{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,4,6]],"date-time":"2026-04-06T21:59:54Z","timestamp":1775512794071,"version":"3.50.1"},"publisher-location":"Berlin, Heidelberg","reference-count":37,"publisher":"Springer Berlin Heidelberg","isbn-type":[{"value":"9783642103650","type":"print"},{"value":"9783642103667","type":"electronic"}],"license":[{"start":{"date-parts":[[2009,1,1]],"date-time":"2009-01-01T00:00:00Z","timestamp":1230768000000},"content-version":"tdm","delay-in-days":0,"URL":"http:\/\/www.springer.com\/tdm"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2009]]},"DOI":"10.1007\/978-3-642-10366-7_35","type":"book-chapter","created":{"date-parts":[[2009,11,30]],"date-time":"2009-11-30T22:08:44Z","timestamp":1259618924000},"page":"598-616","source":"Crossref","is-referenced-by-count":382,"title":["Fiat-Shamir with Aborts: Applications to Lattice and Factoring-Based Signatures"],"prefix":"10.1007","author":[{"given":"Vadim","family":"Lyubashevsky","sequence":"first","affiliation":[]}],"member":"297","reference":[{"key":"35_CR1","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"418","DOI":"10.1007\/3-540-46035-7_28","volume-title":"Advances in Cryptology - EUROCRYPT 2002","author":"M. Abdalla","year":"2002","unstructured":"Abdalla, M., An, J.H., Bellare, M., Namprempre, C.: From identification to signatures via the Fiat-Shamir transform: Minimizing assumptions for security and forward-security. In: Knudsen, L.R. (ed.) EUROCRYPT 2002. LNCS, vol.\u00a02332, pp. 418\u2013433. Springer, Heidelberg (2002)"},{"key":"35_CR2","doi-asserted-by":"crossref","unstructured":"Ajtai, M.: Generating hard instances of lattice problems. In: STOC (1996)","DOI":"10.1145\/237814.237838"},{"key":"35_CR3","doi-asserted-by":"crossref","unstructured":"Ajtai, M., Dwork, C.: A public-key cryptosystem with worst-case\/average-case equivalence. In: STOC (1997); An improved version is described in ECCC 2007","DOI":"10.1145\/258533.258604"},{"key":"35_CR4","doi-asserted-by":"crossref","unstructured":"Ajtai, M., Kumar, R., Sivakumar, D.: A sieve algorithm for the shortest lattice vector problem. In: STOC, pp. 601\u2013610 (2001)","DOI":"10.1145\/380752.380857"},{"issue":"2","key":"35_CR5","doi-asserted-by":"publisher","first-page":"77","DOI":"10.1007\/BF02351717","volume":"1","author":"U. Feige","year":"1988","unstructured":"Feige, U., Fiat, A., Shamir, A.: Zero-knowledge proofs of identity. J. Cryptology\u00a01(2), 77\u201394 (1988)","journal-title":"J. Cryptology"},{"key":"35_CR6","doi-asserted-by":"crossref","unstructured":"Feige, U., Shamir, A.: Witness indistinguishable and witness hiding protocols. In: STOC, pp. 416\u2013426 (1990)","DOI":"10.1145\/100216.100272"},{"key":"35_CR7","series-title":"Lecture Notes in Computer Science","first-page":"186","volume-title":"Advances in Cryptology - CRYPTO \u201986","author":"A. Fiat","year":"1987","unstructured":"Fiat, A., Shamir, A.: How to prove yourself: Practical solutions to identification and signature problems. In: Odlyzko, A.M. (ed.) CRYPTO 1986. LNCS, vol.\u00a0263, pp. 186\u2013194. Springer, Heidelberg (1987)"},{"key":"35_CR8","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"31","DOI":"10.1007\/978-3-540-78967-3_3","volume-title":"Advances in Cryptology \u2013 EUROCRYPT 2008","author":"N. Gama","year":"2008","unstructured":"Gama, N., Nguyen, P.Q.: Predicting lattice reduction. In: Smart, N.P. (ed.) EUROCRYPT 2008. LNCS, vol.