{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,4,18]],"date-time":"2026-04-18T16:33:00Z","timestamp":1776529980896,"version":"3.51.2"},"publisher-location":"Cham","reference-count":54,"publisher":"Springer International Publishing","isbn-type":[{"value":"9783319706962","type":"print"},{"value":"9783319706979","type":"electronic"}],"license":[{"start":{"date-parts":[[2017,1,1]],"date-time":"2017-01-01T00:00:00Z","timestamp":1483228800000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"},{"start":{"date-parts":[[2017,1,1]],"date-time":"2017-01-01T00:00:00Z","timestamp":1483228800000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2017]]},"DOI":"10.1007\/978-3-319-70697-9_8","type":"book-chapter","created":{"date-parts":[[2017,11,17]],"date-time":"2017-11-17T18:27:49Z","timestamp":1510943269000},"page":"211-240","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":81,"title":["An Efficient Quantum Collision Search Algorithm and Implications on Symmetric Cryptography"],"prefix":"10.1007","author":[{"given":"Andr\u00e9","family":"Chailloux","sequence":"first","affiliation":[]},{"given":"Mar\u00eda","family":"Naya-Plasencia","sequence":"additional","affiliation":[]},{"given":"Andr\u00e9","family":"Schrottenloher","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2017,11,18]]},"reference":[{"issue":"4","key":"8_CR1","doi-asserted-by":"publisher","first-page":"595","DOI":"10.1145\/1008731.1008735","volume":"51","author":"S Aaronson","year":"2004","unstructured":"Aaronson, S., Shi, Y.: Quantum lower bounds for the collision and the element distinctness problems. J. ACM 51(4), 595\u2013605 (2004)","journal-title":"J. ACM"},{"issue":"1","key":"8_CR2","doi-asserted-by":"publisher","first-page":"37","DOI":"10.4086\/toc.2005.v001a003","volume":"1","author":"A Ambainis","year":"2005","unstructured":"Ambainis, A.: Polynomial degree and lower bounds in quantum complexity: collision and element distinctness with small range. Theor. Comput. 1(1), 37\u201346 (2005). http:\/\/dx.doi.org\/10.4086\/toc.2005.v001a003","journal-title":"Theor. Comput."},{"issue":"1","key":"8_CR3","doi-asserted-by":"publisher","first-page":"210","DOI":"10.1137\/S0097539705447311","volume":"37","author":"A Ambainis","year":"2007","unstructured":"Ambainis, A.: Quantum walk algorithm for element distinctness. SIAM J. Comput. 37(1), 210\u2013239 (2007). http:\/\/dx.doi.org\/10.1137\/S0097539705447311","journal-title":"SIAM J. Comput."},{"key":"8_CR4","doi-asserted-by":"crossref","unstructured":"Amy, M., Di Matteo, O., Gheorghiu, V., Mosca, M., Parent, A., Schanck, J.M.: Estimating the cost of generic quantum pre-image attacks on SHA-2 and SHA-3. In: IACR Cryptology ePrint Archive, p. 992 (2016)","DOI":"10.1007\/978-3-319-69453-5_18"},{"key":"8_CR5","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"44","DOI":"10.1007\/978-3-319-29360-8_4","volume-title":"Post-Quantum Cryptography","author":"MV Anand","year":"2016","unstructured":"Anand, M.V., Targhi, E.E., Tabia, G.N., Unruh, D.: Post-quantum security of the CBC, CFB, OFB, CTR, and XTS modes of operation. In: Takagi, T. (ed.) PQCrypto 2016. LNCS, vol. 9606, pp. 44\u201363. Springer, Cham (2016). https:\/\/doi.org\/10.1007\/978-3-319-29360-8_4"},{"key":"8_CR6","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"270","DOI":"10.1007\/978-3-540-78967-3_16","volume-title":"Advances in Cryptology \u2013 EUROCRYPT 2008","author":"E Andreeva","year":"2008","unstructured":"Andreeva, E., Bouillaguet, C., Fouque, P.