{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,6,6]],"date-time":"2026-06-06T19:39:51Z","timestamp":1780774791818,"version":"3.54.1"},"reference-count":70,"publisher":"Springer Science and Business Media LLC","issue":"3","license":[{"start":{"date-parts":[[2018,1,31]],"date-time":"2018-01-31T00:00:00Z","timestamp":1517356800000},"content-version":"tdm","delay-in-days":0,"URL":"http:\/\/www.springer.com\/tdm"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":["J Cryptol"],"published-print":{"date-parts":[[2018,7]]},"DOI":"10.1007\/s00145-017-9273-9","type":"journal-article","created":{"date-parts":[[2018,1,31]],"date-time":"2018-01-31T17:07:45Z","timestamp":1517418465000},"page":"885-916","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":76,"title":["Stream Ciphers: A Practical Solution for Efficient Homomorphic-Ciphertext Compression"],"prefix":"10.1007","volume":"31","author":[{"given":"Anne","family":"Canteaut","sequence":"first","affiliation":[],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"Sergiu","family":"Carpov","sequence":"additional","affiliation":[],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"Caroline","family":"Fontaine","sequence":"additional","affiliation":[],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"Tancr\u00e8de","family":"Lepoint","sequence":"additional","affiliation":[],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"Mar\u00eda","family":"Naya-Plasencia","sequence":"additional","affiliation":[],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"Pascal","family":"Paillier","sequence":"additional","affiliation":[],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"Renaud","family":"Sirdey","sequence":"additional","affiliation":[],"role":[{"vocabulary":"crossref","role":"author"}]}],"member":"297","published-online":{"date-parts":[[2018,1,31]]},"reference":[{"key":"9273_CR1","first-page":"57","volume":"2014","author":"G Adj","year":"2014","unstructured":"G. Adj, A. Menezes, T. Oliveira, F. Rodr\u00edguez-Henr\u00edquez, Computing discrete logarithms in $${\\mathbb{F}_{3^{6*137}}}$$ F 3 6 \u2217 137 using Magma. IACR Cryptol. ePrint Arch. 2014, 57 (2014)","journal-title":"IACR Cryptol. ePrint Arch."},{"key":"9273_CR2","doi-asserted-by":"crossref","unstructured":"M. Albrecht, C. Rechberger, T. Schneider, T. Tiessen, M. Zohner, Ciphers for MPC and FHE, in EUROCRYPT, Part I. LNCS, vol. 9056 (Springer, 2015), pp. 430\u2013454","DOI":"10.1007\/978-3-662-46800-5_17"},{"key":"9273_CR3","unstructured":"Algorithms, key size and parameters report 2014. Technical report, ENISA (2014)"},{"key":"9273_CR4","doi-asserted-by":"crossref","unstructured":"F. Armknecht, V. Mikhalev, On lightweight stream ciphers with shorter internal states, in FSE. LNCS, vol. 9054, (Springer, 2015), pp. 451\u2013470","DOI":"10.1007\/978-3-662-48116-5_22"},{"key":"9273_CR5","doi-asserted-by":"crossref","unstructured":"J. Aumasson, I. Dinur, W. Meier, A. Shamir, Cube testers and key recovery attacks on reduced-round MD6 and Trivium, in FSE. LNCS, vol. 5665 (Springer, 2009), pp. 1\u201322","DOI":"10.1007\/978-3-642-03317-9_1"},{"key":"9273_CR6","doi-asserted-by":"crossref","unstructured":"S. Babbage, A