{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,2,28]],"date-time":"2026-02-28T12:57:03Z","timestamp":1772283423859,"version":"3.50.1"},"publisher-location":"Berlin, Heidelberg","reference-count":54,"publisher":"Springer Berlin Heidelberg","isbn-type":[{"value":"9783662434130","type":"print"},{"value":"9783662434147","type":"electronic"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2014]]},"DOI":"10.1007\/978-3-662-43414-7_4","type":"book-chapter","created":{"date-parts":[[2014,5,20]],"date-time":"2014-05-20T10:57:06Z","timestamp":1400583426000},"page":"68-85","source":"Crossref","is-referenced-by-count":71,"title":["Towards Practical Lattice-Based Public-Key Encryption on Reconfigurable Hardware"],"prefix":"10.1007","author":[{"given":"Thomas","family":"P\u00f6ppelmann","sequence":"first","affiliation":[]},{"given":"Tim","family":"G\u00fcneysu","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2014,5,21]]},"reference":[{"key":"4_CR1","doi-asserted-by":"crossref","unstructured":"Agrawal, S., Boneh, D., Boyen, X.: Efficient lattice (H)IBE in the standard model. In: Gilbert [21], pp. 553\u2013572","DOI":"10.1007\/978-3-642-13190-5_28"},{"key":"4_CR2","doi-asserted-by":"crossref","unstructured":"Ajtai, M.: Generating hard instances of lattice problems. In: Proceedings of the Twenty-Eighth Annual ACM Symposium on Theory of Computing, pp. 99\u2013108. ACM (1996)","DOI":"10.1145\/237814.237838"},{"key":"4_CR3","unstructured":"Albrecht, M., Cid, C., Faug\u00e8re, J.-C., Fitzpatrick, R., Perret, L.: On the complexity of BKW algorithm against LWE. In: SCC\u201912: Proceedings of the 3nd International Conference on Symbolic Computation and Cryptography, Castro-Urdiales, July 2012, pp. 100\u2013107 (2012)"},{"key":"4_CR4","unstructured":"Albrecht, M., Cid, C., Faug\u00e8re, J.-C., Fitzpatrick, R., Perret, L.: On the complexity of the Arora-Ge algorithm against LWE. In: SCC\u201912: Proceedings of the 3nd International Conference on Symbolic Computation and Cryptography, Castro-Urdiales, July 2012, pp. 93\u201399 (2012)"},{"key":"4_CR5","doi-asserted-by":"crossref","unstructured":"Atici, A.C., Batina, L., Fan, J., Verbauwhede, I., \u00d6rs, S.B.: Low-cost implementations of NTRU for pervasive security. In: ASAP, pp. 79\u201384. IEEE Computer Society (2008)","DOI":"10.1109\/ASAP.2008.4580158"},{"key":"4_CR6","unstructured":"Aysu, A., Patterson, C., Schaumont, P.: Low-cost and area-efficient FPGA implementations of lattice-based cryptography. In: IEEE International Symposium on Hardware-Oriented Security and Trust (HOST), 2013. IEEE (2013, to appear)"},{"key":"4_CR7","series-title":"LNCS","first-page":"262","volume-title":"CHES 2001","author":"DV Bailey","year":"2001","unstructured":"Bailey, D.V., Coffin, D., Elbirt, A., Silverman, J.H., Woodbury, A.D.: NTRU in constrained devices. In: Ko\u00e7, \u00c7.K., Naccache, D., Paar, C. (eds.) CHES 2001. LNCS, vol. 2162, pp. 262\u2013272. Springer, Heidelberg (2001)"},{"key":"4_CR8","unstructured":"Bernstein, D.J., Lange, T.: eBACS: ECRYPT benchmarking of cryptographic systems. \n                      http:\/\/bench.cr.yp.to\n                      \n                    . Accessed 10 May 2013"},{"key":"4_CR9","first-page":"75","volume":"2013","author":"JW Bos","year":"2013","unstructured":"Bos, J.W., Lauter, K., Loftus, J., Naehrig, M.: Improved security for a ring-based fully homomorphic encryption scheme. IACR Cryptol. ePrint Arch. 2013, 75 (2013)","journal-title":"IACR Cryptol. ePrint Arch."