Junod, P., Vaudenay, S.: How far can we go beyond linear cryptanalysis? In: Lee, P.J. (ed.) ASIACRYPT 2004. LNCS, vol. 3329, pp. 432\u2013450. Springer, Heidelberg (2004). https:\/\/doi.org\/10.1007\/978-3-540-30539-2_31"},{"key":"17_CR7","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"184","DOI":"10.1007\/978-3-540-77360-3_13","volume-title":"Selected Areas in Cryptography","author":"T Baign\u00e8res","year":"2007","unstructured":"Baign\u00e8res, T., Stern, J., Vaudenay, S.: Linear cryptanalysis of non binary ciphers. In: Adams, C., Miri, A., Wiener, M. (eds.) SAC 2007. LNCS, vol. 4876, pp. 184\u2013211. Springer, Heidelberg (2007). https:\/\/doi.org\/10.1007\/978-3-540-77360-3_13"},{"key":"17_CR8","doi-asserted-by":"publisher","unstructured":"Balenbois, T., Orfila, J., Smart, N.P.: Trivial transciphering with Trivium and TFHE. In: Brenner, M., Costache, A., Rohloff, K. (eds.) 11th Workshop on Encrypted Computing & Applied Homomorphic Cryptography, Copenhagen, Denmark, 26 November 2023, pp. 69\u201378. ACM (2023). https:\/\/doi.org\/10.1145\/3605759.3625255","DOI":"10.1145\/3605759.3625255"},{"key":"17_CR9","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"719","DOI":"10.1007\/978-3-642-29011-4_42","volume-title":"Advances in Cryptology \u2013 EUROCRYPT 2012","author":"A Banerjee","year":"2012","unstructured":"Banerjee, A., Peikert, C., Rosen, A.: Pseudorandom functions and lattices. In: Pointcheval, D., Johansson, T. (eds.) EUROCRYPT 2012. LNCS, vol. 7237, pp. 719\u2013737. Springer, Heidelberg (2012). https:\/\/doi.org\/10.1007\/978-3-642-29011-4_42"},{"key":"17_CR10","unstructured":"Baudrin, J., et al.: Transistor: a TFHE-friendly stream cipher. Cryptology ePrint Archive, Report 2025\/282 (2025). https:\/\/eprint.iacr.org\/2025\/282"},{"key":"17_CR11","doi-asserted-by":"crossref","unstructured":"Bela\u00efd, S., Bon, N., Boudguiga, A., Sirdey, R., Trama, D., Ye, N.: Further improvements in AES execution over TFHE: Towards breaking the 1 sec barrier. Cryptology ePrint Archive, Paper 2025\/075 (2025). https:\/\/eprint.iacr.org\/2025\/075","DOI":"10.62056\/ahmp-4tw9"},{"key":"17_CR12","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"254","DOI":"10.1007\/978-3-540-74619-5_17","volume-title":"Fast Software Encryption","author":"C Berbain","year":"2007","unstructured":"Berbain, C., Gilbert, H.: On the security of IV dependent stream ciphers. In: Biryukov, A. (ed.) FSE 2007. LNCS, vol. 4593, pp. 254\u2013273. Springer, Heidelberg (2007). https:\/\/doi.org\/10.1007\/978-3-540-74619-5_17"},{"issue":"3","key":"17_CR13","doi-asserted-by":"publisher","first-page":"28","DOI":"10.1007\/S00145-023-09463-5","volume":"36","author":"L Bergerat","year":"2023","unstructured":"Bergerat, L., Boudi, A., Bourgerie, Q., Chillotti, I., Ligier, D., Orfila, J., Tap, S.: Parameter optimization and larger precision for (T)FHE. J. Cryptol. 36(3), 28 (2023). https:\/\/doi.org\/10.1007\/S00145-023-09463-5","journal-title":"J. Cryptol."