{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,12,19]],"date-time":"2025-12-19T09:50:15Z","timestamp":1766137815872},"reference-count":34,"publisher":"Springer Science and Business Media LLC","issue":"1","license":[{"start":{"date-parts":[[2021,10,25]],"date-time":"2021-10-25T00:00:00Z","timestamp":1635120000000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.springer.com\/tdm"},{"start":{"date-parts":[[2021,10,25]],"date-time":"2021-10-25T00:00:00Z","timestamp":1635120000000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.springer.com\/tdm"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":["J Cryptol"],"published-print":{"date-parts":[[2022,1]]},"DOI":"10.1007\/s00145-021-09406-y","type":"journal-article","created":{"date-parts":[[2021,10,25]],"date-time":"2021-10-25T20:02:15Z","timestamp":1635192135000},"update-policy":"http:\/\/dx.doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":9,"title":["Limits on the Efficiency of (Ring) LWE-Based Non-interactive Key Exchange"],"prefix":"10.1007","volume":"35","author":[{"given":"Siyao","family":"Guo","sequence":"first","affiliation":[]},{"given":"Pritish","family":"Kamath","sequence":"additional","affiliation":[]},{"given":"Alon","family":"Rosen","sequence":"additional","affiliation":[]},{"given":"Katerina","family":"Sotiraki","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2021,10,25]]},"reference":[{"key":"9406_CR1","doi-asserted-by":"crossref","unstructured":"M. R. Albrecht, A. Deo, Large modulus ring-lwe $$\\ge $$ module-lwe. in Takagi, T., Peyrin, T. (eds.) Advances in Cryptology - ASIACRYPT 2017 - 23rd International Conference on the Theory and Applications of Cryptology and Information Security, Hong Kong, China, December 3-7, 2017, Proceedings, Part I, Lecture Notes in Computer Science, vol. 10624, (Springer, 2017), pp. 267\u2013296.","DOI":"10.1007\/978-3-319-70694-8_10"},{"key":"9406_CR2","unstructured":"E. Alkim, L. Ducas, T. P\u00f6ppelmann, P. Schwabe. Post-quantum key exchange - A new hope. in 25th USENIX Security Symposium, USENIX Security 16, Austin, TX, USA, August 10-12, 2016. (2016), pp. 327\u2013343."},{"key":"9406_CR3","doi-asserted-by":"crossref","unstructured":"J.W. Bos, C. Costello, M. Naehrig, D. Stebila. Post-quantum key exchange for the TLS protocol from the ring learning with errors problem. IACR Cryptology ePrint Archive, 2014 vol. 599, (2014).","DOI":"10.1109\/SP.2015.40"},{"key":"9406_CR4","doi-asserted-by":"crossref","unstructured":"A. Bogdanov, S. Guo, D. Masny, S. Richelson, A. Rosen, On the hardness of learning with rounding over small modulus. in Theory of Cryptography - 13th International Conference, TCC 2016-A, Tel Aviv, Israel, January 10-13, 2016, Proceedings, Part I. (2016), pp. 209\u2013224.","DOI":"10.1007\/978-3-662-49096-9_9"},{"key":"9406_CR5","doi-asserted-by":"crossref","unstructured":"Z. Brakerski, C. Gentry, V. Vaikuntanathan, (leveled) fully homomorphic encryption without bootstrapping. ACM Trans. Comput. Theory, 6(3), 13:1\u201313:36 (2014).","DOI":"10.1145\/2633600"},{"key":"9406_CR6","doi-asserted-by":"crossref","unstructured":"Z. Brakerski, A. Langlois, C. Peikert, O. Regev, D. Stehl\u00e9, Classical hardness of learning with errors. in Proceedings of the forty-fifth annual ACM symposium on Theory of computing. (2013), pp. 575\u2013584.","DOI":"10.1145\/2488608.2488680"},{"key":"9406_CR7","doi-asserted-by":"crossref","unstructured":"A. Banerjee, C. Peikert, New