{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,4,9]],"date-time":"2026-04-09T00:01:21Z","timestamp":1775692881775,"version":"3.50.1"},"publisher-location":"Cham","reference-count":40,"publisher":"Springer International Publishing","isbn-type":[{"value":"9783319783710","type":"print"},{"value":"9783319783727","type":"electronic"}],"license":[{"start":{"date-parts":[[2018,1,1]],"date-time":"2018-01-01T00:00:00Z","timestamp":1514764800000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"},{"start":{"date-parts":[[2018,1,1]],"date-time":"2018-01-01T00:00:00Z","timestamp":1514764800000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2018]]},"DOI":"10.1007\/978-3-319-78372-7_17","type":"book-chapter","created":{"date-parts":[[2018,3,30]],"date-time":"2018-03-30T06:13:04Z","timestamp":1522390384000},"page":"520-551","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":106,"title":["Tightly-Secure Key-Encapsulation Mechanism in the Quantum Random Oracle Model"],"prefix":"10.1007","author":[{"given":"Tsunekazu","family":"Saito","sequence":"first","affiliation":[]},{"ORCID":"https:\/\/orcid.org\/0000-0002-6832-9940","authenticated-orcid":false,"given":"Keita","family":"Xagawa","sequence":"additional","affiliation":[]},{"given":"Takashi","family":"Yamakawa","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2018,3,31]]},"reference":[{"key":"17_CR1","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"595","DOI":"10.1007\/978-3-642-03356-8_35","volume-title":"Advances in Cryptology - CRYPTO 2009","author":"B Applebaum","year":"2009","unstructured":"Applebaum, B., Cash, D., Peikert, C., Sahai, A.: Fast cryptographic primitives and circular-secure encryption based on hard learning problems. In: Halevi, S. (ed.) CRYPTO 2009. LNCS, vol. 5677, pp. 595\u2013618. Springer, Heidelberg (2009). https:\/\/doi.org\/10.1007\/978-3-642-03356-8_35"},{"key":"17_CR2","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1007\/3-540-48523-6_1","volume-title":"Automata, Languages and Programming","author":"M Ajtai","year":"1999","unstructured":"Ajtai, M.: Generating hard instances of the short basis problem. In: Wiedermann, J., van Emde Boas, P., Nielsen, M. (eds.) ICALP 1999. LNCS, vol. 1644, pp. 1\u20139. Springer, Heidelberg (1999). https:\/\/doi.org\/10.1007\/3-540-48523-6_1"},{"key":"17_CR3","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"29","DOI":"10.1007\/978-3-319-66402-6_4","volume-title":"Computer Security \u2013 ESORICS 2017","author":"MR Albrecht","year":"2017","unstructured":"Albrecht, M.R., Orsini, E., Paterson, K.G., Peer, G., Smart, N.P.: Tightly secure ring-LWE based key encapsulation with short ciphertexts. In: Foley, S.N., Gollmann, D., Snekkenes, E. (eds.) ESORICS 2017. LNCS, vol. 10492, pp. 29\u201346. Springer, Cham (2017). https:\/\/doi.org\/10.1007\/978-3-319-66402-6_4"},{"key":"17_CR4","doi-asserted-by":"crossref","unstructured":"Alwen, J., Peikert, C.: Generating shorter bases for hard random lattices. Theory Comput. Syst. 48(3), 535\u2013553 (2011). A preliminary versions appeared in STACS 2009 (2009)","DOI":"10.1007\/s00224-010-9278-3"},{"key":"17_CR5","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"41","DOI":"10.1007\/978-3-642-25385-0_3","volume-title":"Advances in Cryptology \u2013 ASIACRYPT 2011","author":"D Boneh","year":"2011","unstructured":"Boneh, D., Dagdelen, \u00d6., Fischlin, M., Lehmann, A., Schaffner, C., Zhandry, M.: Random oracles in a quantum world. In: Lee, D.H., Wang, X. (eds.) ASIACRYPT 2011. LNCS, vol. 7073, pp. 41\u201369. Springer, Heidelberg (2011). https:\/\/doi.org\/10.1007\/978-3-642-25385-0_3"},{"key":"17_CR6","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"278","DOI":"10.1007\/3-540-48329-2_24","volume-title":"Advances