{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,2,26]],"date-time":"2026-02-26T15:25:24Z","timestamp":1772119524052,"version":"3.50.1"},"reference-count":44,"publisher":"Springer Science and Business Media LLC","issue":"3","license":[{"start":{"date-parts":[[2019,11,13]],"date-time":"2019-11-13T00:00:00Z","timestamp":1573603200000},"content-version":"tdm","delay-in-days":0,"URL":"http:\/\/www.springer.com\/tdm"},{"start":{"date-parts":[[2019,11,13]],"date-time":"2019-11-13T00:00:00Z","timestamp":1573603200000},"content-version":"vor","delay-in-days":0,"URL":"http:\/\/www.springer.com\/tdm"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":["Des. Codes Cryptogr."],"published-print":{"date-parts":[[2020,3]]},"DOI":"10.1007\/s10623-019-00694-x","type":"journal-article","created":{"date-parts":[[2019,11,13]],"date-time":"2019-11-13T06:02:36Z","timestamp":1573624956000},"page":"505-532","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":5,"title":["Modular lattice signatures, revisited"],"prefix":"10.1007","volume":"88","author":[{"given":"Dipayan","family":"Das","sequence":"first","affiliation":[]},{"given":"Jeffrey","family":"Hoffstein","sequence":"additional","affiliation":[]},{"given":"Jill","family":"Pipher","sequence":"additional","affiliation":[]},{"given":"William","family":"Whyte","sequence":"additional","affiliation":[]},{"given":"Zhenfei","family":"Zhang","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2019,11,13]]},"reference":[{"key":"694_CR1","unstructured":"Akleylek S., Alkim E., Barreto P.S.L.M., Bindel N., Buchmann J., Eaton E., Gutoski G., Kr\u00e4mer J., Longa P., Polat H., Ricardini J.E., Zanon G.: qTESLA: efficient and post-quantum secure lattice-based signature scheme. https:\/\/qtesla.org."},{"key":"694_CR2","unstructured":"Albrecht M.R., Bai S., Ducas L.: A subfield lattice attack on overstretched NTRU assumptions-cryptanalysis of some FHE and graded encoding schemes. In: Advances in Cryptology-CRYPTO 2016-36th Annual International Cryptology Conference, Santa Barbara, CA, USA, August 14\u201318, 2016, Proceedings, Part I, pp. 153\u2013178 (2016)."},{"key":"694_CR3","unstructured":"Alkim E., Ducas L., P\u00f6ppelmann T., Schwabe P.: Post-quantum key exchange: a new hope. In: 25th USENIX Security Symposium, USENIX Security 16, Austin, TX, USA, August 10\u201312, 2016. pp. 327\u2013343 (2016)."},{"key":"694_CR4","first-page":"713","volume":"2016","author":"S Bai","year":"2016","unstructured":"Bai S., Laarhoven T., Stehl\u00e9 D.: Tuple lattice sieving. IACR Cryptol. ePrint Arch. 2016, 713 (2016).","journal-title":"IACR Cryptol. ePrint Arch."},{"key":"694_CR5","unstructured":"Bernstein D.J.: A subfield-logarithm attack against ideal lattices (2014). https:\/\/blog.cr.yp.to\/20140213-ideal.html."},{"key":"694_CR6","doi-asserted-by":"crossref","unstructured":"Chen L., Jordan S., Liu Y.-K., Moody D., Peralta R., Perlner R., Smith-Tone D.: Report on post-quantum cryptography. National Institute of Standards and Technology Internal Report, vol. 8105 (2016).","DOI":"10.6028\/NIST.IR.8105"},{"key":"694_CR7","unstructured":"Chen Y., Nguyen P.Q.: BKZ 2.0: better lattice security estimates. In: Advances in Cryptology\u2014ASIACRYPT 2011\u201417th International Conference on the Theory and Application of Cryptology and Information Security, Seoul, South Korea, December 4\u20138, 2011. Proceedings, pp. 1\u201320 (2011)."},{"key":"694_CR8","unstructured":"Coppersmith D., Shamir, A.: Lattice attacks on NTRU. In: Advances in Cryptology-EUROCRYPT\u201997, International Conference on the Theory and Application of Cryptographic Techniques, Konstanz, Germany, May 11\u201315, 1997, Proceeding, pp. 52\u201361 (1997)."},{"issue":"1","key":"694_CR9","doi-asserted-by":"publisher","first-page":"267","DOI":"10.1137\/S0097539705447360","volume":"37","author":"M Daniele","year":"2007","unstructured":"Daniele M., Regev O.: Worst-case to average-case reductions based on gaussian measures. SIAM J. Comput. 