{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,3,26]],"date-time":"2026-03-26T15:18:06Z","timestamp":1774538286351,"version":"3.50.1"},"publisher-location":"Cham","reference-count":41,"publisher":"Springer International Publishing","isbn-type":[{"value":"9783319667867","type":"print"},{"value":"9783319667874","type":"electronic"}],"license":[{"start":{"date-parts":[[2017,1,1]],"date-time":"2017-01-01T00:00:00Z","timestamp":1483228800000},"content-version":"tdm","delay-in-days":0,"URL":"http:\/\/www.springer.com\/tdm"},{"start":{"date-parts":[[2017,1,1]],"date-time":"2017-01-01T00:00:00Z","timestamp":1483228800000},"content-version":"vor","delay-in-days":0,"URL":"http:\/\/www.springer.com\/tdm"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2017]]},"DOI":"10.1007\/978-3-319-66787-4_12","type":"book-chapter","created":{"date-parts":[[2017,8,24]],"date-time":"2017-08-24T13:06:02Z","timestamp":1503579962000},"page":"232-252","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":71,"title":["High-Speed Key Encapsulation from NTRU"],"prefix":"10.1007","author":[{"given":"Andreas","family":"H\u00fclsing","sequence":"first","affiliation":[]},{"given":"Joost","family":"Rijneveld","sequence":"additional","affiliation":[]},{"given":"John","family":"Schanck","sequence":"additional","affiliation":[]},{"given":"Peter","family":"Schwabe","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2017,8,25]]},"reference":[{"key":"12_CR1","unstructured":"Albrecht, M.R., Player, R., Scott, S.: On the concrete hardness of learning with errors. IACR Cryptology ePrint Archive report 2015\/046 (2015). \n https:\/\/eprint.iacr.org\/2015\/046\n \n . 242"},{"key":"12_CR2","unstructured":"Alkim, E., Ducas, L., P\u00f6ppelmann, T., Schwabe, P.: Post-quantum key exchange - a new hope. In: Holz, T., Savage, S. (eds.) Proceedings of the 25th USENIX Security Symposium. USENIX Association (2016). \n https:\/\/cryptojedi.org\/papers\/#newhope\n \n . 233, 234, 241, 248"},{"key":"12_CR3","unstructured":"Bernstein, D.J., Chuengsatiansup, C., Lange, T., van Vredendaal, C.: NTRU prime. IACR Cryptology ePrint Archive report 2016\/461 (2016). \n https:\/\/eprint.iacr.org\/2016\/461\n \n . 233, 234, 236, 237, 242, 243, 244, 248"},{"key":"12_CR4","unstructured":"Bernstein, D.J., Lange, T.: eBACS: ECRYPT benchmarking of cryptographic systems. \n http:\/\/bench.cr.yp.to\n \n . 248"},{"key":"12_CR5","unstructured":"Bertoni, G., Daemen, J., Peeters, M., Van Assche, G.: The Keccak reference (2011). \n http:\/\/keccak.noekeon.org\/\n \n . 236"},{"key":"12_CR6","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"41","DOI":"10.1007\/978-3-642-25385-0_3","volume-title":"Advances in Cryptology \u2013 ASIACRYPT 2011","author":"D Boneh","year":"2011","unstructured":"Boneh, D., Dagdelen, \u00d6., Fischlin, M., Lehmann, A., Schaffner, C., Zhandry, M.: Random oracles in a quantum world. In: Lee, D.H., Wang, X. (eds.) ASIACRYPT 2011. LNCS, vol. 7073, pp. 41\u201369. Springer, Heidelberg (2011). doi:\n 10.1007\/978-3-642-25385-0_3\n \n . \n https:\/\/eprint.iacr.org\/2010\/428\n \n . 243"},{"key":"12_CR7","doi-asserted-by":"crossref","unstructured":"Bos, J., Costello, C., Ducas, L., Mironov, I., Naehrig, M., Nikolaenko, V., Raghunathan, A., Stebila, D.: Frodo: take off the ring! Practical, quantum-secure key exchange from LWE. In: Kruegel, C., Myers, A., Halevi, S. (eds.) Conference on Computer and Communications Security - CCS 2016, pp. 1006\u20131018. ACM (2016). \n https:\/\/doi.org\/10.1145\/2976749.2978425\n \n . 