{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,3,26]],"date-time":"2026-03-26T15:19:38Z","timestamp":1774538378350,"version":"3.50.1"},"publisher-location":"Berlin, Heidelberg","reference-count":73,"publisher":"Springer Berlin Heidelberg","isbn-type":[{"value":"9783662493007","type":"print"},{"value":"9783662493014","type":"electronic"}],"license":[{"start":{"date-parts":[[2016,1,1]],"date-time":"2016-01-01T00:00:00Z","timestamp":1451606400000},"content-version":"unspecified","delay-in-days":0,"URL":"http:\/\/www.springer.com\/tdm"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2016]]},"DOI":"10.1007\/978-3-662-49301-4_6","type":"book-chapter","created":{"date-parts":[[2016,3,18]],"date-time":"2016-03-18T15:15:43Z","timestamp":1458314143000},"page":"88-108","source":"Crossref","is-referenced-by-count":38,"title":["Post-Quantum Cryptography: State of the Art"],"prefix":"10.1007","author":[{"given":"Johannes A.","family":"Buchmann","sequence":"first","affiliation":[]},{"given":"Denis","family":"Butin","sequence":"additional","affiliation":[]},{"given":"Florian","family":"G\u00f6pfert","sequence":"additional","affiliation":[]},{"given":"Albrecht","family":"Petzoldt","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2016,3,18]]},"reference":[{"key":"6_CR1","doi-asserted-by":"crossref","unstructured":"Ajtai, M.: Generating hard instances of lattice problems (extended abstract). In: Proceedings of the Twenty-Eighth Annual ACM Symposium on Theory of Computing, STOC 1996, pp. 99\u2013108. ACM, New York (1996)","DOI":"10.1145\/237814.237838"},{"key":"6_CR2","series-title":"Communications in Computer and Information Science","doi-asserted-by":"publisher","first-page":"146","DOI":"10.1007\/978-3-642-23141-4_14","volume-title":"Information Security and Assurance","author":"SM Yousfi Alaoui El","year":"2011","unstructured":"El Yousfi Alaoui, S.M., Cayrel, P.-L., Mohammed, M.: Improved identity-based identification and signature schemes using Quasi-dyadic Goppa codes. In: Kim, T., Adeli, H., Robles, R.J., Balitanas, M. (eds.) ISA 2011. CCIS, vol. 200, pp. 146\u2013155. Springer, Heidelberg (2011)"},{"key":"6_CR3","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"28","DOI":"10.1007\/978-3-319-04852-9_2","volume-title":"Topics in Cryptology \u2013 CT-RSA 2014","author":"S Bai","year":"2014","unstructured":"Bai, S., Galbraith, S.D.: An improved compression technique for signatures based on learning with errors. In: Benaloh, J. (ed.) CT-RSA 2014. LNCS, vol. 8366, pp. 28\u201347. Springer, Heidelberg (2014)"},{"key":"6_CR4","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"crossref","first-page":"322","DOI":"10.1007\/978-3-319-08344-5_21","volume-title":"Information Security and Privacy","author":"S Bai","year":"2014","unstructured":"Bai, S., Galbraith, S.D.: Lattice decoding attacks on binary LWE. In: Susilo, W., Mu, Y. (eds.) ACISP 2014. LNCS, vol. 8544, pp. 322\u2013337. Springer, Heidelberg (2014)"},{"issue":"5","key":"6_CR5","doi-asserted-by":"publisher","first-page":"1510","DOI":"10.1137\/S0097539796300933","volume":"26","author":"CH Bennett","year":"1997","unstructured":"Bennett, C.H., Bernstein, E., Brassard, G., Vazirani, U.: Strengths and weaknesses of quantum computing. SIAM J. Comput. 26(5), 1510\u20131523 (1997)","journal-title":"SIAM J. Comput."