{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,4,10]],"date-time":"2026-04-10T04:22:34Z","timestamp":1775794954011,"version":"3.50.1"},"publisher-location":"Cham","reference-count":38,"publisher":"Springer International Publishing","isbn-type":[{"value":"9783319893389","type":"print"},{"value":"9783319893396","type":"electronic"}],"license":[{"start":{"date-parts":[[2018,1,1]],"date-time":"2018-01-01T00:00:00Z","timestamp":1514764800000},"content-version":"unspecified","delay-in-days":0,"URL":"http:\/\/www.springer.com\/tdm"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2018]]},"DOI":"10.1007\/978-3-319-89339-6_16","type":"book-chapter","created":{"date-parts":[[2018,4,4]],"date-time":"2018-04-04T21:32:30Z","timestamp":1522877550000},"page":"282-305","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":195,"title":["Saber: Module-LWR Based Key Exchange, CPA-Secure Encryption and CCA-Secure KEM"],"prefix":"10.1007","author":[{"given":"Jan-Pieter","family":"D\u2019Anvers","sequence":"first","affiliation":[]},{"given":"Angshuman","family":"Karmakar","sequence":"additional","affiliation":[]},{"given":"Sujoy","family":"Sinha Roy","sequence":"additional","affiliation":[]},{"given":"Frederik","family":"Vercauteren","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2018,4,6]]},"reference":[{"key":"16_CR1","unstructured":"National Institute of Standards and Technology: SHA-3 Standard: Permutation-Based Hash and Extendable-Output Functions. FIPS PUB 202 (2015)"},{"key":"16_CR2","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"103","DOI":"10.1007\/978-3-319-56614-6_4","volume-title":"Advances in Cryptology \u2013 EUROCRYPT 2017","author":"MR Albrecht","year":"2017","unstructured":"Albrecht, M.R.: On dual lattice attacks against small-secret LWE and parameter choices in HElib and SEAL. In: Coron, J.-S., Nielsen, J.B. (eds.) EUROCRYPT 2017. LNCS, vol. 10211, pp. 103\u2013129. Springer, Cham (2017). \nhttps:\/\/doi.org\/10.1007\/978-3-319-56614-6_4"},{"key":"16_CR3","unstructured":"Alkim, E., Ducas, L., P\u00f6ppelmann, T., Schwabe, P.: NewHope without reconciliation (2016). \nhttp:\/\/cryptojedi.org\/papers\/#newhopesimple"},{"key":"16_CR4","unstructured":"Alkim, E., Ducas, L., P\u00f6ppelmann, T., Schwabe, P.: Post-quantum key exchange - a new hope. In: USENIX Security 2016 (2016)"},{"key":"16_CR5","unstructured":"Alperin-Sheriff, J., Apon, D.: Dimension-preserving reductions from LWE to LWR. Cryptology ePrint Archive, Report 2016\/589 (2016)"},{"key":"16_CR6","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"57","DOI":"10.1007\/978-3-642-40041-4_4","volume-title":"Advances in Cryptology \u2013 CRYPTO 2013","author":"J Alwen","year":"2013","unstructured":"Alwen, J., Krenn, S., Pietrzak, K., Wichs, D.: Learning with rounding, revisited. In: Canetti, R., Garay, J.A. (eds.) CRYPTO 2013. LNCS, vol. 8042, pp. 57\u201374. Springer, Heidelberg (2013). \nhttps:\/\/doi.org\/10.1007\/978-3-642-40041-4_4"},{"key":"16_CR7","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"403","DOI":"10.1007\/978-3-642-22006-7_34","volume-title":"Automata, Languages and Programming","author":"S Arora","year":"2011","unstructured":"Arora, S., Ge, R.: New algorithms for learning in presence of errors. In: Aceto, L., Henzinger, M., Sgall, J. (eds.) ICALP 2011. LNCS, vol. 6755, pp. 403\u2013415. Springer, Heidelberg (2011). \nhttps:\/\/doi.org\/10.1007\/978-3-642-22006-7_34"},{"key":"16_CR8","unstructured":"Baan, H., Bhattacharaya, S., Garcia-Morchon, O., Rietman, R., Tolhuizen, L., Torre-Arce, J.L., Zhang, Z.: Round2: KEM and PKE based on GLWR. Cryptology ePrint Archive, Report 2017\/1183 (2017). \nhttps:\/\/eprint.iacr.org\/2017\/1183"},{"key":"16_CR9","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"322","DOI":"10.1007\/978-3-319-08344-5_21","volume-title":"Information