{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,3,7]],"date-time":"2026-03-07T14:18:32Z","timestamp":1772893112675,"version":"3.50.1"},"reference-count":56,"publisher":"Springer Science and Business Media LLC","issue":"3","license":[{"start":{"date-parts":[[2015,3,25]],"date-time":"2015-03-25T00:00:00Z","timestamp":1427241600000},"content-version":"tdm","delay-in-days":0,"URL":"http:\/\/www.springer.com\/tdm"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":["J Cryptol"],"published-print":{"date-parts":[[2016,7]]},"DOI":"10.1007\/s00145-015-9203-7","type":"journal-article","created":{"date-parts":[[2015,3,24]],"date-time":"2015-03-24T20:18:00Z","timestamp":1427228280000},"page":"597-631","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":27,"title":["Tightly Secure Signatures From Lossy Identification Schemes"],"prefix":"10.1007","volume":"29","author":[{"given":"Michel","family":"Abdalla","sequence":"first","affiliation":[]},{"given":"Pierre-Alain","family":"Fouque","sequence":"additional","affiliation":[]},{"given":"Vadim","family":"Lyubashevsky","sequence":"additional","affiliation":[]},{"given":"Mehdi","family":"Tibouchi","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2015,3,25]]},"reference":[{"key":"9203_CR1","doi-asserted-by":"crossref","unstructured":"M. Abdalla, J.H. An, M. Bellare, C. Namprempre, From identification to signatures via the Fiat-Shamir transform: minimizing assumptions for security and forward-security, in L.R. Knudsen, editor, Advances in Cryptology\u2014EUROCRYPT\u00a02002, vol. 2332 of Lecture Notes in Computer Science, pp. 418\u2013433, Amsterdam, The Netherlands, April\u00a028\u2013May\u00a02, 2002. Springer, Berlin","DOI":"10.1007\/3-540-46035-7_28"},{"key":"9203_CR2","doi-asserted-by":"crossref","unstructured":"M. Abdalla, P.-A. Fouque, V. Lyubashevsky, M. Tibouchi, Tightly-secure signatures from lossy identification schemes, in D. Pointcheval, T. Johansson, editors, Advances in Cryptology\u2014EUROCRYPT\u00a02012, vol. 7237 of Lecture Notes in Computer Science, pp. 572\u2013590, Cambridge, UK, April\u00a015\u201319, 2012. Springer, Berlin","DOI":"10.1007\/978-3-642-29011-4_34"},{"key":"9203_CR3","doi-asserted-by":"crossref","unstructured":"A. Becker, J.-S\u00e9bastien Coron, A. Joux, Improved generic algorithms for hard knapsacks, in K.G. Paterson, editor, Advances in Cryptology\u2014EUROCRYPT\u00a02011, vol. 6632 of Lecture Notes in Computer Science, pp. 364\u2013385, Tallinn, Estonia, May\u00a015\u201319, 2011. Springer, Berlin","DOI":"10.1007\/978-3-642-20465-4_21"},{"key":"9203_CR4","doi-asserted-by":"crossref","unstructured":"M. Bellare, D. Hofheinz, S. Yilek, Possibility and impossibility results for encryption and commitment secure under selective opening, in A. Joux, editor, Advances in Cryptology\u2014EUROCRYPT\u00a02009, vol. 5479 of Lecture Notes in Computer Science, pp. 1\u201335, Cologne, Germany, April\u00a026\u201330, 2009. Springer, Berlin","DOI":"10.1007\/978-3-642-01001-9_1"},{"key":"9203_CR5","doi-asserted-by":"crossref","unstructured":"M. Bellare, P. Rogaway, The exact security of digital signatures: how to sign with RSA and Rabin, in U.M. Maurer, editor, Advances in Cryptology\u2014EUROCRYPT\u201996, vol. 1070 of Lecture Notes in Computer Science, pp. 399\u2013416, Saragossa, Spain, May\u00a012\u201316, 