{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,5,3]],"date-time":"2026-05-03T20:01:29Z","timestamp":1777838489175,"version":"3.51.4"},"publisher-location":"Singapore","reference-count":55,"publisher":"Springer Nature Singapore","isbn-type":[{"value":"9789819987290","type":"print"},{"value":"9789819987306","type":"electronic"}],"license":[{"start":{"date-parts":[[2023,1,1]],"date-time":"2023-01-01T00:00:00Z","timestamp":1672531200000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"},{"start":{"date-parts":[[2023,1,1]],"date-time":"2023-01-01T00:00:00Z","timestamp":1672531200000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2023]]},"DOI":"10.1007\/978-981-99-8730-6_2","type":"book-chapter","created":{"date-parts":[[2023,12,17]],"date-time":"2023-12-17T07:02:04Z","timestamp":1702796524000},"page":"39-71","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":8,"title":["Solving the\u00a0Hidden Number Problem for\u00a0CSIDH and\u00a0CSURF via\u00a0Automated Coppersmith"],"prefix":"10.1007","author":[{"ORCID":"https:\/\/orcid.org\/0000-0002-1755-8153","authenticated-orcid":false,"given":"Jonas","family":"Meers","sequence":"first","affiliation":[]},{"ORCID":"https:\/\/orcid.org\/0000-0003-3066-0133","authenticated-orcid":false,"given":"Julian","family":"Nowakowski","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2023,12,18]]},"reference":[{"key":"2_CR1","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"411","DOI":"10.1007\/978-3-030-64834-3_14","volume-title":"Advances in Cryptology \u2013 ASIACRYPT 2020","author":"N Alamati","year":"2020","unstructured":"Alamati, N., De Feo, L., Montgomery, H., Patranabis, S.: Cryptographic group actions and applications. In: Moriai, S., Wang, H. (eds.) ASIACRYPT 2020. LNCS, vol. 12492, pp. 411\u2013439. Springer, Cham (2020). https:\/\/doi.org\/10.1007\/978-3-030-64834-3_14"},{"key":"2_CR2","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"262","DOI":"10.1007\/978-3-662-45611-8_14","volume-title":"Advances in Cryptology \u2013 ASIACRYPT 2014","author":"DF Aranha","year":"2014","unstructured":"Aranha, D.F., Fouque, P.-A., G\u00e9rard, B., Kammerer, J.-G., Tibouchi, M., Zapalowicz, J.-C.: GLV\/GLS decomposition, power analysis, and attacks on ECDSA signatures with single-bit nonce bias. In: Sarkar, P., Iwata, T. (eds.) ASIACRYPT 2014. LNCS, vol. 8873, pp. 262\u2013281. Springer, Heidelberg (2014). https:\/\/doi.org\/10.1007\/978-3-662-45611-8_14"},{"key":"2_CR3","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"36","DOI":"10.1007\/3-540-45682-1_3","volume-title":"Advances in Cryptology \u2014 ASIACRYPT 2001","author":"D Boneh","year":"2001","unstructured":"Boneh, D., Halevi, S., Howgrave-Graham, N.: The modular inversion hidden number problem. In: Boyd, C. (ed.) ASIACRYPT 2001. LNCS, vol. 2248, pp. 36\u201351. Springer, Heidelberg (2001). https:\/\/doi.org\/10.1007\/3-540-45682-1_3"},{"key":"2_CR4","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"201","DOI":"10.1007\/3-540-44647-8_12","volume-title":"Advances in Cryptology \u2014 CRYPTO 2001","author":"D Boneh","year":"2001","unstructured":"Boneh, D., Shparlinski, I.E.: On the unpredictability of bits of the elliptic curve Diffie-Hellman scheme. In: Kilian, J. (ed.) CRYPTO 2001. LNCS, vol. 2139, pp. 201\u2013212. Springer, Heidelberg (2001). https:\/\/doi.org\/10.1007\/3-540-44647-8_12"},{"key":"2_CR5","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"129","DOI":"10.1007\/3-540-68697-5_11","volume-title":"Advances