{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,4,4]],"date-time":"2026-04-04T10:06:11Z","timestamp":1775297171126,"version":"3.50.1"},"publisher-location":"New York, NY, USA","reference-count":59,"publisher":"ACM","license":[{"start":{"date-parts":[[2016,10,24]],"date-time":"2016-10-24T00:00:00Z","timestamp":1477267200000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"funder":[{"name":"Australian Research Council (ARC)","award":["Discovery Project grant DP130104304"],"award-info":[{"award-number":["Discovery Project grant DP130104304"]}]},{"name":"Commission of the European Communities","award":["Horizon 2020 program project number 645622 (PQCRYPTO)"],"award-info":[{"award-number":["Horizon 2020 program project number 645622 (PQCRYPTO)"]}]},{"name":"Natural Sciences and Engineering Research Council of Canada (NSERC)","award":["Discovery Grant"],"award-info":[{"award-number":["Discovery Grant"]}]}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2016,10,24]]},"DOI":"10.1145\/2976749.2978425","type":"proceedings-article","created":{"date-parts":[[2016,10,25]],"date-time":"2016-10-25T12:46:35Z","timestamp":1477399595000},"page":"1006-1018","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":253,"title":["Frodo"],"prefix":"10.1145","author":[{"given":"Joppe","family":"Bos","sequence":"first","affiliation":[{"name":"NXP Semiconductors, Eindhoven, Netherlands"}]},{"given":"Craig","family":"Costello","sequence":"additional","affiliation":[{"name":"Microsoft Research, Redmond, WA, USA"}]},{"given":"Leo","family":"Ducas","sequence":"additional","affiliation":[{"name":"CWI, Amsterdam, Netherlands"}]},{"given":"Ilya","family":"Mironov","sequence":"additional","affiliation":[{"name":"Google, Mountain View, CA, USA"}]},{"given":"Michael","family":"Naehrig","sequence":"additional","affiliation":[{"name":"Microsoft Research, Redmond, WA, USA"}]},{"given":"Valeria","family":"Nikolaenko","sequence":"additional","affiliation":[{"name":"Stanford University, Stanford, CA, USA"}]},{"given":"Ananth","family":"Raghunathan","sequence":"additional","affiliation":[{"name":"Google, Mountain View, CA, USA"}]},{"given":"Douglas","family":"Stebila","sequence":"additional","affiliation":[{"name":"McMaster University, Hamilton, ON, Canada"}]}],"member":"320","published-online":{"date-parts":[[2016,10,24]]},"reference":[{"key":"e_1_3_2_1_1_1","doi-asserted-by":"publisher","DOI":"10.1145\/2810103.2813707"},{"key":"e_1_3_2_1_2_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-13190-5_28"},{"key":"e_1_3_2_1_3_1","doi-asserted-by":"publisher","DOI":"10.5555\/1881412.1881420"},{"key":"e_1_3_2_1_4_1","doi-asserted-by":"publisher","DOI":"10.1145\/237814.237838"},{"key":"e_1_3_2_1_5_1","doi-asserted-by":"publisher","DOI":"10.1007\/s10623-015-0048-8"},{"key":"e_1_3_2_1_6_1","volume-title":"USENIX Security","author":"Alkim E.","year":"2016","unstructured":"E. Alkim , L. Ducas , T. P\u00f6ppelmann , and P. Schwabe . Post-quantum key exchange -- a new hope . In USENIX Security 2016 . E. Alkim, L. Ducas, T. P\u00f6ppelmann, and P. Schwabe. Post-quantum key exchange -- a new hope. In USENIX Security 2016."},{"key":"e_1_3_2_1_7_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-03356-8_35"},{"key":"e_1_3_2_1_8_1","doi-asserted-by":"publisher","DOI":"10.5555\/2027127.2027170"},{"key":"e_1_3_2_1_9_1","volume-title":"Initial recommendations of long-term secure post-quantum systems","author":"Augot D.","year":"2015","unstructured":"D. Augot , L. Batina , D. J. Bernstein , J. W. Bos , J. Buchmann , W. Castryck , O. Dunkelman , T. G\u00fcneysu , S. Gueron , A. H\u00fclsing , T. Lange , M. S. E. Mohamed , C. Rechberger , P. Schwabe , N. Sendrier , F. Vercauteren , and B.