{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,2,21]],"date-time":"2026-02-21T09:59:18Z","timestamp":1771667958906,"version":"3.50.1"},"reference-count":40,"publisher":"Springer Science and Business Media LLC","issue":"12","license":[{"start":{"date-parts":[[2019,6,22]],"date-time":"2019-06-22T00:00:00Z","timestamp":1561161600000},"content-version":"tdm","delay-in-days":0,"URL":"http:\/\/www.springer.com\/tdm"},{"start":{"date-parts":[[2019,6,22]],"date-time":"2019-06-22T00:00:00Z","timestamp":1561161600000},"content-version":"vor","delay-in-days":0,"URL":"http:\/\/www.springer.com\/tdm"}],"funder":[{"DOI":"10.13039\/501100000923","name":"Australian Research Council","doi-asserted-by":"crossref","award":["DP150100285"],"award-info":[{"award-number":["DP150100285"]}],"id":[{"id":"10.13039\/501100000923","id-type":"DOI","asserted-by":"crossref"}]}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":["Des. Codes Cryptogr."],"published-print":{"date-parts":[[2019,12]]},"DOI":"10.1007\/s10623-019-00654-5","type":"journal-article","created":{"date-parts":[[2019,6,22]],"date-time":"2019-06-22T05:06:36Z","timestamp":1561179996000},"page":"2847-2884","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":11,"title":["Practical $$\\mathsf {MP} \\text{- }\\mathsf {LWE} $$-based encryption balancing security-risk versus efficiency"],"prefix":"10.1007","volume":"87","author":[{"ORCID":"https:\/\/orcid.org\/0000-0003-1745-4183","authenticated-orcid":false,"given":"Ron","family":"Steinfeld","sequence":"first","affiliation":[]},{"given":"Amin","family":"Sakzad","sequence":"additional","affiliation":[]},{"given":"Raymond K.","family":"Zhao","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2019,6,22]]},"reference":[{"key":"654_CR1","doi-asserted-by":"publisher","first-page":"267","DOI":"10.1007\/978-3-319-70694-8_10","volume-title":"Advances in Cryptology \u2013 ASIACRYPT 2017","author":"Martin R. Albrecht","year":"2017","unstructured":"Albrecht M.R., Amit D.: Large modulus ring-lwe $$\\ge $$ module-lwe. In: Advances in Cryptology\u2014ASIACRYPT 2017, pp. 267\u2013296 (2017)."},{"key":"654_CR2","doi-asserted-by":"crossref","first-page":"293","DOI":"10.1007\/978-3-319-12160-4_18","volume-title":"Information Security and Cryptology -- ICISC 2013","author":"Martin R. Albrecht","year":"2014","unstructured":"Albrecht M.R., Fitzpatrick R., G\u00f6pfert F.: On the efficacy of solving LWE by reduction to unique-svp. In: Information Security and Cryptology\u2014ICISC 2013\u201416th International Conference, Seoul, Korea, 27\u201329 November, 2013, Revised Selected Papers, pp. 293\u2013310 (2013)."},{"key":"654_CR3","unstructured":"Alkim E., Ducas L., P\u00f6ppelmann T., Schwabe P.: Post-quantum key exchange\u2014a new hope. In: 25th USENIX Security Symposium, USENIX Security 16, Austin, TX, USA, 10\u201312 August 2016, pp. 327\u2013343 (2016)."},{"key":"654_CR4","unstructured":"Alkim E., Bos JW., Ducas L., Longa P., Mironov I., Naehrig M., Nikolaenko V., Peikert C., Raghunathan A., Stebila D., Easterbrook K., LaMacchia B.: FrodoKEM learning with errors key encapsulation. https:\/\/frodokem.org\/files\/FrodoKEM-specification-20171130.pdf (2017)."},{"key":"654_CR5","unstructured":"Bernstein D.J., Chuengsatiansup C., Lange T., van Vredendaal C.: NTRU Prime. Cryptology ePrint Archive. http:\/\/eprint.iacr.org\/2016\/461 (2016)."},{"key":"654_CR6","unstructured":"Bos J.W., Costello C., Ducas L., Mironov I., Naehrig M., Nikolaenko V., Raghunathan A., Stebila D.: Frodo: take off the ring! practical, quantum-secure key exchange from LWE. In: Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security, Vienna, Austria, 24\u201328 Oct 2016, pp. 1006\u20131018 (2016)."