},{"key":"6_CR6","volume-title":"Post-Quantum Cryptography","year":"2008","unstructured":"Bernstein, D.J., Buchmann, J., Dahmen, E. (eds.): Post-Quantum Cryptography. Springer, Heidelberg (2008)"},{"key":"6_CR7","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"81","DOI":"10.1007\/978-3-642-20901-7_5","volume-title":"Coding and Cryptology","author":"DJ Bernstein","year":"2011","unstructured":"Bernstein, D.J., Lange, T., Peters, C., Schwabe, P.: Faster 2-regular information-set decoding. In: Chee, Y.M., Guo, Z., Ling, S., Shao, F., Tang, Y., Wang, H., Xing, C. (eds.) IWCC 2011. LNCS, vol. 6639, pp. 81\u201398. Springer, Heidelberg (2011)"},{"key":"6_CR8","unstructured":"Bertoni, G., Daemen, J., Peeters, M., Assche, G.V.: The Keccak reference, January 2011. http:\/\/keccak.noekeon.org\/"},{"key":"6_CR9","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"47","DOI":"10.1007\/978-3-540-88403-3_4","volume-title":"Post-Quantum Cryptography","author":"B Biswas","year":"2008","unstructured":"Biswas, B., Sendrier, N.: McEliece cryptosystem implementation: theory and practice. In: Buchmann, J., Ding, J. (eds.) PQCrypto 2008. LNCS, vol. 5299, pp. 47\u201362. Springer, Heidelberg (2008)"},{"key":"6_CR10","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"45","DOI":"10.1007\/978-3-540-85053-3_4","volume-title":"Cryptographic Hardware and Embedded Systems \u2013 CHES 2008","author":"A Bogdanov","year":"2008","unstructured":"Bogdanov, A., Eisenbarth, T., Rupp, A., Wolf, C.: Time-area optimized public-key engines: MQ-cryptosystems as replacement for elliptic curves? In: Oswald, E., Rohatgi, P. (eds.) CHES 2008. LNCS, vol. 5154, pp. 45\u201361. Springer, Heidelberg (2008)"},{"key":"6_CR11","unstructured":"Brassard, G., Hoyer, P., Tapp, A.: Quantum algorithm for the collision problem. arXiv preprint quant-ph\/9705002 (1997)"},{"key":"6_CR12","doi-asserted-by":"publisher","DOI":"10.1007\/978-1-4419-9003-7","volume-title":"Introduction to Cryptography","author":"J Buchmann","year":"2004","unstructured":"Buchmann, J.: Introduction to Cryptography. Springer, Heidelberg (2004)"},{"key":"6_CR13","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"363","DOI":"10.1007\/978-3-642-21969-6_23","volume-title":"Progress in Cryptology \u2013 AFRICACRYPT 2011","author":"J Buchmann","year":"2011","unstructured":"Buchmann, J., Dahmen, E., Ereth, S., H\u00fclsing, A., R\u00fcckert, M.: On the security of the Winternitz one-time signature scheme. In: Nitaj, A., Pointcheval, D. (eds.) AFRICACRYPT 2011. LNCS, vol. 6737, pp. 363\u2013378. Springer, Heidelberg (2011)"},{"key":"6_CR14","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"117","DOI":"10.1007\/978-3-642-25405-5_8","volume-title":"Post-Quantum Cryptography","author":"J Buchmann","year":"2011","unstructured":"Buchmann, J., Dahmen, E., H\u00fclsing, A.: XMSS - a practical forward secure signature scheme based on minimal security assumptions. In: Yang, B.-Y. (ed.) PQCrypto 2011. LNCS, vol. 7071, pp. 117\u2013129. Springer, Heidelberg (2011)"},{"key":"6_CR15","first-page":"50","volume-title":"Lecture Notes in Mathematics","author":"J. P. Buhler","year":"1993","unstructured":"Buhler, J.P., Lenstra Jr., H.W., Pomerance, C.: Factoring integers with the number field sieve. In: The Development of the Number Field Sieve, pp. 50\u201394. Springer, Heidelberg (1993)"},{"key":"6_CR16","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"33","DOI":"10.1007\/978-3-642-04138-9_3","volume-title":"Cryptographic Hardware and Embedded Systems - CHES 2009","author":"AI-T Chen","year":"2009","unstructured":"Chen, A.I.-T., Chen, M.-S., Chen, T.-R., Cheng, C.-M., Ding, J., Kuo, E.L.-H., Lee, F.Y.-S., Yang, B.