in Cryptology \u2014 CRYPTO \u201996","author":"D Boneh","year":"1996","unstructured":"Boneh, D., Venkatesan, R.: Hardness of computing the most significant bits of secret keys in Diffie-Hellman and related schemes. In: Koblitz, N. (ed.) CRYPTO 1996. LNCS, vol. 1109, pp. 129\u2013142. Springer, Heidelberg (1996). https:\/\/doi.org\/10.1007\/3-540-68697-5_11"},{"key":"2_CR6","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"3","DOI":"10.1007\/978-3-030-32101-7_1","volume-title":"Financial Cryptography and Data Security","author":"J Breitner","year":"2019","unstructured":"Breitner, J., Heninger, N.: Biased nonce sense: lattice attacks against weak ECDSA signatures in cryptocurrencies. In: Goldberg, I., Moore, T. (eds.) FC 2019. LNCS, vol. 11598, pp. 3\u201320. Springer, Cham (2019). https:\/\/doi.org\/10.1007\/978-3-030-32101-7_1"},{"key":"2_CR7","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"111","DOI":"10.1007\/978-3-030-44223-1_7","volume-title":"Post-Quantum Cryptography","author":"W Castryck","year":"2020","unstructured":"Castryck, W., Decru, T.: CSIDH on the surface. In: Ding, J., Tillich, J.-P. (eds.) PQCrypto 2020. LNCS, vol. 12100, pp. 111\u2013129. Springer, Cham (2020). https:\/\/doi.org\/10.1007\/978-3-030-44223-1_7"},{"key":"2_CR8","series-title":"LNCS","doi-asserted-by":"publisher","first-page":"423","DOI":"10.1007\/978-3-031-30589-4_15","volume-title":"EUROCRYPT 2023","author":"W Castryck","year":"2023","unstructured":"Castryck, W., Decru, T.: An efficient key recovery attack on SIDH. In: Hazay, C., Stam, M. (eds.) Part V. LNCS, vol. 14008, pp. 423\u2013447. Springer, Heidelberg (2023). https:\/\/doi.org\/10.1007\/978-3-031-30589-4_15"},{"key":"2_CR9","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"493","DOI":"10.1007\/978-3-030-64834-3_17","volume-title":"Advances in Cryptology \u2013 ASIACRYPT 2020","author":"W Castryck","year":"2020","unstructured":"Castryck, W., Decru, T., Vercauteren, F.: Radical isogenies. In: Moriai, S., Wang, H. (eds.) ASIACRYPT 2020. LNCS, vol. 12492, pp. 493\u2013519. Springer, Cham (2020). https:\/\/doi.org\/10.1007\/978-3-030-64834-3_17"},{"key":"2_CR10","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"395","DOI":"10.1007\/978-3-030-03332-3_15","volume-title":"Advances in Cryptology \u2013 ASIACRYPT 2018","author":"W Castryck","year":"2018","unstructured":"Castryck, W., Lange, T., Martindale, C., Panny, L., Renes, J.: CSIDH: an efficient post-quantum commutative group action. In: Peyrin, T., Galbraith, S. (eds.) ASIACRYPT 2018. LNCS, vol. 11274, pp. 395\u2013427. Springer, Cham (2018). https:\/\/doi.org\/10.1007\/978-3-030-03332-3_15"},{"key":"2_CR11","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"523","DOI":"10.1007\/978-3-030-45724-2_18","volume-title":"Advances in Cryptology \u2013 EUROCRYPT 2020","author":"W Castryck","year":"2020","unstructured":"Castryck, W., Panny, L., Vercauteren, F.: Rational isogenies from irrational endomorphisms. In: Canteaut, A., Ishai, Y. (eds.) EUROCRYPT 2020. LNCS, vol. 12106, pp. 523\u2013548. Springer, Cham (2020). https:\/\/doi.org\/10.1007\/978-3-030-45724-2_18"},{"key":"2_CR12","unstructured":"Castryk, W.: CSIDH on the surface (csurf) (2021). https:\/\/homes.esat.kuleuven.be\/~wcastryc\/summer_school_csurf.pdf"},{"key":"2_CR13","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"178","DOI":"10.1007\/3-540-68339-9_16","volume-title":"Advances in Cryptology \u2014 EUROCRYPT \u201996","author":"D