},{"key":"654_CR7","doi-asserted-by":"crossref","unstructured":"Bos J.W., Ducas L., Kiltz E., Lepoint T., Lyubashevsky V., Schanck J.M., Schwabe P., Stehl\u00e9 D.: CRYSTALS\u2014kyber: a cca-secure module-lattice-based KEM. IACR Cryptology ePrint Archive 2017, 634 (2017).","DOI":"10.1109\/EuroSP.2018.00032"},{"key":"654_CR8","doi-asserted-by":"publisher","DOI":"10.1093\/acprof:oso\/9780199535255.001.0001","volume-title":"Concentration Inequalities: A Nonasymptotic Theory of Independence","author":"S Boucheron","year":"2013","unstructured":"Boucheron S., Lugosi G., Massart P.: Concentration Inequalities: A Nonasymptotic Theory of Independence. Oxford University Press, Oxford (2013)."},{"key":"654_CR9","first-page":"97","volume-title":"Proceedings of FOCS","author":"Z Brakerski","year":"2011","unstructured":"Brakerski Z., Vaikuntanathan V.: Efficient fully homomorphic encryption from (standard) LWE. Proceedings of FOCS, pp. 97\u2013106. IEEE Computer Society Press, Washington, DC (2011)."},{"key":"654_CR10","first-page":"147","volume-title":"Proceedings of EUROCRYPT","author":"W Castryck","year":"2016","unstructured":"Castryck W., Iliashenko I., Vercauteren F.: Provably weak instances of Ring-LWE revisited. Proceedings of EUROCRYPT, pp. 147\u2013167. Springer, Berlin (2016)."},{"key":"654_CR11","unstructured":"Cramer R., Ducas L., Wesolowski B.: Short Stickelberger class relations and application to Ideal-SVP. Cryptology ePrint Archive. https:\/\/eprint.iacr.org\/2016\/885 (2016)."},{"key":"654_CR12","volume-title":"Proceedings of EUOCRYPT","author":"R Cramer","year":"2016","unstructured":"Cramer R., Ducas L., Peikert C., Regev O.: Recovering short generators of principal ideals in cyclotomic rings. Proceedings of EUOCRYPT. Springer, Berlin (2016)."},{"key":"654_CR13","unstructured":"D\u2019Anvers J-P., Karmakar A., Roy S.S., Vercauteren F.: SABER: Mod-LWR based KEM. https:\/\/csrc.nist.gov\/CSRC\/media\/Projects\/Post-Quantum-Cryptography\/documents\/round-1\/submissions\/SABER.zip (2017)."},{"issue":"1","key":"654_CR14","doi-asserted-by":"publisher","first-page":"97","DOI":"10.1137\/060651380","volume":"38","author":"Y Dodis","year":"2008","unstructured":"Dodis Y., Ostrovsky R., Reyzin L., Smith A.D.: Fuzzy extractors: how to generate strong keys from biometrics and other noisy data. SIAM J. Comput. 38(1), 97\u2013139 (2008).","journal-title":"SIAM J. Comput."},{"key":"654_CR15","volume-title":"Proceedings of SAC","author":"K Eisentr\u00e4ger","year":"2014","unstructured":"Eisentr\u00e4ger K., Hallgren S., Lauter K.: Weak instances of PLWE. Proceedings of SAC. Springer, Berlin (2014)."},{"key":"654_CR16","volume-title":"Proceedings of CRYPTO","author":"Y Elias","year":"2015","unstructured":"Elias Y., Lauter K.E., Ozman E., Stange K.E.: Provably weak instances of Ring-LWE. Proceedings of CRYPTO. Springer, Berlin (2015)."},{"key":"654_CR17","unstructured":"Fujisaki E., Okamoto T.: Secure integration of asymmetric and symmetric encryption schemes. In: Advances in Cryptology\u2013CRYPTO\u201999, 19th Annual International Cryptology Conference, Santa Barbara, CA, USA, 15\u201319 August, 1999, pp. 537\u2013554 (1999)."},{"issue":"6","key":"654_CR18","doi-asserted-by":"publisher","first-page":"415","DOI":"10.1007\/s00200-003-0144-2","volume":"14","author":"G Hanrot","year":"2004","unstructured":"Hanrot G., Quercia M., Zimmermann P.: The middle product algorithm I. Appl. Algebra Eng. Commun. Comput. 14(6), 415\u2013438 (2004).","journal-title":"Appl. Algebra Eng. Commun. Comput."},{"key":"654_CR19","doi-asserted-by":"publisher","first-page":"113","DOI":"10.1016\/j.jsc.2013.09.002","volume":"60","author":"D Harvey","year":"2014","unstructured":"Harvey D.: Faster arithmetic for number-theoretic transforms. J. Symb. Comput. 60, 113\u2013119 (2014).","journal-title":"J. Symb. Comput."