{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,6,3]],"date-time":"2026-06-03T22:59:04Z","timestamp":1780527544862,"version":"3.54.1"},"publisher-location":"New York, NY, USA","reference-count":77,"publisher":"ACM","license":[{"start":{"date-parts":[[2017,10,30]],"date-time":"2017-10-30T00:00:00Z","timestamp":1509321600000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"funder":[{"name":"European Comission Horizon 2020","award":["645622"],"award-info":[{"award-number":["645622"]}]},{"name":"European Comission Horizon 2020","award":["644962"],"award-info":[{"award-number":["644962"]}]},{"DOI":"10.13039\/100000001","name":"National Science Foundation","doi-asserted-by":"publisher","award":["DGE 1148900"],"award-info":[{"award-number":["DGE 1148900"]}],"id":[{"id":"10.13039\/100000001","id-type":"DOI","asserted-by":"publisher"}]},{"name":"Danish Council for Independent Research"},{"name":"COST Action","award":["IC1306"],"award-info":[{"award-number":["IC1306"]}]}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2017,10,30]]},"DOI":"10.1145\/3133956.3133997","type":"proceedings-article","created":{"date-parts":[[2017,10,27]],"date-time":"2017-10-27T12:48:18Z","timestamp":1509108498000},"page":"1825-1842","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":198,"title":["Post-Quantum Zero-Knowledge and Signatures from Symmetric-Key Primitives"],"prefix":"10.1145","author":[{"given":"Melissa","family":"Chase","sequence":"first","affiliation":[{"name":"Microsoft Research, Redmond, WA, USA"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"David","family":"Derler","sequence":"additional","affiliation":[{"name":"Graz University of Technology, Graz, Austria"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"Steven","family":"Goldfeder","sequence":"additional","affiliation":[{"name":"Princeton University, Princeton, NJ, USA"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"Claudio","family":"Orlandi","sequence":"additional","affiliation":[{"name":"Aarhus University, Aarhus, Denmark"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"Sebastian","family":"Ramacher","sequence":"additional","affiliation":[{"name":"Graz University of Technology, Graz, Austria"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"Christian","family":"Rechberger","sequence":"additional","affiliation":[{"name":"Graz University of Technology &amp; Denmark Technical University, Graz, Austria"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"Daniel","family":"Slamanig","sequence":"additional","affiliation":[{"name":"AIT Austrian Institute of Technology, Vienna, Austria"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"Greg","family":"Zaverucha","sequence":"additional","affiliation":[{"name":"Microsoft Research, Redmond, WA, USA"}],"role":[{"vocabulary":"crossref","role":"author"}]}],"member":"320","published-online":{"date-parts":[[2017,10,30]]},"reference":[{"key":"e_1_3_2_2_1_1","doi-asserted-by":"publisher","DOI":"10.1007\/3-540-46035-7_28"},{"key":"e_1_3_2_2_2_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-29011-4_34"},{"key":"e_1_3_2_2_3_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-319-31517-1_3"},{"key":"e_1_3_2_2_5_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-662-53887-6_7"},{"key":"e_1_3_2_2_6_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-662-46800-5_17"},{"key":"e_1_3_2_2_8_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-319-59879-6_9"},{"key":"e_1_3_2_2_9_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-319-04852-9_2"},{"key":"e_1_3_2_2_10_1","volume-title":"SAC","author":"Bansarkhani R. E.","year":"2013","unstructured":"Bansarkhani, R. E., and Buchmann, J. A. Improvement and efficient implementation of a lattice-based signature scheme. In SAC (2013)."