space\/time trade-off in exhaustive search attacks on stream ciphers, in European Convention on Security and Detection, vol. 408, (IEEE, 1995)","DOI":"10.1049\/cp:19950490"},{"key":"9273_CR7","doi-asserted-by":"crossref","unstructured":"R. Barbulescu, P. Gaudry, A. Joux, E. Thom\u00e9, A heuristic quasi-polynomial algorithm for discrete logarithm in finite fields of small characteristic, in EUROCRYPT. LNCS, vol. 8441 (Springer, 2014), pp. 1\u201316","DOI":"10.1007\/978-3-642-55220-5_1"},{"key":"9273_CR8","doi-asserted-by":"crossref","unstructured":"M. Bellare, A. Desai, E. Jokipii, P. Rogaway, A concrete security treatment of symmetric encryption, in FOCS, (IEEE Computer Society, 1997), pp. 394\u2013403","DOI":"10.1109\/SFCS.1997.646128"},{"key":"9273_CR9","doi-asserted-by":"crossref","unstructured":"C. Berbain, H. Gilbert, On the security of IV dependent stream ciphers, in FSE. LNCS, vol. 4593 (Springer, 2007), pp. 254\u2013273","DOI":"10.1007\/978-3-540-74619-5_17"},{"key":"9273_CR10","doi-asserted-by":"crossref","unstructured":"A. Biryukov, A. Shamir, Cryptanalytic time\/memory\/data tradeoffs for stream ciphers, in ASIACRYPT. LNCS, vol. 1976 (Springer, 2000), pp. 1\u201313","DOI":"10.1007\/3-540-44448-3_1"},{"key":"9273_CR11","doi-asserted-by":"crossref","unstructured":"M. Bodrato, Towards optimal toom-cook multiplication for univariate and multivariate polynomials in characteristic 2 and 0, in WAIFI. LNCS, vol. 4547 (Springer, 2007), pp. 116\u2013133","DOI":"10.1007\/978-3-540-73074-3_10"},{"key":"9273_CR12","doi-asserted-by":"crossref","unstructured":"J. Borghoff, A. Canteaut, T. G\u00fcneysu, E.B. Kavun, M. Knezevic, L.R. Knudsen, G. Leander, V. Nikov, C. Paar, C. Rechberger, P. Rombouts, S.S. Thomsen, T. Yal\u00e7in, PRINCE\u2014a low-latency block cipher for pervasive computing applications, in ASIACRYPT. LNCS, vol. 7658 (Springer, 2012), pp. 208\u2013225","DOI":"10.1007\/978-3-642-34961-4_14"},{"key":"9273_CR13","doi-asserted-by":"crossref","unstructured":"J.W. Bos, K.E. Lauter, J. Loftus, M. Naehrig, Improved security for a ring-based fully homomorphic encryption scheme, in IMACC. LNCS, vol. 8308 (Springer, 2013), pp. 45\u201364","DOI":"10.1007\/978-3-642-45239-0_4"},{"key":"9273_CR14","doi-asserted-by":"crossref","unstructured":"Z. Brakerski, Fully homomorphic encryption without modulus switching from classical GapSVP, in CRYPTO. LNCS, vol. 7417 (Springer, 2012), pp. 868\u2013886","DOI":"10.1007\/978-3-642-32009-5_50"},{"issue":"3","key":"9273_CR15","doi-asserted-by":"publisher","first-page":"13","DOI":"10.1145\/2633600","volume":"6","author":"Z Brakerski","year":"2014","unstructured":"Z. Brakerski, C. Gentry, V. Vaikuntanathan, (Leveled) fully homomorphic encryption without bootstrapping. TOCT 6(3), \u00a013 (2014)","journal-title":"TOCT"},{"key":"9273_CR16","doi-asserted-by":"crossref","unstructured":"C. Carlet, P. M\u00e9aux, Y. Rotella, Boolean functions with restricted input and their robustness; application to the FLIP cipher. IACR Trans. Symmetric Cryptol.