{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,4,20]],"date-time":"2026-04-20T22:57:52Z","timestamp":1776725872836,"version":"3.51.2"},"publisher-location":"Cham","reference-count":61,"publisher":"Springer International Publishing","isbn-type":[{"value":"9783319116587","type":"print"},{"value":"9783319116594","type":"electronic"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2014]]},"DOI":"10.1007\/978-3-319-11659-4_12","type":"book-chapter","created":{"date-parts":[[2014,9,25]],"date-time":"2014-09-25T02:19:48Z","timestamp":1411611588000},"page":"197-219","source":"Crossref","is-referenced-by-count":244,"title":["Lattice Cryptography for the Internet"],"prefix":"10.1007","author":[{"given":"Chris","family":"Peikert","sequence":"first","affiliation":[]}],"member":"297","reference":[{"key":"12_CR1","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"143","DOI":"10.1007\/3-540-45353-9_12","volume-title":"Topics in Cryptology - CT-RSA 2001","author":"M. Abdalla","year":"2001","unstructured":"Abdalla, M., Bellare, M., Rogaway, P.: The oracle Diffie-Hellman assumptions and an analysis of DHIES. In: Naccache, D. (ed.) CT-RSA 2001. LNCS, vol.\u00a02020, pp. 143\u2013158. Springer, Heidelberg (2001)"},{"key":"12_CR2","first-page":"1","volume":"13","author":"M. Ajtai","year":"2004","unstructured":"Ajtai, M.: Generating hard instances of lattice problems. Quaderni di Matematica\u00a013, 1\u201332 (2004), Preliminary version in STOC 1996","journal-title":"Quaderni di Matematica"},{"key":"12_CR3","unstructured":"Arbitman, Y., Dogon, G., Lyubashevsky, V., Micciancio, D., Peikert, C., Rosen, A.: SWIFFTX: A proposal for the SHA-3 standard. Submitted to NIST SHA-3 competition (2008)"},{"key":"12_CR4","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"403","DOI":"10.1007\/978-3-642-22006-7_34","volume-title":"Automata, Languages and Programming","author":"S. Arora","year":"2011","unstructured":"Arora, S., Ge, R.: New algorithms for learning in presence of errors. In: Aceto, L., Henzinger, M., Sgall, J. (eds.) ICALP 2011, Part I. LNCS, vol.\u00a06755, pp. 403\u2013415. Springer, Heidelberg (2011)"},{"key":"12_CR5","doi-asserted-by":"crossref","unstructured":"Bellare, M., Canetti, R., Krawczyk, H.: A modular approach to the design and analysis of authentication and key exchange protocols (extended abstract). In: STOC, pp. 419\u2013428 (1998)","DOI":"10.1145\/276698.276854"},{"key":"12_CR6","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"26","DOI":"10.1007\/BFb0055718","volume-title":"Advances in Cryptology - CRYPTO \u201998","author":"M. Bellare","year":"1998","unstructured":"Bellare, M., Desai, A., Pointcheval, D., Rogaway, P.: Relations among notions of security for public-key encryption schemes. In: Krawczyk, H. (ed.) CRYPTO 1998. LNCS, vol.\u00a01462, pp. 26\u201345. Springer, Heidelberg (1998)"},{"key":"12_CR7","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"232","DOI":"10.1007\/3-540-48329-2_21","volume-title":"Advances in Cryptology - CRYPTO \u201993","author":"M. Bellare","year":"1994","unstructured":"Bellare, M., Rogaway, P.: Entity authentication and key distribution. In: Stinson, D.R. (ed.) CRYPTO 1993. LNCS, vol.