-A., Hoch, J.J., Kelsey, J., Shamir, A., Zimmer, S.: Second preimage attacks on dithered hash functions. In: Smart, N. (ed.) EUROCRYPT 2008. LNCS, vol. 4965, pp. 270\u2013288. Springer, Heidelberg (2008). https:\/\/doi.org\/10.1007\/978-3-540-78967-3_16"},{"key":"8_CR7","doi-asserted-by":"crossref","unstructured":"Banegas, G., Bernstein, D.J.: Low-communication parallel quantum multi-target preimage search. In: SAC 2017 (2017)","DOI":"10.1007\/978-3-319-72565-9_16"},{"key":"8_CR8","doi-asserted-by":"crossref","unstructured":"Bellare, M., Desai, A., Jokipii, E., Rogaway, P.: A concrete security treatment of symmetric encryption. In: FOCS, pp. 394\u2013403. IEEE Computer Society (1997)","DOI":"10.1109\/SFCS.1997.646128"},{"key":"8_CR9","unstructured":"Bernstein, D.J.: Cost analysis of hash collisions: will quantum computers make SHARCS obsolete? In: SHARCS 2009 Special-Purpose Hardware for Attacking Cryptographic Systems, p. 105 (2009)"},{"key":"8_CR10","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"368","DOI":"10.1007\/978-3-662-46800-5_15","volume-title":"Advances in Cryptology \u2013 EUROCRYPT 2015","author":"DJ Bernstein","year":"2015","unstructured":"Bernstein, D.J., Hopwood, D., H\u00fclsing, A., Lange, T., Niederhagen, R., Papachristodoulou, L., Schneider, M., Schwabe, P., Wilcox-O\u2019Hearn, Z.: SPHINCS: practical stateless hash-based signatures. In: Oswald, E., Fischlin, M. (eds.) EUROCRYPT 2015. LNCS, vol. 9056, pp. 368\u2013397. Springer, Heidelberg (2015). https:\/\/doi.org\/10.1007\/978-3-662-46800-5_15"},{"key":"8_CR11","doi-asserted-by":"crossref","unstructured":"Bhargavan, K., Leurent, G.: On the Practical (In-)Security of 64-bit Block Ciphers: Collision Attacks on HTTP over TLS and OpenVPN. IACR Cryptology ePrint Archive 2016, 798 (2016). http:\/\/eprint.iacr.org\/2016\/798","DOI":"10.1145\/2976749.2978423"},{"key":"8_CR12","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"12","DOI":"10.1007\/3-540-48910-X_2","volume-title":"Advances in Cryptology \u2014 EUROCRYPT \u201999","author":"E Biham","year":"1999","unstructured":"Biham, E., Biryukov, A., Shamir, A.: Cryptanalysis of skipjack reduced to 31 rounds using impossible differentials. In: Stern, J. (ed.) EUROCRYPT 1999. LNCS, vol. 1592, pp. 12\u201323. Springer, Heidelberg (1999). https:\/\/doi.org\/10.1007\/3-540-48910-X_2"},{"issue":"3","key":"8_CR13","doi-asserted-by":"publisher","first-page":"117","DOI":"10.1016\/S0020-0190(02)00269-7","volume":"84","author":"E Biham","year":"2002","unstructured":"Biham, E.: How to decrypt or even substitute des-encrypted messages in 2$$^{\\text{28 }}$$ steps. Inf. Process. Lett. 84(3), 117\u2013124 (2002). http:\/\/dx.doi.org\/10.1016\/S0020-0190(02)00269-7","journal-title":"Inf. Process. Lett."},{"key":"8_CR14","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"110","DOI":"10.1007\/11693383_8","volume-title":"Selected Areas in Cryptography","author":"A Biryukov","year":"2006","unstructured":"Biryukov, A., Mukhopadhyay, S., Sarkar, P.: Improved time-memory trade-offs with multiple data. In: Preneel, B., Tavares, S. (eds.) SAC 2005. LNCS, vol. 3897, pp. 110\u2013127. Springer, Heidelberg (2006). https:\/\/doi.org\/10.1007\/11693383_8"},{"key":"8_CR15","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"41","DOI":"10.1007\/978-3-642-25385-0_3","volume-title":"Advances