233, 248, 249","DOI":"10.1145\/2976749.2978425"},{"key":"12_CR8","unstructured":"Bos, J.W., Costello, C., Naehrig, M., Stebila, D.: Post-quantum key exchange for the TLS protocol from the ring learning with errors problem. In: Bauer, L., Shmatikov, V. (eds.) 2015 IEEE Symposium on Security and Privacy, pp. 553\u2013570. IEEE (2015). \n https:\/\/eprint.iacr.org\/2014\/599\n \n . 233, 248"},{"key":"12_CR9","unstructured":"Braithwaite, M.: Experimenting with post-quantum cryptography. Posting on the Google Security Blog (2016). \n https:\/\/security.googleblog.com\/2016\/07\/experimenting-with-post-quantum.html\n \n . 233"},{"key":"12_CR10","unstructured":"Chatterjee, S., Koblitz, N., Menezes, A., Sarkar, P.: Another look at tightness ii: practical issues in cryptography. IACR Cryptology ePrint Archive report 2016\/360 (2016). \n https:\/\/eprint.iacr.org\/2016\/360\n \n . 234"},{"key":"12_CR11","unstructured":"Chen, Y.: Lattice reduction and concrete security of fully homomorphic encryption. Ph.D. thesis, l\u2019Universit\u00e9 Paris Diderot (2013). 242"},{"key":"12_CR12","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1007\/978-3-642-25385-0_1","volume-title":"Advances in Cryptology \u2013 ASIACRYPT 2011","author":"Y Chen","year":"2011","unstructured":"Chen, Y., Nguyen, P.Q.: BKZ 2.0: better lattice security estimates. In: Lee, D.H., Wang, X. (eds.) ASIACRYPT 2011. LNCS, vol. 7073, pp. 1\u201320. Springer, Heidelberg (2011). doi:\n 10.1007\/978-3-642-25385-0_1\n \n . \n http:\/\/www.iacr.org\/archive\/asiacrypt2011\/70730001\/70730001.pdf\n \n . 242"},{"key":"12_CR13","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"51","DOI":"10.1007\/978-3-319-53177-9_3","volume-title":"Information Security and Cryptology \u2013 ICISC 2016","author":"JH Cheon","year":"2017","unstructured":"Cheon, J.H., Han, K., Kim, J., Lee, C., Son, Y.: A practical post-quantum public-key cryptosystem based on spLWE. In: Hong, S., Park, J.H. (eds.) ICISC 2016. LNCS, vol. 10157, pp. 51\u201374. Springer, Cham (2017). doi:\n 10.1007\/978-3-319-53177-9_3\n \n . \n https:\/\/eprint.iacr.org\/2016\/1055\n \n . 233, 248, 249"},{"key":"12_CR14","unstructured":"Cheon, J.H., Kim, D., Lee, J., Song, Y.: Lizard: cut off the tail! Practical post-quantum public-key encryption from LWE and LWR. IACR Cryptology ePrint Archive report 2016\/1126 (2016). \n https:\/\/eprint.iacr.org\/2016\/1126\n \n . 233, 248"},{"key":"12_CR15","unstructured":"Consortium for Efficient Embedded Security. EESS #1: Implementation aspects of NTRUEncrypt and NTRUSign v. 2.0. \n http:\/\/grouper.ieee.org\/groups\/1363\/lattPK\/submissions\/EESS1v2.pdf\n \n . 236"},{"issue":"1","key":"12_CR16","doi-asserted-by":"publisher","first-page":"167","DOI":"10.1137\/S0097539702403773","volume":"33","author":"R Cramer","year":"2003","unstructured":"Cramer, R., Shoup, V.: Design and analysis of practical public-key encryption schemes secure against adaptive chosen ciphertext attack. SIAM J. Comput. 33(1), 167\u2013226 (2003). \n http:\/\/www.shoup.net\/papers\/cca2.pdf\n \n . 233","journal-title":"SIAM J. Comput."},{"key":"12_CR17","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"273","DOI":"10.1007\/978-3-319-44618-9_15","volume-title":"Security and Cryptography for Networks","author":"R del Pino","year":"2016","unstructured":"del Pino, R., Lyubashevsky, V., Pointcheval, D.: The whole is less than the sum of its parts: constructing more efficient lattice-based AKEs. In: Zikas, V., De Prisco, R. (eds.) SCN 2016. LNCS, vol. 9841, pp. 273\u2013291. Springer, Cham (2016). doi:\n 10.1007\/978-3-319-44618-9_15\n \n . \n https:\/\/eprint.iacr.org\/2016\/435\n \n . 