Coppersmith","year":"1996","unstructured":"Coppersmith, D.: Finding a small root of a bivariate integer equation; factoring with high bits known. In: Maurer, U. (ed.) EUROCRYPT 1996. LNCS, vol. 1070, pp. 178\u2013189. Springer, Heidelberg (1996). https:\/\/doi.org\/10.1007\/3-540-68339-9_16"},{"key":"2_CR14","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"155","DOI":"10.1007\/3-540-68339-9_14","volume-title":"Advances in Cryptology \u2014 EUROCRYPT \u201996","author":"D Coppersmith","year":"1996","unstructured":"Coppersmith, D.: Finding a small root of a univariate modular equation. In: Maurer, U. (ed.) EUROCRYPT 1996. LNCS, vol. 1070, pp. 155\u2013165. Springer, Heidelberg (1996). https:\/\/doi.org\/10.1007\/3-540-68339-9_14"},{"issue":"4","key":"2_CR15","doi-asserted-by":"publisher","first-page":"233","DOI":"10.1007\/s001459900030","volume":"10","author":"D Coppersmith","year":"1997","unstructured":"Coppersmith, D.: Small solutions to polynomial equations, and low exponent RSA vulnerabilities. J. Cryptol. 10(4), 233\u2013260 (1997). https:\/\/doi.org\/10.1007\/s001459900030","journal-title":"J. Cryptol."},{"key":"2_CR16","unstructured":"Couveignes, J.M.: Hard homogeneous spaces. Cryptology ePrint Archive, Report 2006\/291 (2006). https:\/\/eprint.iacr.org\/2006\/291"},{"key":"2_CR17","doi-asserted-by":"publisher","unstructured":"Dall, F., et al.: CacheQuote: efficiently recovering long-term secrets of SGX EPID via cache attacks. IACR TCHES 2018(2), 171\u2013191 (2018). https:\/\/doi.org\/10.13154\/tches.v2018.i2.171-191, https:\/\/tches.iacr.org\/index.php\/TCHES\/article\/view\/879","DOI":"10.13154\/tches.v2018.i2.171-191"},{"key":"2_CR18","unstructured":"De Feo, L., Jao, D., Pl\u00fbt, J.: Towards quantum-resistant cryptosystems from supersingular elliptic curve isogenies. Cryptology ePrint Archive, Report 2011\/506 (2011). https:\/\/eprint.iacr.org\/2011\/506"},{"key":"2_CR19","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"435","DOI":"10.1007\/978-3-642-40349-1_25","volume-title":"Cryptographic Hardware and Embedded Systems - CHES 2013","author":"E De Mulder","year":"2013","unstructured":"De Mulder, E., Hutter, M., Marson, M.E., Pearson, P.: Using Bleichenbache\u2019s solution to the hidden number problem to attack nonce leaks in 384-Bit ECDSA. In: Bertoni, G., Coron, J.-S. (eds.) CHES 2013. LNCS, vol. 8086, pp. 435\u2013452. Springer, Heidelberg (2013). https:\/\/doi.org\/10.1007\/978-3-642-40349-1_25"},{"key":"2_CR20","series-title":"LNCS","doi-asserted-by":"publisher","first-page":"36","DOI":"10.1007\/978-3-031-22966-4_2","volume-title":"ASIACRYPT 2022","author":"J Duman","year":"2022","unstructured":"Duman, J., Hartmann, D., Kiltz, E., Kunzweiler, S., Lehmann, J., Riepel, D.: Group action key encapsulation and non-interactive key exchange in the QROM. In: Agrawal, S., Lin, D. (eds.) Part II. LNCS, vol. 13792, pp. 36\u201366. Springer, Heidelberg (2022). https:\/\/doi.org\/10.1007\/978-3-031-22966-4_2"},{"key":"2_CR21","unstructured":"Galbraith, S., Panny, L., Smith, B., Vercauteren, F.: Quantum equivalence of the DLP and CDHP for group actions. Cryptology ePrint Archive, Report 2018\/1199 (2018). https:\/\/eprint.iacr.org\/2018\/1199"},{"key":"2_CR22","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"63","DOI":"10.1007\/978-3-662-53887-6_3","volume-title":"Advances in Cryptology \u2013 ASIACRYPT 2016","author":"SD Galbraith","year":"2016","unstructured":"Galbraith, S.D., Petit, C., Shani, B., Ti, Y.B.: On the security