in Cryptology \u2013 ASIACRYPT 2011","author":"D Boneh","year":"2011","unstructured":"Boneh, D., Dagdelen, \u00d6., Fischlin, M., Lehmann, A., Schaffner, C., Zhandry, M.: Random oracles in a quantum world. In: Lee, D.H., Wang, X. (eds.) ASIACRYPT 2011. LNCS, vol. 7073, pp. 41\u201369. Springer, Heidelberg (2011). https:\/\/doi.org\/10.1007\/978-3-642-25385-0_3"},{"key":"8_CR16","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"361","DOI":"10.1007\/978-3-642-40084-1_21","volume-title":"Advances in Cryptology \u2013 CRYPTO 2013","author":"D Boneh","year":"2013","unstructured":"Boneh, D., Zhandry, M.: Secure signatures and chosen ciphertext security in a quantum computing world. In: Canetti, R., Garay, J.A. (eds.) CRYPTO 2013. LNCS, vol. 8043, pp. 361\u2013379. Springer, Heidelberg (2013). https:\/\/doi.org\/10.1007\/978-3-642-40084-1_21"},{"key":"8_CR17","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"208","DOI":"10.1007\/978-3-642-34961-4_14","volume-title":"Advances in Cryptology \u2013 ASIACRYPT 2012","author":"J Borghoff","year":"2012","unstructured":"Borghoff, J., et al.: PRINCE \u2013 a low-latency block cipher for pervasive computing applications. In: Wang, X., Sako, K. (eds.) ASIACRYPT 2012. LNCS, vol. 7658, pp. 208\u2013225. Springer, Heidelberg (2012). https:\/\/doi.org\/10.1007\/978-3-642-34961-4_14"},{"key":"8_CR18","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"391","DOI":"10.1007\/978-3-642-22792-9_22","volume-title":"Advances in Cryptology \u2013 CRYPTO 2011","author":"G Brassard","year":"2011","unstructured":"Brassard, G., H\u00f8yer, P., Kalach, K., Kaplan, M., Laplante, S., Salvail, L.: Merkle puzzles in a quantum world. In: Rogaway, P. (ed.) CRYPTO 2011. LNCS, vol. 6841, pp. 391\u2013410. Springer, Heidelberg (2011). https:\/\/doi.org\/10.1007\/978-3-642-22792-9_22"},{"key":"8_CR19","doi-asserted-by":"publisher","first-page":"53","DOI":"10.1090\/conm\/305\/05215","volume":"305","author":"G Brassard","year":"2002","unstructured":"Brassard, G., Hoyer, P., Mosca, M., Tapp, A.: Quantum amplitude amplification and estimation. Contemp. Math. 305, 53\u201374 (2002)","journal-title":"Contemp. Math."},{"key":"8_CR20","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"163","DOI":"10.1007\/BFb0054319","volume-title":"LATIN\u201998: Theoretical Informatics","author":"G Brassard","year":"1998","unstructured":"Brassard, G., H\u00f8yer, P., Tapp, A.: Quantum cryptanalysis of hash and claw-free functions. In: Lucchesi, C.L., Moura, A.V. (eds.) LATIN 1998. LNCS, vol. 1380, pp. 163\u2013169. Springer, Heidelberg (1998). https:\/\/doi.org\/10.1007\/BFb0054319"},{"key":"8_CR21","doi-asserted-by":"crossref","unstructured":"Chailloux, A., Naya-Plasencia, M., Schrottenloher, A.: An Efficient Quantum Collision Search Algorithm and Implications on Symmetric Cryptography. IACR Cryptology ePrint Archive 2017, 847 (2017). http:\/\/eprint.iacr.org\/2017\/847","DOI":"10.1007\/978-3-319-70697-9_8"},{"key":"8_CR22","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"293","DOI":"10.1007\/978-3-642-28496-0_18","volume-title":"Selected Areas in Cryptography","author":"S Chatterjee","year":"2012","unstructured":"Chatterjee, S., Menezes, A., Sarkar, P.: Another look at tightness. In: Miri, A., Vaudenay, S. (eds.) SAC 2011. LNCS, vol. 7118, pp. 293\u2013319. Springer, Heidelberg (2012). https:\/\/doi.org\/10.1007\/978-3-642-28496-0_18"},{"key":"8_CR23","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"142","DOI":"10.1007\/978-3-319-04268-8_9","volume-title":"Information Theoretic Security","author":"I Damg\u00e5rd","year":"2014","unstructured":"Damg\u00e5rd, I., Funder, J., Nielsen, J.B., Salvail, L.: Superposition attacks on cryptographic protocols. In: Padr\u00f3, C. (ed.) ICITS 2013. LNCS, vol. 8317, pp. 142\u2013161. Springer, Cham (2014). https:\/\/doi.org\/10.1007\/978-3-319-04268-8_9"},{"key":"8_CR24","doi-asserted-by":"crossref","unstructured":"Dierks, T., Rescorla, E.: The transport layer security (TLS) protocol version 1.2. In: IETF RFC 5246 (2008)","DOI":"10.17487\/rfc5246"},{"key":"8_CR25","doi-asserted-by":"crossref","unstructured":"Diffie, W., Hellman, M.: Privacy and authentication: an introduction to cryptography. In: Proceedings of the IEEE, vol. 67, pp. 397\u2013427 (1979)","DOI":"10.1109\/PROC.1979.11256"},{"key":"8_CR26","unstructured":"Ehrsam, W.R., Meyer, C.H., Smith, J.L., Tuchman, W.L.: Message verification and transmission error detection by block chaining. US Patent 4074066 (1976)"},{"issue":"3","key":"8_CR27","doi-asserted-by":"publisher","first-page":"151","DOI":"10.1007\/s001459900025","volume":"10","author":"S Even","year":"1997","unstructured":"Even, S., Mansour, Y.: A construction of a cipher from a single pseudorandom permutation. J. Cryptol. 10(3), 151\u2013162 (1997). http:\/\/dx.doi.org\/10.1007\/s001459900025","journal-title":"J. Cryptol."},{"key":"8_CR28","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"420","DOI":"10.1007\/978-3-662-45611-8_22","volume-title":"Advances in Cryptology \u2013 ASIACRYPT 2014","author":"P-A Fouque","year":"2014","unstructured":"Fouque, P.-A., Joux, A., Mavromati, C.: Multi-user collisions: applications to discrete logarithm, even-mansour and PRINCE. In: Sarkar, P., Iwata, T. (eds.) ASIACRYPT 2014. LNCS, vol. 8873, pp. 420\u2013438. Springer, Heidelberg (2014). https:\/\/doi.org\/10.1007\/978-3-662-45611-8_22"},{"key":"8_CR29","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"60","DOI":"10.1007\/978-3-662-53015-3_3","volume-title":"Advances in Cryptology \u2013 CRYPTO 2016","author":"T Gagliardoni","year":"2016","unstructured":"Gagliardoni, T., H\u00fclsing, A., Schaffner, C.: Semantic security and indistinguishability in the quantum world. In: Robshaw, M., Katz, J. (eds.) CRYPTO 2016. LNCS, vol. 9816, pp. 60\u201389. Springer, Heidelberg (2016). https:\/\/doi.org\/10.1007\/978-3-662-53015-3_3"},{"key":"8_CR30","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"29","DOI":"10.1007\/978-3-319-29360-8_3","volume-title":"Post-Quantum Cryptography","author":"M Grassl","year":"2016","unstructured":"Grassl, M., Langenberg, B., Roetteler, M., Steinwandt, R.: Applying Grover\u2019s algorithm to AES: quantum resource estimates. In: Takagi, T. (ed.) PQCrypto 2016. LNCS, vol. 9606, pp. 29\u201343. Springer, Cham (2016). https:\/\/doi.org\/10.1007\/978-3-319-29360-8_3"},{"key":"8_CR31","doi-asserted-by":"crossref","unstructured":"Grover, L.K.: A fast quantum mechanical algorithm for database search. In: Miller, G.L. (ed.) Proceedings of the Twenty-Eighth Annual ACM Symposium on the Theory of Computing, Philadelphia, Pennsylvania, USA, 22\u201324 May 1996, pp. 212\u2013219. ACM (1996). http:\/\/doi.acm.org\/10.1145\/237814.237866","DOI":"10.1145\/237814.237866"},{"key":"8_CR32","doi-asserted-by":"crossref","unstructured":"Grover, L.K.: Trade-offs in the quantum search algorithm. In: Physical Review A, vol. 66 (2002)","DOI":"10.1103\/PhysRevA.66.052314"},{"issue":"3","key":"8_CR33","first-page":"201","volume":"4","author":"LK Grover","year":"2004","unstructured":"Grover, L.K., Rudolph, T.: How significant are the known collision and element distinctness quantum algorithms? Quantum Inf. Comput. 