},{"key":"e_1_3_2_2_11_1","volume-title":"Sharper ring-lwe signatures. IACR Cryptology ePrint Archive 2016","author":"Barreto P. S. L. M.","year":"2016","unstructured":"Barreto, P. S. L. M., Longa, P., Naehrig, M., Ricardini, J. E., and Zanon, G. Sharper ring-lwe signatures. IACR Cryptology ePrint Archive 2016 (2016), 1026."},{"key":"e_1_3_2_2_12_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-662-53890-6_15"},{"key":"e_1_3_2_2_13_1","doi-asserted-by":"publisher","DOI":"10.1145\/168588.168596"},{"key":"e_1_3_2_2_14_1","volume-title":"Zerocash: Decentralized anonymous payments from bitcoin","author":"Ben-Sasson E.","year":"2014","unstructured":"Ben-Sasson, E., Chiesa, A., Garman, C., Green, M., Miers, I., Tromer, E., and Virza, M. Zerocash: Decentralized anonymous payments from bitcoin. In IEEE SP (2014)."},{"key":"e_1_3_2_2_15_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-40084-1_6"},{"key":"e_1_3_2_2_16_1","unstructured":"Bernstein D. J. Cost analysis of hash collisions: Will quantum computers make SHARCS obsolete? http:\/\/cr.yp.to\/hash\/collisioncost-20090823.pdf."},{"key":"e_1_3_2_2_17_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-662-46800-5_15"},{"key":"e_1_3_2_2_18_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-25385-0_3"},{"key":"e_1_3_2_2_19_1","volume-title":"ASIACRYPT","author":"Borghoff J.","year":"2012","unstructured":"Borghoff, J., Canteaut, A., G\u00fcneysu, T., Kavun, E. B., Knezevic, M., Knudsen, L. R., Leander, G., Nikov, V., Paar, C., Rechberger, C., Rombouts, P., Thomsen, S. S., and Yalccin, T. PRINCE - a low-latency block cipher for pervasive computing applications - extended abstract. In ASIACRYPT (2012)."},{"key":"e_1_3_2_2_20_1","doi-asserted-by":"publisher","DOI":"10.1007\/s00145-012-9124-7"},{"key":"e_1_3_2_2_21_1","doi-asserted-by":"publisher","DOI":"10.1007\/BFb0054319"},{"key":"e_1_3_2_2_22_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-25405-5_8"},{"key":"e_1_3_2_2_23_1","doi-asserted-by":"publisher","DOI":"10.1145\/3133956.3134060"},{"key":"e_1_3_2_2_24_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-662-52993-5_16"},{"key":"e_1_3_2_2_25_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-34047-5_21"},{"key":"e_1_3_2_2_26_1","volume-title":"Geppetto: Versatile verifiable computation","author":"Costello C.","year":"2015","unstructured":"Costello, C., Fournet, C., Howell, J., Kohlweiss, M., Kreuter, B., Naehrig, M., Parno, B., and Zahur, S. Geppetto: Versatile verifiable computation. In IEEE SP (2015)."},{"key":"e_1_3_2_2_27_1","doi-asserted-by":"publisher","DOI":"10.1007\/3-540-45682-1_10"},{"key":"e_1_3_2_2_28_1","doi-asserted-by":"publisher","DOI":"10.1007\/3-540-48658-5_19"},{"key":"e_1_3_2_2_29_1","volume-title":"First Open NESSIE Workshop","author":"Daemen J.","year":"2000","unstructured":"Daemen, J., Peeters, M., Van Assche, G., and Rijmen, V. Nessie proposal: Noekeon. In First Open NESSIE Workshop (2000)."},{"key":"e_1_3_2_2_30_1","volume-title":"LATINCRYPT","author":"Dagdelen","year":"2014","unstructured":"Dagdelen, \u00d6. , Bansarkhani, R. E., G\u00f6pfert, F., G\u00fcneysu, T., Oder, T., P\u00f6ppelmann, T., S\u00e1nchez, A. H., and Schwabe, P. High-speed signatures from standard lattices. In LATINCRYPT (2014)."},{"key":"e_1_3_2_2_31_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-42045-0_4"},{"key":"e_1_3_2_2_32_1","doi-asserted-by":"publisher","DOI":"10.1007\/s10623-014-0009-7"},{"key":"e_1_3_2_2_33_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-540-68351-3_18"},{"key":"e_1_3_2_2_35_1","volume-title":"Accelerating bliss: the geometry of ternary polynomials. IACR Cryptology ePrint Archive 2014","author":"Ducas L.","year":"2014","unstructured":"Ducas, L. Accelerating bliss: the geometry of ternary polynomials. IACR Cryptology ePrint Archive 2014 (2014)."