1996. Springer, Berlin","DOI":"10.1007\/3-540-68339-9_34"},{"key":"9203_CR6","doi-asserted-by":"crossref","unstructured":"M. Bellare, S. Micali, R. Ostrovsky, The (true) complexity of statistical zero knowledge, in 22nd Annual ACM Symposium on Theory of Computing, pp. 494\u2013502, Baltimore, Maryland, USA, May\u00a014\u201316, 1990. ACM Press, New York","DOI":"10.1145\/100216.100285"},{"key":"9203_CR7","doi-asserted-by":"crossref","unstructured":"X. Boyen, Lattice mixing and vanishing trapdoors: a framework for fully secure short signatures and more, in P.Q. Nguyen, D. Pointcheval, editors, PKC\u00a02010: 13th International Conference on Theory and Practice of Public Key Cryptography, vol. 6056 of Lecture Notes in Computer Science, pp. 499\u2013517, Paris, France, May\u00a026\u201328, 2010. Springer, Berlin","DOI":"10.1007\/978-3-642-13013-7_29"},{"key":"9203_CR8","doi-asserted-by":"crossref","unstructured":"D. Cash, D. Hofheinz, E. Kiltz, C. Peikert, Bonsai trees, or how to delegate a lattice basis, in H. Gilbert, editor, Advances in Cryptology\u2014EUROCRYPT\u00a02010, vol. 6110 of Lecture Notes in Computer Science, pp. 523\u2013552, French Riviera, May\u00a030\u2013June\u00a03, 2010. Springer, Berlin","DOI":"10.1007\/978-3-642-13190-5_27"},{"key":"9203_CR9","doi-asserted-by":"crossref","unstructured":"B. Chevallier-Mames, An efficient CDH-based signature scheme with a tight security reduction, in V. Shoup, editor, Advances in Cryptology\u2014CRYPTO\u00a02005, vol. 3621 of Lecture Notes in Computer Science, pp. 511\u2013526, Santa Barbara, CA, USA, August\u00a014\u201318, 2005. Springer, Berlin","DOI":"10.1007\/11535218_31"},{"key":"9203_CR10","doi-asserted-by":"crossref","unstructured":"B. Chor, O. Goldreich, Unbiased bits from sources of weak randomness and probabilistic communication complexity (extended abstract), in 26th Annual Symposium on Foundations of Computer Science, pp. 429\u2013442, Portland, Oregon, October\u00a021\u201323, 1985. IEEE Computer Society Press, Los Alamitos","DOI":"10.1109\/SFCS.1985.62"},{"key":"9203_CR11","unstructured":"R. Cramer, Modular Design of Secure Yet Practical Cryptographic Protocols. PhD thesis, CWI and University of Amsterdam, Amsterdam, The Netherlands, November 1996"},{"issue":"3","key":"9203_CR12","doi-asserted-by":"publisher","first-page":"161","DOI":"10.1145\/357830.357847","volume":"3","author":"R Cramer","year":"2000","unstructured":"Ronald Cramer and Victor Shoup. Signature schemes based on the strong RSA assumption. ACM Transactions on Information and System Security, 3(3):161\u2013185, 2000","journal-title":"ACM Trans. Inf. Syst. Secur."},{"key":"9203_CR13","doi-asserted-by":"crossref","unstructured":"S. Even, O. Goldreich, S. Micali. On-line\/off-line digital schemes, in G. Brassard, editor, Advances in Cryptology\u2014CRYPTO\u201989, vol. 435 of Lecture Notes in Computer Science, pp. 263\u2013275, Santa Barbara, CA, USA, August\u00a020\u201324, 1990. Springer, Berlin","DOI":"10.1007\/0-387-34805-0_24"},{"issue":"1","key":"9203_CR14","doi-asserted-by":"publisher","first-page":"35","DOI":"10.1007\/BF02254791","volume":"9","author":"S Even","year":"1996","unstructured":"Shimon Even, Oded Goldreich, and Silvio Micali. On-line\/off-line digital signatures. Journal of Cryptology, 9(1):35\u201367, 1996","journal-title":"J. Cryptol."