},{"key":"4_CR10","series-title":"LNCS","doi-asserted-by":"publisher","first-page":"868","DOI":"10.1007\/978-3-642-32009-5_50","volume-title":"CRYPTO 2012","author":"Z Brakerski","year":"2012","unstructured":"Brakerski, Z.: Fully homomorphic encryption without modulus switching from classical GapSVP. In: Safavi-Naini, R., Canetti, R. (eds.) CRYPTO 2012. LNCS, vol. 7417, pp. 868\u2013886. Springer, Heidelberg (2012)"},{"key":"4_CR11","doi-asserted-by":"crossref","unstructured":"Brakerski, Z., Langlois, A., Peikert, C., Regev, O., Stehl\u00e9, D.: Classical hardness of learning with errors. In: Boneh, D., Roughgarden, T., Feigenbaum, J. (eds.) STOC, pp. 575\u2013584. ACM (2013)","DOI":"10.1145\/2488608.2488680"},{"issue":"9","key":"4_CR12","doi-asserted-by":"publisher","first-page":"50","DOI":"10.1145\/1151030.1151055","volume":"49","author":"J Buchmann","year":"2006","unstructured":"Buchmann, J., May, A., Vollmer, U.: Perspectives for cryptographic long-term security. Commun. ACM 49(9), 50\u201355 (2006)","journal-title":"Commun. ACM"},{"key":"4_CR13","series-title":"LNCS","volume-title":"CRYPTO 2013, Part I","year":"2013","unstructured":"Canetti, R., Garay, J.A. (eds.): CRYPTO 2013, Part I. LNCS, vol. 8042. Springer, Heidelberg (2013)"},{"key":"4_CR14","doi-asserted-by":"crossref","unstructured":"Ducas, L., Durmus, A., Lepoint, T., Lyubashevsky, V.: Lattice signatures and bimodal Gaussians. In: Canetti and Garay [13], pp. 40\u201356. Proceedings version of [15]","DOI":"10.1007\/978-3-642-40041-4_3"},{"key":"4_CR15","first-page":"383","volume":"2013","author":"L Ducas","year":"2013","unstructured":"Ducas, L., Durmus, A., Lepoint, T., Lyubashevsky, V.: Lattice signatures and bimodal Gaussians. IACR Cryptol. ePrint Arch. 2013, 383 (2013). (Full version of [14])","journal-title":"IACR Cryptol. ePrint Arch."},{"key":"4_CR16","doi-asserted-by":"crossref","unstructured":"Ducas, L., Nguyen, P.Q.: Faster Gaussian lattice sampling using lazy floating-point arithmetic. In: Wang and Sako [53], pp. 415\u2013432","DOI":"10.1007\/978-3-642-34961-4_26"},{"key":"4_CR17","doi-asserted-by":"crossref","unstructured":"Ducas, L., Nguyen, P.Q.: Learning a zonotope and more: cryptanalysis of NTRUSign countermeasures. In: Wang and Sako [53], pp. 433\u2013450","DOI":"10.1007\/978-3-642-34961-4_27"},{"key":"4_CR18","unstructured":"Galbraith, S.D., Dwarakanath, N.C.: Efficient sampling from discrete gaussians for lattice-based cryptography on a constrained device"},{"key":"4_CR19","doi-asserted-by":"crossref","unstructured":"Gentry, C.: Fully homomorphic encryption using ideal lattices. In: Proceedings of the 41st Annual ACM Symposium on Theory of Computing, pp. 169\u2013178. ACM (2009)","DOI":"10.1145\/1536414.1536440"},{"key":"4_CR20","doi-asserted-by":"crossref","unstructured":"Gentry, C., Peikert, C., Vaikuntanathan, V.: Trapdoors for hard lattices and new cryptographic constructions. In: Dwork, C. (ed.) STOC, pp. 197\u2013206. ACM (2008)","DOI":"10.1145\/1374376.1374407"},{"key":"4_CR21","series-title":"LNCS","volume-title":"EUROCRYPT 2010","year":"2010","unstructured":"Gilbert, H. (ed.): EUROCRYPT 2010. LNCS, vol. 6110. Springer, Heidelberg (2010)"},{"key":"4_CR22","doi-asserted-by":"crossref","unstructured":"G\u00f6ttert, N., Feller, T., Schneider, M., Buchmann, J., Huss, S.: On the design of hardware building blocks for modern lattice-based encryption schemes. In: Prouff and Schaumont [46], pp. 512\u2013529","DOI":"10.1007\/978-3-642-33027-8_30"},{"key":"4_CR23","doi-asserted-by":"crossref","unstructured":"G\u00fcneysu, T., Lyubashevsky, V., P\u00f6ppelmann, T.: Practical lattice-based cryptography: a signature scheme for embedded systems. In: Prouff and