\u00a0773, pp. 232\u2013249. Springer, Heidelberg (1994)"},{"key":"12_CR8","doi-asserted-by":"crossref","unstructured":"Bellare, M., Rogaway, P.: Random oracles are practical: A paradigm for designing efficient protocols. In: ACM Conference on Computer and Communications Security, pp. 62\u201373 (1993)","DOI":"10.1145\/168588.168596"},{"key":"12_CR9","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"92","DOI":"10.1007\/BFb0053428","volume-title":"Advances in Cryptology - EUROCRYPT \u201994","author":"M. Bellare","year":"1995","unstructured":"Bellare, M., Rogaway, P.: Optimal asymmetric encryption. In: De Santis, A. (ed.) EUROCRYPT 1994. LNCS, vol.\u00a0950, pp. 92\u2013111. Springer, Heidelberg (1995)"},{"key":"12_CR10","doi-asserted-by":"crossref","unstructured":"Bellare, M., Rogaway, P.: Provably secure session key distribution: the three party case. In: STOC, pp. 57\u201366 (1995)","DOI":"10.1145\/225058.225084"},{"key":"12_CR11","doi-asserted-by":"crossref","unstructured":"Bellare, M., Rogaway, P.: Minimizing the use of random oracles in authenticated encryption schemes. In: ICICS, pp. 1\u201316 (1997)","DOI":"10.1007\/BFb0028457"},{"issue":"5","key":"12_CR12","doi-asserted-by":"publisher","first-page":"1301","DOI":"10.1137\/S009753970544713X","volume":"36","author":"D. Boneh","year":"2007","unstructured":"Boneh, D., Canetti, R., Halevi, S., Katz, J.: Chosen-ciphertext security from identity-based encryption. SIAM J. Comput.\u00a036(5), 1301\u20131328 (2007)","journal-title":"SIAM J. Comput."},{"key":"12_CR13","doi-asserted-by":"crossref","unstructured":"Brakerski, Z., Langlois, A., Peikert, C., Regev, O., Stehl\u00e9, D.: Classical hardness of learning with errors. In: STOC, pp. 575\u2013584 (2013)","DOI":"10.1145\/2488608.2488680"},{"key":"12_CR14","doi-asserted-by":"crossref","unstructured":"Canetti, R.: Universally composable security: A new paradigm for cryptographic protocols. Cryptology ePrint Archive, Report 2000\/067 (2000), http:\/\/eprint.iacr.org\/","DOI":"10.1109\/SFCS.2001.959888"},{"key":"12_CR15","doi-asserted-by":"crossref","unstructured":"Canetti, R.: Universally composable security: A new paradigm for cryptographic protocols. In: FOCS, pp. 136\u2013145 (2001)","DOI":"10.1109\/SFCS.2001.959888"},{"key":"12_CR16","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"453","DOI":"10.1007\/3-540-44987-6_28","volume-title":"Advances in Cryptology - EUROCRYPT 2001","author":"R. Canetti","year":"2001","unstructured":"Canetti, R., Krawczyk, H.: Analysis of key-exchange protocols and their use for building secure channels. In: Pfitzmann, B. (ed.) EUROCRYPT 2001. LNCS, vol.\u00a02045, pp. 453\u2013474. Springer, Heidelberg (2001), Full version at http:\/\/eprint.iacr.org\/2001\/040"},{"key":"12_CR17","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"143","DOI":"10.1007\/3-540-45708-9_10","volume-title":"Advances in Cryptology - CRYPTO 2002","author":"R. Canetti","year":"2002","unstructured":"Canetti, R., Krawczyk, H.: Security analysis of IKE\u2019s signature-based key-exchange protocol. In: Yung, M. (ed.) CRYPTO 2002. LNCS, vol.\u00a02442, pp. 143\u2013161. Springer, Heidelberg (2002), Full version at http:\/\/eprint.iacr.org\/2002\/120"},{"key":"12_CR18","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"337","DOI":"10.1007\/3-540-46035-7_22","volume-title":"Advances in Cryptology - EUROCRYPT 2002","author":"R. Canetti","year":"2002","unstructured":"Canetti, R., Krawczyk, H.: Universally composable notions of key exchange and secure channels. In: Knudsen, L.R. (ed.) EUROCRYPT 2002. LNCS, vol.