},{"issue":"2","key":"9203_CR15","doi-asserted-by":"publisher","first-page":"536","DOI":"10.1137\/0215038","volume":"15","author":"AM Frieze","year":"1986","unstructured":"Alan M. Frieze. On the Lagarias-Odlyzko algorithm for the subset sum problem. SIAM Journal on Computing, 15(2):536\u2013539, 1986","journal-title":"SIAM J. Comput."},{"key":"9203_CR16","doi-asserted-by":"crossref","unstructured":"A. Fiat, A. Shamir, How to prove yourself: practical solutions to identification and signature problems, in A.M. Odlyzko, editor, Advances in Cryptology\u2014CRYPTO\u201986, vol. 263 of Lecture Notes in Computer Science, pages 186\u2013194, Santa Barbara, CA, USA, August 1987. Springer, Berlin","DOI":"10.1007\/3-540-47721-7_12"},{"key":"9203_CR17","doi-asserted-by":"crossref","unstructured":"R. Gennaro, An improved pseudo-random generator based on discrete log, in M. Bellare, editor, Advances in Cryptology\u2014CRYPTO\u00a02000, vol. 1880 of Lecture Notes in Computer Science, pp. 469\u2013481, Santa Barbara, CA, USA, August\u00a020\u201324, 2000. Springer, Berlin","DOI":"10.1007\/3-540-44598-6_29"},{"key":"9203_CR18","doi-asserted-by":"crossref","unstructured":"Rosario Gennaro. An improved pseudo-random generator based on the discrete logarithm problem. Journal of Cryptology, 18(2):91\u2013110, 2005","DOI":"10.1007\/s00145-004-0215-y"},{"key":"9203_CR19","doi-asserted-by":"crossref","unstructured":"R. Gennaro, S. Halevi, T. Rabin, Secure hash-and-sign signatures without the random oracle, in J. Stern, editor, Advances in Cryptology\u2014EUROCRYPT\u201999, vol. 1592 of Lecture Notes in Computer Science, pp. 123\u2013139, Prague, Czech Republic, May\u00a02\u20136, 1999. Springer, Berlin","DOI":"10.1007\/3-540-48910-X_9"},{"key":"9203_CR20","doi-asserted-by":"crossref","unstructured":"M. Girault, An identity-based identification scheme based on discrete logarithms modulo a composite number (rump session), in I. Damg\u00e5rd, editor, Advances in Cryptology\u2014EUROCRYPT\u201990, vol. 473 of Lecture Notes in Computer Science, pp. 481\u2013486, Aarhus, Denmark, May\u00a021\u201324, 1991. Springer, Berlin","DOI":"10.1007\/3-540-46877-3_44"},{"key":"9203_CR21","doi-asserted-by":"crossref","unstructured":"E.-J. Goh, S. Jarecki, A signature scheme as secure as the Diffie-Hellman problem, in E. Biham, editor, Advances in Cryptology\u2014EUROCRYPT\u00a02003, vol. 2656 of Lecture Notes in Computer Science, pp. 401\u2013415, Warsaw, Poland, May\u00a04\u20138, 2003. Springer, Berlin","DOI":"10.1007\/3-540-39200-9_25"},{"key":"9203_CR22","doi-asserted-by":"crossref","unstructured":"Eu-Jin Goh, Stanislaw Jarecki, Jonathan Katz, and Nan Wang. Efficient signature schemes with tight reductions to the Diffie-Hellman problems. Journal of Cryptology, 20(4):493\u2013514, 2007","DOI":"10.1007\/s00145-007-0549-3"},{"key":"9203_CR23","doi-asserted-by":"crossref","unstructured":"R. Gennaro, H. Krawczyk, T. Rabin, Secure Hashed Diffie-Hellman over non-DDH groups, in C. Cachin, J. Camenisch, editors, Advances in Cryptology\u2014EUROCRYPT 2004, vol. 3027 of Lecture Notes in Computer Science, pp. 361\u2013381, Interlaken, Switzerland, May 2\u20136, 2004. Springer, Berlin","DOI":"10.1007\/978-3-540-24676-3_22"},{"issue":"2","key":"9203_CR24","doi-asserted-by":"publisher","first-page":"281","DOI":"10.1137\/0217017","volume":"17","author":"Shafi Goldwasser","year":"1988","unstructured":"Shafi Goldwasser, Silvio Micali, and Ronald L. Rivest. A