in Cryptology \u2014 CRYPTO 1993","author":"A Blum","year":"1994","unstructured":"Blum, A., Furst, M., Kearns, M., Lipton, R.J.: Cryptographic primitives based on hard learning problems. In: Stinson, D.R. (ed.) CRYPTO 1993. LNCS, vol. 773, pp. 278\u2013291. Springer, Heidelberg (1994). https:\/\/doi.org\/10.1007\/3-540-48329-2_24"},{"key":"17_CR7","doi-asserted-by":"crossref","unstructured":"Bellare, M., Rogaway, P.: Random oracle are practical: a paradigm for designing efficient protocols. In: CCS 1993, pp. 62\u201373. ACM (1993)","DOI":"10.1145\/168588.168596"},{"key":"17_CR8","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"92","DOI":"10.1007\/BFb0053428","volume-title":"Advances in Cryptology \u2014 EUROCRYPT 1994","author":"M Bellare","year":"1995","unstructured":"Bellare, M., Rogaway, P.: Optimal asymmetric encryption. In: De Santis, A. (ed.) EUROCRYPT 1994. LNCS, vol. 950, pp. 92\u2013111. Springer, Heidelberg (1995). https:\/\/doi.org\/10.1007\/BFb0053428"},{"key":"17_CR9","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"505","DOI":"10.1007\/978-3-642-22792-9_29","volume-title":"Advances in Cryptology \u2013 CRYPTO 2011","author":"Z Brakerski","year":"2011","unstructured":"Brakerski, Z., Vaikuntanathan, V.: Fully homomorphic encryption from ring-LWE and security for key dependent messages. In: Rogaway, P. (ed.) CRYPTO 2011. LNCS, vol. 6841, pp. 505\u2013524. Springer, Heidelberg (2011). https:\/\/doi.org\/10.1007\/978-3-642-22792-9_29"},{"key":"17_CR10","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"263","DOI":"10.1007\/3-540-45760-7_18","volume-title":"Topics in Cryptology \u2014 CT-RSA 2002","author":"C Jean-S\u00e9bastien","year":"2002","unstructured":"Jean-S\u00e9bastien, C., Handschuh, H., Joye, M., Paillier, P., Pointcheval, D., Tymen, C.: GEM: a generic chosen-ciphertext secure encryption method. In: Preneel, B. (ed.) CT-RSA 2002. LNCS, vol. 2271, pp. 263\u2013276. Springer, Heidelberg (2002). https:\/\/doi.org\/10.1007\/3-540-45760-7_18"},{"key":"17_CR11","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"133","DOI":"10.1007\/978-3-540-40974-8_12","volume-title":"Cryptography and Coding","author":"AW Dent","year":"2003","unstructured":"Dent, A.W.: A designer\u2019s guide to KEMs. In: Paterson, K.G. (ed.) Cryptography and Coding 2003. LNCS, vol. 2898, pp. 133\u2013151. Springer, Heidelberg (2003). https:\/\/doi.org\/10.1007\/978-3-540-40974-8_12"},{"key":"17_CR12","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"537","DOI":"10.1007\/3-540-48405-1_34","volume-title":"Advances in Cryptology \u2014 CRYPTO 1999","author":"E Fujisaki","year":"1999","unstructured":"Fujisaki, E., Okamoto, T.: Secure integration of asymmetric and symmetric encryption schemes. In: Wiener, M. (ed.) CRYPTO 1999. LNCS, vol. 1666, pp. 537\u2013554. Springer, Heidelberg (1999). https:\/\/doi.org\/10.1007\/3-540-48405-1_34"},{"key":"17_CR13","unstructured":"Fujisaki, E., Okamoto, T.: How to enhance the security of public-key encryption at minimum cost. IEICE Trans. Fundam. Electron. Commun. Comput. Sci. 83(1), 24\u201332 (2000). A preliminary version appeared in PKC 1999 (1999)"},{"issue":"1","key":"17_CR14","doi-asserted-by":"publisher","first-page":"80","DOI":"10.1007\/s00145-011-9114-1","volume":"26","author":"E Fujisaki","year":"2013","unstructured":"Fujisaki, E., Okamoto, T.: Secure integration of asymmetric and symmetric encryption schemes. J. Cryptol. 26(1), 80\u2013101 (2013)","journal-title":"J. Cryptol."},{"issue":"2","key":"17_CR15","doi-asserted-by":"publisher","first-page":"81","DOI":"10.1007\/s00145-002-0204-y","volume":"17","author":"E Fujisaki","year":"2004","unstructured":"Fujisaki, E., Okamoto, T., Pointcheval, D., Stern, J.: RSA-OAEP is secure under the RSA assumption. J. Cryptol. 