\u00a02332, pp. 337\u2013351. Springer, Heidelberg (2002), Full version at http:\/\/eprint.iacr.org\/2002\/059"},{"key":"12_CR19","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1007\/978-3-642-25385-0_1","volume-title":"Advances in Cryptology \u2013 ASIACRYPT 2011","author":"Y. Chen","year":"2011","unstructured":"Chen, Y., Nguyen, P.Q.: BKZ 2.0: Better lattice security estimates. In: Lee, D.H., Wang, X. (eds.) ASIACRYPT 2011. LNCS, vol.\u00a07073, pp. 1\u201320. Springer, Heidelberg (2011)"},{"key":"12_CR20","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"45","DOI":"10.1007\/3-540-46035-7_4","volume-title":"Advances in Cryptology - EUROCRYPT 2002","author":"R. Cramer","year":"2002","unstructured":"Cramer, R., Shoup, V.: Universal hash proofs and a paradigm for adaptive chosen ciphertext secure public-key encryption. In: Knudsen, L.R. (ed.) EUROCRYPT 2002. LNCS, vol.\u00a02332, pp. 45\u201364. Springer, Heidelberg (2002)"},{"issue":"1","key":"12_CR21","doi-asserted-by":"publisher","first-page":"167","DOI":"10.1137\/S0097539702403773","volume":"33","author":"R. Cramer","year":"2003","unstructured":"Cramer, R., Shoup, V.: Design and analysis of practical public-key encryption schemes secure against adaptive chosen ciphertext attack. SIAM J. Comput.\u00a033(1), 167\u2013226 (2003), Preliminary version in CRYPTO 1998","journal-title":"SIAM J. Comput."},{"issue":"6","key":"12_CR22","doi-asserted-by":"publisher","first-page":"644","DOI":"10.1109\/TIT.1976.1055638","volume":"IT-22","author":"W. Diffie","year":"1976","unstructured":"Diffie, W., Hellman, M.E.: New directions in cryptography. IEEE Transactions on Information Theory\u00a0IT-22(6), 644\u2013654 (1976)","journal-title":"IEEE Transactions on Information Theory"},{"key":"12_CR23","unstructured":"Ding, J., Xie, X., Lin, X.: A simple provably secure key exchange scheme based on the learning with errors problem. Cryptology ePrint Archive, Report 2012\/688 (2014), http:\/\/eprint.iacr.org\/"},{"issue":"2","key":"12_CR24","doi-asserted-by":"publisher","first-page":"391","DOI":"10.1137\/S0097539795291562","volume":"30","author":"D. Dolev","year":"1991","unstructured":"Dolev, D., Dwork, C., Naor, M.: Nonmalleable cryptography. SIAM J. Comput.\u00a030(2), 391\u2013437 (1991), Preliminary version in STOC 1991","journal-title":"SIAM J. Comput."},{"key":"12_CR25","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"18","DOI":"10.1007\/978-3-642-38348-9_2","volume-title":"Advances in Cryptology \u2013 EUROCRYPT 2013","author":"N. D\u00f6ttling","year":"2013","unstructured":"D\u00f6ttling, N., M\u00fcller-Quade, J.: Lossy codes and a new variant of the learning-with-errors problem. In: Johansson, T., Nguyen, P.Q. (eds.) EUROCRYPT 2013. LNCS, vol.\u00a07881, pp. 18\u201334. Springer, Heidelberg (2013)"},{"key":"12_CR26","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"40","DOI":"10.1007\/978-3-642-40041-4_3","volume-title":"Advances in Cryptology \u2013 CRYPTO 2013","author":"L. Ducas","year":"2013","unstructured":"Ducas, L., Durmus, A., Lepoint, T., Lyubashevsky, V.: Lattice signatures and bimodal gaussians. In: Canetti, R., Garay, J.A. (eds.) CRYPTO 2013, Part I. LNCS, vol.