{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,4,16]],"date-time":"2026-04-16T16:43:59Z","timestamp":1776357839022,"version":"3.51.2"},"reference-count":185,"publisher":"Association for Computing Machinery (ACM)","issue":"6","license":[{"start":{"date-parts":[[2019,1,28]],"date-time":"2019-01-28T00:00:00Z","timestamp":1548633600000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"funder":[{"name":"Qualcomm Technology Inc."}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":["ACM Comput. Surv."],"published-print":{"date-parts":[[2019,11,30]]},"abstract":"<jats:p>The advent of quantum computing threatens to break many classical cryptographic schemes, leading to innovations in public key cryptography that focus on post-quantum cryptography primitives and protocols resistant to quantum computing threats. Lattice-based cryptography is a promising post-quantum cryptography family, both in terms of foundational properties as well as in its application to both traditional and emerging security problems such as encryption, digital signature, key exchange, and homomorphic encryption. While such techniques provide guarantees, in theory, their realization on contemporary computing platforms requires careful design choices and tradeoffs to manage both the diversity of computing platforms (e.g., high-performance to resource constrained), as well as the agility for deployment in the face of emerging and changing standards. In this work, we survey trends in lattice-based cryptographic schemes, some recent fundamental proposals for the use of lattices in computer security, challenges for their implementation in software and hardware, and emerging needs for their adoption. The survey means to be informative about the math to allow the reader to focus on the mechanics of the computation ultimately needed for mapping schemes on existing hardware or synthesizing part or all of a scheme on special-purpose har dware.<\/jats:p>","DOI":"10.1145\/3292548","type":"journal-article","created":{"date-parts":[[2019,1,28]],"date-time":"2019-01-28T13:28:51Z","timestamp":1548682131000},"page":"1-41","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":234,"title":["Post-Quantum Lattice-Based Cryptography Implementations"],"prefix":"10.1145","volume":"51","author":[{"given":"Hamid","family":"Nejatollahi","sequence":"first","affiliation":[{"name":"University of California Irvine, Irvine, California"}]},{"given":"Nikil","family":"Dutt","sequence":"additional","affiliation":[{"name":"University of California Irvine, Irvine, California"}]},{"given":"Sandip","family":"Ray","sequence":"additional","affiliation":[{"name":"University of Florida"}]},{"given":"Francesco","family":"Regazzoni","sequence":"additional","affiliation":[{"name":"ALaRi"}]},{"given":"Indranil","family":"Banerjee","sequence":"additional","affiliation":[{"name":"Qualcomm Technologies Inc., San Diego, CA"}]},{"given":"Rosario","family":"Cammarota","sequence":"additional","affiliation":[{"name":"Qualcomm Technologies Inc., San Diego, CA"}]}],"member":"320","published-online":{"date-parts":[[2019,1,28]]},"reference":[{"key":"e_1_2_1_1_1","unstructured":"Hamid Nejatollahi Nikil Dutt Sandip Ray Francesco Regazzoni Indranil Banerjee and Rosario Cammarota. 2017. Software and hardware implementation of lattice-cased cryptography schemes. University of California Irvine CECS TR 17-04 (2017). Hamid Nejatollahi Nikil Dutt Sandip Ray Francesco Regazzoni Indranil Banerjee and Rosario Cammarota. 2017. Software and hardware implementation of lattice-cased cryptography schemes. University of California Irvine CECS TR 17-04 (2017)."