233, 236, 242"},{"key":"12_CR18","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"133","DOI":"10.1007\/978-3-540-40974-8_12","volume-title":"Cryptography and Coding","author":"AW Dent","year":"2003","unstructured":"Dent, A.W.: A designer\u2019s guide to KEMs. In: Paterson, K.G. (ed.) Cryptography and Coding 2003. LNCS, vol. 2898, pp. 133\u2013151. Springer, Heidelberg (2003). doi:\n 10.1007\/978-3-540-40974-8_12\n \n . \n http:\/\/www.cogentcryptography.com\/papers\/designer.pdf\n \n . 233, 238, 243"},{"key":"12_CR19","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"537","DOI":"10.1007\/3-540-48405-1_34","volume-title":"Advances in Cryptology \u2014 CRYPTO 1999","author":"E Fujisaki","year":"1999","unstructured":"Fujisaki, E., Okamoto, T.: Secure integration of asymmetric and symmetric encryption schemes. In: Wiener, M. (ed.) CRYPTO 1999. LNCS, vol. 1666, pp. 537\u2013554. Springer, Heidelberg (1999). doi:\n 10.1007\/3-540-48405-1_34\n \n . 243"},{"key":"12_CR20","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"437","DOI":"10.1007\/978-3-642-01957-9_27","volume-title":"Applied Cryptography and Network Security","author":"PS Hirschhorn","year":"2009","unstructured":"Hirschhorn, P.S., Hoffstein, J., Howgrave-Graham, N., Whyte, W.: Choosing NTRUEncrypt parameters in light of combined lattice reduction and MITM approaches. In: Abdalla, M., Pointcheval, D., Fouque, P.-A., Vergnaud, D. (eds.) ACNS 2009. LNCS, vol. 5536, pp. 437\u2013455. Springer, Heidelberg (2009). doi:\n 10.1007\/978-3-642-01957-9_27\n \n . \n https:\/\/eprint.iacr.org\/2005\/045\n \n . 236"},{"key":"12_CR21","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"3","DOI":"10.1007\/978-3-319-52153-4_1","volume-title":"Topics in Cryptology \u2013 CT-RSA 2017","author":"J Hoffstein","year":"2017","unstructured":"Hoffstein, J., Pipher, J., Schanck, J.M., Silverman, J.H., Whyte, W., Zhang, Z.: Choosing parameters for NTRUEncrypt. In: Handschuh, H. (ed.) CT-RSA 2017. LNCS, vol. 10159, pp. 3\u201318. Springer, Cham (2017). doi:\n 10.1007\/978-3-319-52153-4_1\n \n . \n https:\/\/eprint.iacr.org\/2015\/708\n \n . 236, 241, 242, 248"},{"key":"12_CR22","unstructured":"Hoffstein, J., Pipher, J., Silverman, J.H.: NTRU: a new high speed public key cryptosystem (1996). Draft from at CRYPTO 1996 rump session. \n http:\/\/web.securityinnovation.com\/hubfs\/files\/ntru-orig.pdf\n \n . 237"},{"key":"12_CR23","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"267","DOI":"10.1007\/BFb0054868","volume-title":"Algorithmic Number Theory","author":"J Hoffstein","year":"1998","unstructured":"Hoffstein, J., Pipher, J., Silverman, J.H.: NTRU: a ring-based public key cryptosystem. In: Buhler, J.P. (ed.) ANTS 1998. LNCS, vol. 1423, pp. 267\u2013288. Springer, Heidelberg (1998). doi:\n 10.1007\/BFb0054868\n \n . 233, 236, 237, 238"},{"key":"12_CR24","unstructured":"Hoffstein, J., Pipher, J., Silverman, J.H.: Public key cryptosystem method and apparatus. United States Patent 6081597 (2000). Application filed 19 August 1997. \n http:\/\/www.freepatentsonline.com\/6081597.html\n \n . 234"},{"key":"12_CR25","unstructured":"Hoffstein, J., Silverman, J.H.: Speed enhanced cryptographic method and apparatus. United States Patent 7031468 (2006). Application filed 24 August 2001. \n http:\/\/www.freepatentsonline.com\/7031468.html\n \n . 234"},{"key":"12_CR26","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"150","DOI":"10.1007\/978-3-540-74143-5_9","volume-title":"Advances in Cryptology - CRYPTO 2007","author":"N Howgrave-Graham","year":"2007","unstructured":"Howgrave-Graham, N.: A hybrid lattice-reduction and meet-in-the-middle attack against NTRU. In: Menezes, A. (ed.) CRYPTO 2007. LNCS, vol. 4622, pp. 150\u2013169. Springer, Heidelberg (2007). doi:\n 10.1007\/978-3-540-74143-5_9\n \n . \n http:\/\/www.iacr.org\/archive\/crypto2007\/46220150\/46220150.pdf\n \n . 