},{"key":"17_CR14","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"36","DOI":"10.1007\/978-3-030-92062-3_2","volume-title":"Advances in Cryptology \u2013 ASIACRYPT 2021","author":"T Beyne","year":"2021","unstructured":"Beyne, T.: A geometric approach to\u00a0linear cryptanalysis. In: Tibouchi, M., Wang, H. (eds.) ASIACRYPT 2021. LNCS, vol. 13090, pp. 36\u201366. Springer, Cham (2021). https:\/\/doi.org\/10.1007\/978-3-030-92062-3_2"},{"key":"17_CR15","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"67","DOI":"10.1007\/978-3-540-74462-7_6","volume-title":"Selected Areas in Cryptography","author":"A Biryukov","year":"2007","unstructured":"Biryukov, A.: The design of a stream cipher LEX. In: Biham, E., Youssef, A.M. (eds.) SAC 2006. LNCS, vol. 4356, pp. 67\u201375. Springer, Heidelberg (2007). https:\/\/doi.org\/10.1007\/978-3-540-74462-7_6"},{"key":"17_CR16","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1007\/978-3-540-28628-8_1","volume-title":"Advances in Cryptology \u2013 CRYPTO 2004","author":"A Biryukov","year":"2004","unstructured":"Biryukov, A., De Canni\u00e8re, C., Quisquater, M.: On multiple linear approximations. In: Franklin, M. (ed.) CRYPTO 2004. LNCS, vol. 3152, pp. 1\u201322. Springer, Heidelberg (2004). https:\/\/doi.org\/10.1007\/978-3-540-28628-8_1"},{"key":"17_CR17","doi-asserted-by":"publisher","unstructured":"Bon, N., Pointcheval, D., Rivain, M.: Optimized homomorphic evaluation of boolean functions. IACR Trans. Cryptogr. Hardw. Embedd. Syst. 2024(3), 302\u2013341 (2024). https:\/\/doi.org\/10.46586\/tches.v2024.i3.302-341","DOI":"10.46586\/tches.v2024.i3.302-341"},{"key":"17_CR18","doi-asserted-by":"publisher","unstructured":"Bonte, C., Iliashenko, I., Park, J., Pereira, H.V.L., Smart, N.P.: FINAL: faster FHE instantiated with NTRU and LWE. In: Agrawal, S., Lin, D. (eds.) ASIACRYPT\u00a02022, Part\u00a0II. LNCS, vol. 13792, pp. 188\u2013215. Springer, Cham (2022). https:\/\/doi.org\/10.1007\/978-3-031-22966-4_7","DOI":"10.1007\/978-3-031-22966-4_7"},{"key":"17_CR19","doi-asserted-by":"publisher","unstructured":"Brakerski, Z., Gentry, C., Vaikuntanathan, V.: (leveled) fully homomorphic encryption without bootstrapping. ACM Trans. Comput. Theory 6(3), 13:1\u201313:36 (2014). https:\/\/doi.org\/10.1145\/2633600","DOI":"10.1145\/2633600"},{"issue":"6","key":"17_CR20","doi-asserted-by":"publisher","first-page":"1344","DOI":"10.1109\/18.45299","volume":"35","author":"L Brynielsson","year":"1989","unstructured":"Brynielsson, L.: A short proof of the Xiao-Massey lemma. IEEE Trans. Inf. Theory 35(6), 1344 (1989). https:\/\/doi.org\/10.1109\/18.45299","journal-title":"IEEE Trans. Inf. Theory"},{"key":"17_CR21","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"313","DOI":"10.1007\/978-3-662-52993-5_16","volume-title":"Fast Software Encryption","author":"A Canteaut","year":"2016","unstructured":"Canteaut, A., et al.: Stream ciphers: a practical solution for efficient homomorphic-ciphertext compression. In: Peyrin, T. (ed.) FSE 2016. LNCS, vol. 9783, pp. 313\u2013333. Springer, Heidelberg (2016). https:\/\/doi.org\/10.1007\/978-3-662-52993-5_16"},{"key":"17_CR22","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"573","DOI":"10.1007\/3-540-45539-6_40","volume-title":"Advances in Cryptology \u2014 EUROCRYPT 2000","author":"A Canteaut","year":"2000","unstructured":"Canteaut, A., Trabbia, M.: Improved fast correlation attacks using parity-check equations of weight 4 and 5. In: Preneel, B. (ed.) EUROCRYPT 2000. LNCS, vol. 1807, pp. 573\u2013588. Springer, Heidelberg (2000). https:\/\/doi.org\/10.1007\/3-540-45539-6_40"},{"key":"17_CR23","doi-asserted-by":"crossref","unstructured":"Checri, M., Sirdey, R., Boudguiga, A., Bultel, J.P.: On the practical CPAD security of \u201cexact\u201d and threshold FHE schemes and libraries. Cryptology ePrint