of supersingular isogeny cryptosystems. In: Cheon, J.H., Takagi, T. (eds.) ASIACRYPT 2016. LNCS, vol. 10031, pp. 63\u201391. Springer, Heidelberg (2016). https:\/\/doi.org\/10.1007\/978-3-662-53887-6_3"},{"key":"2_CR23","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"403","DOI":"10.1007\/3-540-39799-X_29","volume-title":"Advances in Cryptology \u2014 CRYPTO \u201985 Proceedings","author":"J Hastad","year":"1986","unstructured":"Hastad, J.: N using RSA with low exponent in a public key network. In: Williams, H.C. (ed.) CRYPTO 1985. LNCS, vol. 218, pp. 403\u2013408. Springer, Heidelberg (1986). https:\/\/doi.org\/10.1007\/3-540-39799-X_29"},{"key":"2_CR24","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"487","DOI":"10.1007\/978-3-642-10366-7_29","volume-title":"Advances in Cryptology \u2013 ASIACRYPT 2009","author":"M Herrmann","year":"2009","unstructured":"Herrmann, M., May, A.: Attacking power generators using unravelled linearization: when do we output too much? In: Matsui, M. (ed.) ASIACRYPT 2009. LNCS, vol. 5912, pp. 487\u2013504. Springer, Heidelberg (2009). https:\/\/doi.org\/10.1007\/978-3-642-10366-7_29"},{"key":"2_CR25","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"51","DOI":"10.1007\/3-540-44670-2_6","volume-title":"Cryptography and Lattices","author":"N Howgrave-Graham","year":"2001","unstructured":"Howgrave-Graham, N.: Approximate integer common divisors. In: Silverman, J.H. (ed.) CaLC 2001. LNCS, vol. 2146, pp. 51\u201366. Springer, Heidelberg (2001). https:\/\/doi.org\/10.1007\/3-540-44670-2_6"},{"key":"2_CR26","series-title":"LNCS","doi-asserted-by":"publisher","first-page":"33","DOI":"10.1007\/978-3-540-77026-8_4","volume-title":"INDOCRYPT 2007","author":"D Jao","year":"2007","unstructured":"Jao, D., Jetchev, D., Venkatesan, R.: On the bits of elliptic curve Diffie-Hellman keys. In: Srinathan, K., Rangan, C.P., Yung, M. (eds.) INDOCRYPT 2007. LNCS, vol. 4859, pp. 33\u201347. Springer, Heidelberg (Dec (2007)"},{"key":"2_CR27","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"267","DOI":"10.1007\/11935230_18","volume-title":"Advances in Cryptology \u2013 ASIACRYPT 2006","author":"E Jochemsz","year":"2006","unstructured":"Jochemsz, E., May, A.: A strategy for finding roots of multivariate polynomials with new applications in attacking RSA variants. In: Lai, X., Chen, K. (eds.) ASIACRYPT 2006. LNCS, vol. 4284, pp. 267\u2013282. Springer, Heidelberg (2006). https:\/\/doi.org\/10.1007\/11935230_18"},{"key":"2_CR28","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"58","DOI":"10.1007\/978-3-030-68890-5_4","volume-title":"Information Security and Cryptology \u2013 ICISC 2020","author":"T Kawashima","year":"2021","unstructured":"Kawashima, T., Takashima, K., Aikawa, Y., Takagi, T.: An efficient authenticated key exchange from random self-reducibility on CSIDH. In: Hong, D. (ed.) ICISC 2020. LNCS, vol. 12593, pp. 58\u201384. Springer, Cham (2021). https:\/\/doi.org\/10.1007\/978-3-030-68890-5_4"},{"key":"2_CR29","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"451","DOI":"10.1007\/978-3-030-81652-0_18","volume-title":"Selected Areas in Cryptography","author":"B de Kock","year":"2021","unstructured":"de Kock, B., Gj\u00f8steen, K., Veroni, M.: Practical isogeny-based key-exchange with optimal tightness. In: Dunkelman, O., Jacobson, Jr., M.J., O\u2019Flynn, C. (eds.) SAC 2020. LNCS, vol. 12804, pp. 451\u2013479. Springer, Cham (2021). https:\/\/doi.org\/10.1007\/978-3-030-81652-0_18"},{"key":"2_CR30","doi-asserted-by":"publisher","first-page":"515","DOI":"10.1007\/BF01457454","volume":"261","author":"AK Lenstra","year":"1982","unstructured":"Lenstra, A.K., Lenstra, H.W., Lov\u00e1sz, L.: Factoring polynomials with rational coefficients. Math. Ann. 261, 515\u2013534 (1982)","journal-title":"Math. Ann."