\u00a04965, pp. 31\u201351. Springer, Heidelberg (2008)"},{"key":"35_CR9","doi-asserted-by":"crossref","unstructured":"Gentry, C., Peikert, C., Vaikuntanathan, V.: Trapdoors for hard lattices, and new cryptographic constructions. In: STOC (2008)","DOI":"10.1145\/1374376.1374407"},{"key":"35_CR10","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"crossref","first-page":"481","DOI":"10.1007\/3-540-46877-3_44","volume-title":"Advances in Cryptology - EUROCRYPT \u201990","author":"M. Girault","year":"1991","unstructured":"Girault, M.: An identity-based identification scheme based on discrete logarithms modulo a composite number. In: Damg\u00e5rd, I.B. (ed.) EUROCRYPT 1990. LNCS, vol.\u00a0473, pp. 481\u2013486. Springer, Heidelberg (1991)"},{"issue":"4","key":"35_CR11","doi-asserted-by":"publisher","first-page":"463","DOI":"10.1007\/s00145-006-0224-0","volume":"19","author":"M. Girault","year":"2006","unstructured":"Girault, M., Poupard, G., Stern, J.: On the fly authentication and signature schemes based on groups of unknown order. J. Cryptology\u00a019(4), 463\u2013487 (2006)","journal-title":"J. Cryptology"},{"issue":"2","key":"35_CR12","doi-asserted-by":"publisher","first-page":"281","DOI":"10.1137\/0217017","volume":"17","author":"S. Goldwasser","year":"1988","unstructured":"Goldwasser, S., Micali, S., Rivest, R.: A digital signature scheme secure against adaptive chosen-message attacks. SIAM J. Comput.\u00a017(2), 281\u2013308 (1988)","journal-title":"SIAM J. Comput."},{"key":"35_CR13","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"crossref","first-page":"216","DOI":"10.1007\/0-387-34799-2_16","volume-title":"Advances in Cryptology - CRYPTO \u201988","author":"L. Guillou","year":"1990","unstructured":"Guillou, L., Quisquater, J.J.: A \u201dparadoxical\u201d identity-based signature scheme resulting from zero-knowledge. In: Goldwasser, S. (ed.) CRYPTO 1988. LNCS, vol.\u00a0403, pp. 216\u2013231. Springer, Heidelberg (1990)"},{"key":"35_CR14","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"267","DOI":"10.1007\/BFb0054868","volume-title":"Algorithmic Number Theory","author":"J. Hoffstein","year":"1998","unstructured":"Hoffstein, J., Pipher, J., Silverman, J.H.: NTRU: A ring-based public key cryptosystem. In: Buhler, J.P. (ed.) ANTS 1998. LNCS, vol.\u00a01423, pp. 267\u2013288. Springer, Heidelberg (1998)"},{"key":"35_CR15","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"372","DOI":"10.1007\/978-3-540-89255-7_23","volume-title":"Advances in Cryptology - ASIACRYPT 2008","author":"A. Kawachi","year":"2008","unstructured":"Kawachi, A., Tanaka, K., Xagawa, K.: Concurrently secure identification schemes based on the worst-case hardness of lattice problems. In: Pieprzyk, J. (ed.) ASIACRYPT 2008. LNCS, vol.\u00a05350, pp. 372\u2013389. Springer, Heidelberg (2008)"},{"key":"35_CR16","doi-asserted-by":"crossref","unstructured":"Lenstra, A.K., Lenstra Jr., H.W., Lovasz, L.: Factoring polynomials with rational coefficients. Mathematische Annalen\u00a0(261), 513\u2013534 (1982)","DOI":"10.1007\/BF01457454"},{"key":"35_CR17","doi-asserted-by":"crossref","unstructured":"Lyubashevsky, V.: Lattice-based identification schemes secure under active attacks. In: Public Key Cryptography, pp. 162\u2013179 (2008)","DOI":"10.1007\/978-3-540-78440-1_10"},{"key":"35_CR18","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"144","DOI":"10.1007\/11787006_13","volume-title":"Automata, Languages and Programming","author":"V. Lyubashevsky","year":"2006","unstructured":"Lyubashevsky, V., Micciancio, D.: Generalized compact knapsacks are collision resistant. In: Bugliesi, M., Preneel, B., Sassone, V., Wegener, I. (eds.) ICALP 2006. LNCS, vol.\u00a04052, pp. 144\u2013155. Springer, Heidelberg (2006)"},{"key":"35_CR19","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"37","DOI":"10.1007\/978-3-540-78524-8_3","volume-title":"Theory of Cryptography","author":"V. Lyubashevsky","year":"2008","unstructured":"Lyubashevsky, V., Micciancio, D.: Asymptotically efficient lattice-based digital signatures. In: Canetti, R. (ed.) TCC 2008. LNCS, vol.