Security and Privacy","author":"S Bai","year":"2014","unstructured":"Bai, S., Galbraith, S.D.: Lattice decoding attacks on binary LWE. In: Susilo, W., Mu, Y. (eds.) ACISP 2014. LNCS, vol. 8544, pp. 322\u2013337. Springer, Cham (2014). \nhttps:\/\/doi.org\/10.1007\/978-3-319-08344-5_21"},{"key":"16_CR10","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"719","DOI":"10.1007\/978-3-642-29011-4_42","volume-title":"Advances in Cryptology \u2013 EUROCRYPT 2012","author":"A Banerjee","year":"2012","unstructured":"Banerjee, A., Peikert, C., Rosen, A.: Pseudorandom functions and lattices. In: Pointcheval, D., Johansson, T. (eds.) EUROCRYPT 2012. LNCS, vol. 7237, pp. 719\u2013737. Springer, Heidelberg (2012). \nhttps:\/\/doi.org\/10.1007\/978-3-642-29011-4_42"},{"key":"16_CR11","unstructured":"Bernstein, D.J., Chuengsatiansup, C., Lange, T., van Vredendaal, C.: NTRU prime: reducing attack surface at low cost. Cryptology ePrint Archive, Report 2016\/461 (2016). \nhttp:\/\/eprint.iacr.org\/2016\/461"},{"key":"16_CR12","unstructured":"Bhattacharya, S., Garcia-Morchon, O., Rietman, R., Tolhuizen, L.: spKEX: an optimized lattice-based key exchange. Cryptology ePrint Archive, Report 2017\/709 (2017). \nhttp:\/\/eprint.iacr.org\/2017\/709"},{"key":"16_CR13","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"47","DOI":"10.1007\/978-3-540-78440-1_4","volume-title":"Public Key Cryptography \u2013 PKC 2008","author":"J Birkett","year":"2008","unstructured":"Birkett, J., Dent, A.W.: Relations among notions of plaintext awareness. In: Cramer, R. (ed.) PKC 2008. LNCS, vol. 4939, pp. 47\u201364. Springer, Heidelberg (2008). \nhttps:\/\/doi.org\/10.1007\/978-3-540-78440-1_4"},{"key":"16_CR14","unstructured":"Bodrato, M., Zanoni, A.: Integer and polynomial multiplication: towards optimal Toom-Cook matrices. In: ISSAC 2007, pp. 17\u201324. ACM (2007). \nhttp:\/\/doi.acm.org\/10.1145\/1277548.1277552"},{"key":"16_CR15","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"209","DOI":"10.1007\/978-3-662-49096-9_9","volume-title":"Theory of Cryptography","author":"A Bogdanov","year":"2016","unstructured":"Bogdanov, A., Guo, S., Masny, D., Richelson, S., Rosen, A.: On the hardness of learning with rounding over small modulus. In: Kushilevitz, E., Malkin, T. (eds.) TCC 2016. LNCS, vol. 9562, pp. 209\u2013224. Springer, Heidelberg (2016). \nhttps:\/\/doi.org\/10.1007\/978-3-662-49096-9_9"},{"key":"16_CR16","unstructured":"Bos, J., Ducas, L., Kiltz, E., Lepoint, T., Lyubashevsky, V., Schanck, J.M., Schwabe, P., Stehl\u00e9, D.: CRYSTALS - kyber: a CCA-secure module-lattice-based KEM. Cryptology ePrint Archive, Report 2017\/634 (2017). \nhttp:\/\/eprint.iacr.org\/2017\/634"},{"key":"16_CR17","unstructured":"Bos, J.W., Costello, C., Ducas, L., Mironov, I., Naehrig, M., Nikolaenko, V., Raghunathan, A., Stebila, D.: Frodo: take off the ring! practical, quantum-secure key exchange from LWE. In: CCS 2016, pp. 1006\u20131018. ACM (2016). \nhttp:\/\/doi.acm.org\/10.1145\/2976749.2978425"},{"key":"16_CR18","doi-asserted-by":"crossref","unstructured":"Chen, L., Jordan, S.P., Liu, Y.K., Moody, D., Peralta, R.C., Perlner, R.A., Smith-Tone, D.C.: Report on post-quantum cryptography. In: NIST Internal Report (NISTIR) - 8105 (2016). \nhttp:\/\/dx.doi.org\/10.6028\/NIST.IR.8105","DOI":"10.6028\/NIST.IR.8105"},{"key":"16_CR19","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1007\/978-3-642-25385-0_1","volume-title":"Advances in Cryptology \u2013 ASIACRYPT 2011","author":"Y Chen","year":"2011","unstructured":"Chen, Y., Nguyen, P.Q.: BKZ 2.0: better lattice security estimates. In: Lee, D.H., Wang, X. (eds.) ASIACRYPT 2011. LNCS, vol. 7073, pp. 1\u201320. Springer, Heidelberg (2011). \nhttps:\/\/doi.org\/10.1007\/978-3-642-25385-0_1"},{"key":"16_CR20","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"51","DOI":"10.1007\/978-3-319-53177-9_3","volume-title":"Information Security and Cryptology \u2013 ICISC 2016","author":"JH Cheon","year":"2017","unstructured":"Cheon, J.H., Han, K., Kim, J., Lee, C., Son, Y.: A practical post-quantum public-key cryptosystem based on spLWE. In: Hong, S., Park, J.H. (eds.) ICISC 2016. LNCS, vol. 10157, pp. 51\u201374. Springer, Cham (2017). \nhttps:\/\/doi.org\/10.1007\/978-3-319-53177-9_3"},{"key":"16_CR21","unstructured":"Cheon, J.H., Kim, D., Lee, J., Song, Y.: Lizard: cut off the tail! practical post-quantum public-key encryption from LWE and LWR. Cryptology ePrint Archive, Report 2016\/1126 (2016). \nhttp:\/\/eprint.iacr.org\/2016\/1126"},{"issue":"6","key":"16_CR22","doi-asserted-by":"crossref","first-page":"644","DOI":"10.1109\/TIT.1976.1055638","volume":"22","author":"W Diffie","year":"1976","unstructured":"Diffie, W., Hellman, M.: New directions in cryptography. IEEE Trans. Inf. Theory 22(6), 644\u2013654 (1976)","journal-title":"IEEE Trans. Inf. Theory"},{"key":"16_CR23","unstructured":"Ding, J.: New cryptographic constructions using generalized learning with errors problem. Cryptology ePrint Archive, Report 2012\/387 (2012). \nhttp:\/\/eprint.iacr.org\/2012\/387"},{"key":"16_CR24","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"3","DOI":"10.1007\/978-3-319-52153-4_1","volume-title":"Topics in Cryptology \u2013 CT-RSA 2017","author":"J Hoffstein","year":"2017","unstructured":"Hoffstein, J., Pipher, J., Schanck, J.M., Silverman, J.H., Whyte, W., Zhang, Z.: Choosing parameters for NTRUEncrypt. In: Handschuh, H. (ed.) CT-RSA 2017. LNCS, vol. 10159, pp. 3\u201318. Springer, Cham (2017). \nhttps:\/\/doi.org\/10.1007\/978-3-319-52153-4_1"},{"key":"16_CR25","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"267","DOI":"10.1007\/BFb0054868","volume-title":"Algorithmic Number Theory","author":"J Hoffstein","year":"1998","unstructured":"Hoffstein, J., Pipher, J., Silverman, J.H.: NTRU: a ring-based public key cryptosystem. In: Buhler, J.P. (ed.) ANTS 1998. LNCS, vol. 1423, pp. 267\u2013288. Springer, Heidelberg (1998). \nhttps:\/\/doi.org\/10.1007\/BFb0054868"},{"key":"16_CR26","unstructured":"Hofheinz, D., H\u00f6velmanns, K., Kiltz, E.: A modular analysis of the Fujisaki-Okamoto transformation. Cryptology ePrint Archive, Report 2017\/604 (2017). \nhttp:\/\/eprint.iacr.org\/2017\/604"},{"key":"16_CR27","unstructured":"Hulsing, A., Rijneveld, J., Schanck, J.M., Schwabe, P.: High-speed key encapsulation from NTRU. Cryptology ePrint Archive, Report 2017\/667 (2017). \nhttp:\/\/eprint.iacr.org\/2017\/667"},{"key":"16_CR28","unstructured":"Jiang, H., Zhang, Z., Chen, L., Wang, H., Ma, Z.: Post-quantum IND-CCA-secure KEM without additional hash. Cryptology ePrint Archive, Report 2017\/1096 (2017). \nhttps:\/\/eprint.iacr.org\/2017\/1096"},{"key":"16_CR29","unstructured":"Jin, Z., Zhao, Y.: Optimal key consensus in presence of noise. Cryptology ePrint Archive, Report 2017\/1058 (2017). \nhttps:\/\/eprint.iacr.org\/2017\/1058"},{"key":"16_CR30","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"43","DOI":"10.1007\/978-3-662-47989-6_3","volume-title":"Advances in Cryptology \u2013 CRYPTO 2015","author":"P Kirchner","year":"2015","unstructured":"Kirchner, P., Fouque, P.-A.: An improved BKW algorithm for LWE with applications to cryptography and lattices. In: Gennaro, R., Robshaw, M. (eds.) CRYPTO 2015. LNCS, vol. 9215, pp. 43\u201362. Springer, Heidelberg (2015). \nhttps:\/\/doi.org\/10.1007\/978-3-662-47989-6_3"},{"issue":"3","key":"16_CR31","doi-asserted-by":"publisher","first-page":"565","DOI":"10.1007\/s10623-014-9938-4","volume":"75","author":"A Langlois","year":"2015","unstructured":"Langlois, A., Stehl\u00e9, D.: Worst-case to average-case reductions for module lattices. Des. Codes Crypt. 