},{"key":"2_CR31","series-title":"LNCS","doi-asserted-by":"publisher","first-page":"448","DOI":"10.1007\/978-3-031-30589-4_16","volume-title":"EUROCRYPT 2023","author":"L Maino","year":"2023","unstructured":"Maino, L., Martindale, C., Panny, L., Pope, G., Wesolowski, B.: A direct key recovery attack on SIDH. In: Hazay, C., Stam, M. (eds.) Part V. LNCS, vol. 14008, pp. 448\u2013471. Springer, Heidelberg (2023). https:\/\/doi.org\/10.1007\/978-3-031-30589-4_16"},{"key":"2_CR32","doi-asserted-by":"crossref","unstructured":"May, A.: Lattice-based integer factorisation: an introduction to coppersmith\u2019s method. In: Computational Cryptography: Algorithmic Aspects of Cryptology, pp. 78\u2013105. London Mathematical Society Lecture Note Series, Cambridge University Press (2021)","DOI":"10.1017\/9781108854207.006"},{"key":"2_CR33","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"99","DOI":"10.1007\/978-3-030-92062-3_4","volume-title":"Advances in Cryptology \u2013 ASIACRYPT 2021","author":"A May","year":"2021","unstructured":"May, A., Nowakowski, J., Sarkar, S.: Partial key exposure attack on\u00a0short secret exponent CRT-RSA. In: Tibouchi, M., Wang, H. (eds.) ASIACRYPT 2021. LNCS, vol. 13090, pp. 99\u2013129. Springer, Cham (2021). https:\/\/doi.org\/10.1007\/978-3-030-92062-3_4"},{"key":"2_CR34","series-title":"LNCS","doi-asserted-by":"publisher","first-page":"147","DOI":"10.1007\/978-3-031-07082-2_6","volume-title":"EUROCRYPT 2022","author":"A May","year":"2022","unstructured":"May, A., Nowakowski, J., Sarkar, S.: Approximate divisor multiples - factoring with only a third of the secret CRT-exponents. In: Dunkelman, O., Dziembowski, S. (eds.) Part III. LNCS, vol. 13277, pp. 147\u2013167. Springer, Heidelberg (2022). https:\/\/doi.org\/10.1007\/978-3-031-07082-2_6"},{"key":"2_CR35","unstructured":"Merget, R., Brinkmann, M., Aviram, N., Somorovsky, J., Mittmann, J., Schwenk, J.: Raccoon attack: finding and exploiting most-significant-bit-oracles in TLS-DH(E). In: Bailey, M., Greenstadt, R. (eds.) USENIX Security 2021, pp. 213\u2013230. USENIX Association (2021)"},{"key":"2_CR36","series-title":"LNCS","doi-asserted-by":"publisher","first-page":"3","DOI":"10.1007\/978-3-031-22963-3_1","volume-title":"ASIACRYPT 2022","author":"H Montgomery","year":"2022","unstructured":"Montgomery, H., Zhandry, M.: Full quantum equivalence of group action DLog and CDH, and more. In: Agrawal, S., Lin, D. (eds.) Part I. LNCS, vol. 13791, pp. 3\u201332. Springer, Heidelberg (2022). https:\/\/doi.org\/10.1007\/978-3-031-22963-3_1"},{"key":"2_CR37","doi-asserted-by":"publisher","first-page":"321","DOI":"10.1007\/978-3-0348-8295-8_23","volume-title":"Cryptography and Computational Number Theory","author":"PQ Nguyen","year":"2001","unstructured":"Nguyen, P.Q.: The dark side of the hidden number problem: Lattice attacks on DSA. In: Lam, K.Y., Shparlinski, I., Wang, H., Xing, C. (eds.) Cryptography and Computational Number Theory, vol. 20, pp. 321\u2013330. Birkh\u00e4user Basel, Basel (2001). https:\/\/doi.org\/10.1007\/978-3-0348-8295-8_23"},{"key":"2_CR38","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"131","DOI":"10.1007\/978-3-030-58208-1_8","volume-title":"Advances