-Y.: SSE implementation of multivariate PKCs on modern x86 CPUs. In: Clavier, C., Gaj, K. (eds.) CHES 2009. LNCS, vol. 5747, pp. 33\u201348. Springer, Heidelberg (2009)"},{"key":"6_CR17","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1007\/978-3-642-25385-0_1","volume-title":"Advances in Cryptology \u2013 ASIACRYPT 2011","author":"Y Chen","year":"2011","unstructured":"Chen, Y., Nguyen, P.Q.: BKZ 2.0: better lattice security estimates. In: Lee, D.H., Wang, X. (eds.) ASIACRYPT 2011. LNCS, vol. 7073, pp. 1\u201320. Springer, Heidelberg (2011)"},{"issue":"6","key":"6_CR18","doi-asserted-by":"publisher","first-page":"644","DOI":"10.1109\/TIT.1976.1055638","volume":"22","author":"W Diffie","year":"1976","unstructured":"Diffie, W., Hellman, M.E.: New directions in cryptography. IEEE Trans. Inf. Theory 22(6), 644\u2013654 (1976)","journal-title":"IEEE Trans. Inf. Theory"},{"key":"6_CR19","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"164","DOI":"10.1007\/11496137_12","volume-title":"Applied Cryptography and Network Security","author":"J Ding","year":"2005","unstructured":"Ding, J., Schmidt, D.: Rainbow, a new multivariable polynomial signature scheme. In: Ioannidis, J., Keromytis, A.D., Yung, M. (eds.) ACNS 2005. LNCS, vol. 3531, pp. 164\u2013175. Springer, Heidelberg (2005)"},{"key":"6_CR20","unstructured":"Ding, J., Yang, B.-Y., Dubois, V., Cheng, C.-M., Chen, O.: Breaking the symmetry: a way to resist the new differential attack (2007). http:\/\/eprint.iacr.org\/2007\/366"},{"key":"6_CR21","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"71","DOI":"10.1007\/3-540-60865-6_44","volume-title":"Fast Software Encryption","author":"H Dobbertin","year":"1996","unstructured":"Dobbertin, H., Bosselaers, A., Preneel, B.: RIPEMD-160: a strengthened version of RIPEMD. In: Gollmann, D. (ed.) FSE 1996. LNCS, vol. 1039, pp. 71\u201382. Springer, Heidelberg (1996)"},{"key":"6_CR22","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"40","DOI":"10.1007\/978-3-642-40041-4_3","volume-title":"Advances in Cryptology \u2013 CRYPTO 2013","author":"L Ducas","year":"2013","unstructured":"Ducas, L., Durmus, A., Lepoint, T., Lyubashevsky, V.: Lattice signatures and bimodal gaussians. In: Canetti, R., Garay, J.A. (eds.) CRYPTO 2013, Part I. LNCS, vol. 8042, pp. 40\u201356. Springer, Heidelberg (2013)"},{"issue":"6\u20137","key":"6_CR23","doi-asserted-by":"publisher","first-page":"467","DOI":"10.1007\/BF02650179","volume":"21","author":"R Feynman","year":"1982","unstructured":"Feynman, R.: Simulating physics with computers. Int. J. Theor. Phys. 21(6\u20137), 467\u2013488 (1982)","journal-title":"Int. J. Theor. Phys."},{"key":"6_CR24","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"186","DOI":"10.1007\/3-540-47721-7_12","volume-title":"Advances in Cryptology - CRYPTO \u201986","author":"A Fiat","year":"1987","unstructured":"Fiat, A., Shamir, A.: How to prove yourself: practical solutions to identification and signature problems. In: Odlyzko, A.M. (ed.) CRYPTO 1986. LNCS, vol. 263, pp. 186\u2013194. Springer, Heidelberg (1987)"},{"key":"6_CR25","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"10","DOI":"10.1007\/3-540-39568-7_2","volume-title":"Advances in Cryptology","author":"T El Gamal","year":"1985","unstructured":"El Gamal, T.: A public key cryptosystem and a signature scheme based on discrete logarithms. In: Blakely, G.R., Chaum, D. (eds.) CRYPTO 1984. LNCS, vol. 196, pp. 10\u201318. Springer, Heidelberg (1985)"},{"key":"6_CR26","volume-title":"Computers