\u00a02017(3), 192\u2013227 (2017)","DOI":"10.46586\/tosc.v2017.i3.192-227"},{"key":"9273_CR17","doi-asserted-by":"crossref","unstructured":"S. Carpov, P. Dubrulle, R. Sirdey, Armadillo: a compilation chain for privacy preserving applications, in ACM CCSW (2015)","DOI":"10.1145\/2732516.2732520"},{"key":"9273_CR18","doi-asserted-by":"crossref","unstructured":"A. Chakraborti, A. Chattopadhyay, M. Hassan, M. Nandi, TriviA: a fast and secure authenticated encryption scheme, in CHES. LNCS, vol. 9293 (Springer, 2015), pp. 330\u2013353","DOI":"10.1007\/978-3-662-48324-4_17"},{"key":"9273_CR19","doi-asserted-by":"crossref","unstructured":"M. Chenal, Q. Tang, On key recovery attacks against existing somewhat homomorphic encryption schemes, in LATINCRYPT. LNCS, vol. 8895 (Springer, 2015), pp. 239\u2013258","DOI":"10.1007\/978-3-319-16295-9_13"},{"key":"9273_CR20","doi-asserted-by":"crossref","unstructured":"J.H. Cheon, J. Coron, J. Kim, M.S. Lee, T. Lepoint, M. Tibouchi, A. Yun, Batch fully homomorphic encryption over the integers, in EUROCRYPT. LNCS, vol. 7881 (Springer, 2013), pp. 315\u2013335","DOI":"10.1007\/978-3-642-38348-9_20"},{"key":"9273_CR21","doi-asserted-by":"crossref","unstructured":"I. Chillotti, N. Gama, M. Georgieva, M. Izabach\u00e8ne, Faster fully homomorphic encryption: bootstrapping in less than 0.1 seconds, in ASIACRYPT. LNCS, vol. 10031 (Springer, 2016), pp. 3\u201333","DOI":"10.1007\/978-3-662-53887-6_1"},{"key":"9273_CR22","doi-asserted-by":"crossref","unstructured":"J. Coron, T. Lepoint, M. Tibouchi, Scale-invariant fully homomorphic encryption over the integers, in PKC. LNCS, vol. 8383 (Springer, 2014), pp. 311\u2013328","DOI":"10.1007\/978-3-642-54631-0_18"},{"key":"9273_CR23","doi-asserted-by":"crossref","unstructured":"N. Courtois, W. Meier, Algebraic attacks on stream ciphers with linear feedback, in EUROCRYPT. LNCS, vol. 2656 (Springer, 2003), pp. 345\u2013359","DOI":"10.1007\/3-540-39200-9_21"},{"issue":"1","key":"9273_CR24","doi-asserted-by":"publisher","first-page":"167","DOI":"10.1137\/S0097539702403773","volume":"33","author":"R Cramer","year":"2003","unstructured":"R. Cramer, V. Shoup, Design and analysis of practical public-key encryption schemes secure against adaptive chosen ciphertext attack. SIAM J. Comput. 33(1), 167\u2013226 (2003)","journal-title":"SIAM J. Comput."},{"key":"9273_CR25","doi-asserted-by":"crossref","unstructured":"C. De\u00a0Canni\u00e8re, O. Dunkelman, M. Knezevic, KATAN and KTANTAN\u2014a family of small and efficient hardware-oriented block ciphers, in CHES. LNCS, vol. 5747 (Springer, 2009), pp. 272\u2013288","DOI":"10.1007\/978-3-642-04138-9_20"},{"key":"9273_CR26","unstructured":"C. De\u00a0Canni\u00e8re, J. Lano, B. Preneel, Comments on the rediscovery of time memory data tradeoffs. Technical report, eSTREAM\u2014ECRYPT Stream Cipher Project (2005). www.ecrypt.eu.org\/stream\/papersdir\/040.pdf . Accessed 21 Dec 2017"},{"key":"9273_CR27","doi-asserted-by":"crossref","unstructured":"C. De\u00a0Canni\u00e8re, B. Preneel, Trivium, in New Stream Cipher Designs\u2014The eSTREAM Finalists. LNCS, vol. 4986 (Springer, 2008), pp. 244\u2013266","DOI":"10.1007\/978-3-540-68351-3_18"},{"key":"9273_CR28","first-page":"418","volume":"2015","author":"I Dinur","year":"2015","unstructured":"I. Dinur, Y. Liu, W. Meier, Q. Wang, Optimized Interpolation Attacks on LowMC. IACR Cryptol. ePrint Arch. 2015, 418 (2015)","journal-title":"IACR Cryptol. ePrint Arch."