Schaumont [46], pp. 530\u2013547","DOI":"10.1007\/978-3-642-33027-8_31"},{"key":"4_CR24","series-title":"LNCS","first-page":"62","volume-title":"CHES 2008","author":"T G\u00fcneysu","year":"2008","unstructured":"G\u00fcneysu, T., Paar, C.: Ultra high performance ECC over NIST primes on commercial FPGAs. In: Oswald, E., Rohatgi, P. (eds.) CHES 2008. LNCS, vol. 5154, pp. 62\u201378. Springer, Heidelberg (2008)"},{"key":"4_CR25","doi-asserted-by":"crossref","unstructured":"Gutierrez, R., Torres, V., Valls, J.: Hardware architecture of a Gaussian noise generator based on the inversion method. IEEE Trans. Circ. Syst. 59-II(8), 501\u2013505 (2012)","DOI":"10.1109\/TCSII.2012.2204119"},{"key":"4_CR26","series-title":"LNCS","first-page":"73","volume-title":"CT-RSA 2010","author":"J Hermans","year":"2010","unstructured":"Hermans, J., Vercauteren, F., Preneel, B.: Speed records for NTRU. In: Pieprzyk, J. (ed.) CT-RSA 2010. LNCS, vol. 5985, pp. 73\u201388. Springer, Heidelberg (2010)"},{"key":"4_CR27","doi-asserted-by":"crossref","unstructured":"Heyse, S., G\u00fcneysu, T.: Towards one cycle per bit asymmetric encryption: code-based cryptography on reconfigurable hardware. In: Prouff and Schaumont [46], pp. 340\u2013355","DOI":"10.1007\/978-3-642-33027-8_20"},{"key":"4_CR28","series-title":"LNCS","first-page":"437","volume-title":"ACNS 2009","author":"PS Hirschhorn","year":"2009","unstructured":"Hirschhorn, P.S., Hoffstein, J., Howgrave-Graham, N., Whyte, W.: Choosing NTRUEncrypt parameters in light of combined lattice reduction and MITM approaches. In: Abdalla, M., Pointcheval, D., Fouque, P.-A., Vergnaud, D. (eds.) ACNS 2009. LNCS, vol. 5536, pp. 437\u2013455. Springer, Heidelberg (2009)"},{"key":"4_CR29","series-title":"LNCS","first-page":"267","volume-title":"ANTS 1998","author":"J Hoffstein","year":"1998","unstructured":"Hoffstein, J., Pipher, J., Silverman, J.H.: NTRU: a ring-based public key cryptosystem. In: Buhler, J.P. (ed.) ANTS 1998. LNCS, vol. 1423, pp. 267\u2013288. Springer, Heidelberg (1998)"},{"key":"4_CR30","doi-asserted-by":"crossref","unstructured":"Kamal, A.A., Youssef, A.M.: An FPGA implementation of the NTRUEncrypt cryptosystem. In: 2009 International Conference on Microelectronics (ICM), pp. 209\u2013212. IEEE (2009)","DOI":"10.1109\/ICM.2009.5418649"},{"issue":"8","key":"4_CR31","doi-asserted-by":"publisher","first-page":"911","DOI":"10.1109\/TVLSI.2005.853615","volume":"13","author":"D-U Lee","year":"2005","unstructured":"Lee, D.-U., Luk, W., Villasenor, J.D., Zhang, G., Leong, P.H.-W.: A hardware Gaussian noise generator using the Wallace method. IEEE Trans. Very Large Scale Integr. VLSI Syst. 13(8), 911\u2013920 (2005)","journal-title":"IEEE Trans. Very Large Scale Integr. VLSI Syst."},{"key":"4_CR32","series-title":"LNCS","first-page":"319","volume-title":"CT-RSA 2011","author":"R Lindner","year":"2011","unstructured":"Lindner, R., Peikert, C.: Better key sizes (and Attacks) for LWE-based encryption. In: Kiayias, A. (ed.) CT-RSA 2011. LNCS, vol. 6558, pp. 319\u2013339. Springer, Heidelberg (2011)"},{"key":"4_CR33","series-title":"LNCS","first-page":"144","volume-title":"ICALP 2006","author":"V Lyubashevsky","year":"2006","unstructured":"Lyubashevsky, V., Micciancio, D.: Generalized compact knapsacks are collision resistant. In: Bugliesi, M., Preneel, B., Sassone, V., Wegener, I. (eds.) ICALP 2006. LNCS, vol. 4052, pp. 144\u2013155. Springer, Heidelberg (2006)"},{"key":"4_CR34","series-title":"LNCS","doi-asserted-by":"publisher","first-page":"738","DOI":"10.1007\/978-3-642-29011-4_43","volume-title":"EUROCRYPT 2012","author":"V