\u00a04948, pp. 37\u201354. Springer, Heidelberg (2008)"},{"key":"35_CR20","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"54","DOI":"10.1007\/978-3-540-71039-4_4","volume-title":"Fast Software Encryption","author":"V. Lyubashevsky","year":"2008","unstructured":"Lyubashevsky, V., Micciancio, D., Peikert, C., Rosen, A.: SWIFFT: a modest proposal for FFT hashing. In: Nyberg, K. (ed.) FSE 2008. LNCS, vol.\u00a05086, pp. 54\u201372. Springer, Heidelberg (2008)"},{"key":"35_CR21","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"crossref","first-page":"369","DOI":"10.1007\/3-540-48184-2_32","volume-title":"Advances in Cryptology - CRYPTO \u201987","author":"R. Merkle","year":"1988","unstructured":"Merkle, R.: A digital signature based on a conventional encryption function. In: Pomerance, C. (ed.) CRYPTO 1987. LNCS, vol.\u00a0293, pp. 369\u2013378. Springer, Heidelberg (1988)"},{"key":"35_CR22","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"crossref","first-page":"218","DOI":"10.1007\/0-387-34805-0_21","volume-title":"Advances in Cryptology - CRYPTO \u201989","author":"R. Merkle","year":"1990","unstructured":"Merkle, R.: A certified digital signature. In: Brassard, G. (ed.) CRYPTO 1989. LNCS, vol.\u00a0435, pp. 218\u2013238. Springer, Heidelberg (1990)"},{"issue":"4","key":"35_CR23","doi-asserted-by":"publisher","first-page":"365","DOI":"10.1007\/s00037-007-0234-9","volume":"16","author":"D. Micciancio","year":"2007","unstructured":"Micciancio, D.: Generalized compact knapsacks, cyclic lattices, and efficient one-way functions. Computational Complexity\u00a016(4), 365\u2013411 (2007)","journal-title":"Computational Complexity"},{"issue":"1","key":"35_CR24","doi-asserted-by":"publisher","first-page":"267","DOI":"10.1137\/S0097539705447360","volume":"37","author":"D. Micciancio","year":"2007","unstructured":"Micciancio, D., Regev, O.: Worst-case to average-case reductions based on Gaussian measures. SIAM J. on Computing\u00a037(1), 267\u2013302 (2007)","journal-title":"SIAM J. on Computing"},{"key":"35_CR25","volume-title":"Post-quantum Cryptography","author":"D. Micciancio","year":"2009","unstructured":"Micciancio, D., Regev, O.: Lattice-based cryptography. In: Bernstein, D., Buchmann, J. (eds.) Post-quantum Cryptography. Springer, Heidelberg (2009)"},{"key":"35_CR26","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"crossref","first-page":"282","DOI":"10.1007\/978-3-540-45146-4_17","volume-title":"Advances in Cryptology - CRYPTO 2003","author":"D. Micciancio","year":"2003","unstructured":"Micciancio, D., Vadhan, S.: Statistical zero-knowledge proofs with efficient provers: Lattice problems and more. In: Boneh, D. (ed.) CRYPTO 2003. LNCS, vol.\u00a02729, pp. 282\u2013298. Springer, Heidelberg (2003)"},{"key":"35_CR27","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"crossref","first-page":"31","DOI":"10.1007\/3-540-48071-4_3","volume-title":"Advances in Cryptology - CRYPTO \u201992","author":"T. Okamoto","year":"1993","unstructured":"Okamoto, T.: Provably secure and practical identification schemes and corresponding signature schemes. In: Brickell, E.F. (ed.) CRYPTO 1992. LNCS, vol.\u00a0740, pp. 31\u201353. Springer, Heidelberg (1993)"},{"key":"35_CR28","doi-asserted-by":"crossref","unstructured":"Peikert, C.: Public-key cryptosystems from the worst-case shortest vector problem. In: STOC (2009)","DOI":"10.1145\/1536414.1536461"},{"key":"35_CR29","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"145","DOI":"10.1007\/11681878_8","volume-title":"Theory of Cryptography","author":"C. Peikert","year":"2006","unstructured":"Peikert, C., Rosen, A.: Efficient collision-resistant hashing from worst-case assumptions on cyclic lattices. In: Halevi, S., Rabin, T. (eds.) TCC 2006. LNCS, vol.