},{"key":"9273_CR29","doi-asserted-by":"crossref","unstructured":"I. Dinur, A. Shamir, Cube attacks on tweakable black box polynomials, in EUROCRYPT. LNCS, vol. 5479 (Springer, 2009), pp. 278\u2013299","DOI":"10.1007\/978-3-642-01001-9_16"},{"issue":"2","key":"9273_CR30","doi-asserted-by":"publisher","first-page":"333","DOI":"10.1007\/s10623-015-0095-1","volume":"80","author":"Y Dor\u00f6z","year":"2016","unstructured":"Y. Dor\u00f6z, Y. Hu, B. Sunar, Homomorphic AES evaluation using the modified LTV scheme. Des. Codes Cryptogr. 80(2), 333\u2013358 (2016)","journal-title":"Des. Codes Cryptogr."},{"key":"9273_CR31","doi-asserted-by":"crossref","unstructured":"Y. Dor\u00f6z, A. Shahverdi, T. Eisenbarth, B. Sunar, Toward practical homomorphic evaluation of block ciphers using Prince, in WAHC. LNCS, vol. 8438 (Springer, 2014), pp. 208\u2013220","DOI":"10.1007\/978-3-662-44774-1_17"},{"key":"9273_CR32","doi-asserted-by":"crossref","unstructured":"L. Ducas, D. Micciancio, FHEW: bootstrapping homomorphic encryption in less than a second, in EUROCRYPT. LNCS, vol. 9056 (Springer, 2015), pp. 617\u2013640","DOI":"10.1007\/978-3-662-46800-5_24"},{"key":"9273_CR33","doi-asserted-by":"crossref","unstructured":"S. Duval, V. Lallemand, Y. Rotella, Cryptanalysis of the FLIP family of stream ciphers, in CRYPTO. LNCS, vol. 9814 (Springer, 2016), pp. 457\u2013475","DOI":"10.1007\/978-3-662-53018-4_17"},{"key":"9273_CR34","unstructured":"ECRYPT\u2014European network of excellence in cryptology: the eSTREAM stream cipher project (2005). http:\/\/www.ecrypt.eu.org\/stream\/ . Accessed 21 Dec 2017"},{"key":"9273_CR35","first-page":"144","volume":"2012","author":"J Fan","year":"2012","unstructured":"J. Fan, F. Vercauteren, Somewhat practical fully homomorphic encryption. IACR Cryptol. ePrint Arch. 2012, 144 (2012)","journal-title":"IACR Cryptol. ePrint Arch."},{"key":"9273_CR36","unstructured":"S. Fau, R. Sirdey, C. Fontaine, C. Aguilar, G. Gogniat, Towards practical program execution over fully homomorphic encryption schemes, in IEEE International Conference on P2P, Parallel, Grid, Cloud and Internet Computing, (2013), pp. 284\u2013290"},{"key":"9273_CR37","doi-asserted-by":"crossref","unstructured":"P. Fouque, T. Vannet, Improving key recovery to 784 and 799 rounds of Trivium using optimized cube attacks, in FSE. LNCS, vol. 8424 (Springer, 2013), pp. 502\u2013517","DOI":"10.1007\/978-3-662-43933-3_26"},{"key":"9273_CR38","doi-asserted-by":"crossref","unstructured":"T. Fuhr, B. Minaud, Match box meet-in-the-middle attack against KATAN, in FSE. LNCS, vol. 8540 (Springer, 2014), pp. 61\u201381","DOI":"10.1007\/978-3-662-46706-0_4"},{"key":"9273_CR39","doi-asserted-by":"crossref","unstructured":"C. Gentry, Fully homomorphic encryption using ideal lattices, in STOC, (ACM, 2009), pp. 169\u2013178","DOI":"10.1145\/1536414.1536440"},{"key":"9273_CR40","doi-asserted-by":"crossref","unstructured":"C. Gentry, S. Halevi, N.P. Smart, Homomorphic