and Intractability: A Guide to the Theory of NP-Completeness","author":"MR Garey","year":"1979","unstructured":"Garey, M.R., Johnson, D.S.: Computers and Intractability: A Guide to the Theory of NP-Completeness. W.H. Freeman, New York (1979)"},{"key":"6_CR27","doi-asserted-by":"crossref","unstructured":"Gentry, C.: Fully homomorphic encryption using ideal lattices. In: Proceedings of the Forty-First Annual ACM Symposium on Theory of Computing, STOC 2009, pp. 169\u2013178. ACM, New York (2009)","DOI":"10.1145\/1536414.1536440"},{"key":"6_CR28","doi-asserted-by":"crossref","unstructured":"Grover, L.K.: A fast quantum mechanical algorithm for database search. In: Miller, G.L. (ed.) Proceedings of the Twenty-Eighth Annual ACM Symposium on the Theory of Computing, pp. 212\u2013219. ACM (1996)","DOI":"10.1145\/237814.237866"},{"key":"6_CR29","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"273","DOI":"10.1007\/978-3-642-40349-1_16","volume-title":"Cryptographic Hardware and Embedded Systems - CHES 2013","author":"S Heyse","year":"2013","unstructured":"Heyse, S., von Maurich, I., G\u00fcneysu, T.: Smaller keys for code-based cryptography: QC-MDPC McEliece implementations on embedded devices. In: Bertoni, G., Coron, J.-S. (eds.) CHES 2013. LNCS, vol. 8086, pp. 273\u2013292. Springer, Heidelberg (2013)"},{"key":"6_CR30","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"267","DOI":"10.1007\/BFb0054868","volume-title":"Algorithmic Number Theory","author":"J Hoffstein","year":"1998","unstructured":"Hoffstein, J., Pipher, J., Silverman, J.H.: NTRU: a ring-based public key cryptosystem. In: Buhler, J.P. (ed.) ANTS 1998. LNCS, vol. 1423, pp. 267\u2013288. Springer, Heidelberg (1998)"},{"key":"6_CR31","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"194","DOI":"10.1007\/978-3-642-40588-4_14","volume-title":"Security Engineering and Intelligence Informatics","author":"A H\u00fclsing","year":"2013","unstructured":"H\u00fclsing, A., Rausch, L., Buchmann, J.: Optimal parameters for XMSS $$^{MT}$$ . In: Cuzzocrea, A., Kittl, C., Simos, D.E., Weippl, E., Xu, L. (eds.) CD-ARES Workshops 2013. LNCS, vol. 8128, pp. 194\u2013208. Springer, Heidelberg (2013)"},{"key":"6_CR32","doi-asserted-by":"crossref","unstructured":"Joux, A.: A new index calculus algorithm with complexity l (1\/4+ o (1)) in very small characteristic. IACR Cryptology ePrint Archive 2013:95 (2013)","DOI":"10.1007\/978-3-662-43414-7_18"},{"key":"6_CR33","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"206","DOI":"10.1007\/3-540-48910-X_15","volume-title":"Advances in Cryptology - EUROCRYPT \u201999","author":"A Kipnis","year":"1999","unstructured":"Kipnis, A., Patarin, J., Goubin, L.: Unbalanced oil and vinegar signature schemes. In: Stern, J. (ed.) EUROCRYPT 1999. LNCS, vol. 1592, pp. 206\u2013222. Springer, Heidelberg (1999)"},{"issue":"177","key":"6_CR34","doi-asserted-by":"publisher","first-page":"203","DOI":"10.1090\/S0025-5718-1987-0866109-5","volume":"48","author":"N Koblitz","year":"1987","unstructured":"Koblitz, N.: Elliptic curve cryptosystems. Math. Comput. 48(177), 203\u2013209 (1987)","journal-title":"Math. Comput."