Lyubashevsky","year":"2012","unstructured":"Lyubashevsky, V.: Lattice signatures without trapdoors. In: Pointcheval, D., Johansson, T. (eds.) EUROCRYPT 2012. LNCS, vol. 7237, pp. 738\u2013755. Springer, Heidelberg (2012)"},{"key":"4_CR35","series-title":"LNCS","first-page":"54","volume-title":"FSE 2008","author":"V Lyubashevsky","year":"2008","unstructured":"Lyubashevsky, V., Micciancio, D., Peikert, C., Rosen, A.: SWIFFT: a modest proposal for FFT hashing. In: Nyberg, K. (ed.) FSE 2008. LNCS, vol. 5086, pp. 54\u201372. Springer, Heidelberg (2008)"},{"key":"4_CR36","doi-asserted-by":"crossref","unstructured":"Lyubashevsky, V., Peikert, C., Regev, O.: On ideal lattices and learning with errors over rings. In: Gilbert [21], pp. 1\u201323. Proceedings version of [37]","DOI":"10.1007\/978-3-642-13190-5_1"},{"key":"4_CR37","first-page":"230","volume":"2012","author":"V Lyubashevsky","year":"2012","unstructured":"Lyubashevsky, V., Peikert, C., Regev, O.: On ideal lattices and learning with errors over rings. IACR Cryptol. ePrint Arch. 2012, 230 (2012). (Full version of [36])","journal-title":"IACR Cryptol. ePrint Arch."},{"key":"4_CR38","unstructured":"MacWilliams, F.J., Sloane, N.J.A.: The Theory of Error-Correcting Codes. vol. 16, 762 pp, Elsevier Science Publishers B. V., North-Holland (2006). ISBN: 0-444-85193-3"},{"key":"4_CR39","volume-title":"Power Analysis Attacks: Revealing the Secrets of Smart Cards (Advances in Information Security)","author":"S Mangard","year":"2007","unstructured":"Mangard, S., Oswald, E., Popp, T.: Power Analysis Attacks: Revealing the Secrets of Smart Cards (Advances in Information Security), 3rd edn. Springer, New York (2007)","edition":"3"},{"issue":"4","key":"4_CR40","doi-asserted-by":"publisher","first-page":"365","DOI":"10.1007\/s00037-007-0234-9","volume":"16","author":"D Micciancio","year":"2007","unstructured":"Micciancio, D.: Generalized compact knapsacks, cyclic lattices, and efficient one-way functions. Comput. Complex. 16(4), 365\u2013411 (2007)","journal-title":"Comput. Complex."},{"key":"4_CR41","doi-asserted-by":"crossref","unstructured":"Micciancio, D., Peikert, C.: Hardness of SIS and LWE with small parameters. In: Canetti and Garay [13], pp. 21\u201339","DOI":"10.1007\/978-3-642-40041-4_2"},{"key":"4_CR42","doi-asserted-by":"crossref","unstructured":"Naehrig, M., Lauter, K., Vaikuntanathan, V.: Can homomorphic encryption be practical? In: Proceedings of the 3rd ACM Workshop on Cloud Computing Security Workshop, CCSW \u201911, pp. 113\u2013124. ACM, New York (2011)","DOI":"10.1145\/2046660.2046682"},{"key":"4_CR43","series-title":"LNCS","doi-asserted-by":"publisher","first-page":"271","DOI":"10.1007\/11761679_17","volume-title":"EUROCRYPT 2006","author":"PQ Nguy\u00ean","year":"2006","unstructured":"Nguy\u00ean, P.Q., Regev, O.: Learning a parallelepiped: cryptanalysis of GGH and NTRU signatures. In: Vaudenay, S. (ed.) EUROCRYPT 2006. LNCS, vol. 4004, pp. 271\u2013288. Springer, Heidelberg (2006)"},{"key":"4_CR44","series-title":"LNCS","doi-asserted-by":"publisher","first-page":"80","DOI":"10.1007\/978-3-642-14623-7_5","volume-title":"CRYPTO 2010","author":"C Peikert","year":"2010","unstructured":"Peikert, C.: An efficient and parallel Gaussian sampler for lattices. In: Rabin, T. (ed.) CRYPTO 2010. LNCS, vol. 6223, pp. 80\u201397. Springer, Heidelberg (2010)"},{"key":"4_CR45","series-title":"LNCS","doi-asserted-by":"publisher","first-page":"139","DOI":"10.1007\/978-3-642-33481-8_8","volume-title":"LatinCrypt 2012","author":"T P\u00f6ppelmann","year":"2012","unstructured":"P\u00f6ppelmann, T., G\u00fcneysu, T.: Towards efficient arithmetic for lattice-based cryptography on reconfigurable hardware. In: Hevia, A., Neven, G. (eds.) LatinCrypt 2012. LNCS, vol. 7533, pp. 139\u2013158. Springer, Heidelberg (2012)"},{"key":"4_CR46","series-title":"LNCS","volume-title":"CHES 2012","year":"2012","unstructured":"Prouff, E., Schaumont, P. (eds.): CHES 2012. LNCS, vol. 7428. Springer, Heidelberg (2012)"},{"key":"4_CR47","doi-asserted-by":"crossref","unstructured":"Rebeiro, C., Roy, S.S., Mukhopadhyay, D.: Pushing the limits of high-speed GF(\n                      \n                        \n                      \n                      $$2^m$$\n                    ) elliptic curve scalar multiplication on FPGAs. In: Prouff and Schaumont [46], pp. 494\u2013511","DOI":"10.1007\/978-3-642-33027-8_29"},{"key":"4_CR48","doi-asserted-by":"crossref","unstructured":"Regev, O.: On lattices, learning with errors, random linear codes, and cryptography. In: Gabow, H.N., Fagin, R. (eds.) STOC, pp. 84\u201393. ACM (2005)","DOI":"10.1145\/1060590.1060603"},{"key":"4_CR49","series-title":"LNCS","doi-asserted-by":"publisher","first-page":"27","DOI":"10.1007\/978-3-642-20465-4_4","volume-title":"EUROCRYPT 2011","author":"D Stehl\u00e9","year":"2011","unstructured":"Stehl\u00e9, D., Steinfeld, R.: Making NTRU as secure as worst-case problems over ideal lattices. In: Paterson, K.G. (ed.) EUROCRYPT 2011. LNCS, vol. 6632, pp. 27\u201347. Springer, Heidelberg (2011)"},{"key":"4_CR50","series-title":"LNCS","first-page":"272","volume-title":"CHES 2007","author":"D Suzuki","year":"2007","unstructured":"Suzuki, D.: How to maximize the potential of FPGA resources for modular exponentiation. In: Paillier, P., Verbauwhede, I. (eds.) CHES 2007. LNCS, vol. 4727, pp. 272\u2013288. Springer, Heidelberg (2007)"},{"issue":"4","key":"4_CR51","doi-asserted-by":"publisher","first-page":"11:1","DOI":"10.1145\/1287620.1287622","volume":"39","author":"DB Thomas","year":"2007","unstructured":"Thomas, D.B., Luk, W., Leong, P.H.W., Villasenor, J.D.: Gaussian random number generators. ACM Comput. Surv. 39(4), 11:1\u201311:38 (2007)","journal-title":"ACM Comput. Surv."},{"key":"4_CR52","unstructured":"Varchola, M.: FPGA based true random number generators for embedded cryptographic applications. Ph.D. thesis, Technical University of Kosice (2008)"},{"key":"4_CR53","series-title":"LNCS","volume-title":"ASIACRYPT 2012","year":"2012","unstructured":"Wang, X., Sako, K. (eds.): ASIACRYPT 2012. LNCS, vol. 7658. Springer, Heidelberg (2012)"},{"key":"4_CR54","unstructured":"Zhang, G., Leong, P.H.-W., Lee, D.-U., Villasenor, J.D., Cheung, R.C.C., Luk, W.: Ziggurat-based hardware Gaussian random number generator. In: International Conference on Field Programmable Logic and Applications, 2005, pp. 275\u2013280 (2005)"}],"container-title":["Lecture Notes in Computer Science","Selected Areas in Cryptography -- SAC 2013"],"original-title":[],"link":[{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-662-43414-7_4","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2019,5,26]],"date-time":"2019-05-26T17:42:54Z","timestamp":1558892574000},"score":1,"resource":{"primary":{"URL":"http:\/\/link.springer.com\/10.1007\/978-3-662-43414-7_4"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2014]]},"ISBN":["9783662434130","9783662434147"],"references-count":54,"URL":"https:\/\/doi.org\/10.1007\/978-3-662-43414-7_4","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"value":"0302-9743","type":"print"},{"value":"1611-3349","type":"electronic"}],"subject":[],"published":{"date-parts":[[2014]]}}}