17(2), 81\u2013104 (2004)","journal-title":"J. Cryptol."},{"key":"17_CR16","doi-asserted-by":"crossref","unstructured":"Gentry, C., Peikert, C., Vaikuntanathan, V.: Trapdoors for hard lattices and new cryptographic constructions. In: Dwork, C. (ed.) STOC 2008, pp. 197\u2013206. ACM (2008). https:\/\/eprint.iacr.org\/2007\/432","DOI":"10.1145\/1374376.1374407"},{"key":"17_CR17","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"341","DOI":"10.1007\/978-3-319-70500-2_12","volume-title":"Theory of Cryptography","author":"D Hofheinz","year":"2017","unstructured":"Hofheinz, D., H\u00f6velmanns, K., Kiltz, E.: A modular analysis of the fujisaki-okamoto transformation. In: Kalai, Y., Reyzin, L. (eds.) TCC 2017, Part I. LNCS, vol. 10677, pp. 341\u2013371. Springer, Cham (2017). https:\/\/doi.org\/10.1007\/978-3-319-70500-2_12"},{"key":"17_CR18","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"267","DOI":"10.1007\/BFb0054868","volume-title":"Algorithmic Number Theory","author":"J Hoffstein","year":"1998","unstructured":"Hoffstein, J., Pipher, J., Silverman, J.H.: NTRU: a ring-based public key cryptosystem. In: Buhler, J.P. (ed.) ANTS 1998. LNCS, vol. 1423, pp. 267\u2013288. Springer, Heidelberg (1998). https:\/\/doi.org\/10.1007\/BFb0054868"},{"key":"17_CR19","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"232","DOI":"10.1007\/978-3-319-66787-4_12","volume-title":"Cryptographic Hardware and Embedded Systems \u2013 CHES 2017","author":"A H\u00fclsing","year":"2017","unstructured":"H\u00fclsing, A., Rijneveld, J., Schanck, J., Schwabe, P.: High-speed key encapsulation from NTRU. In: Fischer, W., Homma, N. (eds.) CHES 2017. LNCS, vol. 10529, pp. 232\u2013252. Springer, Cham (2017). https:\/\/doi.org\/10.1007\/978-3-319-66787-4_12"},{"key":"17_CR20","unstructured":"Jiang, H., Zhang, Z., Chen, L., Wang, H., Ma, Z.: Post-quantum IND-CCA-secure KEM without additional hash. IACR Cryptology ePrint Archive 2017\/1096 (2017)"},{"key":"17_CR21","doi-asserted-by":"crossref","unstructured":"Kiltz, E., Lyubashevsky, V., Schaffner, C.: A concrete treatment of fiat-shamir signatures in the quantum random-oracle model. IACR Cryptology ePrint Archive 2017\/916 (2017)","DOI":"10.1007\/978-3-319-78372-7_18"},{"issue":"3","key":"17_CR22","doi-asserted-by":"publisher","first-page":"402","DOI":"10.1007\/s00145-010-9061-2","volume":"23","author":"J Katz","year":"2010","unstructured":"Katz, J., Shin, J.S., Smith, A.: Parallel and concurrent security of the HB and HB $$^{\\text{+ }}$$ protocols. J. Cryptology 23(3), 402\u2013421 (2010)","journal-title":"J. Cryptology"},{"key":"17_CR23","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1007\/978-3-642-13190-5_1","volume-title":"Advances in Cryptology \u2013 EUROCRYPT 2010","author":"V Lyubashevsky","year":"2010","unstructured":"Lyubashevsky, V., Peikert, C., Regev, O.: On ideal lattices and learning with errors over rings. In: Gilbert, H. (ed.) EUROCRYPT 2010. LNCS, vol. 6110, pp. 1\u201323. Springer, Heidelberg (2010). https:\/\/doi.org\/10.1007\/978-3-642-13190-5_1"},{"key":"17_CR24","doi-asserted-by":"crossref","unstructured":"L\u00f3pez-Alt, A., Tromer, E., Vaikuntanathan, V.: On-the-fly multiparty computation on the cloud via multikey fully homomorphic encryption. In: Karloff, H.J., Pitassi, T. (eds.) STOC 2012, pp. 1219\u20131234. ACM (2012)","DOI":"10.1145\/2213977.2214086"},{"key":"17_CR25","unstructured":"McEliece, R.J.: A public key cryptosystem based on algebraic coding theory. Technical report, DSN progress report (1978)"},{"key":"17_CR26","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"8","DOI":"10.1007\/978-3-642-29011-4_2","volume-title":"Advances in Cryptology \u2013 