-Y. Yang . Initial recommendations of long-term secure post-quantum systems , 2015 . http:\/\/pqcrypto.eu.org\/docs\/initial-recommendations.pdf. D. Augot, L. Batina, D. J. Bernstein, J. W. Bos, J. Buchmann, W. Castryck, O. Dunkelman, T. G\u00fcneysu, S. Gueron, A. H\u00fclsing, T. Lange, M. S. E. Mohamed, C. Rechberger, P. Schwabe, N. Sendrier, F. Vercauteren, and B.-Y. Yang. Initial recommendations of long-term secure post-quantum systems, 2015. http:\/\/pqcrypto.eu.org\/docs\/initial-recommendations.pdf."},{"key":"e_1_3_2_1_10_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-662-48797-6_1"},{"key":"e_1_3_2_1_11_1","doi-asserted-by":"publisher","DOI":"10.6028\/NIST.SP.800-57p1r3"},{"key":"e_1_3_2_1_12_1","doi-asserted-by":"publisher","DOI":"10.5555\/2884435.2884437"},{"key":"e_1_3_2_1_13_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-40349-1_15"},{"key":"e_1_3_2_1_15_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2015.40"},{"key":"e_1_3_2_1_16_1","volume-title":"International Journal of Applied Cryptography","author":"Bos J. W.","year":"2016","unstructured":"J. W. Bos , M. Naehrig , and J. van de Pol. Sieving for shortest vectors in ideal lattices: a practical perspective . International Journal of Applied Cryptography , 2016 . J. W. Bos, M. Naehrig, and J. van de Pol. Sieving for shortest vectors in ideal lattices: a practical perspective. International Journal of Applied Cryptography, 2016."},{"key":"e_1_3_2_1_17_1","doi-asserted-by":"publisher","DOI":"10.1145\/2488608.2488680"},{"key":"e_1_3_2_1_18_1","doi-asserted-by":"publisher","DOI":"10.1137\/120868669"},{"key":"e_1_3_2_1_19_1","doi-asserted-by":"publisher","DOI":"10.1007\/s00145-011-9105-2"},{"key":"e_1_3_2_1_20_1","volume-title":"DRAFT","author":"Chen L.","year":"2016","unstructured":"L. Chen , S. Jordan , Y.-K. Liu , D. Moody , R. Peralta , R. Perlner , and D. Smith-Tone . Report on post-quantum cryptography. NISTIR 8105 , DRAFT , 2016 . http:\/\/csrc.nist.gov\/publications\/drafts\/nistir-8105\/nistir_8105_draft.pdf. L. Chen, S. Jordan, Y.-K. Liu, D. Moody, R. Peralta, R. Perlner, and D. Smith-Tone. Report on post-quantum cryptography. NISTIR 8105, DRAFT, 2016. http:\/\/csrc.nist.gov\/publications\/drafts\/nistir-8105\/nistir_8105_draft.pdf."},{"key":"e_1_3_2_1_22_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-25385-0_1"},{"key":"e_1_3_2_1_23_1","series-title":"LNCS","first-page":"155","volume-title":"EUROCRYPT'96","author":"Coppersmith D.","unstructured":"D. Coppersmith . Finding a small root of a univariate modular equation . In EUROCRYPT'96 , volume 1070 of LNCS , pages 155 -- 165 . D. Coppersmith. Finding a small root of a univariate modular equation. In EUROCRYPT'96, volume 1070 of LNCS, pages 155--165."},{"key":"e_1_3_2_1_24_1","doi-asserted-by":"publisher","DOI":"10.1145\/28395.28396"},{"key":"e_1_3_2_1_25_1","series-title":"LNCS","first-page":"572","volume-title":"CRYPTO","author":"Costello C.","unstructured":"C. Costello , P. Longa , and M. Naehrig . Efficient algorithms for supersingular isogeny Diffie-Hellman . In CRYPTO , volume 9814 of LNCS , pages 572 -- 601 . C. Costello, P. Longa, and M. Naehrig. Efficient algorithms for supersingular isogeny Diffie-Hellman. In CRYPTO, volume 9814 of LNCS, pages 572--601."