evaluation of the AES circuit, in CRYPTO. LNCS, vol. 7417 (Springer, 2012), pp. 850\u2013867","DOI":"10.1007\/978-3-642-32009-5_49"},{"key":"9273_CR41","doi-asserted-by":"crossref","unstructured":"C. Gentry, A. Sahai, B. Waters, Homomorphic encryption from learning with errors: conceptually-simpler, asymptotically-faster, attribute-based, in CRYPTO. LNCS, vol. 8042 (Springer, 2013), pp. 75\u201392","DOI":"10.1007\/978-3-642-40041-4_5"},{"key":"9273_CR42","doi-asserted-by":"crossref","unstructured":"J.D. Golic, Cryptanalysis of alleged A5 stream cipher, in EUROCRYPT. LNCS, vol. 1233 (Springer, 1997), pp. 239\u2013255","DOI":"10.1007\/3-540-69053-0_17"},{"key":"9273_CR43","doi-asserted-by":"crossref","unstructured":"T. Graepel, K.E. Lauter, M. Naehrig, ML confidential: machine learning on encrypted data, in ICISC. LNCS, vol. 7839 (Springer, 2012), pp. 1\u201321","DOI":"10.1007\/978-3-642-37682-5_1"},{"key":"9273_CR44","unstructured":"R. Granger, T. Kleinjung, J. Zumbr\u00e4gel, Breaking \u2018128-bit secure\u2019 supersingular binary curves\u2014(or how to solve discrete logarithms in $${\\mathbb{F}_{2^{4 \\cdot 1223}}}$$ F 2 4 \u00b7 1223 and $${\\mathbb{F}_{2^{12 \\cdot 367}}}$$ F 2 12 \u00b7 367 ), in CRYPTO, Part II. LNCS, vol. 8617 (Springer, 2014), pp. 126\u2013145"},{"key":"9273_CR45","doi-asserted-by":"crossref","unstructured":"S. Halevi, V. Shoup, Algorithms in HElib, in CRYPTO, Part I. LNCS, vol. 8616 (Springer, 2014), pp. 554\u2013571","DOI":"10.1007\/978-3-662-44371-2_31"},{"key":"9273_CR46","doi-asserted-by":"crossref","unstructured":"S. Halevi, V. Shoup, Bootstrapping for HElib, in EUROCRYPT. LNCS, vol. 9056 (Springer, 2015), pp. 641\u2013670","DOI":"10.1007\/978-3-662-46800-5_25"},{"issue":"11","key":"9273_CR47","doi-asserted-by":"publisher","first-page":"1243","DOI":"10.1016\/j.ic.2010.07.002","volume":"208","author":"J Herranz","year":"2010","unstructured":"J. Herranz, D. Hofheinz, E. Kiltz, Some (in)sufficient conditions for secure hybrid encryption. Inf. Comput. 208(11), 1243\u20131257 (2010)","journal-title":"Inf. Comput."},{"key":"9273_CR48","doi-asserted-by":"crossref","unstructured":"J. Hong, P. Sarkar, New applications of time memory data tradeoffs, in ASIACRYPT. LNCS, vol. 3788 (Springer, 2005), pp. 353\u2013372","DOI":"10.1007\/11593447_19"},{"key":"9273_CR49","doi-asserted-by":"crossref","unstructured":"T. Iwata, New block cipher modes of operation with beyond the birthday bound security, in FSE. LNCS, vol. 4047 (Springer, 2006), pp. 310\u2013327","DOI":"10.1007\/11799313_20"},{"key":"9273_CR50","doi-asserted-by":"crossref","unstructured":"T. Jakobsen, L.R. Knudsen, The interpolation attack on block ciphers, in FSE. LNCS, vol. 1267 (Springer, 1997), pp. 28\u201340","DOI":"10.1007\/BFb0052332"},{"key":"9273_CR51","doi-asserted-by":"crossref","unstructured":"A. Joux, C. Pierrot, Improving the polynomial time precomputation of Frobenius representation discrete logarithm algorithms\u2014simplified setting for small characteristic finite fields, in ASIACRYPT, Part I. LNCS, vol. 8873 (Springer, 2014), pp. 