37(1), 267\u2013302 (2007).","journal-title":"SIAM J. Comput."},{"key":"694_CR10","first-page":"688","volume":"2012","author":"J Ding","year":"2012","unstructured":"Ding J.: A simple provably secure key exchange scheme based on the learning with errors problem. IACR Cryptol. ePrint Arch. 2012, 688 (2012).","journal-title":"IACR Cryptol. ePrint Arch."},{"key":"694_CR11","first-page":"22","volume-title":"Lecture Notes in Computer Science","author":"L\u00e9o Ducas","year":"2014","unstructured":"Ducas L., Lyubashevsky V., Prest T.: Efficient identity-based encryption over NTRU lattices. In: Advances in Cryptology-ASIACRYPT 2014\u201420th International Conference on the Theory and Application of Cryptology and Information Security, Kaoshiung, Taiwan, R.O.C., December 7\u201311, 2014, Proceedings, Part II, pp. 22\u201341 (2014)."},{"key":"694_CR12","unstructured":"Ducas L., Nguyen, P.Q.: Learning a zonotope and more: cryptanalysis of ntrusign countermeasures. In: Advances in Cryptology-ASIACRYPT 2012\u201418th International Conference on the Theory and Application of Cryptology and Information Security, Beijing, China, December 2\u20136, 2012. Proceedings, pp. 433\u2013450 (2012)."},{"key":"694_CR13","first-page":"40","volume":"2013","author":"L Ducas","year":"2013","unstructured":"Ducas L., Durmus A., Lepoint T., Lyubashevsky V.: Lattice signatures and bimodal gaussians. CRYPTO 2013, 40\u201356 (2013).","journal-title":"CRYPTO"},{"issue":"1","key":"694_CR14","doi-asserted-by":"crossref","first-page":"238","DOI":"10.46586\/tches.v2018.i1.238-268","volume":"2018","author":"L Ducas","year":"2018","unstructured":"Ducas L., Kiltz E., Lepoint T., Lyubashevsky V., Schwabe Peter, Seiler Gregor, Stehl\u00e9 Damien: Crystals-dilithium: a lattice-based digital signature scheme. IACR Trans. Cryptogr. Hardw. Embed. Syst. 2018(1), 238\u2013268 (2018).","journal-title":"IACR Trans. Cryptogr. Hardw. Embed. Syst."},{"key":"694_CR15","unstructured":"Fouque P.-A., Hoffstein J., Kirchner P., Lyubashevsky V., Pornin T., Prest T., Ricosset T., Seiler G., Whyte W., Zhang Z.: Falcon: fast-Fourier lattice-based compact signatures over NTRU. https:\/\/falcon-sign.info\/."},{"key":"694_CR16","unstructured":"Gama N., Nguyen P.Q., Regev O.: Lattice enumeration using extreme pruning. In: Advances in Cryptology\u2014EUROCRYPT 2010, 29th Annual International Conference on the Theory and Applications of Cryptographic Techniques, Monaco\/French Riviera, May 30\u2013June 3, 2010. Proceedings, pp. 257\u2013278 (2010)."},{"key":"694_CR17","unstructured":"Gama N., Nguyen P.Q.: Predicting lattice reduction. In: Advances in Cryptology-EUROCRYPT 2008, 27th Annual International Conference on the Theory and Applications of Cryptographic Techniques, Istanbul, Turkey, April 13\u201317, 2008. Proceedings pp. 31\u201351 (2008)."},{"key":"694_CR18","unstructured":"Gentry C., Peikert C., Vaikuntanathan V.: Trapdoors for hard lattices and new cryptographic constructions. In: Proceedings of the 40th annual ACM symposium on Theory of computing, STOC \u201908, pp. 197\u2013206, New York, USA (2008). ACM."},{"key":"694_CR19","unstructured":"Goldreich O., Goldwasser S., Halevi S.: Public-key cryptosystems from lattice reduction problems. In: Advances in Cryptology\u2014CRYPTO \u201997, 17th Annual International Cryptology Conference, Santa Barbara, California, USA, August 17\u201321, 1997, Proceedings, pp. 112\u2013131 (1997)."},{"key":"694_CR20","unstructured":"G\u00f6pfert F., van Vredendaal C., Wunderer T.: A hybrid lattice basis reduction and quantum search attack on LWE. In: Post-quantum Cryptography\u20148th International Workshop, PQCrypto 2017, Utrecht, The Netherlands, June 26\u201328, 2017, Proceedings, pp.184\u2013202 (2017)."