},{"key":"e_1_2_1_2_1","doi-asserted-by":"publisher","DOI":"10.1137\/S0097539795293172"},{"key":"e_1_2_1_3_1","doi-asserted-by":"crossref","unstructured":"Gui-Lu Long. 2001. Grover algorithm with zero theoretical failure rate. Physical Review A (2001). Gui-Lu Long. 2001. Grover algorithm with zero theoretical failure rate. Physical Review A (2001).","DOI":"10.1103\/PhysRevA.64.022307"},{"key":"e_1_2_1_4_1","doi-asserted-by":"crossref","unstructured":"Ali Ansarmohammadi Saeed Shahinfar and Hamid Nejatollahi. 2015. Fast and area efficient implementation for chaotic image encryption algorithms. In CADS. Ali Ansarmohammadi Saeed Shahinfar and Hamid Nejatollahi. 2015. Fast and area efficient implementation for chaotic image encryption algorithms. In CADS.","DOI":"10.1109\/CADS.2015.7377788"},{"key":"e_1_2_1_5_1","unstructured":"Ali Ansarmohammadi Hamid Nejatollahi and Ghasemi Mehdi. 2013. A low-cost implementation of AES accelerator using HW\/SW co-design technique. In CADS. Ali Ansarmohammadi Hamid Nejatollahi and Ghasemi Mehdi. 2013. A low-cost implementation of AES accelerator using HW\/SW co-design technique. In CADS."},{"key":"e_1_2_1_6_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-319-24174-6_12"},{"key":"e_1_2_1_7_1","doi-asserted-by":"crossref","unstructured":"Oded Regev. 2005. On lattices learning with errors random linear codes and cryptography. (2005). Oded Regev. 2005. On lattices learning with errors random linear codes and cryptography. (2005).","DOI":"10.1145\/1060590.1060603"},{"key":"e_1_2_1_8_1","doi-asserted-by":"publisher","DOI":"10.1145\/237814.237838"},{"key":"e_1_2_1_9_1","unstructured":"Daniele Micciancio and Oded Regev. 2009. Lattice-based Cryptography. Daniele Micciancio and Oded Regev. 2009. Lattice-based Cryptography."},{"key":"e_1_2_1_10_1","doi-asserted-by":"publisher","DOI":"10.1145\/380752.380857"},{"key":"e_1_2_1_11_1","doi-asserted-by":"crossref","unstructured":"Daniele Micciancio and Panagiotis Voulgaris. 2010. Faster exponential time algorithms for the shortest vector problem. In SODA. Daniele Micciancio and Panagiotis Voulgaris. 2010. Faster exponential time algorithms for the shortest vector problem. In SODA.","DOI":"10.1137\/1.9781611973075.119"},{"key":"e_1_2_1_12_1","doi-asserted-by":"publisher","DOI":"10.1145\/2746539.2746606"},{"key":"e_1_2_1_13_1","doi-asserted-by":"crossref","unstructured":"Daniele Micciancio. 2010. Cryptographic Functions from Worst-Case Complexity Assumptions. Daniele Micciancio. 2010. Cryptographic Functions from Worst-Case Complexity Assumptions.","DOI":"10.1007\/978-3-642-02295-1_13"},{"key":"e_1_2_1_14_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-10366-7_36"},{"key":"e_1_2_1_15_1","doi-asserted-by":"publisher","DOI":"10.1145\/2488608.2488680"},{"key":"e_1_2_1_16_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-03356-8_35"},{"key":"e_1_2_1_17_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-13190-5_1"},{"key":"e_1_2_1_18_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-29011-4_42"},{"key":"e_1_2_1_19_1","unstructured":"Adeline Langlois and Damien Stehl\u00e9. 2012. Worst-case to average-case reductions for module lattices. Cryptology ePrint Archive. (2012). Adeline Langlois and Damien Stehl\u00e9. 2012. Worst-case to average-case reductions for module lattices. Cryptology ePrint Archive. (2012)."},{"key":"e_1_2_1_20_1","doi-asserted-by":"publisher","DOI":"10.1145\/3125502.3125559"},{"key":"e_1_2_1_21_1","unstructured":"Donald E. Knuth. 1997. The Art of Computer Programming Volume 2 (3rd Ed.): Seminumerical Algorithms. Donald E. Knuth. 1997. The Art of Computer Programming Volume 2 (3rd Ed.): Seminumerical Algorithms."