and improved key-homomorphic pseudorandom functions. in Advances in Cryptology - CRYPTO 2014 - 34th Annual Cryptology Conference, Santa Barbara, CA, USA, August 17-21, 2014, Proceedings, Part I. (2014), pp. 353\u2013370.","DOI":"10.1007\/978-3-662-44371-2_20"},{"key":"9406_CR8","doi-asserted-by":"crossref","unstructured":"A. Banerjee, C. Peikert, A. Rosen, Pseudorandom functions and lattices. in Advances in Cryptology - EUROCRYPT 2012 - 31st Annual International Conference on the Theory and Applications of Cryptographic Techniques, Cambridge, UK, April 15-19, 2012. Proceedings. (2012), pp. 719\u2013737.","DOI":"10.1007\/978-3-642-29011-4_42"},{"issue":"4","key":"9406_CR9","doi-asserted-by":"publisher","first-page":"1233","DOI":"10.1007\/s00453-016-0242-8","volume":"79","author":"D Boneh","year":"2017","unstructured":"D. Boneh, M. Zhandry, Multiparty key exchange, efficient traitor tracing, and more from indistinguishability obfuscation. Algorithmica, 79(4), 1233\u20131285 (2017).","journal-title":"Algorithmica"},{"issue":"6","key":"9406_CR10","doi-asserted-by":"publisher","first-page":"644","DOI":"10.1109\/TIT.1976.1055638","volume":"22","author":"W Diffie","year":"1976","unstructured":"W. Diffie, M.E. Hellman, New directions in cryptography. IEEE Trans. Inf. Theory, 22(6), 644\u2013654 (1976).","journal-title":"IEEE Trans. Inf. Theory"},{"key":"9406_CR11","unstructured":"J. Ding, X. Xie, X. Lin, A simple provably secure key exchange scheme based on the learning with errors problem. Cryptology ePrint Archive, Report 2012\/688, (2012). http:\/\/eprint.iacr.org\/2012\/688."},{"key":"9406_CR12","doi-asserted-by":"crossref","unstructured":"H. Gebelein, Das statistische problem der korrelation als variations-und eigenwertproblem und sein zusammenhang mit der ausgleichsrechnung. ZAMM-J. Appl. Math. Mech.\/Z. f\u00fcr Angewandte Math. Mech., 21(6), 364\u2013379 (1941).","DOI":"10.1002\/zamm.19410210604"},{"issue":"4","key":"9406_CR13","doi-asserted-by":"publisher","first-page":"792","DOI":"10.1145\/6490.6503","volume":"33","author":"O Goldreich","year":"1986","unstructured":"O. Goldreich, S. Goldwasser, S. Micali, How to construct random functions. J. ACM, 33(4), 792\u2013807 (1986).","journal-title":"J. ACM"},{"key":"9406_CR14","unstructured":"O. Garcia-Morchon, Z. Zhang, S. Bhattacharya, R. Rietman, L. Tolhuizen, J.-L. Torre-Arce, H. Baan, M.-J.O. Saarinen, S. Fluhrer, T. Laarhoven, R. Player. Round5. Technical report, National Institute of Standards and Technology, (2017). available at https:\/\/csrc.nist.gov\/projects\/post-quantum-cryptography\/round-2-submissions."},{"key":"9406_CR15","doi-asserted-by":"crossref","unstructured":"H.O Hirschfeld. A connection between correlation and contingency. Math. Proc. Cambridge Philos. Soc. 31(4) (1935).","DOI":"10.1017\/S0305004100013517"},{"issue":"1","key":"9406_CR16","doi-asserted-by":"publisher","first-page":"55","DOI":"10.1007\/s10623-016-0326-0","volume":"86","author":"G Herold","year":"2018","unstructured":"G. Herold, E. Kirshanova, A. May, On the asymptotic complexity of solving LWE. Des. Codes Cryptogr., 86(1), 55\u201383 (2018).","journal-title":"Des. Codes Cryptogr."