4(3), 201\u2013206 (2004). http:\/\/portal.acm.org\/citation.cfm?id=2011622","journal-title":"Quantum Inf. Comput."},{"key":"8_CR34","unstructured":"Kaplan, M.: Quantum attacks against iterated block ciphers. CoRR abs\/1410.1434 (2014). http:\/\/arxiv.org\/abs\/1410.1434"},{"key":"8_CR35","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"207","DOI":"10.1007\/978-3-662-53008-5_8","volume-title":"Advances in Cryptology \u2013 CRYPTO 2016","author":"M Kaplan","year":"2016","unstructured":"Kaplan, M., Leurent, G., Leverrier, A., \u00a0Naya-Plasencia, M.: Breaking symmetric cryptosystems using\u00a0quantum\u00a0period finding. In: Robshaw, M., Katz, J. (eds.) CRYPTO 2016. LNCS, vol. 9815, pp. 207\u2013237. Springer, Heidelberg (2016). https:\/\/doi.org\/10.1007\/978-3-662-53008-5_8"},{"issue":"1","key":"8_CR36","doi-asserted-by":"crossref","first-page":"71","DOI":"10.46586\/tosc.v2016.i1.71-94","volume":"2016","author":"M Kaplan","year":"2016","unstructured":"Kaplan, M., Leurent, G., Leverrier, A., Naya-Plasencia, M.: Quantum differential and linear cryptanalysis. IACR Trans. Symmetric Cryptol. 2016(1), 71\u201394 (2016). http:\/\/tosc.iacr.org\/index.php\/ToSC\/article\/view\/536","journal-title":"IACR Trans. Symmetric Cryptol."},{"key":"8_CR37","unstructured":"Knudsen, L.R.: DEAL - A $$128$$-bit cipher. Technical Report, Department of Informatics, University of Bergen, Norway (1998)"},{"key":"8_CR38","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"196","DOI":"10.1007\/3-540-60590-8_16","volume-title":"Fast Software Encryption","author":"LR Knudsen","year":"1995","unstructured":"Knudsen, L.R.: Truncated and higher order differentials. In: Preneel, B. (ed.) FSE 1994. LNCS, vol. 1008, pp. 196\u2013211. Springer, Heidelberg (1995). https:\/\/doi.org\/10.1007\/3-540-60590-8_16"},{"key":"8_CR39","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"306","DOI":"10.1007\/978-3-642-21702-9_18","volume-title":"Fast Software Encryption","author":"T Krovetz","year":"2011","unstructured":"Krovetz, T., Rogaway, P.: The software performance of authenticated-encryption modes. In: Joux, A. (ed.) FSE 2011. LNCS, vol. 6733, pp. 306\u2013327. Springer, Heidelberg (2011). https:\/\/doi.org\/10.1007\/978-3-642-21702-9_18"},{"issue":"2","key":"8_CR40","doi-asserted-by":"publisher","first-page":"29","DOI":"10.4086\/toc.2005.v001a002","volume":"1","author":"S Kutin","year":"2005","unstructured":"Kutin, S.: Quantum lower bound for the collision problem with small range. Theor. Comput. 1(2), 29\u201336 (2005). http:\/\/www.theoryofcomputing.org\/articles\/v001a002","journal-title":"Theor. Comput."