Archive, Report 2024\/116 (2024). https:\/\/eprint.iacr.org\/2024\/116","DOI":"10.1007\/978-3-031-68382-4_1"},{"key":"17_CR24","unstructured":"Cheon, J.H., Choe, H., Passel\u00e8gue, A., Stehl\u00e9, D., Suvanto, E.: Attacks against the INDCPA-D security of exact FHE schemes. Cryptology ePrint Archive, Report 2024\/127 (2024). https:\/\/eprint.iacr.org\/2024\/127"},{"key":"17_CR25","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"409","DOI":"10.1007\/978-3-319-70694-8_15","volume-title":"Advances in Cryptology \u2013 ASIACRYPT 2017","author":"JH Cheon","year":"2017","unstructured":"Cheon, J.H., Kim, A., Kim, M., Song, Y.: Homomorphic encryption for arithmetic of approximate numbers. In: Takagi, T., Peyrin, T. (eds.) ASIACRYPT 2017. LNCS, vol. 10624, pp. 409\u2013437. Springer, Cham (2017). https:\/\/doi.org\/10.1007\/978-3-319-70694-8_15"},{"key":"17_CR26","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"181","DOI":"10.1007\/3-540-44706-7_13","volume-title":"Fast Software Encryption","author":"VV Chepyzhov","year":"2001","unstructured":"Chepyzhov, V.V., Johansson, T., Smeets, B.: A simple algorithm for fast correlation attacks on stream ciphers. In: Goos, G., Hartmanis, J., van Leeuwen, J., Schneier, B. (eds.) FSE 2000. LNCS, vol. 1978, pp. 181\u2013195. Springer, Heidelberg (2001). https:\/\/doi.org\/10.1007\/3-540-44706-7_13"},{"key":"17_CR27","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"3","DOI":"10.1007\/978-3-662-53887-6_1","volume-title":"Advances in Cryptology \u2013 ASIACRYPT 2016","author":"I Chillotti","year":"2016","unstructured":"Chillotti, I., Gama, N., Georgieva, M., Izabach\u00e8ne, M.: Faster fully homomorphic encryption: bootstrapping in less than 0.1 seconds. In: Cheon, J.H., Takagi, T. (eds.) ASIACRYPT 2016. LNCS, vol. 10031, pp. 3\u201333. Springer, Heidelberg (2016). https:\/\/doi.org\/10.1007\/978-3-662-53887-6_1"},{"key":"17_CR28","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"377","DOI":"10.1007\/978-3-319-70694-8_14","volume-title":"Advances in Cryptology \u2013 ASIACRYPT 2017","author":"I Chillotti","year":"2017","unstructured":"Chillotti, I., Gama, N., Georgieva, M., Izabach\u00e8ne, M.: Faster packed homomorphic operations and efficient circuit bootstrapping for TFHE. In: Takagi, T., Peyrin, T. (eds.) ASIACRYPT 2017. LNCS, vol. 10624, pp. 377\u2013408. Springer, Cham (2017). https:\/\/doi.org\/10.1007\/978-3-319-70694-8_14"},{"issue":"1","key":"17_CR29","doi-asserted-by":"publisher","first-page":"34","DOI":"10.1007\/s00145-019-09319-x","volume":"33","author":"I Chillotti","year":"2019","unstructured":"Chillotti, I., Gama, N., Georgieva, M., Izabach\u00e8ne, M.: TFHE: fast fully homomorphic encryption over the torus. J. Cryptol. 33(1), 34\u201391 (2019). https:\/\/doi.org\/10.1007\/s00145-019-09319-x","journal-title":"J. Cryptol."},{"key":"17_CR30","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"670","DOI":"10.1007\/978-3-030-92078-4_23","volume-title":"Advances in Cryptology \u2013 ASIACRYPT 2021","author":"I Chillotti","year":"2021","unstructured":"Chillotti, I., Ligier, D., Orfila, J.-B., Tap, S.: Improved programmable bootstrapping with\u00a0larger precision and\u00a0efficient arithmetic circuits for\u00a0TFHE. In: Tibouchi, M., Wang, H. (eds.) ASIACRYPT 2021. LNCS, vol. 13092, pp. 670\u2013699. Springer, Cham (2021). https:\/\/doi.org\/10.1007\/978-3-030-92078-4_23"},{"key":"17_CR31","doi-asserted-by":"publisher","unstructured":"Cho, M., Chung, W., Ha, J., Lee, J., Oh, E., Son, M.: FRAST: TFHE-friendly cipher based on random S-Boxes. IACR Trans. Symm. Cryptol. 