digital signature scheme secure against adaptive chosen-message attacks. SIAM Journal on Computing, 17(2):281\u2013308, 1988.","journal-title":"SIAM Journal on Computing"},{"issue":"1","key":"9203_CR25","doi-asserted-by":"publisher","first-page":"186","DOI":"10.1137\/0218012","volume":"18","author":"S Goldwasser","year":"1989","unstructured":"Shafi Goldwasser, Silvio Micali, and Charles Rackoff. The knowledge complexity of interactive proof systems. SIAM Journal on Computing, 18(1):186\u2013208, 1989","journal-title":"SIAM J. Comput."},{"key":"9203_CR26","doi-asserted-by":"crossref","unstructured":"Marc Girault, Guillaume Poupard, and Jacques Stern. On the fly authentication and signature schemes based on groups of unknown order. Journal of Cryptology, 19(4):463\u2013487, 2006","DOI":"10.1007\/s00145-006-0224-0"},{"key":"9203_CR27","doi-asserted-by":"crossref","unstructured":"C. Gentry, C. Peikert, V. Vaikuntanathan, Trapdoors for hard lattices and new cryptographic constructions, in R.E. Ladner, C. Dwork, editors, 40th Annual ACM symposium on theory of computing, pp. 197\u2013206, Victoria, British Columbia, Canada, May 17\u201320, 2008. ACM Press, New York","DOI":"10.1145\/1374376.1374407"},{"key":"9203_CR28","doi-asserted-by":"crossref","unstructured":"L.C. Guillou, J.-J. Quisquater, A \"paradoxical\" indentity-based signature scheme resulting from zero-knowledge, in S. Goldwasser, editor, Advances in cryptology\u2014CRYPTO\u201988, vol. 403 of Lecture Notes in Computer Science, pp. 216\u2013231, Santa Barbara, CA, USA, August 21\u201325, 1990. Springer, Berlin","DOI":"10.1007\/0-387-34799-2_16"},{"key":"9203_CR29","doi-asserted-by":"crossref","unstructured":"S. Hohenberger, B. Waters, Short and stateless signatures from the RSA assumption, in S. Halevi, editor, Advances in cryptology\u2014CRYPTO 2009, vol. 5677 of Lecture Notes in Computer Science, pp. 654\u2013670, Santa Barbara, CA, USA, August 16\u201320, 2009. Springer, Berlin","DOI":"10.1007\/978-3-642-03356-8_38"},{"issue":"4","key":"9203_CR30","doi-asserted-by":"publisher","first-page":"199","DOI":"10.1007\/s001459900012","volume":"9","author":"R Impagliazzo","year":"1996","unstructured":"Russell Impagliazzo and Moni Naor. Efficient cryptographic schemes provably as secure as subset sum. Journal of Cryptology, 9(4):199\u2013216, 1996","journal-title":"J. Cryptol."},{"key":"9203_CR31","doi-asserted-by":"crossref","unstructured":"A. Kawachi, K. Tanaka, K. Xagawa, Concurrently secure identification schemes based on the worst-case hardness of lattice problems, in J. Pieprzyk, editor, Advances in Cryptology\u2014ASIACRYPT 2008, vol. 5350 of Lecture Notes in Computer Science, pp. 372\u2013389, Melbourne, Australia, December 7\u201311, 2008. Springer, Berlin","DOI":"10.1007\/978-3-540-89255-7_23"},{"key":"9203_CR32","doi-asserted-by":"crossref","unstructured":"J. Katz, N. Wang, Efficiency improvements for signature schemes with tight security reductions, in S. Jajodia, V. Atluri, T. Jaeger, editors, ACM CCS 03: 10th Conference on Computer and Communications Security, pp. 155\u2013164, Washington, DC, USA, October 27\u201330, 2003. ACM Press, New York","DOI":"10.1145\/948109.948132"},{"key":"9203_CR33","doi-asserted-by":"crossref","unstructured":"T. Koshiba, K. Kurosawa, Short exponent Diffie-Hellman problems, in F. Bao, R. Deng, J. Zhou, editors, PKC 2004: 7th International