\u00a08042, pp. 40\u201356. Springer, Heidelberg (2013)"},{"key":"12_CR27","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"53","DOI":"10.1007\/3-540-49162-7_5","volume-title":"Public Key Cryptography","author":"E. Fujisaki","year":"1999","unstructured":"Fujisaki, E., Okamoto, T.: How to enhance the security of public-key encryption at minimum cost. In: Imai, H., Zheng, Y. (eds.) PKC 1999. LNCS, vol.\u00a01560, pp. 53\u201368. Springer, Heidelberg (1999)"},{"key":"12_CR28","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"537","DOI":"10.1007\/3-540-48405-1_34","volume-title":"Advances in Cryptology - CRYPTO \u201999","author":"E. Fujisaki","year":"1999","unstructured":"Fujisaki, E., Okamoto, T.: Secure integration of asymmetric and symmetric encryption schemes. In: Wiener, M. (ed.) CRYPTO 1999. LNCS, vol.\u00a01666, pp. 537\u2013554. Springer, Heidelberg (1999)"},{"key":"12_CR29","doi-asserted-by":"crossref","unstructured":"Gentry, C., Peikert, C., Vaikuntanathan, V.: Trapdoors for hard lattices and new cryptographic constructions. In: STOC, pp. 197\u2013206 (2008)","DOI":"10.1145\/1374376.1374407"},{"key":"12_CR30","doi-asserted-by":"crossref","unstructured":"Harkins, D., Carrel, D.: The Internet Key Exchange (IKE). RFC 2409 (Proposed Standard) (November 1998). Obsoleted by RFC 4306, updated by RFC 4109","DOI":"10.17487\/rfc2409"},{"key":"12_CR31","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"267","DOI":"10.1007\/BFb0054868","volume-title":"Algorithmic Number Theory","author":"J. Hoffstein","year":"1998","unstructured":"Hoffstein, J., Pipher, J., Silverman, J.H.: NTRU: A ring-based public key cryptosystem. In: Buhler, J.P. (ed.) ANTS 1998. LNCS, vol.\u00a01423, pp. 267\u2013288. Springer, Heidelberg (1998)"},{"key":"12_CR32","doi-asserted-by":"crossref","unstructured":"Housley, R.: Use of the RSAES-OAEP Key Transport Algorithm in Cryptographic Message Syntax (CMS). RFC 3560 (Proposed Standard) (July 2003)","DOI":"10.17487\/rfc3560"},{"key":"12_CR33","doi-asserted-by":"crossref","unstructured":"Kaufman, C.: Internet Key Exchange (IKEv2) Protocol. RFC 4306 (Proposed Standard) (December 2005), Obsoleted by RFC 5996, updated by RFC 5282","DOI":"10.17487\/rfc4306"},{"key":"12_CR34","doi-asserted-by":"crossref","unstructured":"Kaufman, C., Hoffman, P., Nir, Y., Eronen, P.: Internet Key Exchange Protocol Version 2 (IKEv2). RFC 5996 (Proposed Standard) (September 2010), Updated by RFCs 5998, 6989","DOI":"10.17487\/rfc5996"},{"key":"12_CR35","unstructured":"Kent, S., Atkinson, R.: Security Architecture for the Internet Protocol. RFC 2401 (Proposed Standard) (November 1998), Obsoleted by RFC 4301, updated by RFC 3168"},{"key":"12_CR36","doi-asserted-by":"crossref","unstructured":"Kent, S., Seo, K.: Security Architecture for the Internet Protocol. RFC 4301 (Proposed Standard) (December 2005), Updated by RFC 6040","DOI":"10.17487\/rfc4301"},{"key":"12_CR37","doi-asserted-by":"crossref","unstructured":"Krawczyk, H.: SKEME: a versatile secure key exchange mechanism for Internet. In: NDSS, pp. 114\u2013127 (1996)","DOI":"10.1109\/NDSS.1996.492418"},{"key":"12_CR38","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"400","DOI":"10.1007\/978-3-540-45146-4_24","volume-title":"Advances in Cryptology - CRYPTO 2003","author":"H. Krawczyk","year":"2003","unstructured":"Krawczyk, H.: SIGMA: The \u2019SIGn-and-MAc\u2019 approach to authenticated Diffie-Hellman and its use in the IKE-protocols. In: Boneh, D. (ed.) CRYPTO 2003. LNCS, vol.