2024(3), 1\u201343 (2024). https:\/\/doi.org\/10.46586\/TOSC.V2024.I3.1-43","DOI":"10.46586\/TOSC.V2024.I3.1-43"},{"key":"17_CR32","unstructured":"Clet, P.E., Zuber, M., Boudguiga, A., Sirdey, R., Gouy-Pailler, C.: Putting up the swiss army knife of homomorphic calculations by means of TFHE functional bootstrapping. Cryptology ePrint Archive, Report 2022\/149 (2022). https:\/\/eprint.iacr.org\/2022\/149"},{"key":"17_CR33","doi-asserted-by":"publisher","unstructured":"Cong, K., Das, D., Park, J., Pereira, H.V.L.: SortingHat: efficient private decision tree evaluation via homomorphic encryption and transciphering. In: Yin, H., Stavrou, A., Cremers, C., Shi, E. (eds.) ACM CCS 2022, pp. 563\u2013577. ACM Press (2022). https:\/\/doi.org\/10.1145\/3548606.3560702","DOI":"10.1145\/3548606.3560702"},{"key":"17_CR34","doi-asserted-by":"publisher","unstructured":"Cosseron, O., Hoffmann, C., M\u00e9aux, P., Standaert, F.X.: Towards case-optimized hybrid homomorphic encryption - featuring the elisabeth stream cipher. In: Agrawal, S., Lin, D. (eds.) ASIACRYPT\u00a02022, Part\u00a0III. LNCS, vol. 13793, pp. 32\u201367. Springer, Cham (2022). https:\/\/doi.org\/10.1007\/978-3-031-22969-5_2","DOI":"10.1007\/978-3-031-22969-5_2"},{"key":"17_CR35","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"171","DOI":"10.1007\/11836810_13","volume-title":"Information Security","author":"C Canni\u00e8re","year":"2006","unstructured":"Canni\u00e8re, C.: Trivium: a stream cipher construction inspired by block cipher design principles. In: Katsikas, S.K., L\u00f3pez, J., Backes, M., Gritzalis, S., Preneel, B. (eds.) ISC 2006. LNCS, vol. 4176, pp. 171\u2013186. Springer, Heidelberg (2006). https:\/\/doi.org\/10.1007\/11836810_13"},{"key":"17_CR36","unstructured":"Deo, A., Joye, M., Libert, B., Curtis, B.R., de\u00a0Bellabre, M.: Homomorphic evaluation of LWR-based PRFs and application to transciphering. Cryptology ePrint Archive, Report 2024\/665 (2024). https:\/\/eprint.iacr.org\/2024\/665"},{"key":"17_CR37","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"662","DOI":"10.1007\/978-3-319-96884-1_22","volume-title":"Advances in Cryptology \u2013 CRYPTO 2018","author":"C Dobraunig","year":"2018","unstructured":"Dobraunig, C., et al.: Rasta: a cipher with low ANDdepth and few ANDs per bit. In: Shacham, H., Boldyreva, A. (eds.) CRYPTO 2018. LNCS, vol. 10991, pp. 662\u2013692. Springer, Cham (2018). https:\/\/doi.org\/10.1007\/978-3-319-96884-1_22"},{"key":"17_CR38","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"617","DOI":"10.1007\/978-3-662-46800-5_24","volume-title":"Advances in Cryptology \u2013 EUROCRYPT 2015","author":"L Ducas","year":"2015","unstructured":"Ducas, L., Micciancio, D.: FHEW: bootstrapping homomorphic encryption in less than a second. In: Oswald, E., Fischlin, M. (eds.) EUROCRYPT 2015. LNCS, vol. 9056, pp. 617\u2013640. Springer, Heidelberg (2015). https:\/\/doi.org\/10.1007\/978-3-662-46800-5_24"},{"key":"17_CR39","doi-asserted-by":"publisher","unstructured":"Eichlseder, M., Nageler, M., Primas, R.: Analyzing the linear keystream biases in AEGIS. IACR Trans. Symm. Cryptol. 