},{"key":"654_CR20","unstructured":"Hofheinz D., H\u00f6velmanns K., Kiltz E.: A modular analysis of the Fujisaki\u2013Okamoto transformation. Cryptology ePrint Archive, Report 2017\/604 (2017). http:\/\/eprint.iacr.org\/2017\/604 ."},{"issue":"3","key":"654_CR21","doi-asserted-by":"publisher","first-page":"415","DOI":"10.1287\/moor.12.3.415","volume":"12","author":"R Kannan","year":"1987","unstructured":"Kannan R.: Minkowski\u2019s convex body theorem and integer programming. Math. Oper. Res. 12(3), 415\u2013440 (1987).","journal-title":"Math. Oper. Res."},{"issue":"2","key":"654_CR22","doi-asserted-by":"publisher","first-page":"375","DOI":"10.1007\/s10623-015-0067-5","volume":"77","author":"T Laarhoven","year":"2015","unstructured":"Laarhoven T., Mosca M., van de Pol J.: Finding shortest lattice vectors faster using quantum search. Des. Codes Cryptogr. 77(2), 375\u2013400 (2015).","journal-title":"Des. Codes Cryptogr."},{"issue":"3","key":"654_CR23","doi-asserted-by":"publisher","first-page":"565","DOI":"10.1007\/s10623-014-9938-4","volume":"75","author":"A Langlois","year":"2015","unstructured":"Langlois A., Stehl\u00e9 D.: Worst-case to average-case reductions for module lattices. Des. Codes Cryptogr. 75(3), 565\u2013599 (2015).","journal-title":"Des. Codes Cryptogr."},{"key":"654_CR24","first-page":"196","volume-title":"Proceedings of ASIACRYPT","author":"V Lyubashevsky","year":"2016","unstructured":"Lyubashevsky V.: Digital signatures based on the hardness of ideal lattice problems in all rings. Proceedings of ASIACRYPT, pp. 196\u2013214. Springer, Berlin (2016)."},{"key":"654_CR25","first-page":"144","volume-title":"Proceedings of ICALP","author":"V Lyubashevsky","year":"2006","unstructured":"Lyubashevsky V., Micciancio D.: Generalized compact knapsacks are collision resistant. Proceedings of ICALP, pp. 144\u2013155. Springer, Berlin (2006)."},{"key":"654_CR26","first-page":"1","volume-title":"Proceedings of EUROCRYPT. LNCS","author":"V Lyubashevsky","year":"2010","unstructured":"Lyubashevsky V., Peikert C., Regev O.: On ideal lattices and learning with errors over rings. Proceedings of EUROCRYPT. LNCS, pp. 1\u201323. Springer, Berlin (2010)."},{"key":"654_CR27","unstructured":"NIST. NIST post-quantum competition. http:\/\/csrc.nist.gov\/groups\/ST\/post-quantum-crypto\/documents\/call-for-proposals-final-dec-2016.pdf . Accessed 13 June 2017."},{"key":"654_CR28","unstructured":"NIST. SHA-3 standard: Permutation-based hash and extendable-output functions. http:\/\/nvlpubs.nist.gov\/nistpubs\/FIPS\/NIST.FIPS.202.pdf . Accessed 29 Sept 2017."},{"key":"654_CR29","doi-asserted-by":"publisher","first-page":"197","DOI":"10.1007\/978-3-319-11659-4_12","volume-title":"Post-Quantum Cryptography","author":"Chris Peikert","year":"2014","unstructured":"Peikert, C.: Lattice cryptography for the internet. In: Post-Quantum Cryptography\u20136th International Workshop, PQCrypto 2014, Waterloo, ON, Canada, Oct 1\u20133, 2014, pp. 197\u2013219 (2014)."},{"key":"654_CR30","first-page":"411","volume-title":"Proceedings of SCN. LNCS","author":"C Peikert","year":"2016","unstructured":"Peikert C.: How not to instantiate Ring-LWE. Proceedings of SCN. LNCS, vol. 9841, pp. 411\u2013430. Springer, Berlin (2016)."},{"key":"654_CR31","unstructured":"Regev O.: On lattices, learning with errors, random linear codes, and cryptography. In: Proceedings of STOC, pp. 84\u201393 (2005)."},{"key":"654_CR32","doi-asserted-by":"publisher","first-page":"34","DOI":"10.1145\/1568318.1568324","volume":"56","author":"O Regev","year":"2009","unstructured":"Regev O.: On lattices, learning with errors, random linear codes, and cryptography. JACM 56, 34 (2009).","journal-title":"JACM"},{"key":"654_CR33","doi-asserted-by":"publisher","first-page":"283","DOI":"10.1007\/978-3-319-63697-9_10","volume-title":"Advances in Cryptology\u2014CRYPTO 2017","author":"M Ro\u015fca","year":"2017","unstructured":"Ro\u015fca M., Sakzad A., Stehl\u00e9 D., Steinfeld R.: Middle-product learning with errors. Advances in Cryptology\u2014CRYPTO 2017, pp. 283\u2013297. Springer, Berlin (2017)."