},{"key":"694_CR21","unstructured":"Grover L.K.: A fast quantum mechanical algorithm for database search. In: Proceedings of the Twenty-Eighth Annual ACM Symposium on the Theory of Computing, Philadelphia, Pennsylvania, USA, May 22\u201324, 1996, pp. 212\u2013219 (1996)."},{"key":"694_CR22","unstructured":"Hoffstein J., Cong C., Whyte W., Zhang Z.: pqNTRUSign."},{"key":"694_CR23","unstructured":"Hoffstein J., Howgrave-Graham N., Pipher J., Silverman J.H., Whyte W.: NTRUSIGN: digital signatures using the NTRU lattice. In: Topics in Cryptology\u2014CT-RSA 2003, The Cryptographers\u2019 Track at the RSA Conference 2003, San Francisco, CA, USA, April 13\u201317, 2003, Proceedings, pp. 122\u2013140 (2003)."},{"key":"694_CR24","unstructured":"Hoffstein J., Pipher J., Schanck J.M., Silverman J.H., Whyte W., Zhang Z.: Choosing parameters for ntruencrypt. In: Topics in Cryptology-CT-RSA 2017\u2014The Cryptographers\u2019 Track at the RSA Conference 2017, San Francisco, CA, USA, February 14\u201317, 2017, Proceedings, pp. 3\u201318 (2017)."},{"key":"694_CR25","first-page":"267","volume-title":"Lecture Notes in Computer Science","author":"Jeffrey Hoffstein","year":"1998","unstructured":"Hoffstein J., Pipher J., Silverman J.H.: NTRU: a ring-based public key cryptosystem. In: Algorithmic Number Theory, Third International Symposium, ANTS-III, Portland, Oregon, USA, June 21\u201325, 1998, Proceedings, pp. 267\u2013288 (1998)."},{"key":"694_CR26","unstructured":"Hoffstein J., Pipher J., Whyte W., Zhang Z.: A signature scheme from learning with truncation. Cryptology ePrint Archive, Report 2017\/995 (2017). https:\/\/eprint.iacr.org\/2017\/995."},{"key":"694_CR27","unstructured":"Hoffstein J., Silverman J.H.: Meet-in-the-middle attack on an NTRU private key (2006). http:\/\/www.ntru.com."},{"key":"694_CR28","first-page":"142","volume":"2014","author":"J Hoffstein","year":"2014","unstructured":"Hoffstein J., Pipher J., Schanck J.M., Silverman J.H., Whyte W.: Transcript secure signatures based on modular lattices. PQCrypto 2014, 142\u2013159 (2014).","journal-title":"PQCrypto"},{"key":"694_CR29","unstructured":"Howgrave-Graham N.: A hybrid lattice-reduction and meet-in-the-middle attack against NTRU. In: Advances in Cryptology-CRYPTO 2007, 27th Annual International Cryptology Conference, Santa Barbara, CA, USA, August 19\u201323, 2007, Proceedings, pp. 150\u2013169 (2007)."},{"key":"694_CR30","unstructured":"Lyubashevsky V.: Lattice signatures without trapdoors. In: Advances in Cryptology-EUROCRYPT 2012\u201431st Annual International Conference on the Theory and Applications of Cryptographic Techniques, Cambridge, UK, April 15\u201319, 2012. Proceedings, pp. 738\u2013755 (2012)."},{"key":"694_CR31","doi-asserted-by":"publisher","first-page":"598","DOI":"10.1007\/978-3-642-10366-7_35","volume-title":"ASIACRYPT 2009","author":"V Lyubashevsky","year":"2009","unstructured":"Lyubashevsky V.: Fiat-Shamir with aborts: applications to lattice and factoring-based signatures. ASIACRYPT 2009, pp. 598\u2013616. Springer, Berlin (2009)."},{"key":"694_CR32","unstructured":"Micciancio D., Peikert C.: Hardness of SIS and LWE with small parameters. In: Advances in Cryptology-CRYPTO 2013\u201433rd Annual Cryptology Conference, Santa Barbara, CA, USA, August 18\u201322, 2013. Proceedings, Part I, pp. 21\u201339 (2013)."},{"issue":"2","key":"694_CR33","doi-asserted-by":"publisher","first-page":"139","DOI":"10.1007\/s00145-008-9031-0","volume":"22","author":"PQ Nguyen","year":"2009","unstructured":"Nguyen P.Q., Regev O.: Learning a parallelepiped: cryptanalysis of GGH and NTRU signatures. J. Cryptol. 22(2), 139\u2013160 (2009).","journal-title":"J. Cryptol."},{"key":"694_CR34","unstructured":"NIST. Post-quantum cryptography-round 1 submissions. https:\/\/csrc.nist.gov\/Projects\/Post-Quantum-Cryptography\/Round-1-Submissions."},{"key":"694_CR35","unstructured":"NSA Suite B Cryptography-NSA\/CSS."