2019(4), 348\u2013368 (2019). https:\/\/doi.org\/10.13154\/tosc.v2019.i4.348-368","DOI":"10.13154\/tosc.v2019.i4.348-368"},{"key":"17_CR40","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"47","DOI":"10.1007\/3-540-36492-7_5","volume-title":"Selected Areas in Cryptography","author":"P Ekdahl","year":"2003","unstructured":"Ekdahl, P., Johansson, T.: A new version of the stream cipher SNOW. In: Nyberg, K., Heys, H. (eds.) SAC 2002. LNCS, vol. 2595, pp. 47\u201361. Springer, Heidelberg (2003). https:\/\/doi.org\/10.1007\/3-540-36492-7_5"},{"key":"17_CR41","unstructured":"Ekdhal, P., Johansson, T.: SNOW - a new stream cipher. In: Proceedings of the first Nessie workshop (2000)"},{"key":"17_CR42","unstructured":"Fan, J., Vercauteren, F.: Somewhat practical fully homomorphic encryption. IACR Cryptol. ePrint Arch. p.\u00a0144 (2012). http:\/\/eprint.iacr.org\/2012\/144"},{"key":"17_CR43","doi-asserted-by":"publisher","unstructured":"Gentry, C.: Fully homomorphic encryption using ideal lattices. In: Mitzenmacher, M. (ed.) STOC 2009, pp. 169\u2013178. ACM (2009). https:\/\/doi.org\/10.1145\/1536414.1536440","DOI":"10.1145\/1536414.1536440"},{"key":"17_CR44","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"850","DOI":"10.1007\/978-3-642-32009-5_49","volume-title":"Advances in Cryptology \u2013 CRYPTO 2012","author":"C Gentry","year":"2012","unstructured":"Gentry, C., Halevi, S., Smart, N.P.: Homomorphic evaluation of the AES circuit. In: Safavi-Naini, R., Canetti, R. (eds.) CRYPTO 2012. LNCS, vol. 7417, pp. 850\u2013867. Springer, Heidelberg (2012). https:\/\/doi.org\/10.1007\/978-3-642-32009-5_49"},{"key":"17_CR45","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"75","DOI":"10.1007\/978-3-642-40041-4_5","volume-title":"Advances in Cryptology \u2013 CRYPTO 2013","author":"C Gentry","year":"2013","unstructured":"Gentry, C., Sahai, A., Waters, B.: Homomorphic encryption from learning with errors: conceptually-simpler, asymptotically-faster, attribute-based. In: Canetti, R., Garay, J.A. (eds.) CRYPTO 2013. LNCS, vol. 8042, pp. 75\u201392. Springer, Heidelberg (2013). https:\/\/doi.org\/10.1007\/978-3-642-40041-4_5"},{"key":"17_CR46","doi-asserted-by":"publisher","unstructured":"Gilbert, H., Boissier, R.H., Jean, J., Reinhard, J.R.: Cryptanalysis of elisabeth-4. In: Guo, J., Steinfeld, R. (eds.) ASIACRYPT\u00a02023, Part\u00a0III. LNCS, vol. 14440, pp. 256\u2013284. Springer, Singapore (2023). https:\/\/doi.org\/10.1007\/978-981-99-8727-6_9","DOI":"10.1007\/978-981-99-8727-6_9"},{"key":"17_CR47","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"239","DOI":"10.1007\/3-540-69053-0_17","volume-title":"Advances in Cryptology \u2014 EUROCRYPT \u201997","author":"JD Goli\u0107","year":"1997","unstructured":"Goli\u0107, J.D.: Cryptanalysis of alleged A5 stream cipher. In: Fumy, W. (ed.) EUROCRYPT 1997. LNCS, vol. 1233, pp. 239\u2013255. Springer, Heidelberg (1997). https:\/\/doi.org\/10.1007\/3-540-69053-0_17"},{"key":"17_CR48","doi-asserted-by":"publisher","unstructured":"Guimar\u00e3es, A., Borin, E., Aranha, D.F.: Revisiting the functional bootstrap in TFHE. IACR Trans. Cryptogr. Hardw. Embed. Syst. 229\u2013253 (2021). https:\/\/doi.org\/10.46586\/tches.v2021.i2.229-253. https:\/\/tches.iacr.org\/index.php\/TCHES\/article\/view\/8793","DOI":"10.46586\/tches.v2021.i2.229-253"},{"key":"17_CR49","unstructured":"Hell, M., Johansson, T.: Advanced linear Cryptanalysis of block and stream ciphers, chap. Linear attacks on stream ciphers. IOS Press (2011)"},{"key":"17_CR50","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"179","DOI":"10.1007\/978-3-540-68351-3_14","volume-title":"New Stream Cipher Designs","author":"M Hell","year":"2008","unstructured":"Hell, M., Johansson, T., Maximov, A., Meier, W.: The grain family of stream ciphers. In: Robshaw, M., Billet, O. (eds.) New Stream Cipher Designs. LNCS, vol. 4986, pp. 179\u2013190. Springer, Heidelberg (2008). https:\/\/doi.org\/10.1007\/978-3-540-68351-3_14"},{"issue":"1","key":"17_CR51","doi-asserted-by":"publisher","first-page":"47","DOI":"10.1007\/S12095-011-0053-3","volume":"4","author":"M Hermelin","year":"2012","unstructured":"Hermelin, M., Nyberg, K.: Multidimensional linear distinguishing attacks and boolean functions. Cryptogr. Commun. 4(1), 47\u201364 (2012). https:\/\/doi.org\/10.1007\/S12095-011-0053-3","journal-title":"Cryptogr. Commun."},{"key":"17_CR52","doi-asserted-by":"publisher","unstructured":"Hoffmann, C., M\u00e9aux, P., Standaert, F.X.: The patching landscape of elisabeth-4 and the mixed filter permutator paradigm. In: Chattopadhyay, A., Bhasin, S., Picek, S., Rebeiro, C. (eds.) INDOCRYPT\u00a02023, Part\u00a0I. LNCS, vol. 14459, pp. 134\u2013156. Springer, Cham (2023). https:\/\/doi.org\/10.1007\/978-3-031-56232-7_7","DOI":"10.1007\/978-3-031-56232-7_7"},{"key":"17_CR53","doi-asserted-by":"publisher","unstructured":"Kluczniak, K., Schild, L.: Fdfb: Full domain functional bootstrapping towards practical fully homomorphic encryption. IACR Trans. Cryptogr. Hardw. Embed. Syst. 501\u2013537 (2022). https:\/\/doi.org\/10.46586\/tches.v2023.i1.501-537","DOI":"10.46586\/tches.v2023.i1.501-537"},{"key":"17_CR54","unstructured":"MacWilliams, F.J., Sloane, N.J.A.: The theory of error-correcting codes. North-Holland Publishing Company (1977)"},{"key":"17_CR55","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"68","DOI":"10.1007\/978-3-030-35423-7_4","volume-title":"Progress in Cryptology \u2013 INDOCRYPT 2019","author":"P M\u00e9aux","year":"2019","unstructured":"M\u00e9aux, P., Carlet, C., Journault, A., Standaert, F.-X.: Improved filter permutators for efficient FHE: better instances and implementations. In: Hao, F., Ruj, S., Sen Gupta, S. (eds.) INDOCRYPT 2019. LNCS, vol. 11898, pp. 68\u201391. Springer, Cham (2019). https:\/\/doi.org\/10.1007\/978-3-030-35423-7_4"},{"key":"17_CR56","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"311","DOI":"10.1007\/978-3-662-49890-3_13","volume-title":"Advances in Cryptology \u2013 EUROCRYPT 2016","author":"P M\u00e9aux","year":"2016","unstructured":"M\u00e9aux, P., Journault, A., Standaert, F.-X., Carlet, C.: Towards stream ciphers for efficient FHE with low-noise ciphertexts. In: Fischlin, M., Coron, J.-S. (eds.) EUROCRYPT 2016. LNCS, vol. 9665, pp. 311\u2013343. Springer, Heidelberg (2016). https:\/\/doi.org\/10.1007\/978-3-662-49890-3_13"},{"key":"17_CR57","doi-asserted-by":"publisher","unstructured":"M\u00e9aux, P., Park, J., Pereira, H.V.L.: Towards practical transciphering for FHE with setup independent of the plaintext space. CiC 1(1), 20 (2024). https:\/\/doi.org\/10.62056\/anxrxrxqi","DOI":"10.62056\/anxrxrxqi"},{"key":"17_CR58","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"301","DOI":"10.1007\/3-540-45961-8_28","volume-title":"Advances in Cryptology \u2014 EUROCRYPT \u201988","author":"W Meier","year":"1988","unstructured":"Meier, W., Staffelbach, O.: Fast correlation attacks