},{"key":"e_1_2_1_22_1","doi-asserted-by":"crossref","unstructured":"Stephen Cook etal 1969. On the minimum computation time of functions. Ph.D. Dissertation Harvard University (1969). Stephen Cook et al. 1969. On the minimum computation time of functions. Ph.D. Dissertation Harvard University (1969).","DOI":"10.2307\/1995359"},{"key":"e_1_2_1_23_1","unstructured":"Anatolii Karatsuba and Yu Ofman. 1963. Multiplication of many-digital numbers by automatic computers. In USSR Academy of Sciences. Anatolii Karatsuba and Yu Ofman. 1963. Multiplication of many-digital numbers by automatic computers. In USSR Academy of Sciences."},{"key":"e_1_2_1_24_1","doi-asserted-by":"crossref","unstructured":"Arnold Sch\u00f6nhage and Volker Strassen. 1971. Schnelle multiplikation Grosser Zahlen. Computing (1971). Arnold Sch\u00f6nhage and Volker Strassen. 1971. Schnelle multiplikation Grosser Zahlen. Computing (1971).","DOI":"10.1007\/BF02242355"},{"key":"e_1_2_1_25_1","doi-asserted-by":"publisher","DOI":"10.1137\/070711761"},{"key":"e_1_2_1_26_1","doi-asserted-by":"crossref","unstructured":"Henri Nussbaumer. 1980. Fast polynomial transform algorithms for digital convolution. TASSP (1980). Henri Nussbaumer. 1980. Fast polynomial transform algorithms for digital convolution. TASSP (1980).","DOI":"10.1109\/TASSP.1980.1163372"},{"key":"e_1_2_1_27_1","doi-asserted-by":"crossref","unstructured":"James W. Cooley etal 1965. An algorithm for the machine calculation of complex journal = Mathematics of Computation fourier booktitle. (1965). James W. Cooley et al. 1965. An algorithm for the machine calculation of complex journal = Mathematics of Computation fourier booktitle. (1965).","DOI":"10.2307\/2003354"},{"key":"e_1_2_1_28_1","doi-asserted-by":"publisher","DOI":"10.1145\/1464291.1464352"},{"key":"e_1_2_1_29_1","doi-asserted-by":"crossref","unstructured":"Peter L Montgomery. 1985. Modular multiplication without trial division. Mathematics of Computation (1985). Peter L Montgomery. 1985. Modular multiplication without trial division. Mathematics of Computation (1985).","DOI":"10.1090\/S0025-5718-1985-0777282-X"},{"key":"e_1_2_1_30_1","unstructured":"Paul Barrett. 1986. Implementing the Rivest Shamir and Adleman public key encryption algorithm on a standard digital signal processor. In CRYPTO. Paul Barrett. 1986. Implementing the Rivest Shamir and Adleman public key encryption algorithm on a standard digital signal processor. In CRYPTO."},{"key":"e_1_2_1_31_1","doi-asserted-by":"crossref","unstructured":"J. Howe C. Moore M. O\u2019Neill F. Regazzoni T. G\u00fcneysu and K. Beeden. 2016. Lattice-based encryption over standard lattices in hardware. In DAC. J. Howe C. Moore M. O\u2019Neill F. Regazzoni T. G\u00fcneysu and K. Beeden. 2016. Lattice-based encryption over standard lattices in hardware. In DAC.","DOI":"10.1145\/2897937.2898037"},{"key":"e_1_2_1_32_1","doi-asserted-by":"publisher","DOI":"10.1145\/2976749.2978425"},{"key":"e_1_2_1_33_1","doi-asserted-by":"crossref","unstructured":"L\u00e9o Ducas Alain Durmus Tancr\u00e8de Lepoint and Vadim Lyubashevsky. 2013. Lattice signatures and bimodal Gaussians. In CRYPTO. L\u00e9o Ducas Alain Durmus Tancr\u00e8de Lepoint and Vadim Lyubashevsky. 2013. Lattice signatures and bimodal Gaussians. In CRYPTO.","DOI":"10.1007\/978-3-642-40041-4_3"},{"key":"e_1_2_1_34_1","doi-asserted-by":"publisher","DOI":"10.1145\/2724713"},{"key":"e_1_2_1_35_1","doi-asserted-by":"crossref","unstructured":"Tobias Oder Tim G\u00fcneysu Felipe Valencia Ayesha Khalid Maire O\u2019Neill and Francesco Regazzoni. 2016. Lattice-based cryptography: From reconfigurable hardware to ASIC. In ISIC. Tobias Oder Tim G\u00fcneysu Felipe Valencia Ayesha Khalid Maire O\u2019Neill and Francesco Regazzoni. 