241, 242"},{"key":"12_CR27","unstructured":"Howgrave-Graham, N., Silverman, J.H., Singer, A., Whyte, W.: NAEP: provable security in the presence of decryption failures. Cryptology ePrint Archive, Report 2003\/172 (2003). \n https:\/\/eprint.iacr.org\/2003\/172\n \n . 233"},{"key":"12_CR28","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"118","DOI":"10.1007\/978-3-540-30574-3_10","volume-title":"Topics in Cryptology \u2013 CT-RSA 2005","author":"N Howgrave-Graham","year":"2005","unstructured":"Howgrave-Graham, N., Silverman, J.H., Whyte, W.: Choosing parameter sets for NTRUEncrypt with NAEP and SVES-3. In: Menezes, A. (ed.) CT-RSA 2005. LNCS, vol. 3376, pp. 118\u2013135. Springer, Heidelberg (2005). doi:\n 10.1007\/978-3-540-30574-3_10\n \n . \n https:\/\/eprint.iacr.org\/2005\/045\n \n . 236"},{"issue":"3","key":"12_CR29","doi-asserted-by":"publisher","first-page":"171","DOI":"10.1016\/0890-5401(88)90024-7","volume":"78","author":"T Itoh","year":"1988","unstructured":"Itoh, T., Tsujii, S.: A fast algorithm for computing multiplicative inverses in $${GF}({2^m})$$ using normal bases. Inf. Comput. 78(3), 171\u2013177 (1988). \n https:\/\/sciencedirect.com\/science\/article\/pii\/0890540188900247\n \n . 246","journal-title":"Inf. Comput."},{"key":"12_CR30","unstructured":"Kirchner, P., Fouque, P.-A.: Comparison between subfield and straightforward attacks on NTRU. IACR Cryptology ePrint Archive report 2012\/387 (2016). \n https:\/\/eprint.iacr.org\/2016\/717\n \n . 234"},{"key":"12_CR31","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"429","DOI":"10.1007\/978-3-642-40041-4_24","volume-title":"Advances in Cryptology \u2013 CRYPTO 2013","author":"H Krawczyk","year":"2013","unstructured":"Krawczyk, H., Paterson, K.G., Wee, H.: On the security of the TLS protocol: a systematic analysis. In: Canetti, R., Garay, J.A. (eds.) CRYPTO 2013. LNCS, vol. 8042, pp. 429\u2013448. Springer, Heidelberg (2013). doi:\n 10.1007\/978-3-642-40041-4_24\n \n . \n eprint.iacr.org\/2013\/339\n \n . 233"},{"key":"12_CR32","unstructured":"Laarhoven, T.: Search problems in cryptography. Ph.D. thesis, Eindhoven University of Technology (2015). \n http:\/\/www.thijs.com\/docs\/phd-final.pdf\n \n . 241"},{"key":"12_CR33","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1007\/978-3-642-13190-5_1","volume-title":"Advances in Cryptology \u2013 EUROCRYPT 2010","author":"V Lyubashevsky","year":"2010","unstructured":"Lyubashevsky, V., Peikert, C., Regev, O.: On ideal lattices and learning with errors over rings. In: Gilbert, H. (ed.) EUROCRYPT 2010. LNCS, vol. 6110, pp. 1\u201323. Springer, Heidelberg (2010). doi:\n 10.1007\/978-3-642-13190-5_1\n \n . \n http:\/\/www.di.ens.fr\/~lyubash\/papers\/ringLWE.pdf\n \n . 234"},{"key":"12_CR34","unstructured":"NIST. Post-quantum crypto project (2016). \n http:\/\/csrc.nist.gov\/groups\/ST\/post-quantum-crypto\/\n \n . 232"},{"key":"12_CR35","unstructured":"Saarinen, M.-J.O.: Ring-LWE ciphertext compression and error correction: tools for lightweight post-quantum cryptography. IACR Cryptology ePrint Archive report 2016\/461 (2016). \n https:\/\/eprint.iacr.org\/2016\/1058\n \n . 233"},{"key":"12_CR36","unstructured":"Sakshaugh, H.: Security analysis of the NTRUEncrypt public key encryption scheme. Master\u2019s thesis, Norwegian University of Science and Technology (2007). \n https:\/\/brage.bibsys.no\/xmlui\/handle\/11250\/258846\n \n . 233, 243"},{"key":"12_CR37","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"43","DOI":"10.1007\/3-540-44750-4_4","volume-title":"Advances in Cryptology \u2014 CRYPT0 1995","author":"R Schroeppel","year":"1995","unstructured":"Schroeppel, R., Orman, H., O\u2019Malley, S., Spatscheck, O.: Fast key exchange with elliptic curve systems. In: Coppersmith, D. (ed.) CRYPTO 1995. LNCS, vol. 963, pp. 43\u201356. Springer, Heidelberg (1995). doi:\n 10.1007\/3-540-44750-4_4\n \n . \n https:\/\/pdfs.semanticscholar.org\/edc9\/5e3d34f42deabe82ff3e9237266e30adc1a7.pdf\n \n . 