Workshop on Theory and Practice in Public Key Cryptography, vol. 2947 of Lecture Notes in Computer Science, pp. 173\u2013186, Singapore, March 1\u20134, 2004. Springer, Berlin","DOI":"10.1007\/978-3-540-24632-9_13"},{"key":"9203_CR34","doi-asserted-by":"crossref","unstructured":"J.C. Lagarias, A.M. Odlyzko, Solving low-density subset sum problems, in 24th Annual Symposium on Foundations of Computer Science, pp. 1\u201310, Tucson, Arizona, November 7\u20139, 1983. IEEE Computer Society Press, Los Alamitos","DOI":"10.1109\/SFCS.1983.70"},{"key":"9203_CR35","unstructured":"V. Lyubashevsky, D. Micciancio, Generalized compact Knapsacks are collision resistant, in M. Bugliesi, B. Preneel, V. Sassone, I. Wegener, editors, ICALP 2006: 33rd International Colloquium on Automata, Languages and Programming, Part II, vol. 4052 of Lecture Notes in Computer Science, pp. 144\u2013155, Venice, Italy, July 10\u201314, 2006. Springer, Berlin"},{"key":"9203_CR36","doi-asserted-by":"publisher","unstructured":"V. Lyubashevsky, C. Peikert, O. Regev, On ideal lattices and learning with errors over rings. Journal of the ACM, 60(6):43, 2013. doi: 10.1145\/2535925","DOI":"10.1145\/2535925"},{"key":"9203_CR37","doi-asserted-by":"crossref","unstructured":"V. Lyubashevsky, Lattice-based identification schemes secure under active attacks, in R. Cramer, editor, PKC 2008: 11th International Conference on Theory and Practice of Public Key Cryptography, vol. 4939 of Lecture Notes in Computer Science, pp. 162\u2013179, Barcelona, Spain, March 9\u201312, 2008. Springer, Berlin","DOI":"10.1007\/978-3-540-78440-1_10"},{"key":"9203_CR38","doi-asserted-by":"crossref","unstructured":"V. Lyubashevsky, Fiat-Shamir with aborts: applications to lattice and factoring-based signatures, in M. Matsui, editor, Advances in Cryptology\u2014ASIACRYPT 2009, vol. 5912 of Lecture Notes in Computer Science, pp. 598\u2013616, Tokyo, Japan, December 6\u201310, 2009. Springer, Berlin","DOI":"10.1007\/978-3-642-10366-7_35"},{"key":"9203_CR39","doi-asserted-by":"crossref","unstructured":"V. Lyubashevsky, Lattice signatures without trapdoors, in D. Pointcheval, T. Johansson, editors, Advances in Cryptology\u2014EUROCRYPT 2012, vol. 7237 of Lecture Notes in Computer Science, pp. 738\u2013755, Cambridge, UK, April 15\u201319, 2012. Springer, Berlin","DOI":"10.1007\/978-3-642-29011-4_43"},{"issue":"4","key":"9203_CR40","first-page":"365","volume":"16","author":"D Micciancio","year":"2007","unstructured":"Daniele Micciancio. Generalized compact knapsacks, cyclic lattices, and efficient one-way functions. SIAM Journal on Computing, 16(4):365\u2013411, 2007","journal-title":"SIAM J. Comput."},{"key":"9203_CR41","doi-asserted-by":"crossref","unstructured":"D. Micciancio, P. Mol, Pseudorandom knapsacks and the sample complexity of LWE search-to-decision reductions, in P. Rogaway, editor, Advances in Cryptology\u2014CRYPTO 2011, vol. 6841 of Lecture Notes in Computer Science, pp. 465\u2013484, Santa Barbara, CA, USA, August 14\u201318, 2011. Springer, Berlin","DOI":"10.1007\/978-3-642-22792-9_26"},{"key":"9203_CR42","doi-asserted-by":"crossref","unstructured":"D. Micciancio, C. Peikert, Trapdoors for lattices: simpler, tighter, faster, smaller, in D. Pointcheval, T. Johansson, editors, Advances in Cryptology\u2014EUROCRYPT 2012, vol. 7237 of Lecture Notes in Computer Science, pages 700\u2013718, Cambridge, UK, April 15\u201319, 2012. Springer, Berlin","DOI":"10.1007\/978-3-642-29011-4_41"},{"issue":"1","key":"9203_CR43","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1007\/s00145-001-0005-8","volume":"15","author":"S Micali","year":"2002","unstructured":"Silvio Micali and Leonid Reyzin. Improving the exact security of digital signature schemes. Journal of Cryptology, 15(1):1\u201318, 2002","journal-title":"J. Cryptol."