},{"key":"e_1_3_2_2_36_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-40041-4_3"},{"key":"e_1_3_2_2_37_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-662-48797-6_12"},{"key":"e_1_3_2_2_38_1","doi-asserted-by":"publisher","DOI":"10.1109\/TIT.2013.2272036"},{"key":"e_1_3_2_2_39_1","first-page":"3","article-title":"Towards quantum-resistant cryptosystems from supersingular elliptic curve isogenies","volume":"8","author":"Feo L. D.","year":"2014","unstructured":"Feo, L. D., Jao, D., and Pl\u00fbt, J. Towards quantum-resistant cryptosystems from supersingular elliptic curve isogenies. J. Mathematical Cryptology 8, 3 (2014), 209--247.","journal-title":"J. Mathematical Cryptology"},{"key":"e_1_3_2_2_40_1","first-page":"186","volume-title":"CRYPTO","author":"Fiat A.","year":"1986","unstructured":"Fiat, A., and Shamir, A. How to prove yourself: Practical solutions to identification and signature problems. In CRYPTO (1986), pp. 186--194."},{"key":"e_1_3_2_2_41_1","volume-title":"Signature schemes based on supersingular isogeny problems. IACR Cryptology ePrint Archive 2016","author":"Galbraith S. D.","year":"2016","unstructured":"Galbraith, S. D., Petit, C., and Silva, J. Signature schemes based on supersingular isogeny problems. IACR Cryptology ePrint Archive 2016 (2016), 1154."},{"key":"e_1_3_2_2_42_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-38348-9_37"},{"key":"e_1_3_2_2_43_1","doi-asserted-by":"publisher","DOI":"10.1145\/1374376.1374407"},{"key":"e_1_3_2_2_44_1","volume-title":"USENIX Security","author":"Giacomelli I.","year":"2016","unstructured":"Giacomelli, I., Madsen, J., and Orlandi, C. ZKBoo: Faster zero-knowledge for boolean circuits. In USENIX Security (2016)."},{"key":"e_1_3_2_2_47_1","volume-title":"CRYPTO","author":"Goldreich O.","year":"1986","unstructured":"Goldreich, O. Two remarks concerning the goldwasser-micali-rivest signature scheme. In CRYPTO (1986)."},{"key":"e_1_3_2_2_48_1","volume-title":"CRYPTO","author":"Goldreich O.","year":"1986","unstructured":"Goldreich, O., Micali, S., and Wigderson, A. How to prove all np-statements in zero-knowledge, and a methodology of cryptographic protocol design. In CRYPTO (1986)."},{"key":"e_1_3_2_2_49_1","doi-asserted-by":"publisher","DOI":"10.1145\/22145.22178"},{"key":"e_1_3_2_2_50_1","volume-title":"FSE","author":"Grosso V.","year":"2014","unstructured":"Grosso, V., Leurent, G., Standaert, F., and Varici, K. Ls-designs: Bitslice encryption for efficient masked software implementations. In FSE (2014)."},{"key":"e_1_3_2_2_51_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-540-78967-3_24"},{"key":"e_1_3_2_2_52_1","doi-asserted-by":"publisher","DOI":"10.1145\/237814.237866"},{"key":"e_1_3_2_2_53_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-33027-8_31"},{"key":"e_1_3_2_2_54_1","doi-asserted-by":"publisher","DOI":"10.1109\/TIT.1980.1056220"},{"key":"e_1_3_2_2_55_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-662-48000-7_8"},{"key":"e_1_3_2_2_57_1","doi-asserted-by":"publisher","DOI":"10.1137\/080725398"},{"key":"e_1_3_2_2_58_1","doi-asserted-by":"publisher","DOI":"10.1145\/2508859.2516662"},{"key":"e_1_3_2_2_59_1","volume-title":"Quantum Differential and Linear Cryptanalysis. ArXiv e-prints (Oct","author":"Kaplan M.","year":"2015","unstructured":"Kaplan, M., Leurent, G., Leverrier, A., and Naya-Plasencia, M. Quantum Differential and Linear Cryptanalysis. ArXiv e-prints (Oct. 2015)."