378\u2013397","DOI":"10.1007\/978-3-662-45611-8_20"},{"key":"9273_CR52","doi-asserted-by":"crossref","DOI":"10.1201\/b17668","volume-title":"Introduction to Modern Cryptography","author":"J Katz","year":"2014","unstructured":"J. Katz, Y. Lindell, Introduction to Modern Cryptography, 2nd edition. Chapman and Hall\/CRC Press, Boca Raton (2014)","edition":"2"},{"key":"9273_CR53","unstructured":"A. Khedr, G. Gulak, V. Vaikuntanathan, SHIELD: scalable homomorphic implementation of encrypted data-classifiers. IEEE Trans. Comput. 65(9), 2848\u20132858 (2016)"},{"key":"9273_CR54","doi-asserted-by":"crossref","unstructured":"S. Knellwolf, W. Meier, M. Naya-Plasencia, conditional differential cryptanalysis of NLFSR-based cryptosystems, in ASIACRYPT. LNCS, vol. 6477 (Springer, 2010), pp. 130\u2013145","DOI":"10.1007\/978-3-642-17373-8_8"},{"key":"9273_CR55","doi-asserted-by":"crossref","unstructured":"S. Knellwolf, W. Meier, M, Naya-Plasencia, Conditional differential cryptanalysis of Trivium and KATAN, in SAC. LNCS, vol. 7118 (Springer, 2011), pp. 200\u2013212","DOI":"10.1007\/978-3-642-28496-0_12"},{"key":"9273_CR56","doi-asserted-by":"crossref","unstructured":"K. Lauter, A. L\u00f3pez-Alt, M. Naehrig, Private computation on encrypted genomic data, in LATINCRYPT. LNCS (2014)","DOI":"10.1007\/978-3-319-16295-9_1"},{"key":"9273_CR57","doi-asserted-by":"crossref","unstructured":"T. Lepoint, M. Naehrig, A comparison of the homomorphic encryption schemes FV and YASHE, in AFRICACRYPT. LNCS, vol. 8469 (Springer, 2014), pp. 318\u2013335","DOI":"10.1007\/978-3-319-06734-6_20"},{"key":"9273_CR58","doi-asserted-by":"crossref","unstructured":"T. Lepoint, P. Paillier, On the minimal number of bootstrappings in homomorphic circuits, in WAHC. LNCS, vol. 7862 (Springer, 2013), pp. 189\u2013200","DOI":"10.1007\/978-3-642-41320-9_13"},{"key":"9273_CR59","doi-asserted-by":"crossref","unstructured":"M. Liu, Degree evaluation of NFSR-based cryptosystems, in CRYPTO. LNCS, vol. 10402 (Springer, 2017)","DOI":"10.1007\/978-3-319-63697-9_8"},{"key":"9273_CR60","doi-asserted-by":"crossref","unstructured":"P. M\u00e9aux, A. Journault, F.X. Standaert, C. Carlet, Towards stream ciphers for efficient FHE with low-noise ciphertexts, in EUROCRYPT. LNCS, vol. 9665 (Springer, 2016), pp. 311\u2013343","DOI":"10.1007\/978-3-662-49890-3_13"},{"key":"9273_CR61","doi-asserted-by":"crossref","unstructured":"A. Maximov, A. Biryukov, Two trivial attacks on Trivium, in SAC, vol. 4876 (Springer, 2007), pp. 36\u201355","DOI":"10.1007\/978-3-540-77360-3_3"},{"key":"9273_CR62","doi-asserted-by":"crossref","unstructured":"M. Naehrig, K.E. Lauter, V. Vaikuntanathan, Can homomorphic encryption be practical? in ACM CCSW, (ACM, 2011), pp. 113\u2013124","DOI":"10.1145\/2046660.2046682"},{"key":"9273_CR63","unstructured":"National Institute of Standards and Technology, Recommendation for block cipher modes of operation. NIST Special Publication 800-38A (2001)"},{"key":"9273_CR64","doi-asserted-by":"crossref","unstructured":"M. Paindavoine, B. Vialla, Minimizing the number of bootstrappings in fully homomorphic encryption, in SAC 2015. LNCS, vol. 9566 (Springer, 2016), pp. 25\u201343","DOI":"10.1007\/978-3-319-31301-6_2"},{"issue":"7","key":"9273_CR65","doi-asserted-by":"publisher","first-page":"1045","DOI":"10.1109\/12.30855","volume":"38","author":"A Pincin","year":"1989","unstructured":"A. Pincin, A new algorithm for multiplication in finite fields. IEEE Trans. Comput. 