in Information and Computer Security","author":"H Onuki","year":"2020","unstructured":"Onuki, H., Takagi, T.: On collisions related to an ideal class of order 3 in CSIDH. In: Aoki, K., Kanaoka, A. (eds.) IWSEC 2020. LNCS, vol. 12231, pp. 131\u2013148. Springer, Cham (2020). https:\/\/doi.org\/10.1007\/978-3-030-58208-1_8"},{"key":"2_CR39","unstructured":"Renes, J.: Computing isogenies between Montgomery curves using the action of (0,0). Cryptology ePrint Archive, Report 2017\/1198 (2017). https:\/\/eprint.iacr.org\/2017\/1198"},{"key":"2_CR40","series-title":"LNCS","doi-asserted-by":"publisher","first-page":"472","DOI":"10.1007\/978-3-031-30589-4_17","volume-title":"EUROCRYPT 2023","author":"D Robert","year":"2023","unstructured":"Robert, D.: Breaking SIDH in polynomial time. In: Hazay, C., Stam, M. (eds.) Part V. LNCS, vol. 14008, pp. 472\u2013503. Springer, Heidelberg (2023). https:\/\/doi.org\/10.1007\/978-3-031-30589-4_17"},{"key":"2_CR41","unstructured":"Ryan, K., Heninger, N.: Cryptanalyzing MEGA in six queries. Cryptology ePrint Archive, Report 2022\/914 (2022). https:\/\/eprint.iacr.org\/2022\/914"},{"key":"2_CR42","unstructured":"Ryan, K., Heninger, N.: Fast practical lattice reduction through iterated compression. Cryptology ePrint Archive, Report 2023\/237 (2023). https:\/\/eprint.iacr.org\/2023\/237"},{"issue":"2","key":"2_CR43","doi-asserted-by":"publisher","first-page":"183","DOI":"10.1016\/0097-3165(87)90003-3","volume":"46","author":"R Schoof","year":"1987","unstructured":"Schoof, R.: Nonsingular plane cubic curves over finite fields. J. Comb. Theory, Ser. A 46(2), 183\u2013211 (1987). https:\/\/doi.org\/10.1016\/0097-3165(87)90003-3","journal-title":"J. Comb. Theory, Ser. A"},{"key":"2_CR44","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"361","DOI":"10.1007\/978-3-662-54365-8_15","volume-title":"Public-Key Cryptography \u2013 PKC 2017","author":"B Shani","year":"2017","unstructured":"Shani, B.: On the bit security of elliptic curve Diffie\u2013Hellman. In: Fehr, S. (ed.) PKC 2017. LNCS, vol. 10174, pp. 361\u2013387. Springer, Heidelberg (2017). https:\/\/doi.org\/10.1007\/978-3-662-54365-8_15"},{"key":"2_CR45","doi-asserted-by":"publisher","unstructured":"Shor, P.W.: Algorithms for quantum computation: discrete logarithms and factoring. In: 35th FOCS, pp. 124\u2013134. IEEE Computer Society Press (1994). https:\/\/doi.org\/10.1109\/SFCS.1994.365700","DOI":"10.1109\/SFCS.1994.365700"},{"key":"2_CR46","doi-asserted-by":"publisher","unstructured":"Silverman, J.H.: The Arithmetic of Elliptic Curves. Graduate texts in mathematics, Springer, Dordrecht (2009). https:\/\/doi.org\/10.1007\/978-0-387-09494-6, https:\/\/cds.cern.ch\/record\/1338326","DOI":"10.1007\/978-0-387-09494-6"},{"key":"2_CR47","doi-asserted-by":"publisher","unstructured":"Takahashi, A., Tibouchi, M., Abe, M.: New Bleichenbacher records: fault attacks on qDSA signatures. IACR TCHES 2018(3), 331\u2013371 (2018). https:\/\/doi.org\/10.13154\/tches.v2018.i3.331-371, https:\/\/tches.iacr.org\/index.php\/TCHES\/article\/view\/7278","DOI":"10.13154\/tches.v2018.i3.331-371"},{"key":"2_CR48","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"518","DOI":"10.1007\/978-3-319-28166-7_25","volume-title":"Applied Cryptography and Network Security","author":"A Takayasu","year":"2015","unstructured":"Takayasu, A., Kunihiro, N.: Partial key exposure attacks on CRT-RSA: better cryptanalysis to full size encryption exponents. In: Malkin, T., Kolesnikov, V., Lewko, A.B., Polychronakis, M. (eds.) ACNS 2015. LNCS, vol. 9092, pp. 518\u2013537. Springer, Cham (2015). https:\/\/doi.org\/10.1007\/978-3-319-28166-7_25"},{"key":"2_CR49","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"130","DOI":"10.1007\/978-3-319-56614-6_5","volume-title":"Advances in Cryptology \u2013 EUROCRYPT 2017","author":"A Takayasu","year":"2017","unstructured":"Takayasu, A., Lu, Y., Peng, L.: Small CRT-exponent RSA revisited. In: Coron, J.