},{"key":"e_1_3_2_2_60_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-662-53008-5_8"},{"key":"e_1_3_2_2_61_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-0-387-27712-7"},{"key":"e_1_3_2_2_62_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-662-53008-5_2"},{"key":"e_1_3_2_2_65_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-10366-7_35"},{"key":"e_1_3_2_2_66_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-29011-4_43"},{"key":"e_1_3_2_2_68_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-319-49100-4_11"},{"key":"e_1_3_2_2_69_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-662-49890-3_13"},{"key":"e_1_3_2_2_70_1","volume-title":"ITW","author":"Melchor C. A.","year":"2011","unstructured":"Melchor, C. A., Gaborit, P., and Schrek, J. A new zero-knowledge code based identification scheme with reduced communication. In ITW (2011)."},{"key":"e_1_3_2_2_71_1","volume-title":"CRYPTO","author":"Merkle R. C.","year":"1989","unstructured":"Merkle, R. C. A certified digital signature. In CRYPTO (1989)."},{"key":"e_1_3_2_2_72_1","volume-title":"Knapsack-type cryptosystems and algebraic coding theory. Problems of Control and Information Theory","author":"Niederreiter H.","year":"1986","unstructured":"Niederreiter, H. Knapsack-type cryptosystems and algebraic coding theory. Problems of Control and Information Theory (1986)."},{"key":"e_1_3_2_2_73_1","doi-asserted-by":"publisher","DOI":"10.1007\/BFb0055741"},{"key":"e_1_3_2_2_74_1","doi-asserted-by":"publisher","DOI":"10.1007\/3-540-45353-9_21"},{"key":"e_1_3_2_2_75_1","doi-asserted-by":"publisher","DOI":"10.1561\/0400000074"},{"key":"e_1_3_2_2_76_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-662-48797-6_14"},{"key":"e_1_3_2_2_77_1","doi-asserted-by":"publisher","DOI":"10.1007\/3-540-68339-9_33"},{"key":"e_1_3_2_2_78_1","doi-asserted-by":"publisher","DOI":"10.1145\/3133956.3134104"},{"key":"e_1_3_2_2_79_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-22792-9_40"},{"key":"e_1_3_2_2_80_1","doi-asserted-by":"publisher","DOI":"10.1007\/BF00196725"},{"key":"e_1_3_2_2_81_1","volume-title":"ANTS-I","author":"Shor P. W.","year":"1994","unstructured":"Shor, P. W. Polynominal time algorithms for discrete logarithms and factoring on a quantum computer. In ANTS-I (1994)."},{"key":"e_1_3_2_2_82_1","volume-title":"CRYPTO","author":"Stern J.","year":"1993","unstructured":"Stern, J. A new identification scheme based on syndrome decoding. In CRYPTO (1993)."},{"key":"e_1_3_2_2_83_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-29011-4_10"},{"key":"e_1_3_2_2_84_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-662-46803-6_25"},{"key":"e_1_3_2_2_85_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-662-49896-5_18"},{"key":"e_1_3_2_2_86_1","first-page":"1","article-title":"Improved identification schemes based on error-correcting codes","volume":"8","author":"V\u00e9ron P","year":"1996","unstructured":"V\u00e9ron, P. Improved identification schemes based on error-correcting codes. Appl. Algebra Eng. Commun. Comput. 8, 1 (1996).","journal-title":"Appl. Algebra Eng. Commun. Comput."}],"event":{"name":"CCS '17: 2017 ACM SIGSAC Conference on Computer and Communications Security","location":"Dallas Texas USA","acronym":"CCS '17","sponsor":["SIGSAC ACM Special Interest Group on Security, Audit, and Control"]},"container-title":["Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3133956.3133997","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3133956.3133997","content-type":"application\/pdf","content-version":"vor","intended-application":"syndication"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3133956.3133997","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,18]],"date-time":"2025-06-18T02:13:26Z","timestamp":1750212806000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3133956.3133997"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2017,10,30]]},"references-count":77,"alternative-id":["10.1145\/3133956.3133997","10.1145\/3133956"],"URL":"https:\/\/doi.org\/10.1145\/3133956.3133997","relation":{},"subject":[],"published":{"date-parts":[[2017,10,30]]},"assertion":[{"value":"2017-10-30","order":2,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}