\u00a02729, pp. 400\u2013425. Springer, Heidelberg (2003), Full version at http:\/\/webee.technion.ac.il\/~hugo\/sigma.html"},{"key":"12_CR39","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"546","DOI":"10.1007\/11535218_33","volume-title":"Advances in Cryptology \u2013 CRYPTO 2005","author":"H. Krawczyk","year":"2005","unstructured":"Krawczyk, H.: HMQV: A high-performance secure Diffie-Hellman protocol. In: Shoup, V. (ed.) CRYPTO 2005. LNCS, vol.\u00a03621, pp. 546\u2013566. Springer, Heidelberg (2005)"},{"issue":"2","key":"12_CR40","doi-asserted-by":"publisher","first-page":"119","DOI":"10.1023\/A:1022595222606","volume":"28","author":"L. Law","year":"2003","unstructured":"Law, L., Menezes, A., Qu, M., Solinas, J.A., Vanstone, S.A.: An efficient protocol for authenticated key agreement. Des. Codes Cryptography\u00a028(2), 119\u2013134 (2003)","journal-title":"Des. Codes Cryptography"},{"key":"12_CR41","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"319","DOI":"10.1007\/978-3-642-19074-2_21","volume-title":"Topics in Cryptology \u2013 CT-RSA 2011","author":"R. Lindner","year":"2011","unstructured":"Lindner, R., Peikert, C.: Better key sizes (and attacks) for LWE-based encryption. In: Kiayias, A. (ed.) CT-RSA 2011. LNCS, vol.\u00a06558, pp. 319\u2013339. Springer, Heidelberg (2011)"},{"key":"12_CR42","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"293","DOI":"10.1007\/978-3-642-36095-4_19","volume-title":"Topics in Cryptology \u2013 CT-RSA 2013","author":"M. Liu","year":"2013","unstructured":"Liu, M., Nguyen, P.Q.: Solving BDD by enumeration: An update. In: Dawson, E. (ed.) CT-RSA 2013. LNCS, vol.\u00a07779, pp. 293\u2013309. Springer, Heidelberg (2013)"},{"key":"12_CR43","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"738","DOI":"10.1007\/978-3-642-29011-4_43","volume-title":"Advances in Cryptology \u2013 EUROCRYPT 2012","author":"V. Lyubashevsky","year":"2012","unstructured":"Lyubashevsky, V.: Lattice signatures without trapdoors. In: Pointcheval, D., Johansson, T. (eds.) EUROCRYPT 2012. LNCS, vol.\u00a07237, pp. 738\u2013755. Springer, Heidelberg (2012)"},{"key":"12_CR44","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"144","DOI":"10.1007\/11787006_13","volume-title":"Automata, Languages and Programming","author":"V. Lyubashevsky","year":"2006","unstructured":"Lyubashevsky, V., Micciancio, D.: Generalized compact knapsacks are collision resistant. In: Bugliesi, M., Preneel, B., Sassone, V., Wegener, I. (eds.) ICALP 2006, Part II. LNCS, vol.\u00a04052, pp. 144\u2013155. Springer, Heidelberg (2006)"},{"key":"12_CR45","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"37","DOI":"10.1007\/978-3-540-78524-8_3","volume-title":"Theory of Cryptography","author":"V. Lyubashevsky","year":"2008","unstructured":"Lyubashevsky, V., Micciancio, D.: Asymptotically efficient lattice-based digital signatures. In: Canetti, R. (ed.) TCC 2008. LNCS, vol.