},{"key":"8_CR41","doi-asserted-by":"crossref","unstructured":"Kuwakado, H., Morii, M.: Quantum distinguisher between the 3-round feistel cipher and the random permutation. In: IEEE International Symposium on Information Theory, ISIT 2010, Austin, Texas, USA, Proceedings, pp. 2682\u20132685. IEEE, 13\u201318 June 2010. http:\/\/dx.doi.org\/10.1109\/ISIT.2010.5513654","DOI":"10.1109\/ISIT.2010.5513654"},{"key":"8_CR42","unstructured":"Kuwakado, H., Morii, M.: Security on the quantum-type even-mansour cipher. In: Proceedings of the International Symposium on Information Theory and its Applications, ISITA 2012, Honolulu, HI, USA, pp. 312\u2013316. IEEE, 28\u201331 October 2012. http:\/\/ieeexplore.ieee.org\/xpl\/freeabs_all.jsp?arnumber=6400943"},{"key":"8_CR43","unstructured":"Lipmaa, H., Rogaway, P., Wagner, D.: Comments to nist concerning aes modes of operations: Ctr-mode encryption (2000). http:\/\/csrc.nist.gov\/groups\/ST\/toolkit\/BCM\/documents\/proposedmodes\/ctr\/ctr-spec.pdf"},{"key":"8_CR44","unstructured":"McGrew, D.A.: Impossible plaintext cryptanalysis and probable-plaintext collision attacks of 64-bit block cipher modes. IACR Cryptology ePrint Archive 2012, 623 (2012). http:\/\/eprint.iacr.org\/2012\/623"},{"key":"8_CR45","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"8","DOI":"10.1007\/978-3-642-29011-4_2","volume-title":"Advances in Cryptology \u2013 EUROCRYPT 2012","author":"A Menezes","year":"2012","unstructured":"Menezes, A.: Another look at provable security. In: Pointcheval, D., Johansson, T. (eds.) EUROCRYPT 2012. LNCS, vol. 7237, p. 8. Springer, Heidelberg (2012). https:\/\/doi.org\/10.1007\/978-3-642-29011-4_2"},{"key":"8_CR46","volume-title":"Quantum Computation and Quantum Information","author":"MA Nielsen","year":"2002","unstructured":"Nielsen, M.A., Chuang, I.: Quantum Computation and Quantum Information. Cambridge University Press, New York (2002)"},{"key":"8_CR47","doi-asserted-by":"crossref","unstructured":"van Oorschot, P.C., Wiener, M.J.: Parallel collision search with application to hash functions and discrete logarithms. In: CCS 1994, Proceedings of the 2nd ACM Conference on Computer and Communications Security, Fairfax, Virginia, USA, pp. 210\u2013218. ACM, 2\u20134 November 1994","DOI":"10.1145\/191177.191231"},{"issue":"3","key":"8_CR48","doi-asserted-by":"publisher","first-page":"331","DOI":"10.1007\/BF01933667","volume":"15","author":"JM Pollard","year":"1975","unstructured":"Pollard, J.M.: A Monte Carlo method for factorization. BIT Numer. Math. 15(3), 331\u2013334 (1975). http:\/\/dx.doi.org\/10.1007\/BF01933667","journal-title":"BIT Numer. Math."},{"key":"8_CR49","doi-asserted-by":"crossref","unstructured":"Shor, P.W.: Algorithms for quantum computation: discrete logarithms and factoring. In: 35th Annual Symposium on Foundations of Computer Science, Santa Fe, New Mexico, USA, pp. 124\u2013134. IEEE Computer Society, 20\u201322 November 1994. http:\/\/dx.doi.org\/10.1109\/SFCS.1994.365700","DOI":"10.1109\/SFCS.1994.365700"},{"key":"8_CR50","doi-asserted-by":"crossref","unstructured":"Simon, D.R.: On the power of quantum cryptography. In: 35th Annual Symposium on Foundations of Computer Science, Santa Fe, New Mexico, USA, pp. 116\u2013123. IEEE Computer Society, 20\u201322 November 1994. http:\/\/dx.doi.org\/10.1109\/SFCS.1994.365701","DOI":"10.1109\/SFCS.1994.365701"},{"key":"8_CR51","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"755","DOI":"10.1007\/978-3-662-46803-6_25","volume-title":"Advances in Cryptology - EUROCRYPT 2015","author":"D Unruh","year":"2015","unstructured":"Unruh, D.: Non-interactive zero-knowledge proofs in the quantum random oracle model. In: Oswald, E., Fischlin, M. (eds.) EUROCRYPT 2015. LNCS, vol. 9057, pp. 755\u2013784. Springer, Heidelberg (2015). https:\/\/doi.org\/10.1007\/978-3-662-46803-6_25. Preprint