-S., Nielsen, J.B. (eds.) EUROCRYPT 2017. LNCS, vol. 10211, pp. 130\u2013159. Springer, Cham (2017). https:\/\/doi.org\/10.1007\/978-3-319-56614-6_5"},{"issue":"4","key":"2_CR50","doi-asserted-by":"publisher","first-page":"1337","DOI":"10.1007\/s00145-018-9282-3","volume":"32","author":"A Takayasu","year":"2019","unstructured":"Takayasu, A., Lu, Y., Peng, L.: Small CRT-exponent RSA revisited. J. Cryptol. 32(4), 1337\u20131382 (2019). https:\/\/doi.org\/10.1007\/s00145-018-9282-3","journal-title":"J. Cryptol."},{"key":"2_CR51","first-page":"238","volume":"273","author":"J V\u00e9lu","year":"1971","unstructured":"V\u00e9lu, J.: Isog\u00e9nies entre courbes elliptiques. Comptes-Rendus de l\u2019Acad\u00e9mie des Sci. 273, 238\u2013241 (1971)","journal-title":"Comptes-Rendus de l\u2019Acad\u00e9mie des Sci."},{"key":"2_CR52","series-title":"LNCS","doi-asserted-by":"publisher","first-page":"345","DOI":"10.1007\/978-3-031-07082-2_13","volume-title":"EUROCRYPT 2022","author":"B Wesolowski","year":"2022","unstructured":"Wesolowski, B.: Orientations and the supersingular endomorphism ring problem. In: Dunkelman, O., Dziembowski, S. (eds.) Part III. LNCS, vol. 13277, pp. 345\u2013371. Springer, Heidelberg (2022). https:\/\/doi.org\/10.1007\/978-3-031-07082-2_13"},{"issue":"2","key":"2_CR53","doi-asserted-by":"publisher","first-page":"341","DOI":"10.1007\/s10623-019-00685-y","volume":"88","author":"J Xu","year":"2020","unstructured":"Xu, J., Hu, L., Sarkar, S.: Cryptanalysis of elliptic curve hidden number problem from PKC 2017. Des. Codes Crypt. 88(2), 341\u2013361 (2020). https:\/\/doi.org\/10.1007\/s10623-019-00685-y","journal-title":"Des. Codes Crypt."},{"key":"2_CR54","series-title":"LNCS","doi-asserted-by":"publisher","first-page":"771","DOI":"10.1007\/978-3-031-22969-5_26","volume-title":"ASIACRYPT 2022","author":"J Xu","year":"2022","unstructured":"Xu, J., Sarkar, S., Wang, H., Hu, L.: Improving bounds on elliptic curve hidden number problem for ECDH key exchange. In: Agrawal, S., Lin, D. (eds.) Part III. LNCS, vol. 13793, pp. 771\u2013799. Springer, Heidelberg (2022). https:\/\/doi.org\/10.1007\/978-3-031-22969-5_26"},{"key":"2_CR55","doi-asserted-by":"publisher","unstructured":"Yoneyama, K.: Post-quantum variants of ISO\/IEC standards: compact chosen ciphertext secure key encapsulation mechanism from isogeny. In: Proceedings of the 5th ACM Workshop on Security Standardisation Research Workshop, SSR 2019, pp. 13\u201321. Association for Computing Machinery, New York, NY, USA (2019). https:\/\/doi.org\/10.1145\/3338500.3360336","DOI":"10.1145\/3338500.3360336"}],"container-title":["Lecture Notes in Computer Science","Advances in Cryptology \u2013 ASIACRYPT 