},{"key":"6_CR35","unstructured":"Lamport, L.: Constructing Digital Signatures from a One Way Function. Technical report, SRI International Computer Science Laboratory (1979). http:\/\/research.microsoft.com\/en-us\/um\/people\/lamport\/pubs\/dig-sig.pdf"},{"key":"6_CR36","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"474","DOI":"10.1007\/978-3-642-34931-7_27","volume-title":"Progress in Cryptology - INDOCRYPT 2012","author":"G Landais","year":"2012","unstructured":"Landais, G., Sendrier, N.: Implementing CFS. In: Galbraith, S., Nandi, M. (eds.) INDOCRYPT 2012. LNCS, vol. 7668, pp. 474\u2013488. Springer, Heidelberg (2012)"},{"issue":"4","key":"6_CR37","doi-asserted-by":"publisher","first-page":"515","DOI":"10.1007\/BF01457454","volume":"261","author":"A Lenstra","year":"1982","unstructured":"Lenstra, A., Lenstra Jr., H.W., Lov\u00e1sz, L.: Factoring polynomials with rational coefficients. Math. Ann. 261(4), 515\u2013534 (1982)","journal-title":"Math. Ann."},{"key":"6_CR38","unstructured":"Lenstra, A.K.: Key lengths. Technical report. Wiley (2006)"},{"key":"6_CR39","doi-asserted-by":"crossref","unstructured":"Lenstra, A.K., Lenstra Jr., H.W., Manasse, M.S., Pollard, J.M.: The number field sieve. In: Ortiz, H. (ed.) Proceedings of the 22nd Annual ACM Symposium on Theory of Computing, Baltimore, Maryland, USA, 13\u201317 May, pp. 564\u2013572. ACM (1990)","DOI":"10.1145\/100216.100295"},{"key":"6_CR40","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"319","DOI":"10.1007\/978-3-642-19074-2_21","volume-title":"Topics in Cryptology \u2013 CT-RSA 2011","author":"R Lindner","year":"2011","unstructured":"Lindner, R., Peikert, C.: Better key sizes (and attacks) for LWE-based encryption. In: Kiayias, A. (ed.) CT-RSA 2011. LNCS, vol. 6558, pp. 319\u2013339. Springer, Heidelberg (2011)"},{"key":"6_CR41","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"293","DOI":"10.1007\/978-3-642-36095-4_19","volume-title":"Topics in Cryptology \u2013 CT-RSA 2013","author":"M Liu","year":"2013","unstructured":"Liu, M., Nguyen, P.Q.: Solving BDD by enumeration: an update. In: Dawson, E. (ed.) CT-RSA 2013. LNCS, vol. 7779, pp. 293\u2013309. Springer, Heidelberg (2013)"},{"key":"6_CR42","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"144","DOI":"10.1007\/11787006_13","volume-title":"Automata, Languages and Programming","author":"V Lyubashevsky","year":"2006","unstructured":"Lyubashevsky, V., Micciancio, D.: Generalized compact knapsacks are collision resistant. In: Bugliesi, M., Preneel, B., Sassone, V., Wegener, I. (eds.) ICALP 2006. LNCS, vol. 4052, pp. 144\u2013155. Springer, Heidelberg (2006)"},{"key":"6_CR43","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1007\/978-3-642-13190-5_1","volume-title":"Advances in Cryptology \u2013 EUROCRYPT 2010","author":"V Lyubashevsky","year":"2010","unstructured":"Lyubashevsky, V., Peikert, C., Regev, O.: On ideal lattices and learning with errors over rings. In: Gilbert, H. (ed.) EUROCRYPT 2010. LNCS, vol. 6110, pp. 1\u201323. Springer, Heidelberg (2010)"},{"key":"6_CR44","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"419","DOI":"10.1007\/3-540-45961-8_39","volume-title":"Advances in Cryptology - EUROCRYPT \u201988","author":"T Matsumoto","year":"1988","unstructured":"Matsumoto, T., Imai, H.: Public quadratic polynomial-tuples for efficient signature-verification and message-encryption. In: G\u00fcnther, C.G. (ed.) EUROCRYPT 1988. LNCS, vol. 330, pp. 419\u2013453. Springer, Heidelberg (1988)"},{"key":"6_CR45","first-page":"114","volume":"44","author":"RJ McEliece","year":"1978","unstructured":"McEliece, R.J.: A public-key cryptosystem based on algebraic coding theory. Deep Space Network Progress Report 44, 114\u2013116 (1978)","journal-title":"Deep Space Network Progress Report"},{"key":"6_CR46","unstructured":"McGrew, D., Curcio, M.: Hash-Based Signatures. Internet Engineering Task Force (2014) (Internet-Draft)"},{"issue":"7","key":"6_CR47","doi-asserted-by":"publisher","first-page":"4833","DOI":"10.1109\/TIT.2011.2145950","volume":"57","author":"CA Melchor","year":"2011","unstructured":"Melchor, C.A., Cayrel, P., Gaborit, P., Laguillaumie, F.: A new efficient threshold ring signature scheme based on coding theory. IEEE Trans. Inf. Theory 57(7), 4833\u20134842 (2011)","journal-title":"IEEE Trans. Inf. Theory"},{"key":"6_CR48","volume-title":"Handbook of Applied Cryptography","author":"AJ Menezes","year":"2010","unstructured":"Menezes, A.J., Van Oorschot, P.C., Vanstone, S.A.: Handbook of Applied Cryptography. CRC Press, Boca Raton (2010)"},{"key":"6_CR49","unstructured":"Merkle, R.C.: Secrecy, authentication and public key systems. Ph.D. thesis, Stanford University (1979)"},{"key":"6_CR50","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"crossref","first-page":"218","DOI":"10.1007\/0-387-34805-0_21","volume-title":"Advances in Cryptology - CRYPTO \u201989","author":"RC Merkle","year":"1990","unstructured":"Merkle, R.C.: A certified digital signature. In: Brassard, G. (ed.) CRYPTO 1989. LNCS, vol. 435, pp. 218\u2013238. Springer, Heidelberg (1990)"},{"issue":"3","key":"6_CR51","doi-asserted-by":"publisher","first-page":"1212","DOI":"10.1109\/18.915688","volume":"47","author":"D Micciancio","year":"2001","unstructured":"Micciancio, D.: The hardness of the closest vector problem with preprocessing. IEEE Trans. Inf. Theory 47(3), 1212\u20131215 (2001)","journal-title":"IEEE Trans. Inf. Theory"},{"key":"6_CR52","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"crossref","first-page":"417","DOI":"10.1007\/3-540-39799-X_31","volume-title":"Advances in Cryptology","author":"VS Miller","year":"1986","unstructured":"Miller, V.S.: Use of elliptic curves in cryptography. In: Williams, H.C. (ed.) CRYPTO 1985. LNCS, vol. 218, pp. 417\u2013426. Springer, Heidelberg (1986)"},{"key":"6_CR53","doi-asserted-by":"crossref","unstructured":"Misoczki, R., Tillich, J., Sendrier, N., Barreto, P.S.L.M.: MDPC-McEliece: new McEliece variants from moderate density parity-check codes. In: Proceedings of ISIT, pp. 2069\u20132073. IEEE (2013)","DOI":"10.1109\/ISIT.2013.6620590"},{"issue":"129","key":"6_CR54","first-page":"183","volume":"29","author":"MA Morrison","year":"1975","unstructured":"Morrison, M.A., Brillhart, J.: A method of factoring and the factorization of F7. Math. Comput. 29(129), 183\u2013205 (1975)","journal-title":"Math. Comput."},{"key":"6_CR55","unstructured":"Patarin, J.: The oil and vinegar signature scheme. Dagstuhl Workshop on Cryptography, September 1997"},{"key":"6_CR56","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"174","DOI":"10.1007\/978-3-642-38616-9_12","volume-title":"Post-Quantum Cryptography","author":"E Persichetti","year":"2013","unstructured":"Persichetti, E.: Secure and anonymous hybrid encryption from coding theory. In: Gaborit, P. (ed.) PQCrypto 2013. LNCS, vol. 7932, pp. 174\u2013187. Springer, Heidelberg (2013)"},{"key":"6_CR57","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"81","DOI":"10.1007\/978-3-642-12929-2_7","volume-title":"Post-Quantum Cryptography","author":"C Peters","year":"2010","unstructured":"Peters, C.: Information-set decoding for linear codes over F $$_{\\mathit{q}}$$ . In: Sendrier, N. (ed.) PQCrypto 2010. LNCS, vol. 6061, pp. 81\u201394. Springer, Heidelberg (2010)"},{"key":"6_CR58","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"33","DOI":"10.1007\/978-3-642-17401-8_4","volume-title":"Progress in Cryptology - INDOCRYPT 2010","author":"A Petzoldt","year":"2010","unstructured":"Petzoldt, A., Bulygin, S., Buchmann, J.: CyclicRainbow \u2013 a multivariate signature scheme with a partially cyclic public key. In: Gong, G., Gupta, K.C. (eds.) INDOCRYPT 2010. LNCS, vol. 6498, pp. 33\u201348. Springer, Heidelberg (2010)"},{"key":"6_CR59","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"335","DOI":"10.1007\/978-3-642-19379-8_21","volume-title":"Public Key Cryptography \u2013 PKC 2011","author":"A Petzoldt","year":"2011","unstructured":"Petzoldt, A., Bulygin, S., Buchmann, J.: Linear recurring sequences for the UOV key generation. In: Catalano, D., Fazio, N., Gennaro, R., Nicolosi, A. (eds.) PKC 2011. LNCS, vol. 6571, pp. 335\u2013350. Springer, Heidelberg (2011)"},{"key":"6_CR60","doi-asserted-by":"crossref","unstructured":"Petzoldt, A., Bulygin, S., Buchmann, J.: A multivariate threshold ring signature scheme. In: AAECC (2012)","DOI":"10.1007\/s00200-013-0190-3"},{"key":"6_CR61","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"311","DOI":"10.1007\/978-3-662-48797-6_14","volume-title":"Advances in Cryptology \u2013 ASIACRYPT 2015","author":"A Petzoldt","year":"2015","unstructured":"Petzoldt, A., Chen, M.-S., Yang, B.-Y., Tao, C., Ding, J.: Design principles for HFEv- based multivariate signature schemes. In: Iwata, T., Cheon, J.H. (eds.) ASIACRYPT 2015, Part I. LNCS, vol. 9452, pp. 311\u2013334. Springer, Heidelberg (2015). doi: 10.1007\/978-3-662-48797-6_14"},{"key":"6_CR62","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"169","DOI":"10.1007\/3-540-39757-4_17","volume-title":"Advances in Cryptology","author":"C Pomerance","year":"1985","unstructured":"Pomerance, C.: The quadratic sieve factoring algorithm. In: Beth, T., Cot, N., Ingemarsson, I. (eds.) EUROCRYPT 1984. LNCS, vol. 209, pp. 169\u2013182. Springer, Heidelberg (1985)"},{"key":"6_CR63","doi-asserted-by":"crossref","unstructured":"Regev, O.: On lattices, learning with errors, random linear codes, and cryptography. In: Proceedings of the Thirty-Seventh Annual ACM Symposium on Theory of Computing, STOC 2005, pp. 84\u201393. ACM, New York (2005)","DOI":"10.1145\/1060590.1060603"},{"issue":"2","key":"6_CR64","doi-asserted-by":"publisher","first-page":"120","DOI":"10.1145\/359340.359342","volume":"21","author":"RL Rivest","year":"1978","unstructured":"Rivest, R.L., Shamir, A., Adleman, L.M.: A method for obtaining digital signatures and public-key cryptosystems. Commun. ACM 21(2), 120\u2013126 (1978)","journal-title":"Commun. ACM"},{"key":"6_CR65","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"371","DOI":"10.1007\/978-3-540-25937-4_24","volume-title":"Fast Software Encryption","author":"P Rogaway","year":"2004","unstructured":"Rogaway, P., Shrimpton, T.: Cryptographic hash-function basics: definitions, implications, and separations for preimage resistance, second-preimage resistance, and collision resistance. In: Roy, B., Meier, W. (eds.) FSE 2004. LNCS, vol. 3017, pp. 371\u2013388. Springer, Heidelberg (2004)"},{"issue":"6160","key":"6_CR66","doi-asserted-by":"publisher","first-page":"830","DOI":"10.1126\/science.1239584","volume":"342","author":"K Saeedi","year":"2013","unstructured":"Saeedi, K., Simmons, S., Salvail, J.Z., Dluhy, P., Riemann, H., Abrosimov, N.V., Becker, P., Pohl, H.