{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,4,9]],"date-time":"2026-04-09T22:34:18Z","timestamp":1775774058271,"version":"3.50.1"},"publisher-location":"Singapore","reference-count":38,"publisher":"Springer Nature Singapore","isbn-type":[{"value":"9789819609437","type":"print"},{"value":"9789819609444","type":"electronic"}],"license":[{"start":{"date-parts":[[2024,12,12]],"date-time":"2024-12-12T00:00:00Z","timestamp":1733961600000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"},{"start":{"date-parts":[[2024,12,12]],"date-time":"2024-12-12T00:00:00Z","timestamp":1733961600000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2025]]},"DOI":"10.1007\/978-981-96-0944-4_1","type":"book-chapter","created":{"date-parts":[[2024,12,11]],"date-time":"2024-12-11T05:55:03Z","timestamp":1733896503000},"page":"3-34","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":3,"title":["Attacking ECDSA with\u00a0Nonce Leakage by\u00a0Lattice Sieving: Bridging the\u00a0Gap with\u00a0Fourier Analysis-Based Attacks"],"prefix":"10.1007","author":[{"given":"Yiming","family":"Gao","sequence":"first","affiliation":[]},{"given":"Jinghui","family":"Wang","sequence":"additional","affiliation":[]},{"given":"Honggang","family":"Hu","sequence":"additional","affiliation":[]},{"given":"Binang","family":"He","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2024,12,12]]},"reference":[{"key":"1_CR1","doi-asserted-by":"publisher","unstructured":"Ajtai, M., Kumar, R., Sivakumar, D.: A sieve algorithm for the shortest lattice vector problem. In: 33rd ACM STOC. pp. 601\u2013610. (2001). https:\/\/doi.org\/10.1145\/380752.380857","DOI":"10.1145\/380752.380857"},{"key":"1_CR2","doi-asserted-by":"publisher","unstructured":"Albrecht, M.R., Ducas, L., Herold, G., Kirshanova, E., Postlethwaite, E.W., Stevens, M.: The general sieve kernel and new records in lattice reduction. In: Ishai, Y., Rijmen, V. (eds.) EUROCRYPT 2019. LNCS, vol. 11477, pp. 717-746. Springer, Cham (2019). https:\/\/doi.org\/10.1007\/978-3-030-17656-3_25","DOI":"10.1007\/978-3-030-17656-3_25"},{"key":"1_CR3","doi-asserted-by":"publisher","unstructured":"Albrecht, M.R., Heninger, N.: On bounded distance decoding with predicate: Breaking the \u201clattice barrier\u201d for the hidden number problem. In: Canteaut, A., Standaert, FX. (eds.) EUROCRYPT 2021. LNCS, vol. 12696, pp. 528-558. Springer, Cham (2021). https:\/\/doi.org\/10.1007\/978-3-030-77870-5_19","DOI":"10.1007\/978-3-030-77870-5_19"},{"key":"1_CR4","unstructured":"Albrecht, M.R., Heninger, N.: Bounded distance decoding with predicate sourcecode (2020). https:\/\/github.com\/malb\/bdd-predicate"},{"key":"1_CR5","doi-asserted-by":"publisher","unstructured":"Aranha, D.F., Fouque, PA., G\u00e9rard, B., Kammerer, JG., Tibouchi, M., Zapalowicz, JC.: GLV\/GLS decomposition, power analysis, and attacks on ECDSA signatures with single-bit nonce bias. In: Sarkar, P., Iwata, T. (eds.) ASIACRYPT 2014. LNCS, vol. 8873, pp. 262-281. Springer, Berlin, Heidelberg (2014). https:\/\/doi.org\/10.1007\/978-3-662-45611-8_14","DOI":"10.1007\/978-3-662-45611-8_14"},{"key":"1_CR6","doi-asserted-by":"publisher","unstructured":"Aranha, D.F., Novaes, F.R., Takahashi, A., Tibouchi, M., Yarom, Y.: LadderLeak: Breaking ECDSA with less than one bit of nonce leakage. In: Ligatti, J., Ou, X., Katz, J., Vigna, G. (eds.) ACM CCS 2020, pp. 225-242. ACM Press (2020). https:\/\/doi.org\/10.1145\/3372297.3417268","DOI":"10.1145\/3372297.3417268"},{"key":"1_CR7","doi-asserted-by":"publisher","unstructured":"Babai, L.: On Lov\u00e1sz lattice reduction and the nearest lattice point problem. Combinatorica 6, 1-13 (1986). https:\/\/doi.org\/10.1007\/BF02579403","DOI":"10.1007\/BF02579403"},{"key":"1_CR8","doi-asserted-by":"publisher","unstructured":"Becker, A., Ducas, L., Gama, N., Laarhoven, T.: New directions in nearest neighbor searching with applications to lattice sieving. In: Krauthgamer, R. (ed.) 27th SODA, pp. 10-24. ACM-SIAM (2016).https:\/\/doi.org\/10.1137\/1.9781611974331.ch2","DOI":"10.1137\/1.9781611974331.ch2"},{"key":"1_CR9","unstructured":"Becker, A., Gama, N., Joux, A.: Speeding-up lattice sieving without increasing the memory, using sub-quadratic nearest neighbor search. Cryptology ePrint Archive, Report 2015\/522 (2015). http:\/\/eprint.iacr.org\/2015\/522"},{"key":"1_CR10","unstructured":"Bleichenbacher, D.: On the generation of one-time keys in DL signature schemes. Presentation at IEEE P1363 Working Group Meeting (2000)"},{"key":"1_CR11","unstructured":"Bleichenbacher, D.: Experiments with DSA. Rump session at CRYPTO (2005). https:\/\/www.iacr.org\/conferences\/crypto2005\/r\/3.pdf"},{"key":"1_CR12","doi-asserted-by":"publisher","unstructured":"Boneh, D., Venkatesan, R.: Hardness of computing the most significant bits of secret keys in Diffie-Hellman and related schemes. In: Koblitz, N. (ed.) CRYPTO 96. LNCS, vol. 1109, pp. 129-142. Springer, Heidelberg (1996). https:\/\/doi.org\/10.1007\/3-540-68697-5_11","DOI":"10.1007\/3-540-68697-5_11"},{"key":"1_CR13","doi-asserted-by":"publisher","unstructured":"Breitner, J., Heninger, N.: Biased nonce sense: Lattice attacks against weak ECDSA signatures in cryptocurrencies. In: Goldberg, I., Moore, T. (eds.) FC 2019. LNCS, vol. 11598, pp. 3-20. Springer, Heidelberg (2019). https:\/\/doi.org\/10.1007\/978-3-030-32101-7_1","DOI":"10.1007\/978-3-030-32101-7_1"},{"key":"1_CR14","doi-asserted-by":"publisher","unstructured":"De Mulder, E., Hutter, M., Marson, M.E., Pearson, P.: Using Bleichenbacher\u2019s solution to the hidden number problem to attack nonce leaks in 384-bit ECDSA. In: Bertoni, G., Coron, J.S. (eds.) CHES 2013. LNCS, vol. 8086, pp. 435-452. Springer, Heidelberg (2013). https:\/\/doi.org\/10.1007\/978-3-642-40349-1_25","DOI":"10.1007\/978-3-642-40349-1_25"},{"key":"1_CR15","doi-asserted-by":"publisher","unstructured":"Ducas, L.: Shortest vector from lattice sieving: A few dimensions for free. In: Nielsen, J.B., Rijmen, V. (eds.) EUROCRYPT 2018. LNCS, vol. 10820, pp. 125-145. Springer, Heidelberg (2018). https:\/\/doi.org\/10.1007\/978-3-319-78381-9_5","DOI":"10.1007\/978-3-319-78381-9_5"},{"key":"1_CR16","doi-asserted-by":"publisher","unstructured":"Ducas, L., Stevens, M., van Woerden, W.: Advanced lattice sieving on GPUs, with tensor cores. In: Canteaut, A., Standaert, F.-X. (eds.) EUROCRYPT 2021. LNCS, vol. 12697, pp. 249-279. Springer, Cham (2021). https:\/\/doi.org\/10.1007\/978-3-030-77886-6_9","DOI":"10.1007\/978-3-030-77886-6_9"},{"key":"1_CR17","doi-asserted-by":"crossref","unstructured":"Fincke, U., Pohst, M.: Improved methods for calculating vectors of short length in a lattice, including a complexity analysis. Mathematics of Computation 44(170), 463-471 (1985)","DOI":"10.1090\/S0025-5718-1985-0777278-8"},{"key":"1_CR18","doi-asserted-by":"publisher","unstructured":"Fitzpatrick, R., Bischof, C., Buchmann, J., Dagdelen, \u00d6., G\u00f6pfert, F., Mariano, A., Yang, B.-Y.: Tuning GaussSieve for speed. In: LATINCRYPT 2014. LCNS, vol. 8895, pp. 288-305. Springer, Cham (2014). https:\/\/doi.org\/10.1007\/978-3-319-16295-9_16","DOI":"10.1007\/978-3-319-16295-9_16"},{"key":"1_CR19","doi-asserted-by":"publisher","unstructured":"Gama, N., Nguyen, P.Q., Regev, O.: Lattice enumeration using extreme pruning. In: Gilbert, H. (ed.) EUROCRYPT 2010. LNCS, vol. 6110, pp. 257-278. Springer, Heidelberg (2010). https:\/\/doi.org\/10.1007\/978-3-642-13190-5_13","DOI":"10.1007\/978-3-642-13190-5_13"},{"key":"1_CR20","unstructured":"Heninger, N.: Using Lattices for Cryptanalysis. (2020). https:\/\/simons.berkeley.edu\/-talks\/using-lattices-cryptanalysis"},{"key":"1_CR21","doi-asserted-by":"publisher","unstructured":"Herold, G., Kirshanova, E., Laarhoven, T. : Speed-ups and time-memory trade-offs for tuple lattice sieving. In: Abdalla, M., Dahab, R. (eds.) PKC 2018. LNCS, vol 10769, pp.407-436. Springer, Cham (2018). https:\/\/doi.org\/10.1007\/978-3-319-76578-5_14","DOI":"10.1007\/978-3-319-76578-5_14"},{"key":"1_CR22","doi-asserted-by":"publisher","unstructured":"Jancar, J., Sedlacek, V., Svenda, P., Sys, M.: Minerva: The curse of ECDSA nonces. IACR TCHES 2020(4), 281-308 (2020). https:\/\/doi.org\/10.13154\/tches.v2020.i4.281-308","DOI":"10.13154\/tches.v2020.i4.281-308"},{"key":"1_CR23","doi-asserted-by":"publisher","unstructured":"Kannan, R.: Minkowski\u2019s convex body theorem and integer programming. Math. Oper. Res. 12(3), 415-440 (1987). https:\/\/doi.org\/10.1287\/moor.12.3.415","DOI":"10.1287\/moor.12.3.415"},{"key":"1_CR24","doi-asserted-by":"publisher","unstructured":"Laarhoven, T.: Sieving for shortest vectors in lattices using angular locality-sensitive hashing. In: Gennaro, R., Robshaw, M. (eds.) CRYPTO 2015. LNCS, vol. 9215, pp. 3-22. Springer, Heidelberg (2015). https:\/\/doi.org\/10.1007\/978-3-662-47989-6_1","DOI":"10.1007\/978-3-662-47989-6_1"},{"key":"1_CR25","doi-asserted-by":"publisher","unstructured":"Laarhoven, T., Mariano, A.: Progressive lattice sieving. In: Lange, T., Steinwandt, R. (eds.) PQCrypto 2018. LNCS, vol. 10786, pp. 292-311. Springer, Heidelberg (2018). https:\/\/doi.org\/10.1007\/978-3-319-79063-3_14","DOI":"10.1007\/978-3-319-79063-3_14"},{"key":"1_CR26","doi-asserted-by":"crossref","unstructured":"Lenstra, A.K., Lenstra Jr., H.W., Lov\u00e1sz, L.: Factoring polynomials with rational coefficients. Mathematische Annalen 261, 366-389 (1982). https:\/\/infoscience.epfl.ch\/record\/164484\/files\/nscan4.PDF","DOI":"10.1007\/BF01457454"},{"key":"1_CR27","doi-asserted-by":"publisher","unstructured":"Micciancio, D., Voulgaris, P.: Faster exponential time algorithms for the shortest vector problem. In: Charika, M. (ed.) 21st SODA. pp. 1468-1480. ACM-SIAM (2010). https:\/\/doi.org\/10.1137\/1.9781611973075.119","DOI":"10.1137\/1.9781611973075.119"},{"key":"1_CR28","unstructured":"Moghimi, D., Sunar, B., Eisenbarth, T., Heninger, N.: TPM-FAIL: TPM meets timing and lattice attacks. In: Capkun, S., Roesner, F. (eds.): USENIX Security 2020. pp. 2057-2073. (2020). https:\/\/www.usenix.org\/system\/files\/sec20-moghimi-tpm.pdf"},{"key":"1_CR29","doi-asserted-by":"publisher","unstructured":"Nguyen, P.Q., Shparlinski, I.: The insecurity of the digital signature algorithm with partially known nonces. Journal of Cryptology 15(3), 151-176 (2002). https:\/\/doi.org\/10.1007\/s00145-002-0021-3","DOI":"10.1007\/s00145-002-0021-3"},{"key":"1_CR30","doi-asserted-by":"publisher","unstructured":"Nguyen, P.Q., Vidick, T.: Sieve algorithms for the shortest vector problem are practical. J. of Mathematical Cryptology 2(2), 181-207 (2008). https:\/\/doi.org\/10.1515\/JMC.2008.009","DOI":"10.1515\/JMC.2008.009"},{"key":"1_CR31","doi-asserted-by":"crossref","unstructured":"Ryan, K.: Return of the hidden number problem. IACR TCHES 2019(1), 146-168 (2018). https:\/\/tches.iacr.org\/index.php\/TCHES\/article\/view\/7337","DOI":"10.46586\/tches.v2019.i1.146-168"},{"key":"1_CR32","doi-asserted-by":"publisher","unstructured":"Schnorr, C.P. : Lattice reduction by random sampling and birthday methods. In: Alt, H., Habib, M. (eds.) STACS 2003. LNCS, vol. 2607, pp. 145-156. Springer, Berlin, Heidelberg (2003). https:\/\/doi.org\/10.1007\/3-540-36494-3_14","DOI":"10.1007\/3-540-36494-3_14"},{"key":"1_CR33","doi-asserted-by":"publisher","unstructured":"Schnorr, C., Euchner, M.: Lattice basis reduction: Improved practical algorithms and solving subset sum problems. Math. Program. 