38(7), 1045\u20131049 (1989)","journal-title":"IEEE Trans. Comput."},{"key":"9273_CR66","unstructured":"C. Rechberger, The FHEMPCZK-cipher zoo. Presented at the FSE 2016 rump session (2016). http:\/\/fse.2016.rump.cr.yp.to\/ . Accessed 21 Dec 2017"},{"key":"9273_CR67","unstructured":"P. Rogaway, Evaluation of some block cipher modes of operation. Cryptrec (2011). http:\/\/web.cs.ucdavis.edu\/~rogaway\/papers\/modes.pdf . Accessed 21 Dec 2017"},{"issue":"1","key":"9273_CR68","doi-asserted-by":"publisher","first-page":"57","DOI":"10.1007\/s10623-012-9720-4","volume":"71","author":"NP Smart","year":"2014","unstructured":"N.P. Smart, F. Vercauteren, Fully homomorphic SIMD operations. Des. Codes Cryptogr. 71(1), 57\u201381 (2014)","journal-title":"Des. Codes Cryptogr."},{"key":"9273_CR69","doi-asserted-by":"crossref","unstructured":"Y. Todo, T. Isobe, Y. Hao, W. Meier, Cube attacks on non-blackbox polynomials based on division property, in CRYPTO. LNCS, vol. 10402 (Springer, 2017)","DOI":"10.1007\/978-3-319-63697-9_9"},{"key":"9273_CR70","doi-asserted-by":"crossref","unstructured":"K. Yasuda, A new variant of PMAC: beyond the birthday bound, in CRYPTO. LNCS, vol. 6841 (Springer, 2011), pp. 596\u2013609","DOI":"10.1007\/978-3-642-22792-9_34"}],"container-title":["Journal of Cryptology"],"original-title":[],"language":"en","link":[{"URL":"http:\/\/link.springer.com\/article\/10.1007\/s00145-017-9273-9\/fulltext.html","content-type":"text\/html","content-version":"vor","intended-application":"text-mining"},{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/s00145-017-9273-9.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"text-mining"},{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/s00145-017-9273-9.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,30]],"date-time":"2025-06-30T10:22:17Z","timestamp":1751278937000},"score":1,"resource":{"primary":{"URL":"http:\/\/link.springer.com\/10.1007\/s00145-017-9273-9"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2018,1,31]]},"references-count":70,"journal-issue":{"issue":"3","published-print":{"date-parts":[[2018,7]]}},"alternative-id":["9273"],"URL":"https:\/\/doi.org\/10.1007\/s00145-017-9273-9","relation":{},"ISSN":["0933-2790","1432-1378"],"issn-type":[{"value":"0933-2790","type":"print"},{"value":"1432-1378","type":"electronic"}],"subject":[],"published":{"date-parts":[[2018,1,31]]},"assertion":[{"value":"18 May 2016","order":1,"name":"received","label":"Received","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"20 November 2017","order":2,"name":"revised","label":"Revised","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"31 January 2018","order":3,"name":"first_online","label":"First Online","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"This content has been made available to all.","name":"free","label":"Free to read"}]}}