\u00a03876, pp. 145\u2013166. Springer, Heidelberg (2006)"},{"key":"35_CR30","doi-asserted-by":"crossref","unstructured":"Peikert, C., Rosen, A.: Lattices that admit logarithmic worst-case to average-case connection factors. In: STOC (2007)","DOI":"10.1145\/1250790.1250860"},{"key":"35_CR31","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"crossref","first-page":"113","DOI":"10.1007\/978-3-540-46588-1_9","volume-title":"Public Key Cryptography","author":"D. Pointcheval","year":"2000","unstructured":"Pointcheval, D.: The composite discrete logarithm and secure authentication. In: Imai, H., Zheng, Y. (eds.) PKC 2000. LNCS, vol.\u00a01751, pp. 113\u2013128. Springer, Heidelberg (2000)"},{"issue":"3","key":"35_CR32","doi-asserted-by":"publisher","first-page":"361","DOI":"10.1007\/s001450010003","volume":"13","author":"D. Pointcheval","year":"2000","unstructured":"Pointcheval, D., Stern, J.: Security arguments for digital signatures and blind signatures. J. Cryptology\u00a013(3), 361\u2013396 (2000)","journal-title":"J. Cryptology"},{"issue":"6","key":"35_CR33","doi-asserted-by":"publisher","first-page":"899","DOI":"10.1145\/1039488.1039490","volume":"51","author":"O. Regev","year":"2004","unstructured":"Regev, O.: New lattice-based cryptographic constructions. J. ACM\u00a051(6), 899\u2013942 (2004)","journal-title":"J. ACM"},{"key":"35_CR34","doi-asserted-by":"crossref","unstructured":"Regev, O.: On lattices, learning with errors, random linear codes, and cryptography. In: STOC (2005)","DOI":"10.1145\/1060590.1060603"},{"issue":"3","key":"35_CR35","doi-asserted-by":"publisher","first-page":"161","DOI":"10.1007\/BF00196725","volume":"4","author":"C.P. Schnorr","year":"1991","unstructured":"Schnorr, C.P.: Efficient signature generation by smart cards. J. Cryptology\u00a04(3), 161\u2013174 (1991)","journal-title":"J. Cryptology"},{"issue":"5","key":"35_CR36","doi-asserted-by":"publisher","first-page":"1484","DOI":"10.1137\/S0097539795293172","volume":"26","author":"P. Shor","year":"1997","unstructured":"Shor, P.: Polynomial-time algorithms for prime factorization and discrete logarithms on a quantum computer. SIAM J. Comput.\u00a026(5), 1484\u20131509 (1997)","journal-title":"SIAM J. Comput."},{"key":"35_CR37","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"crossref","first-page":"617","DOI":"10.1007\/978-3-642-10366-7_36","volume-title":"ASIACRYPT 2009","author":"D. Stehle","year":"2009","unstructured":"Stehle, D., Steinfeld, R., Tanaka, K., Xagawa, K.: Efficient public-key encryption based on ideal lattices. In: Matsui, M. (ed.) ASIACRYPT 2009. LNCS, vol.\u00a05912, pp. 617\u2013635. Springer, Heidelberg (2009)"}],"container-title":["Lecture Notes in Computer Science","Advances in Cryptology \u2013 ASIACRYPT 2009"],"original-title":[],"language":"en","link":[{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-642-10366-7_35","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2019,5,19]],"date-time":"2019-05-19T12:52:34Z","timestamp":1558270354000},"score":1,"resource":{"primary":{"URL":"http:\/\/link.springer.com\/10.1007\/978-3-642-10366-7_35"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2009]]},"ISBN":["9783642103650","9783642103667"],"references-count":37,"URL":"https:\/\/doi.org\/10.1007\/978-3-642-10366-7_35","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"value":"0302-9743","type":"print"},{"value":"1611-3349","type":"electronic"}],"subject":[],"published":{"date-parts":[[2009]]}}}