66, 181-199 (1994). https:\/\/doi.org\/10.1007\/BF01581144","DOI":"10.1007\/BF01581144"},{"key":"1_CR34","doi-asserted-by":"crossref","unstructured":"Sun, C., Espitau, T., Tibouchi, M., Abe, M.: Guessing bits: Improved lattice attacks on (EC)DSA with nonce leakage. IACR TCHES 2022(1), 391-413 (2022). https:\/\/tches.iacr.org\/index.php\/TCHES\/article\/view\/9302","DOI":"10.46586\/tches.v2022.i1.391-413"},{"key":"1_CR35","doi-asserted-by":"crossref","unstructured":"Takahashi, A., Tibouchi, M., Abe, M.: New Bleichenbacher records: Fault attacks on qDSA signatures. IACR TCHES 2018(3), 331-371 (2018). https:\/\/tches.iacr.org\/index.php\/TCHES\/article\/view\/7278","DOI":"10.46586\/tches.v2018.i3.331-371"},{"key":"1_CR36","unstructured":"The G6K development team: G6K (2020). https:\/\/github.com\/fplll\/g6k"},{"key":"1_CR37","unstructured":"The G6k-GPU-Tensor development team: G6k-GPU-Tensor (2021). https:\/\/github.com\/WvanWoerden\/G6K-GPU-Tensor"},{"key":"1_CR38","doi-asserted-by":"crossref","unstructured":"Xu, L., Dai, Z., Wu, B., Lin, D.: Improved attacks on (EC)DSA with nonce leakage by lattice sieving with predicate. IACR TCHES 2023(2), 568-586 (2023). https:\/\/doi.org\/10.46586\/tches.v2023.i2.568-586","DOI":"10.46586\/tches.v2023.i2.568-586"}],"container-title":["Lecture Notes in Computer Science","Advances in Cryptology \u2013 ASIACRYPT 2024"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/978-981-96-0944-4_1","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2024,12,11]],"date-time":"2024-12-11T06:11:18Z","timestamp":1733897478000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/978-981-96-0944-4_1"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2024,12,12]]},"ISBN":["9789819609437","9789819609444"],"references-count":38,"URL":"https:\/\/doi.org\/10.1007\/978-981-96-0944-4_1","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"value":"0302-9743","type":"print"},{"value":"1611-3349","type":"electronic"}],"subject":[],"published":{"date-parts":[[2024,12,12]]},"assertion":[{"value":"12 December 2024","order":1,"name":"first_online","label":"First Online","group":{"name":"ChapterHistory","label":"Chapter History"}},{"value":"ASIACRYPT","order":1,"name":"conference_acronym","label":"Conference Acronym","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"International Conference on the Theory and Application of Cryptology and Information Security","order":2,"name":"conference_name","label":"Conference Name","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Kolkata","order":3,"name":"conference_city","label":"Conference City","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"India","order":4,"name":"conference_country","label":"Conference Country","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"2024","order":5,"name":"conference_year","label":"Conference Year","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"10 December 2024","order":7,"name":"conference_start_date","label":"Conference Start Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"14 December 2024","order":8,"name":"conference_end_date","label":"Conference End Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"30","order":9,"name":"conference_number","label":"Conference Number","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"asiacrypt2024","order":10,"name":"conference_id","label":"Conference ID","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"https:\/\/asiacrypt.iacr.org\/2024\/","order":11,"name":"conference_url","label":"Conference URL","group":{"name":"ConferenceInfo","label":"Conference Information"}}]}}