},{"key":"9203_CR44","doi-asserted-by":"crossref","unstructured":"D. Micciancio, S.P. Vadhan. Statistical zero-knowledge proofs with efficient provers: lattice problems and more, in D. Boneh, editor, Advances in Cryptology\u2014CRYPTO 2003, vol. 2729 of Lecture Notes in Computer Science, pp. 282\u2013298, Santa Barbara, CA, USA, August 17\u201321, 2003. Springer, Berlin","DOI":"10.1007\/978-3-540-45146-4_17"},{"key":"9203_CR45","doi-asserted-by":"crossref","unstructured":"S. Patel, G.S. Sundaram, An efficient discrete log pseudo random generator, in H. Krawczyk, editor, Advances in Cryptology\u2014CRYPTO\u201998, vol. 1462 of Lecture Notes in Computer Science, pp. 304\u2013317, Santa Barbara, CA, USA, August 23\u201327, 1998. Springer, Berlin","DOI":"10.1007\/BFb0055737"},{"key":"9203_CR46","doi-asserted-by":"crossref","unstructured":"C. Peikert, A. Rosen, Efficient collision-resistant hashing from worst-case assumptions on cyclic lattices, in S. Halevi, T. Rabin, editors, TCC 2006: 3rd Theory of Cryptography Conference, vol. 3876 of Lecture Notes in Computer Science, pp. 145\u2013166, New York, NY, USA, March 4\u20137, 2006. Springer, Berlin","DOI":"10.1007\/11681878_8"},{"issue":"3","key":"9203_CR47","doi-asserted-by":"publisher","first-page":"361","DOI":"10.1007\/s001450010003","volume":"13","author":"D Pointcheval","year":"2000","unstructured":"David Pointcheval and Jacques Stern. Security arguments for digital signatures and blind signatures. Journal of Cryptology, 13(3):361\u2013396, 2000","journal-title":"J. Cryptol."},{"issue":"4","key":"9203_CR48","doi-asserted-by":"publisher","first-page":"437","DOI":"10.1007\/s001450010010","volume":"13","author":"JM Pollard","year":"2000","unstructured":"John M. Pollard. Kangaroos, monopoly and discrete logarithms. Journal of Cryptology, 13(4):437\u2013447, 2000","journal-title":"J. Cryptol."},{"key":"9203_CR49","doi-asserted-by":"crossref","unstructured":"G. Poupard, J. Stern, Security analysis of a practical \"on the fly\" authentication and signature generation, in K. Nyberg, editor, Advances in Cryptology\u2014EUROCRYPT\u201998, vol. 1403 of Lecture Notes in Computer Science, pp. 422\u2013436, Espoo, Finland, May 31\u2013June 4, 1998. Springer, Berlin","DOI":"10.1007\/BFb0054143"},{"key":"9203_CR50","doi-asserted-by":"publisher","unstructured":"O. Regev, On lattices, learning with errors, random linear codes, and cryptography. Journal of the ACM, 56(6):34, 2009. doi: 10.1145\/1568318.1568324","DOI":"10.1145\/1568318.1568324"},{"issue":"3","key":"9203_CR51","doi-asserted-by":"publisher","first-page":"161","DOI":"10.1007\/BF00196725","volume":"4","author":"C-P Schnorr","year":"1991","unstructured":"Claus-Peter Schnorr. Efficient signature generation by smart cards. Journal of Cryptology, 4(3):161\u2013174, 1991","journal-title":"J. Cryptol."