\u00a04948, pp. 37\u201354. Springer, Heidelberg (2008)"},{"key":"12_CR46","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"54","DOI":"10.1007\/978-3-540-71039-4_4","volume-title":"Fast Software Encryption","author":"V. Lyubashevsky","year":"2008","unstructured":"Lyubashevsky, V., Micciancio, D., Peikert, C., Rosen, A.: SWIFFT: A modest proposal for FFT hashing. In: Nyberg, K. (ed.) FSE 2008. LNCS, vol.\u00a05086, pp. 54\u201372. Springer, Heidelberg (2008)"},{"key":"12_CR47","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1007\/978-3-642-13190-5_1","volume-title":"Advances in Cryptology \u2013 EUROCRYPT 2010","author":"V. Lyubashevsky","year":"2010","unstructured":"Lyubashevsky, V., Peikert, C., Regev, O.: On ideal lattices and learning with errors over rings. Journal of the ACM 60(6), 43:1\u201343:35 (2013). Preliminary version in Gilbert, H. (ed.) EUROCRYPT 2010. LNCS, vol.\u00a06110, pp. 1\u201323. Springer, Heidelberg (2010)"},{"key":"12_CR48","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"35","DOI":"10.1007\/978-3-642-38348-9_3","volume-title":"Advances in Cryptology \u2013 EUROCRYPT 2013","author":"V. Lyubashevsky","year":"2013","unstructured":"Lyubashevsky, V., Peikert, C., Regev, O.: A toolkit for ring-LWE cryptography. In: Johansson, T., Nguyen, P.Q. (eds.) EUROCRYPT 2013. LNCS, vol.\u00a07881, pp. 35\u201354. Springer, Heidelberg (2013)"},{"issue":"4","key":"12_CR49","doi-asserted-by":"publisher","first-page":"365","DOI":"10.1007\/s00037-007-0234-9","volume":"16","author":"D. Micciancio","year":"2007","unstructured":"Micciancio, D.: Generalized compact knapsacks, cyclic lattices, and efficient one-way functions. Computational Complexity\u00a016(4), 365\u2013411 (2007), Preliminary version in FOCS 2002","journal-title":"Computational Complexity"},{"key":"12_CR50","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"700","DOI":"10.1007\/978-3-642-29011-4_41","volume-title":"Advances in Cryptology \u2013 EUROCRYPT 2012","author":"D. Micciancio","year":"2012","unstructured":"Micciancio, D., Peikert, C.: Trapdoors for lattices: Simpler, tighter, faster, smaller. In: Pointcheval, D., Johansson, T. (eds.) EUROCRYPT 2012. LNCS, vol.\u00a07237, pp. 700\u2013718. Springer, Heidelberg (2012)"},{"key":"12_CR51","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"21","DOI":"10.1007\/978-3-642-40041-4_2","volume-title":"Advances in Cryptology \u2013 CRYPTO 2013","author":"D. Micciancio","year":"2013","unstructured":"Micciancio, D., Peikert, C.: Hardness of SIS and LWE with small parameters. In: Canetti, R., Garay, J.A. (eds.) CRYPTO 2013, Part I. LNCS, vol.\u00a08042, pp. 21\u201339. Springer, Heidelberg (2013)"},{"issue":"1","key":"12_CR52","doi-asserted-by":"publisher","first-page":"267","DOI":"10.1137\/S0097539705447360","volume":"37","author":"D. Micciancio","year":"2004","unstructured":"Micciancio, D., Regev, O.: Worst-case to average-case reductions based on Gaussian measures. SIAM J. Comput.\u00a037(1), 267\u2013302 (2004), Preliminary version in FOCS 2004","journal-title":"SIAM J. Comput."},{"key":"12_CR53","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"159","DOI":"10.1007\/3-540-45353-9_13","volume-title":"Topics in Cryptology - CT-RSA 2001","author":"T. Okamoto","year":"2001","unstructured":"Okamoto, T., Pointcheval, D.: REACT: Rapid enhanced-security asymmetric cryptosystem transform. In: Naccache, D. (ed.) CT-RSA 2001. LNCS, vol.