2016. Lattice-based cryptography: From reconfigurable hardware to ASIC. In ISIC.","DOI":"10.1109\/ISICIR.2016.7829689"},{"key":"e_1_2_1_36_1","doi-asserted-by":"crossref","unstructured":"Franz Winkler. 1996. Polynomial algorithms in computer algebra. In TMSC. Franz Winkler. 1996. Polynomial algorithms in computer algebra. In TMSC.","DOI":"10.1007\/978-3-7091-6571-3"},{"key":"e_1_2_1_37_1","unstructured":"Sujoy Sinha Roy Frederik Vercauteren Nele Mentens Donald Donglong Chen and Ingrid Verbauwhede. 2014. Compact ring-LWE cryptoprocessor. In CHES\u201914. Sujoy Sinha Roy Frederik Vercauteren Nele Mentens Donald Donglong Chen and Ingrid Verbauwhede. 2014. Compact ring-LWE cryptoprocessor. In CHES\u201914."},{"key":"e_1_2_1_38_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-319-22174-8_19"},{"key":"e_1_2_1_39_1","doi-asserted-by":"crossref","unstructured":"Patrick Longa and Michael Naehrig. 2016. Speeding up the number theoretic transform for faster ideal lattice-based cryptography. Cryptology ePrint Archive. (2016). Patrick Longa and Michael Naehrig. 2016. Speeding up the number theoretic transform for faster ideal lattice-based cryptography. Cryptology ePrint Archive. (2016).","DOI":"10.1007\/978-3-319-48965-0_8"},{"key":"e_1_2_1_40_1","unstructured":"Erdem Alkim L\u00e9o Ducas Thomas P\u0171ppelmann and Peter Schwabe. 2015. Post-quantum key exchange: -A new hope. Cryptology ePrint Archive. (2015). Erdem Alkim L\u00e9o Ducas Thomas P\u0171ppelmann and Peter Schwabe. 2015. Post-quantum key exchange: -A new hope. Cryptology ePrint Archive. (2015)."},{"key":"e_1_2_1_41_1","volume-title":"CRYSTALS: Kyber: A CCA-secure Module-Lattice-Based KEM. Cryptology ePrint Archive.","author":"Bos Joppe","year":"2017"},{"key":"e_1_2_1_42_1","unstructured":"Jean Pierre David etal 2007. Hardware complexity of modular multiplication and exponentiation. TC (2007). Jean Pierre David et al. 2007. Hardware complexity of modular multiplication and exponentiation. TC (2007)."},{"key":"e_1_2_1_43_1","unstructured":"Donald Donglong Chen Gavin Xiaoxu Yao Ray C. C. Cheung Derek Pao and Cetin Kaya Ko\u00e7. 2016. Parameter space for the architecture of FFT-based montgomery modular multiplication. TC (2016). Donald Donglong Chen Gavin Xiaoxu Yao Ray C. C. Cheung Derek Pao and Cetin Kaya Ko\u00e7. 2016. Parameter space for the architecture of FFT-based montgomery modular multiplication. TC (2016)."},{"key":"e_1_2_1_44_1","doi-asserted-by":"crossref","unstructured":"Ciara Rafferty Maire O\u2019Neill and Neil Hanley. 2017. Evaluation of large integer multiplication methods on hardware. TC (2017). Ciara Rafferty Maire O\u2019Neill and Neil Hanley. 2017. Evaluation of large integer multiplication methods on hardware. TC (2017).","DOI":"10.1109\/TC.2017.2677426"},{"key":"e_1_2_1_45_1","doi-asserted-by":"publisher","DOI":"10.1147\/sj.294.0526"},{"key":"e_1_2_1_46_1","doi-asserted-by":"crossref","unstructured":"Richard Lindner and Chris Peikert. 2011. Better key sizes (and attacks) for LWE-based encryption. In CT-RSA\u201911. Richard Lindner and Chris Peikert. 2011. Better key sizes (and attacks) for LWE-based encryption. In CT-RSA\u201911.","DOI":"10.1007\/978-3-642-19074-2_21"},{"key":"e_1_2_1_47_1","doi-asserted-by":"crossref","unstructured":"Chris Peikert. 2010. An efficient and parallel Gaussian sampler for lattices. In CRYPTO\u201910. Chris Peikert. 2010. An efficient and parallel Gaussian sampler for lattices. In CRYPTO\u201910.","DOI":"10.1007\/978-3-642-14623-7_5"},{"key":"e_1_2_1_48_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-662-48797-6_1"},{"key":"e_1_2_1_49_1","unstructured":"Markku-Juhani O. Saarinen. 