EUROCRYPT 2012","author":"A Menezes","year":"2012","unstructured":"Menezes, A.: Another look at provable security. In: Pointcheval, D., Johansson, T. (eds.) EUROCRYPT 2012. LNCS, vol. 7237, p. 8. Springer, Heidelberg (2012). https:\/\/doi.org\/10.1007\/978-3-642-29011-4_2"},{"key":"17_CR27","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"700","DOI":"10.1007\/978-3-642-29011-4_41","volume-title":"Advances in Cryptology \u2013 EUROCRYPT 2012","author":"D Micciancio","year":"2012","unstructured":"Micciancio, D., Peikert, C.: Trapdoors for lattices: simpler, tighter, faster, smaller. In: Pointcheval, D., Johansson, T. (eds.) EUROCRYPT 2012. LNCS, vol. 7237, pp. 700\u2013718. Springer, Heidelberg (2012). https:\/\/doi.org\/10.1007\/978-3-642-29011-4_41"},{"key":"17_CR28","doi-asserted-by":"crossref","unstructured":"Micciancio, D., Regev, O.: Worst-case to average-case reductions based on gaussian measures. SIAM J. Comput. 37(1), 267\u2013302 (2007). A preliminary version appeared in FOCS 2004 (2004)","DOI":"10.1137\/S0097539705447360"},{"key":"17_CR29","volume-title":"Quantum Computation and Quantum Information","author":"MA Nielsen","year":"2000","unstructured":"Nielsen, M.A., Chuang, I.L.: Quantum Computation and Quantum Information. Cambridge University Press, Cambridge (2000)"},{"key":"17_CR30","first-page":"159","volume":"15","author":"H Niederreiter","year":"1986","unstructured":"Niederreiter, H.: Knapsack-type cryptosystems and algebraic coding theory. Probl. Control Inf. Theory 15, 159\u2013166 (1986)","journal-title":"Probl. Control Inf. Theory"},{"key":"17_CR31","unstructured":"Fips 202: Sha-3 standard: Permutation-based hash and extendable-output functions. U.S.Department of Commerce\/National Institute of Standards and Technology (2015)"},{"key":"17_CR32","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"159","DOI":"10.1007\/3-540-45353-9_13","volume-title":"Topics in Cryptology \u2014 CT-RSA 2001","author":"T Okamoto","year":"2000","unstructured":"Okamoto, T., Pointcheval, D.: REACT: rapid enhanced-security asymmetric cryptosystem transform. In: Naccache, D. (ed.) CT-RSA 2001. LNCS, vol. 2020, pp. 159\u2013174. Springer, Heidelberg (2000). https:\/\/doi.org\/10.1007\/3-540-45353-9_13"},{"key":"17_CR33","doi-asserted-by":"crossref","unstructured":"Peikert, C.: Public-key cryptosystems from the worst-case shortest vector problem: extended abstract. In: Mitzenmacher, M. (ed.) STOC 2009, pp. 333\u2013342. ACM (2009)","DOI":"10.1145\/1536414.1536461"},{"key":"17_CR34","doi-asserted-by":"crossref","unstructured":"Regev, O.: On lattices, learning with errors, random linear codes, and cryptography. J. ACM 56(6), Article 34 (2009). A preliminary version appeared in STOC 2005 (2005)","DOI":"10.1145\/1568318.1568324"},{"key":"17_CR35","series-title":"LNCS","doi-asserted-by":"publisher","first-page":"27","DOI":"10.1007\/978-3-642-20465-4_4","volume-title":"EUROCRYPT 2011","author":"D Stehl\u00e9","year":"2011","unstructured":"Stehl\u00e9, D., Steinfeld, R.: Making NTRU as secure as worst-case problems over ideal lattices. In: Paterson, K.G. (ed.) EUROCRYPT 2011. LNCS, vol. 6632, pp. 27\u201347. Springer, Heidelberg (2011)"},{"key":"17_CR36","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"283","DOI":"10.1007\/978-3-319-63715-0_10","volume-title":"Advances in Cryptology \u2013 CRYPTO 2017","author":"F Song","year":"2017","unstructured":"Song, F., Yun, A.: Quantum security of NMAC and related constructions. In: Katz, J., Shacham, H. (eds.) CRYPTO 2017. LNCS, vol. 10402, pp. 283\u2013309. Springer, Cham (2017). https:\/\/doi.org\/10.1007\/978-3-319-63715-0_10"},{"key":"17_CR37","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"192","DOI":"10.1007\/978-3-662-53644-5_8","volume-title":"Theory