\u00a02020, pp. 159\u2013175. Springer, Heidelberg (2001)"},{"key":"12_CR54","doi-asserted-by":"crossref","unstructured":"Peikert, C.: Public-key cryptosystems from the worst-case shortest vector problem. In: STOC, pp. 333\u2013342 (2009)","DOI":"10.1145\/1536414.1536461"},{"key":"12_CR55","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"145","DOI":"10.1007\/11681878_8","volume-title":"Theory of Cryptography","author":"C. Peikert","year":"2006","unstructured":"Peikert, C., Rosen, A.: Efficient collision-resistant hashing from worst-case assumptions on cyclic lattices. In: Halevi, S., Rabin, T. (eds.) TCC 2006. LNCS, vol.\u00a03876, pp. 145\u2013166. Springer, Heidelberg (2006)"},{"issue":"6","key":"12_CR56","doi-asserted-by":"publisher","first-page":"1803","DOI":"10.1137\/080733954","volume":"40","author":"C. Peikert","year":"2011","unstructured":"Peikert, C., Waters, B.: Lossy trapdoor functions and their applications. SIAM J. Comput.\u00a040(6), 1803\u20131844 (2011), Preliminary version in STOC 2008","journal-title":"SIAM J. Comput."},{"key":"12_CR57","doi-asserted-by":"crossref","unstructured":"Randall, J., Kaliski, B., Brainard, J., Turner, S.: Use of the RSA-KEM Key Transport Algorithm in the Cryptographic Message Syntax (CMS). RFC 5990 (Proposed Standard) (September 2010)","DOI":"10.17487\/rfc5990"},{"issue":"6","key":"12_CR58","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1145\/1568318.1568324","volume":"56","author":"O. Regev","year":"2009","unstructured":"Regev, O.: On lattices, learning with errors, random linear codes, and cryptography. J. ACM\u00a056(6), 1\u201340 (2009), Preliminary version in STOC 2005","journal-title":"J. ACM"},{"issue":"2","key":"12_CR59","doi-asserted-by":"publisher","first-page":"120","DOI":"10.1145\/359340.359342","volume":"21","author":"R.L. Rivest","year":"1978","unstructured":"Rivest, R.L., Shamir, A., Adleman, L.M.: A method for obtaining digital signatures and public-key cryptosystems. Commun. ACM\u00a021(2), 120\u2013126 (1978)","journal-title":"Commun. ACM"},{"key":"12_CR60","unstructured":"Shoup, V.: On formal models for secure key exchange. Cryptology ePrint Archive, Report 1999\/012 (1999), http:\/\/eprint.iacr.org\/"},{"key":"12_CR61","series-title":"Lecture Notes in Computer Science","first-page":"223","volume-title":"Advances in Cryptology - CRYPTO 2001","author":"V. Shoup","year":"2001","unstructured":"Shoup, V.: OAEP reconsidered. J. Cryptology 15(4), 223\u2013249 (2002). Preliminary version in Kilian, J. (ed.) CRYPTO 2001. LNCS, vol.\u00a02139, pp. 223\u2013249. Springer, Heidelberg (2001)"}],"container-title":["Lecture Notes in Computer Science","Post-Quantum Cryptography"],"original-title":[],"link":[{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-319-11659-4_12","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,5,4]],"date-time":"2025-05-04T20:19:14Z","timestamp":1746389954000},"score":1,"resource":{"primary":{"URL":"http:\/\/link.springer.com\/10.1007\/978-3-319-11659-4_12"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2014]]},"ISBN":["9783319116587","9783319116594"],"references-count":61,"URL":"https:\/\/doi.org\/10.1007\/978-3-319-11659-4_12","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"value":"0302-9743","type":"print"},{"value":"1611-3349","type":"electronic"}],"subject":[],"published":{"date-parts":[[2014]]}}}