},{"key":"654_CR34","first-page":"146","volume-title":"Advances in Cryptology\u2014EUROCRYPT","author":"M Rosca","year":"2018","unstructured":"Rosca M., Stehl\u00e9 D., Wallet A.: On the ring-lwe and polynomial-lwe problems. Advances in Cryptology\u2014EUROCRYPT, vol. 2018, pp. 146\u2013173. Springer, Berlin (2018)."},{"key":"654_CR35","first-page":"145","volume-title":"Lattice Reduction by Random Sampling and Birthday Methods","author":"CP Schnorr","year":"2003","unstructured":"Schnorr C.P.: Lattice Reduction by Random Sampling and Birthday Methods, pp. 145\u2013156. Springer, Berlin (2003)."},{"key":"654_CR36","unstructured":"Seiler G.: Faster AVX2 optimized NTT multiplication for Ring-LWE lattice cryptography. https:\/\/eprint.iacr.org\/2018\/039.pdf (2018)."},{"issue":"3","key":"654_CR37","doi-asserted-by":"publisher","first-page":"1184","DOI":"10.1109\/78.205723","volume":"41","author":"HV Sorensen","year":"1993","unstructured":"Sorensen H.V., Burrus C.S.: Efficient computation of the DFT with only a subset of input or output points. IEEE Trans. Signal Process. 41(3), 1184\u20131200 (1993).","journal-title":"IEEE Trans. Signal Process."},{"key":"654_CR38","first-page":"617","volume-title":"Proceedings of ASIACRYPT","author":"D Stehl\u00e9","year":"2009","unstructured":"Stehl\u00e9 D., Steinfeld R., Tanaka K., Xagawa K.: Efficient public key encryption based on ideal lattices. Proceedings of ASIACRYPT, pp. 617\u2013635. Springer, Berlin (2009)."},{"key":"654_CR39","unstructured":"Steinfeld R., Sakzad A., Zhao R.K.: Titanium: post-quantum public-key encryption and Kem algorithms. http:\/\/users.monash.edu.au\/~rste\/Titanium.html . Accessed 1 May 2018."},{"key":"654_CR40","unstructured":"Steinfeld R., Sakzad A., Zhao R.K.: Titanium: post-quantum public-key encryption and Kem algorithms. NIST PQC Standardisation Process submission. Accessed 1 May 2018."}],"container-title":["Designs, Codes and Cryptography"],"original-title":[],"language":"en","link":[{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/s10623-019-00654-5.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"text-mining"},{"URL":"http:\/\/link.springer.com\/article\/10.1007\/s10623-019-00654-5\/fulltext.html","content-type":"text\/html","content-version":"vor","intended-application":"text-mining"},{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/s10623-019-00654-5.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2023,9,17]],"date-time":"2023-09-17T17:46:43Z","timestamp":1694972803000},"score":1,"resource":{"primary":{"URL":"http:\/\/link.springer.com\/10.1007\/s10623-019-00654-5"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2019,6,22]]},"references-count":40,"journal-issue":{"issue":"12","published-print":{"date-parts":[[2019,12]]}},"alternative-id":["654"],"URL":"https:\/\/doi.org\/10.1007\/s10623-019-00654-5","relation":{},"ISSN":["0925-1022","1573-7586"],"issn-type":[{"value":"0925-1022","type":"print"},{"value":"1573-7586","type":"electronic"}],"subject":[],"published":{"date-parts":[[2019,6,22]]},"assertion":[{"value":"4 November 2018","order":1,"name":"received","label":"Received","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"17 May 2019","order":2,"name":"revised","label":"Revised","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"8 June 2019","order":3,"name":"accepted","label":"Accepted","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"22 June 2019","order":4,"name":"first_online","label":"First Online","group":{"name":"ArticleHistory","label":"Article History"}}]}}