on stream ciphers. In: Barstow, D., et al. (eds.) EUROCRYPT 1988. LNCS, vol. 330, pp. 301\u2013314. Springer, Heidelberg (1988). https:\/\/doi.org\/10.1007\/3-540-45961-8_28"},{"key":"17_CR59","doi-asserted-by":"crossref","unstructured":"Naehrig, M., Lauter, K.E., Vaikuntanathan, V.: Can homomorphic encryption be practical? In: Cachin, C., Ristenpart, T. (eds.) Proceedings of the 3rd ACM Cloud Computing Security Workshop, CCSW 2011, Chicago, IL, USA, 21 October 2011, pp. 113\u2013124. ACM (2011). https:\/\/dl.acm.org\/citation.cfm?id=2046682","DOI":"10.1145\/2046660.2046682"},{"key":"17_CR60","unstructured":"Niu, C., et al.: XBOOT: Free-XOR gates for CKKS with applications to transciphering. Cryptology ePrint Archive, Paper 2025\/074 (2025). https:\/\/eprint.iacr.org\/2025\/074"},{"key":"17_CR61","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"144","DOI":"10.1007\/11799313_10","volume-title":"Fast Software Encryption","author":"K Nyberg","year":"2006","unstructured":"Nyberg, K., Wall\u00e9n, J.: Improved linear distinguishers for SNOW 2.0. In: Robshaw, M. (ed.) FSE 2006. LNCS, vol. 4047, pp. 144\u2013162. Springer, Heidelberg (2006). https:\/\/doi.org\/10.1007\/11799313_10"},{"key":"17_CR62","doi-asserted-by":"publisher","unstructured":"Regev, O.: On lattices, learning with errors, random linear codes, and cryptography. In: Gabow, H.N., Fagin, R. (eds.) Proceedings of the 37th Annual ACM Symposium on Theory of Computing, Baltimore, MD, USA, 22\u201324 May 2005, pp. 84\u201393. ACM (2005). https:\/\/doi.org\/10.1145\/1060590.1060603","DOI":"10.1145\/1060590.1060603"},{"key":"17_CR63","doi-asserted-by":"publisher","unstructured":"Sakamoto, K., Liu, F., Nakano, Y., Kiyomoto, S., Isobe, T.: Rocca: an efficient AES-based encryption scheme for beyond 5g. IACR Trans. Symm. Cryptol. 2021(2), 1\u201330 (2021). https:\/\/doi.org\/10.46586\/tosc.v2021.i2.1-30","DOI":"10.46586\/tosc.v2021.i2.1-30"},{"key":"17_CR64","doi-asserted-by":"publisher","unstructured":"SHA-3 standard: Permutation-based hash and extendable-output functions. National Institute of Standards and Technology, NIST FIPS PUB 202, U.S. Department of Commerce (2015). https:\/\/doi.org\/10.6028\/NIST.FIPS.202","DOI":"10.6028\/NIST.FIPS.202"},{"key":"17_CR65","doi-asserted-by":"publisher","unstructured":"Shi, Z., Jin, C., Zhang, J., Cui, T., Ding, L., Jin, Y.: A correlation attack on full SNOW-V and SNOW-vi. In: Dunkelman, O., Dziembowski, S. (eds.) EUROCRYPT\u00a02022, Part\u00a0III. LNCS, vol. 13277, pp. 34\u201356. Springer, Cham (2022). https:\/\/doi.org\/10.1007\/978-3-031-07082-2_2","DOI":"10.1007\/978-3-031-07082-2_2"},{"issue":"1","key":"17_CR66","doi-asserted-by":"publisher","first-page":"81","DOI":"10.1109\/TC.1985.1676518","volume":"34","author":"T Siegenthaler","year":"1985","unstructured":"Siegenthaler, T.: Decrypting a class of stream ciphers using ciphertext only. IEEE Trans. Comput. 34(1), 81\u201385 (1985). https:\/\/doi.org\/10.1109\/TC.1985.1676518","journal-title":"IEEE Trans. Comput."