},{"key":"9406_CR17","doi-asserted-by":"crossref","unstructured":"S. Kim, Key-homomorphic pseudorandom functions from LWE with small modulus. in Advances in Cryptology \u2013 EUROCRYPT 2020. (2020).","DOI":"10.1007\/978-3-030-45724-2_20"},{"key":"9406_CR18","unstructured":"X. Lu, Y. Liu, D. Jia, H. Xue, J. He, Z. Zhang, Z. Liu, H. Yang, B. Li, K. Wang, Lac. Technical report, National Institute of Standards and Technology. (2017). available at https:\/\/csrc.nist.gov\/projects\/post-quantum-cryptography\/round-2-submissions."},{"key":"9406_CR19","doi-asserted-by":"publisher","first-page":"191","DOI":"10.1007\/BF02018821","volume":"6","author":"L Lov\u00e1sz","year":"1975","unstructured":"L. Lov\u00e1sz. Spectra of graphs with transitive groups. Periodica Math. Hung., 6, 191\u2013195 (1975).","journal-title":"Periodica Math. Hung."},{"key":"9406_CR20","doi-asserted-by":"crossref","unstructured":"V. Lyubashevsky, C. Peikert, O. Regev, On ideal lattices and learning with errors over rings. in Advances in Cryptology - EUROCRYPT 2010, 29th Annual International Conference on the Theory and Applications of Cryptographic Techniques, Monaco \/ French Riviera, May 30 - June 3, 2010. Proceedings, (2010), pp. 1\u201323.","DOI":"10.1007\/978-3-642-13190-5_1"},{"key":"9406_CR21","first-page":"90","volume":"2012","author":"A Langlois","year":"2012","unstructured":"A. Langlois, D. Stehl\u00e9, Worst-case to average-case reductions for module lattices. IACR Cryptol. ePrint Arch., 2012, 90 (2012).","journal-title":"IACR Cryptol. ePrint Arch."},{"key":"9406_CR22","unstructured":"M. Naehrig, E. Alkim, J. Bos, L. Ducas, K. Easterbrook, B. LaMacchia, P. Longa, I. Mironov, V. Nikolaenko, C. Peikert, A. Raghunathan, D. Stebila, Frodokem. Technical report, National Institute of Standards and Technology, (2017). available at https:\/\/csrc.nist.gov\/projects\/post-quantum-cryptography\/round-2-submissions."},{"key":"9406_CR23","unstructured":"NIST. https:\/\/csrc.nist.gov\/CSRC\/media\/Projects\/Post-Quantum-Cryptography\/documents\/call-for-proposals-final-dec-2016.pdf."},{"key":"9406_CR24","unstructured":"T. Poppelmann, E. Alkim, R. Avanzi, J. Bos, L. Ducas, A. de\u00a0la Piedra, P. Schwabe, D. Stebila, M.R. Albrecht, E. Orsini, V. Osheter, K.G. Paterson, G. Peer, N.P. Smart, Newhope. Technical report, National Institute of Standards and Technology, (2017). available at https:\/\/csrc.nist.gov\/projects\/post-quantum-cryptography\/round-2-submissions."},{"key":"9406_CR25","doi-asserted-by":"crossref","unstructured":"C. Peikert, Lattice cryptography for the internet. in Post-Quantum Cryptography - 6th International Workshop, PQCrypto 2014, Waterloo, ON, Canada, October 1-3, 2014. Proceedings. (2014), pp. 197\u2013219.","DOI":"10.1007\/978-3-319-11659-4_12"},{"key":"9406_CR26","unstructured":"O. Regev, On lattices, learning with errors, random linear codes, and cryptography. in Proceedings of the 37th Annual ACM Symposium on Theory of Computing, Baltimore, MD, USA, May 22-24, 2005. (2005), pp. 84\u201393."},{"issue":"3\u20134","key":"9406_CR27","first-page":"441","volume":"10","author":"A R\u00e9nyi","year":"1959","unstructured":"A. R\u00e9nyi, On measures of dependence. Acta mathematica hungarica, 10(3-4), 441\u2013451 (1959).","journal-title":"Acta mathematica hungarica"},{"key":"9406_CR28","doi-asserted-by":"crossref","unstructured":"M. Rosca, D. Stehl\u00e9, A. Wallet. On the ring-lwe and polynomial-lwe problems. in Advances in Cryptology \u2013 EUROCRYPT 2018 (2018), pp. 146\u2013173.","DOI":"10.1007\/978-3-319-78381-9_6"},{"key":"9406_CR29","unstructured":"P. Schwabe, R. Avanzi, J. Bos, L. Ducas, E. Kiltz, T. Lepoint, V. Lyubashevsky, J.M. Schanck, G. Seiler, D. Stehle, Crystals-kyber. Technical report, National Institute of Standards and Technology, (2017). available at https:\/\/csrc.nist.gov\/projects\/post-quantum-cryptography\/round-2-submissions."