2023"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/978-981-99-8730-6_2","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,12,17]],"date-time":"2025-12-17T01:02:28Z","timestamp":1765933348000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/978-981-99-8730-6_2"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2023]]},"ISBN":["9789819987290","9789819987306"],"references-count":55,"URL":"https:\/\/doi.org\/10.1007\/978-981-99-8730-6_2","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"value":"0302-9743","type":"print"},{"value":"1611-3349","type":"electronic"}],"subject":[],"published":{"date-parts":[[2023]]},"assertion":[{"value":"18 December 2023","order":1,"name":"first_online","label":"First Online","group":{"name":"ChapterHistory","label":"Chapter History"}},{"value":"ASIACRYPT","order":1,"name":"conference_acronym","label":"Conference Acronym","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"International Conference on the Theory and Application of Cryptology and Information Security","order":2,"name":"conference_name","label":"Conference Name","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Guangzhou","order":3,"name":"conference_city","label":"Conference City","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"China","order":4,"name":"conference_country","label":"Conference Country","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"2023","order":5,"name":"conference_year","label":"Conference Year","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"4 December 2023","order":7,"name":"conference_start_date","label":"Conference Start Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"8 December 2023","order":8,"name":"conference_end_date","label":"Conference End Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"29","order":9,"name":"conference_number","label":"Conference Number","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"asiacrypt2023","order":10,"name":"conference_id","label":"Conference ID","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"https:\/\/asiacrypt.iacr.org\/2023\/","order":11,"name":"conference_url","label":"Conference URL","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Double-blind","order":1,"name":"type","label":"Type","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"HotCRP","order":2,"name":"conference_management_system","label":"Conference Management System","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"375","order":3,"name":"number_of_submissions_sent_for_review","label":"Number of Submissions Sent for Review","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"106","order":4,"name":"number_of_full_papers_accepted","label":"Number of Full Papers Accepted","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"0","order":5,"name":"number_of_short_papers_accepted","label":"Number of Short Papers Accepted","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"28% - The value is computed by the equation \"Number of Full Papers Accepted \/ Number of Submissions Sent for Review * 100\" and then rounded to a whole number.","order":6,"name":"acceptance_rate_of_full_papers","label":"Acceptance Rate of Full Papers","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"3","order":7,"name":"average_number_of_reviews_per_paper","label":"Average Number of Reviews per Paper","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"12","order":8,"name":"average_number_of_papers_per_reviewer","label":"Average Number of Papers per Reviewer","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"Yes","order":9,"name":"external_reviewers_involved","label":"External Reviewers Involved","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"This content has been made available to all.","name":"free","label":"Free to read"}]}}