},{"key":"17_CR67","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"129","DOI":"10.1007\/978-3-319-96881-0_5","volume-title":"Advances in Cryptology \u2013 CRYPTO 2018","author":"Y Todo","year":"2018","unstructured":"Todo, Y., Isobe, T., Meier, W., Aoki, K., Zhang, B.: Fast correlation attack revisited. In: Shacham, H., Boldyreva, A. (eds.) CRYPTO 2018. LNCS, vol. 10992, pp. 129\u2013159. Springer, Cham (2018). https:\/\/doi.org\/10.1007\/978-3-319-96881-0_5"},{"key":"17_CR68","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"222","DOI":"10.1007\/978-3-540-24654-1_16","volume-title":"Selected Areas in Cryptography","author":"D Watanabe","year":"2004","unstructured":"Watanabe, D., Biryukov, A., De Canni\u00e8re, C.: A distinguishing attack of SNOW\u00a02.0 with linear masking method. In: Matsui, M., Zuccherato, R.J. (eds.) SAC 2003. LNCS, vol. 3006, pp. 222\u2013233. Springer, Heidelberg (2004). https:\/\/doi.org\/10.1007\/978-3-540-24654-1_16"},{"issue":"3","key":"17_CR69","doi-asserted-by":"publisher","first-page":"569","DOI":"10.1109\/18.6037","volume":"34","author":"G Xiao","year":"1988","unstructured":"Xiao, G., Massey, J.L.: A spectral characterization of correlation-immune combining functions. IEEE Trans. Inf. Theory 34(3), 569\u2013571 (1988). https:\/\/doi.org\/10.1109\/18.6037","journal-title":"IEEE Trans. Inf. Theory"},{"key":"17_CR70","unstructured":"Zama: TFHE-rs: A Pure Rust Implementation of the TFHE Scheme for Boolean and Integer Arithmetics Over Encrypted Data (2022). https:\/\/github.com\/zama-ai\/tfhe-rs"}],"container-title":["Lecture Notes in Computer Science","Advances in Cryptology \u2013 CRYPTO 2025"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-032-01901-1_17","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,8,16]],"date-time":"2025-08-16T08:45:06Z","timestamp":1755333906000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/978-3-032-01901-1_17"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2025]]},"ISBN":["9783032019004","9783032019011"],"references-count":70,"URL":"https:\/\/doi.org\/10.1007\/978-3-032-01901-1_17","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"value":"0302-9743","type":"print"},{"value":"1611-3349","type":"electronic"}],"subject":[],"published":{"date-parts":[[2025]]},"assertion":[{"value":"17 August 2025","order":1,"name":"first_online","label":"First Online","group":{"name":"ChapterHistory","label":"Chapter History"}},{"value":"CRYPTO","order":1,"name":"conference_acronym","label":"Conference Acronym","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Annual International Cryptology Conference","order":2,"name":"conference_name","label":"Conference Name","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Santa Barbara, CA","order":3,"name":"conference_city","label":"Conference City","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"USA","order":4,"name":"conference_country","label":"Conference Country","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"2025","order":5,"name":"conference_year","label":"Conference Year","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"17 August 2025","order":7,"name":"conference_start_date","label":"Conference Start Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"21 August 2025","order":8,"name":"conference_end_date","label":"Conference End Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"45","order":9,"name":"conference_number","label":"Conference Number","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"crypto2025","order":10,"name":"conference_id","label":"Conference ID","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"https:\/\/crypto.iacr.org\/2025\/","order":11,"name":"conference_url","label":"Conference URL","group":{"name":"ConferenceInfo","label":"Conference Information"}}]}}