2015. Gaussian sampling precision in lattice cryptography. Cryptology ePrint Archive. (2015). Markku-Juhani O. Saarinen. 2015. Gaussian sampling precision in lattice cryptography. Cryptology ePrint Archive. (2015)."},{"key":"e_1_2_1_50_1","doi-asserted-by":"crossref","unstructured":"Markku-Juhani O. Saarinen. 2017. Arithmetic coding and blinding countermeasures for lattice signatures. Journal of Cryptographic Engineering (2017). Markku-Juhani O. Saarinen. 2017. Arithmetic coding and blinding countermeasures for lattice signatures. Journal of Cryptographic Engineering (2017).","DOI":"10.1007\/s13389-017-0149-6"},{"key":"e_1_2_1_51_1","unstructured":"Paulo S. L. M. Barreto Patrick Longa Michael Naehrig Jefferson E. Ricardini and Gustavo Zanon. 2016. Sharper Ring-LWE signatures. Cryptology ePrint Archive. (2016). Paulo S. L. M. Barreto Patrick Longa Michael Naehrig Jefferson E. Ricardini and Gustavo Zanon. 2016. Sharper Ring-LWE signatures. Cryptology ePrint Archive. (2016)."},{"key":"e_1_2_1_52_1","unstructured":"J. Howe A. Khalid C. Rafferty F. Regazzoni and M. O\u2019Neill. 2016. On practical discrete Gaussian samplers for lattice-based cryptography. TC (2016). J. Howe A. Khalid C. Rafferty F. Regazzoni and M. O\u2019Neill. 2016. On practical discrete Gaussian samplers for lattice-based cryptography. TC (2016)."},{"key":"e_1_2_1_53_1","doi-asserted-by":"crossref","unstructured":"Daniele Micciancio and Michael Walter. 2017. Gaussian sampling over the integers: Efficient generic constant-time. Cryptology ePrint Archive. (2017). Daniele Micciancio and Michael Walter. 2017. Gaussian sampling over the integers: Efficient generic constant-time. Cryptology ePrint Archive. (2017).","DOI":"10.1007\/978-3-319-63715-0_16"},{"key":"e_1_2_1_54_1","doi-asserted-by":"crossref","unstructured":"J\u00e1nos Foll\u00e1th. 2014. Gaussian sampling in lattice based cryptography. Tatra Mountains Mathematical Publications (2014). J\u00e1nos Foll\u00e1th. 2014. Gaussian sampling in lattice based cryptography. Tatra Mountains Mathematical Publications (2014).","DOI":"10.2478\/tmmp-2014-0022"},{"key":"e_1_2_1_55_1","unstructured":"John Von Neumann. 1951. Various techniques used in connection with random digits. National Bureau of Standards Applied Mathematics booktitle (1951). John Von Neumann. 1951. Various techniques used in connection with random digits. National Bureau of Standards Applied Mathematics booktitle (1951)."},{"key":"e_1_2_1_56_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-33027-8_30"},{"key":"e_1_2_1_57_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-34961-4_26"},{"key":"e_1_2_1_58_1","doi-asserted-by":"crossref","unstructured":"Thomas P\u00f6ppelmann. 2016. Efficient Implementation of Ideal Lattice-Based Cryptography. Ruhr-Universit\u00e4t Bochum. Thomas P\u00f6ppelmann. 2016. Efficient Implementation of Ideal Lattice-Based Cryptography. Ruhr-Universit\u00e4t Bochum.","DOI":"10.1515\/itit-2017-0030"},{"key":"e_1_2_1_59_1","doi-asserted-by":"crossref","unstructured":"Thomas P\u00f6ppelmann and Tim G\u00fcneysu. 2014. Area optimization of lightweight lattice-based encryption on reconfigurable hardware. In ISCAS. Thomas P\u00f6ppelmann and Tim G\u00fcneysu. 2014. Area optimization of lightweight lattice-based encryption on reconfigurable hardware. In ISCAS.","DOI":"10.1109\/ISCAS.2014.6865754"},{"key":"e_1_2_1_60_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-662-44709-3_20"},{"key":"e_1_2_1_61_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-33027-8_31"},{"key":"e_1_2_1_62_1","unstructured":"Erdem Alkim L\u00e9o Ducas Thomas Poppelmann and Peter Schwabe. 