},{"key":"e_1_3_2_1_26_1","doi-asserted-by":"publisher","DOI":"10.1109\/HPCASIA.2005.18"},{"key":"e_1_3_2_1_27_1","doi-asserted-by":"publisher","DOI":"10.1126\/science.1231930"},{"key":"e_1_3_2_1_28_1","doi-asserted-by":"publisher","DOI":"10.1007\/BF00124891"},{"key":"e_1_3_2_1_29_1","doi-asserted-by":"publisher","DOI":"10.2307\/2153546"},{"key":"e_1_3_2_1_30_1","series-title":"LNCS","first-page":"537","volume-title":"CRYPTO'99","author":"Fujisaki E.","unstructured":"E. Fujisaki and T. Okamoto . Secure integration of asymmetric and symmetric encryption schemes . In CRYPTO'99 , volume 1666 of LNCS , pages 537 -- 554 . E. Fujisaki and T. Okamoto. Secure integration of asymmetric and symmetric encryption schemes. In CRYPTO'99, volume 1666 of LNCS, pages 537--554."},{"key":"e_1_3_2_1_31_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-13190-5_13"},{"key":"e_1_3_2_1_32_1","doi-asserted-by":"publisher","DOI":"10.1145\/1374376.1374407"},{"key":"e_1_3_2_1_33_1","doi-asserted-by":"publisher","DOI":"10.1145\/237814.237866"},{"key":"e_1_3_2_1_34_1","volume-title":"NDSS","author":"Gupta V.","year":"2004","unstructured":"V. Gupta , D. Stebila , S. Fung , S. C. Shantz , N. Gura , and H. Eberle . Speeding up secure web transactions using elliptic curve cryptography . In NDSS 2004 . V. Gupta, D. Stebila, S. Fung, S. C. Shantz, N. Gura, and H. Eberle. Speeding up secure web transactions using elliptic curve cryptography. In NDSS 2004."},{"key":"e_1_3_2_1_35_1","series-title":"LNCS","first-page":"267","volume-title":"ANTS'98","author":"Hoffstein J.","unstructured":"J. Hoffstein , J. Pipher , and J. H. Silverman . NTRU: A ring-based public key cryptosystem . In ANTS'98 , volume 1423 of LNCS , pages 267 -- 288 . J. Hoffstein, J. Pipher, and J. H. Silverman. NTRU: A ring-based public key cryptosystem. In ANTS'98, volume 1423 of LNCS, pages 267--288."},{"key":"e_1_3_2_1_36_1","doi-asserted-by":"publisher","DOI":"10.1145\/2307636.2307658"},{"key":"e_1_3_2_1_37_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-32009-5_17"},{"key":"e_1_3_2_1_39_1","doi-asserted-by":"publisher","DOI":"10.5555\/1760564.1760592"},{"key":"e_1_3_2_1_40_1","doi-asserted-by":"publisher","DOI":"10.1038\/nature14270"},{"key":"e_1_3_2_1_41_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-662-47989-6_3"},{"key":"e_1_3_2_1_42_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-40041-4_24"},{"key":"e_1_3_2_1_44_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-662-47989-6_1"},{"key":"e_1_3_2_1_45_1","doi-asserted-by":"publisher","DOI":"10.5555\/1964621.1964651"},{"key":"e_1_3_2_1_47_1","doi-asserted-by":"publisher","DOI":"10.1145\/2535925"},{"key":"e_1_3_2_1_48_1","doi-asserted-by":"publisher","DOI":"10.1145\/103418.103434"},{"key":"e_1_3_2_1_49_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-40041-4_2"},{"key":"e_1_3_2_1_51_1","volume-title":"August","author":"National Security Agency (NSA).","year":"2015","unstructured":"National Security Agency (NSA). Cryptography today. https:\/\/www.nsa.gov\/ia\/programs\/suiteb_cryptography\/ , August 2015 . National Security Agency (NSA). Cryptography today. https:\/\/www.nsa.gov\/ia\/programs\/suiteb_cryptography\/, August 2015."},{"key":"e_1_3_2_1_52_1","unstructured":"NIST. http:\/\/www.nist.gov\/itl\/csd\/ct\/post-quantum-crypto-workshop-2015.cfm.  