},{"key":"694_CR36","unstructured":"NTRU OpenSource Project. https:\/\/github.com\/NTRUOpenSourceProject\/ntru-crypto."},{"key":"694_CR37","unstructured":"Peikert C.: Lattice cryptography for the internet. In: Post-Quantum Cryptography\u20146th International Workshop, PQCrypto 2014, Waterloo, ON, Canada, October 1-3, 2014. Proceedings, pp. 197\u2013219 (2014)."},{"key":"694_CR38","unstructured":"Schanck J.: Estimator: scripts for estimating the security of lattice based cryptosystems. https:\/\/github.com\/jschanck\/estimator."},{"key":"694_CR39","unstructured":"Shor P.W.: Algorithms for quantum computation: discrete logarithms and factoring. In: 35th Annual Symposium on Foundations of Computer Science, Santa Fe, New Mexico, USA, 20\u201322 November 1994, pp. 124\u2013134 (1994)."},{"key":"694_CR40","unstructured":"The number of atoms in the World (2014). http:\/\/www.fnal.gov\/pub\/science\/inquiring\/questions\/atoms.html."},{"key":"694_CR41","unstructured":"What is the world\u2019s data storage capacity? (2011). http:\/\/www.zdnet.com\/article\/what-is-the-worlds-data-storage-capacity\/."},{"key":"694_CR42","first-page":"733","volume":"2016","author":"T Wunderer","year":"2016","unstructured":"Wunderer T.: Revisiting the hybrid attack: improved analysis and refined security estimates. IACR Cryptol. ePrint Arch. 2016, 733 (2016).","journal-title":"IACR Cryptol. ePrint Arch."},{"issue":"1","key":"694_CR43","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1515\/jmc-2016-0044","volume":"13","author":"T Wunderer","year":"2019","unstructured":"Wunderer T.: A detailed analysis of the hybrid lattice-reduction and meet-in-the-middle attack. J. Math. Cryptol. 13(1), 1\u201326 (2019).","journal-title":"J. Math. Cryptol."},{"key":"694_CR44","doi-asserted-by":"publisher","first-page":"719","DOI":"10.1007\/978-3-662-46803-6_24","volume-title":"Advances in Cryptology - EUROCRYPT 2015","author":"Jiang Zhang","year":"2015","unstructured":"Zhang J., Zhang Z., Ding J., Snook M., Dagdelen \u00d6.: Authenticated key exchange from ideal lattices. In: Advances in Cryptology-EUROCRYPT 2015\u201434th Annual International Conference on the Theory and Applications of Cryptographic Techniques, Sofia, Bulgaria, April 26-30, 2015, Proceedings, Part II, pp. 719\u2013751 (2015)."}],"container-title":["Designs, Codes and Cryptography"],"original-title":[],"language":"en","link":[{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/s10623-019-00694-x.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"text-mining"},{"URL":"http:\/\/link.springer.com\/article\/10.1007\/s10623-019-00694-x\/fulltext.html","content-type":"text\/html","content-version":"vor","intended-application":"text-mining"},{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/s10623-019-00694-x.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2020,11,12]],"date-time":"2020-11-12T00:13:24Z","timestamp":1605140004000},"score":1,"resource":{"primary":{"URL":"http:\/\/link.springer.com\/10.1007\/s10623-019-00694-x"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2019,11,13]]},"references-count":44,"journal-issue":{"issue":"3","published-print":{"date-parts":[[2020,3]]}},"alternative-id":["694"],"URL":"https:\/\/doi.org\/10.1007\/s10623-019-00694-x","relation":{},"ISSN":["0925-1022","1573-7586"],"issn-type":[{"value":"0925-1022","type":"print"},{"value":"1573-7586","type":"electronic"}],"subject":[],"published":{"date-parts":[[2019,11,13]]},"assertion":[{"value":"17 July 2018","order":1,"name":"received","label":"Received","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"22 October 2019","order":2,"name":"revised","label":"Revised","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"24 October 2019","order":3,"name":"accepted","label":"Accepted","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"13 November 2019","order":4,"name":"first_online","label":"First Online","group":{"name":"ArticleHistory","label":"Article History"}}]}}