},{"key":"9406_CR30","doi-asserted-by":"crossref","unstructured":"P.W. Shor, Polynomial time algorithms for discrete logarithms and factoring on a quantum computer. in Algorithmic Number Theory, First International Symposium, ANTS-I, Ithaca, NY, USA, May 6-9, 1994, Proceedings. (1994), p. 289.","DOI":"10.1007\/3-540-58691-1_68"},{"key":"9406_CR31","doi-asserted-by":"crossref","unstructured":"D. Stehl\u00e9, Ron Steinfeld, Keisuke Tanaka, and Keita Xagawa. Efficient public key encryption based on ideal lattices. in Advances in Cryptology \u2013 ASIACRYPT 2009. (2009), pp. 617\u2013635.","DOI":"10.1007\/978-3-642-10366-7_36"},{"key":"9406_CR32","doi-asserted-by":"crossref","unstructured":"A. Sahai, B. Waters, How to use indistinguishability obfuscation: deniable encryption, and more. in Shmoys. D.B. (ed.), Symposium on Theory of Computing, STOC 2014, New York, NY, USA, May 31 - June 03, 2014. (2014), pp. 475\u2013484.","DOI":"10.1145\/2591796.2591825"},{"issue":"1","key":"9406_CR33","doi-asserted-by":"publisher","first-page":"100","DOI":"10.1137\/0128010","volume":"28","author":"HS Witsenhausen","year":"1975","unstructured":"H.S. Witsenhausen. On sequences of pairs of dependent random variables. SIAM J. Appl. Math., 28(1), 100\u2013113 (1975).","journal-title":"SIAM J. Appl. Math."},{"key":"9406_CR34","first-page":"930","volume":"2019","author":"Y Wang","year":"2019","unstructured":"Y. Wang, M. Wang, Module-lwe versus ring-lwe, revisited. IACR Cryptol. ePrint Arch. 2019, 930 (2019).","journal-title":"IACR Cryptol. ePrint Arch."}],"container-title":["Journal of Cryptology"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/s00145-021-09406-y.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/link.springer.com\/article\/10.1007\/s00145-021-09406-y\/fulltext.html","content-type":"text\/html","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/s00145-021-09406-y.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2022,1,28]],"date-time":"2022-01-28T14:11:13Z","timestamp":1643379073000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/s00145-021-09406-y"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2021,10,25]]},"references-count":34,"journal-issue":{"issue":"1","published-print":{"date-parts":[[2022,1]]}},"alternative-id":["9406"],"URL":"https:\/\/doi.org\/10.1007\/s00145-021-09406-y","relation":{},"ISSN":["0933-2790","1432-1378"],"issn-type":[{"value":"0933-2790","type":"print"},{"value":"1432-1378","type":"electronic"}],"subject":[],"published":{"date-parts":[[2021,10,25]]},"assertion":[{"value":"18 December 2020","order":1,"name":"received","label":"Received","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"26 July 2021","order":2,"name":"revised","label":"Revised","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"2 August 2021","order":3,"name":"accepted","label":"Accepted","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"25 October 2021","order":4,"name":"first_online","label":"First Online","group":{"name":"ArticleHistory","label":"Article History"}}],"article-number":"1"}}