of Cryptography","author":"EE Targhi","year":"2016","unstructured":"Targhi, E.E., Unruh, D.: Post-quantum security of the fujisaki-okamoto and OAEP transforms. In: Hirt, M., Smith, A. (eds.) TCC 2016. LNCS, vol. 9986, pp. 192\u2013216. Springer, Heidelberg (2016). https:\/\/doi.org\/10.1007\/978-3-662-53644-5_8"},{"key":"17_CR38","doi-asserted-by":"crossref","unstructured":"Unruh, D.: Revocable quantum timed-release encryption. J. ACM 62(6), No. 49 (2015). The preliminary version appeared in EUROCRYPT 2014. https:\/\/eprint.iacr.org\/2013\/606","DOI":"10.1145\/2817206"},{"key":"17_CR39","doi-asserted-by":"crossref","unstructured":"Zhandry, M.: How to construct quantum random functions. In: 53rd Annual IEEE Symposium on Foundations of Computer Science, FOCS 2012, New Brunswick, pp. 679\u2013687, 20\u201323 October 2012","DOI":"10.1109\/FOCS.2012.37"},{"key":"17_CR40","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"758","DOI":"10.1007\/978-3-642-32009-5_44","volume-title":"Advances in Cryptology \u2013 CRYPTO 2012","author":"M Zhandry","year":"2012","unstructured":"Zhandry, M.: Secure identity-based encryption in the quantum random oracle model. In: Safavi-Naini, R., Canetti, R. (eds.) CRYPTO 2012. LNCS, vol. 7417, pp. 758\u2013775. Springer, Heidelberg (2012). https:\/\/doi.org\/10.1007\/978-3-642-32009-5_44"}],"container-title":["Lecture Notes in Computer Science","Advances in Cryptology \u2013 EUROCRYPT 2018"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-319-78372-7_17","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,7,3]],"date-time":"2025-07-03T04:01:02Z","timestamp":1751515262000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/978-3-319-78372-7_17"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2018]]},"ISBN":["9783319783710","9783319783727"],"references-count":40,"URL":"https:\/\/doi.org\/10.1007\/978-3-319-78372-7_17","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"value":"0302-9743","type":"print"},{"value":"1611-3349","type":"electronic"}],"subject":[],"published":{"date-parts":[[2018]]},"assertion":[{"value":"31 March 2018","order":1,"name":"first_online","label":"First Online","group":{"name":"ChapterHistory","label":"Chapter History"}},{"value":"EUROCRYPT","order":1,"name":"conference_acronym","label":"Conference Acronym","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Annual International Conference on the Theory and Applications of Cryptographic Techniques","order":2,"name":"conference_name","label":"Conference Name","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Tel Aviv","order":3,"name":"conference_city","label":"Conference City","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Israel","order":4,"name":"conference_country","label":"Conference Country","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"2018","order":5,"name":"conference_year","label":"Conference Year","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"29 April 2018","order":7,"name":"conference_start_date","label":"Conference Start Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"3 May 2018","order":8,"name":"conference_end_date","label":"Conference End Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"37","order":9,"name":"conference_number","label":"Conference Number","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"eurocrypt2018","order":10,"name":"conference_id","label":"Conference ID","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"https:\/\/eurocrypt.iacr.org\/2018\/index.html","order":11,"name":"conference_url","label":"Conference URL","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"This content has been made available to all.","name":"free","label":"Free to read"}]}}