247"},{"key":"12_CR38","unstructured":"Security Innovation. Security Innovation makes NTRUEncrypt patent-free (2017). \n https:\/\/www.securityinnovation.com\/company\/news-and-events\/press-releases\/security-innovation-makes-ntruencrypt-patent-free\n \n . 234"},{"key":"12_CR39","unstructured":"Silverman, J.H.: Almost inverses and fast NTRU key creation. Technical report #014, NTRU Cryptosystems (1999). Version 1. \n https:\/\/assets.onboardsecurity.com\/static\/downloads\/NTRU\/resources\/NTRUTech014.pdf\n \n . 246, 247"},{"key":"12_CR40","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"410","DOI":"10.1007\/11586821_27","volume-title":"Cryptography and Coding","author":"M Stam","year":"2005","unstructured":"Stam, M.: A key encapsulation mechanism for NTRU. In: Smart, N.P. (ed.) Cryptography and Coding 2005. LNCS, vol. 3796, pp. 410\u2013427. Springer, Heidelberg (2005). doi:\n 10.1007\/11586821_27\n \n . 233, 243"},{"key":"12_CR41","unstructured":"Targhi, E.E., Unruh, D.: Quantum security of the Fujisaki-Okamoto and OAEP transforms. Cryptology ePrint Archive, Report 2015\/1210 (2015). \n https:\/\/eprint.iacr.org\/2015\/1210\n \n . 243"}],"container-title":["Lecture Notes in Computer Science","Cryptographic Hardware and Embedded Systems \u2013 CHES 2017"],"original-title":[],"language":"en","link":[{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-319-66787-4_12","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2020,9,18]],"date-time":"2020-09-18T00:03:57Z","timestamp":1600387437000},"score":1,"resource":{"primary":{"URL":"http:\/\/link.springer.com\/10.1007\/978-3-319-66787-4_12"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2017]]},"ISBN":["9783319667867","9783319667874"],"references-count":41,"URL":"https:\/\/doi.org\/10.1007\/978-3-319-66787-4_12","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"value":"0302-9743","type":"print"},{"value":"1611-3349","type":"electronic"}],"subject":[],"published":{"date-parts":[[2017]]},"assertion":[{"value":"25 August 2017","order":1,"name":"first_online","label":"First Online","group":{"name":"ChapterHistory","label":"Chapter History"}},{"value":"CHES","order":1,"name":"conference_acronym","label":"Conference Acronym","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"International Conference on Cryptographic Hardware and Embedded Systems","order":2,"name":"conference_name","label":"Conference Name","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Taipei","order":3,"name":"conference_city","label":"Conference City","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Taiwan","order":4,"name":"conference_country","label":"Conference Country","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"2017","order":5,"name":"conference_year","label":"Conference Year","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"25 September 2017","order":7,"name":"conference_start_date","label":"Conference Start Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"28 September 2017","order":8,"name":"conference_end_date","label":"Conference End Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"ches2017","order":10,"name":"conference_id","label":"Conference ID","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"https:\/\/ches.iacr.org\/2017\/","order":11,"name":"conference_url","label":"Conference URL","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"This content has been made available to all.","name":"free","label":"Free to read"}]}}