-J., Morton, J.J.L., Thewalt, M.L.W.: Room-temperature quantum bit storage exceeding 39 minutes using ionized donors in silicon-28. Science 342(6160), 830\u2013833 (2013)","journal-title":"Science"},{"key":"6_CR67","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"706","DOI":"10.1007\/978-3-642-22792-9_40","volume-title":"Advances in Cryptology \u2013 CRYPTO 2011","author":"K Sakumoto","year":"2011","unstructured":"Sakumoto, K., Shirai, T., Hiwatari, H.: Public-key identification schemes based on multivariate quadratic polynomials. In: Rogaway, P. (ed.) CRYPTO 2011. LNCS, vol. 6841, pp. 706\u2013723. Springer, Heidelberg (2011)"},{"issue":"5","key":"6_CR68","doi-asserted-by":"publisher","first-page":"1484","DOI":"10.1137\/S0097539795293172","volume":"26","author":"PW Shor","year":"1997","unstructured":"Shor, P.W.: Polynomial-time algorithms for prime factorization and discrete logarithms on a quantum computer. SIAM J. Comput. 26(5), 1484\u20131509 (1997)","journal-title":"SIAM J. Comput."},{"key":"6_CR69","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"27","DOI":"10.1007\/978-3-642-20465-4_4","volume-title":"Advances in Cryptology \u2013 EUROCRYPT 2011","author":"D Stehl\u00e9","year":"2011","unstructured":"Stehl\u00e9, D., Steinfeld, R.: Making NTRU as secure as worst-case problems over ideal lattices. In: Paterson, K.G. (ed.) EUROCRYPT 2011. LNCS, vol. 6632, pp. 27\u201347. Springer, Heidelberg (2011)"},{"key":"6_CR70","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"13","DOI":"10.1007\/3-540-48329-2_2","volume-title":"Advances in Cryptology - CRYPTO \u201993","author":"J Stern","year":"1994","unstructured":"Stern, J.: A new identification scheme based on syndrome decoding. In: Stinson, D.R. (ed.) CRYPTO 1993. LNCS, vol. 773, pp. 13\u201321. Springer, Heidelberg (1994)"},{"key":"6_CR71","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"231","DOI":"10.1007\/978-3-642-38616-9_16","volume-title":"Post-Quantum Cryptography","author":"C Tao","year":"2013","unstructured":"Tao, C., Diene, A., Tang, S., Ding, J.: Simple matrix scheme for encryption. In: Gaborit, P. (ed.) PQCrypto 2013. LNCS, vol. 7932, pp. 231\u2013242. Springer, Heidelberg (2013)"},{"key":"6_CR72","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"19","DOI":"10.1007\/11426639_2","volume-title":"Advances in Cryptology \u2013 EUROCRYPT 2005","author":"X Wang","year":"2005","unstructured":"Wang, X., Yu, H.: How to break MD5 and other hash functions. In: Cramer, R. (ed.) EUROCRYPT 2005. LNCS, vol. 3494, pp. 19\u201335. Springer, Heidelberg (2005)"},{"key":"6_CR73","unstructured":"Wikipedia: Timeline of quantum computing \u2013 wikipedia, the free encyclopedia (2014). http:\/\/en.wikipedia.org\/w\/index.php?title=Timeline_of_quantum_computing&oldid=613219069 . (Accessed 25 September 2014)"}],"container-title":["Lecture Notes in Computer Science","The New Codebreakers"],"original-title":[],"link":[{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-662-49301-4_6","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2022,6,15]],"date-time":"2022-06-15T14:22:58Z","timestamp":1655302978000},"score":1,"resource":{"primary":{"URL":"http:\/\/link.springer.com\/10.1007\/978-3-662-49301-4_6"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2016]]},"ISBN":["9783662493007","9783662493014"],"references-count":73,"URL":"https:\/\/doi.org\/10.1007\/978-3-662-49301-4_6","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"value":"0302-9743","type":"print"},{"value":"1611-3349","type":"electronic"}],"subject":[],"published":{"date-parts":[[2016]]}}}