NIST. http:\/\/www.nist.gov\/itl\/csd\/ct\/post-quantum-crypto-workshop-2015.cfm."},{"key":"e_1_3_2_1_53_1","unstructured":"NIST Suite B. https:\/\/www.nsa.gov\/ia\/programs\/suiteb_cryptography\/index.shtml.  NIST Suite B. https:\/\/www.nsa.gov\/ia\/programs\/suiteb_cryptography\/index.shtml."},{"key":"e_1_3_2_1_54_1","doi-asserted-by":"publisher","DOI":"10.1145\/1536414.1536461"},{"key":"e_1_3_2_1_55_1","series-title":"LNCS","first-page":"197","volume-title":"PQCrypto","author":"Peikert C.","year":"2014","unstructured":"C. Peikert . Lattice cryptography for the Internet . In PQCrypto 2014 , volume 8772 of LNCS , pages 197 -- 219 . C. Peikert. Lattice cryptography for the Internet. In PQCrypto 2014, volume 8772 of LNCS, pages 197--219."},{"key":"e_1_3_2_1_56_1","doi-asserted-by":"publisher","DOI":"10.1561\/0400000074"},{"key":"e_1_3_2_1_58_1","doi-asserted-by":"publisher","DOI":"10.5555\/2011528.2011531"},{"key":"e_1_3_2_1_59_1","doi-asserted-by":"publisher","DOI":"10.1145\/1060590.1060603"},{"key":"e_1_3_2_1_60_1","doi-asserted-by":"publisher","DOI":"10.1145\/1568318.1568324"},{"key":"e_1_3_2_1_61_1","series-title":"LNCS","first-page":"375","volume-title":"AFRICACRYPT 13","author":"Schneider M.","unstructured":"M. Schneider . Sieving for shortest vectors in ideal lattices. In AFRICACRYPT 13 , volume 7918 of LNCS , pages 375 -- 391 . M. Schneider. Sieving for shortest vectors in ideal lattices. In AFRICACRYPT 13, volume 7918 of LNCS, pages 375--391."},{"key":"e_1_3_2_1_62_1","doi-asserted-by":"publisher","DOI":"10.1137\/S0097539795293172"},{"key":"e_1_3_2_1_63_1","doi-asserted-by":"publisher","DOI":"10.1007\/BF02165411"},{"key":"e_1_3_2_1_64_1","doi-asserted-by":"publisher","DOI":"10.1145\/2187836.2187843"},{"key":"e_1_3_2_1_65_1","volume-title":"Open source NTRU public key cryptography algorithm and reference code. https:\/\/github.com\/NTRUOpenSourceProject\/ntru-crypto","author":"Whyte W.","year":"2013","unstructured":"W. Whyte , M. Etzel , and P. Jenney . Open source NTRU public key cryptography algorithm and reference code. https:\/\/github.com\/NTRUOpenSourceProject\/ntru-crypto , 2013 . W. Whyte, M. Etzel, and P. Jenney. Open source NTRU public key cryptography algorithm and reference code. https:\/\/github.com\/NTRUOpenSourceProject\/ntru-crypto, 2013."},{"key":"e_1_3_2_1_66_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-662-46803-6_24"}],"event":{"name":"CCS'16: 2016 ACM SIGSAC Conference on Computer and Communications Security","location":"Vienna Austria","acronym":"CCS'16","sponsor":["SIGSAC ACM Special Interest Group on Security, Audit, and Control"]},"container-title":["Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/2976749.2978425","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/2976749.2978425","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,18]],"date-time":"2025-06-18T03:49:54Z","timestamp":1750218594000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/2976749.2978425"}},"subtitle":["Take off the Ring! Practical, Quantum-Secure Key Exchange from LWE"],"short-title":[],"issued":{"date-parts":[[2016,10,24]]},"references-count":59,"alternative-id":["10.1145\/2976749.2978425","10.1145\/2976749"],"URL":"https:\/\/doi.org\/10.1145\/2976749.2978425","relation":{},"subject":[],"published":{"date-parts":[[2016,10,24]]},"assertion":[{"value":"2016-10-24","order":2,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}