on IACR ePrint 2014\/587"},{"issue":"3","key":"8_CR52","doi-asserted-by":"publisher","first-page":"187","DOI":"10.1080\/0161-117991854025","volume":"3","author":"G Yuval","year":"1979","unstructured":"Yuval, G.: How to swindle rabin. Cryptologia 3(3), 187\u2013191 (1979). http:\/\/dx.doi.org\/10.1080\/0161-117991854025","journal-title":"Cryptologia"},{"issue":"7\u20138","key":"8_CR53","first-page":"557","volume":"15","author":"M Zhandry","year":"2015","unstructured":"Zhandry, M.: A note on the quantum collision and set equality problems. Quantum Info. Comput. 15(7\u20138), 557\u2013567 (2015). http:\/\/dl.acm.org\/citation.cfm?id=2871411.2871413","journal-title":"Quantum Info. Comput."},{"issue":"04","key":"8_CR54","doi-asserted-by":"publisher","first-page":"1550014","DOI":"10.1142\/S0219749915500148","volume":"13","author":"M Zhandry","year":"2015","unstructured":"Zhandry, M.: Secure identity-based encryption in the quantum random oracle model. Int. J. Quantum Inf. 13(04), 1550014 (2015)","journal-title":"Int. J. Quantum Inf."}],"container-title":["Lecture Notes in Computer Science","Advances in Cryptology \u2013 ASIACRYPT 2017"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-319-70697-9_8","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,27]],"date-time":"2025-06-27T04:26:22Z","timestamp":1750998382000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/978-3-319-70697-9_8"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2017]]},"ISBN":["9783319706962","9783319706979"],"references-count":54,"URL":"https:\/\/doi.org\/10.1007\/978-3-319-70697-9_8","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"value":"0302-9743","type":"print"},{"value":"1611-3349","type":"electronic"}],"subject":[],"published":{"date-parts":[[2017]]},"assertion":[{"value":"18 November 2017","order":1,"name":"first_online","label":"First Online","group":{"name":"ChapterHistory","label":"Chapter History"}},{"value":"ASIACRYPT","order":1,"name":"conference_acronym","label":"Conference Acronym","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"International Conference on the Theory and Application of Cryptology and Information Security","order":2,"name":"conference_name","label":"Conference Name","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Hong Kong","order":3,"name":"conference_city","label":"Conference City","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"China","order":4,"name":"conference_country","label":"Conference Country","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"2017","order":5,"name":"conference_year","label":"Conference Year","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"3 December 2017","order":7,"name":"conference_start_date","label":"Conference Start Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"7 December 2017","order":8,"name":"conference_end_date","label":"Conference End Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"23","order":9,"name":"conference_number","label":"Conference Number","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"asiacrypt2017","order":10,"name":"conference_id","label":"Conference ID","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"http:\/\/asiacrypt.iacr.org\/2017\/","order":11,"name":"conference_url","label":"Conference URL","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"This content has been made available to all.","name":"free","label":"Free to read"}]}}