75(3), 565\u2013599 (2015). \nhttps:\/\/doi.org\/10.1007\/s10623-014-9938-4","journal-title":"Des. Codes Crypt."},{"key":"16_CR32","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1007\/978-3-642-13190-5_1","volume-title":"Advances in Cryptology \u2013 EUROCRYPT 2010","author":"V Lyubashevsky","year":"2010","unstructured":"Lyubashevsky, V., Peikert, C., Regev, O.: On ideal lattices and learning with errors over rings. In: Gilbert, H. (ed.) EUROCRYPT 2010. LNCS, vol. 6110, pp. 1\u201323. Springer, Heidelberg (2010). \nhttps:\/\/doi.org\/10.1007\/978-3-642-13190-5_1"},{"key":"16_CR33","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"197","DOI":"10.1007\/978-3-319-11659-4_12","volume-title":"Post-Quantum Cryptography","author":"C Peikert","year":"2014","unstructured":"Peikert, C.: Lattice cryptography for the internet. In: Mosca, M. (ed.) PQCrypto 2014. LNCS, vol. 8772, pp. 197\u2013219. Springer, Cham (2014). \nhttps:\/\/doi.org\/10.1007\/978-3-319-11659-4_12"},{"key":"16_CR34","unstructured":"Regev, O.: On lattices, learning with errors, random linear codes, and cryptography. In: STOC 2005, pp. 84\u201393. ACM (2005). \nhttp:\/\/doi.acm.org\/10.1145\/1060590.1060603"},{"key":"16_CR35","unstructured":"Saito, T., Xagawa, K., Yamakawa, T.: Tightly-secure key-encapsulation mechanism in the quantum random oracle model. Cryptology ePrint Archive, Report 2017\/1005 (2017). \nhttps:\/\/eprint.iacr.org\/2017\/1005"},{"issue":"1\u20133","key":"16_CR36","doi-asserted-by":"crossref","first-page":"181","DOI":"10.1007\/BF01581144","volume":"66","author":"CP Schnorr","year":"1994","unstructured":"Schnorr, C.P., Euchner, M.: Lattice basis reduction: improved practical algorithms and solving subset sum problems. Math. Program. 66(1\u20133), 181\u2013199 (1994). \nhttps:\/\/doi.org\/10.1007\/BF01581144","journal-title":"Math. Program."},{"key":"16_CR37","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"27","DOI":"10.1007\/978-3-642-20465-4_4","volume-title":"Advances in Cryptology \u2013 EUROCRYPT 2011","author":"D Stehl\u00e9","year":"2011","unstructured":"Stehl\u00e9, D., Steinfeld, R.: Making NTRU as secure as worst-case problems over ideal lattices. In: Paterson, K.G. (ed.) EUROCRYPT 2011. LNCS, vol. 6632, pp. 27\u201347. Springer, Heidelberg (2011). \nhttps:\/\/doi.org\/10.1007\/978-3-642-20465-4_4"},{"key":"16_CR38","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"192","DOI":"10.1007\/978-3-662-53644-5_8","volume-title":"Theory of Cryptography","author":"EE Targhi","year":"2016","unstructured":"Targhi, E.E., Unruh, D.: Post-quantum security of the Fujisaki-Okamoto and OAEP transforms. In: Hirt, M., Smith, A. (eds.) TCC 2016. LNCS, vol. 9986, pp. 192\u2013216. Springer, Heidelberg (2016). \nhttps:\/\/doi.org\/10.1007\/978-3-662-53644-5_8"}],"container-title":["Lecture Notes in Computer Science","Progress in Cryptology \u2013 AFRICACRYPT 2018"],"original-title":[],"link":[{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-319-89339-6_16","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2018,4,6]],"date-time":"2018-04-06T11:12:02Z","timestamp":1523013122000},"score":1,"resource":{"primary":{"URL":"http:\/\/link.springer.com\/10.1007\/978-3-319-89339-6_16"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2018]]},"ISBN":["9783319893389","9783319893396"],"references-count":38,"URL":"https:\/\/doi.org\/10.1007\/978-3-319-89339-6_16","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"value":"0302-9743","type":"print"},{"value":"1611-3349","type":"electronic"}],"subject":[],"published":{"date-parts":[[2018]]}}}