},{"key":"9203_CR52","doi-asserted-by":"crossref","unstructured":"B. Santoso, K. Ohta, K. Sakiyama, G. Hanaoka, Improving efficiency of an \u2018on the fly\u2019 identification scheme by perfecting zero-knowledgeness, in J. Pieprzyk, editor, Topics in Cryptology - CT-RSA 2010, vol. 5985 of Lecture Notes in Computer Science, pp. 284\u2013301, San Francisco, CA, USA, March 1\u20135, 2010. Springer, Berlin","DOI":"10.1007\/978-3-642-11925-5_20"},{"key":"9203_CR53","doi-asserted-by":"crossref","unstructured":"D. Stehl\u00e9, R. Steinfeld, Making NTRU as secure as worst-case problems over ideal lattices, in K.G. Paterson, editor, Advances in Cryptology\u2014EUROCRYPT 2011, vol. 6632 of Lecture Notes in Computer Science, pp. 27\u201347, Tallinn, Estonia, May 15\u201319, 2011. Springer, Berlin","DOI":"10.1007\/978-3-642-20465-4_4"},{"key":"9203_CR54","unstructured":"D. Stehl\u00e9, R. Steinfeld, Making NTRUEncrypt and NTRUSign as secure as standard worst-case problems over ideal lattices. Cryptology ePrint Archive, Report 2013\/004, 2013. http:\/\/eprint.iacr.org\/2013\/004"},{"key":"9203_CR55","doi-asserted-by":"crossref","unstructured":"D. Stehl\u00e9, R. Steinfeld, K. Tanaka, K. Xagawa, Efficient public key encryption based on ideal lattices, in M. Matsui, editor, Advances in Cryptology\u2014ASIACRYPT 2009, vol. 5912 of Lecture Notes in Computer Science, pp. 617\u2013635, Tokyo, Japan, December 6\u201310, 2009. Springer, Berlin","DOI":"10.1007\/978-3-642-10366-7_36"},{"key":"9203_CR56","doi-asserted-by":"crossref","unstructured":"P.C. van Oorschot, M.J. Wiener, On Diffie-Hellman key agreement with short exponents, in U.M. Maurer, editor, Advances in Cryptology\u2014EUROCRYPT\u201996, vol. 1070 of Lecture Notes in Computer Science, pp. 332\u2013343, Saragossa, Spain, May 12\u201316, 1996. Springer, Berlin","DOI":"10.1007\/3-540-68339-9_29"}],"container-title":["Journal of Cryptology"],"original-title":[],"language":"en","link":[{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/s00145-015-9203-7.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"text-mining"},{"URL":"http:\/\/link.springer.com\/article\/10.1007\/s00145-015-9203-7\/fulltext.html","content-type":"text\/html","content-version":"vor","intended-application":"text-mining"},{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/s00145-015-9203-7","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"},{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/s00145-015-9203-7.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2022,5,3]],"date-time":"2022-05-03T20:10:51Z","timestamp":1651608651000},"score":1,"resource":{"primary":{"URL":"http:\/\/link.springer.com\/10.1007\/s00145-015-9203-7"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2015,3,25]]},"references-count":56,"journal-issue":{"issue":"3","published-print":{"date-parts":[[2016,7]]}},"alternative-id":["9203"],"URL":"https:\/\/doi.org\/10.1007\/s00145-015-9203-7","relation":{},"ISSN":["0933-2790","1432-1378"],"issn-type":[{"value":"0933-2790","type":"print"},{"value":"1432-1378","type":"electronic"}],"subject":[],"published":{"date-parts":[[2015,3,25]]},"assertion":[{"value":"2 January 2014","order":1,"name":"received","label":"Received","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"25 March 2015","order":2,"name":"first_online","label":"First Online","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"This content has been made available to all.","name":"free","label":"Free to read"}]}}