2016. NewHope without reconciliation. Cryptology ePrint Archive. (2016). Erdem Alkim L\u00e9o Ducas Thomas Poppelmann and Peter Schwabe. 2016. NewHope without reconciliation. Cryptology ePrint Archive. (2016)."},{"key":"e_1_2_1_63_1","doi-asserted-by":"crossref","unstructured":"Erdem Alkim Philipp Jakubeit and Peter Schwabe. 2016. NewHope on ARM cortex-M. In SPACE. Erdem Alkim Philipp Jakubeit and Peter Schwabe. 2016. NewHope on ARM cortex-M. In SPACE.","DOI":"10.1007\/978-3-319-49445-6_19"},{"key":"e_1_2_1_64_1","doi-asserted-by":"crossref","unstructured":"Silvan Streit and Fabrizio De Santis. 2017. Post-quantum key exchange on ARMv8-A: A New Hope for NEON made simple. Cryptology ePrint Archive. (2017). Silvan Streit and Fabrizio De Santis. 2017. Post-quantum key exchange on ARMv8-A: A New Hope for NEON made simple. Cryptology ePrint Archive. (2017).","DOI":"10.1109\/TC.2017.2773524"},{"key":"e_1_2_1_65_1","volume-title":"Technical Report","author":"Poppelmann Thomas"},{"key":"e_1_2_1_66_1","volume-title":"Technical Report","author":"Saarinen Markku-Juhani O."},{"key":"e_1_2_1_67_1","volume-title":"Technical Report","author":"Lu Xianhui"},{"key":"e_1_2_1_68_1","volume-title":"Technical Report","author":"Smart Nigel P."},{"key":"e_1_2_1_69_1","volume-title":"Technical Report","author":"Avanzi Roberto"},{"key":"e_1_2_1_70_1","unstructured":"Ron Steinfeld Amin Sakzad and Raymond K. Zhao. 2017. Titanium. Technical Report. National Institute of Standards and Technology. Available at https:\/\/csrc.nist.gov\/projects\/post-quantum-cryptography\/round-1-submissions. Ron Steinfeld Amin Sakzad and Raymond K. Zhao. 2017. Titanium. Technical Report. National Institute of Standards and Technology. Available at https:\/\/csrc.nist.gov\/projects\/post-quantum-cryptography\/round-1-submissions."},{"key":"e_1_2_1_71_1","unstructured":"Oder Tobias and G\u00fcneysu Tim. 2017. Implementing the NewHope-simple key exchange on low-cost FPGAs. In LATINCRYPT. Oder Tobias and G\u00fcneysu Tim. 2017. Implementing the NewHope-simple key exchange on low-cost FPGAs. In LATINCRYPT."},{"key":"e_1_2_1_72_1","doi-asserted-by":"crossref","unstructured":"George Marsaglia Wai Wan Tsang et al. 2000. The Ziggurat method for generating random variables. Journal of Statistical Software (2000). George Marsaglia Wai Wan Tsang et al. 2000. The Ziggurat method for generating random variables. Journal of Statistical Software (2000).","DOI":"10.18637\/jss.v005.i08"},{"key":"e_1_2_1_73_1","unstructured":"George E. P. Box Mervin E. Muller etal 1958. A note on the generation of random normal deviates. The Annals of Mathematical Statistics (1958). George E. P. Box Mervin E. Muller et al. 1958. A note on the generation of random normal deviates. The Annals of Mathematical Statistics (1958)."},{"key":"e_1_2_1_75_1","volume-title":"Technical Report","author":"Zhang Zhenfei"},{"key":"e_1_2_1_76_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-662-43414-7_20"},{"key":"e_1_2_1_77_1","doi-asserted-by":"crossref","unstructured":"David B. Thomas Wayne Luk Philip H. W. Leong and John D. Villasenor. 2007. Gaussian random number generators. ACM CSUR (2007). David B. Thomas Wayne Luk Philip H. W. Leong and John D. Villasenor. 2007. Gaussian random number generators. ACM CSUR (2007).","DOI":"10.1145\/1287620.1287622"},{"key":"e_1_2_1_78_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-33481-8_8"},{"key":"e_1_2_1_79_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-662-43414-7_4"},{"key":"e_1_2_1_80_1","doi-asserted-by":"crossref","unstructured":"Chaohui Du and Guoqiang Bai. 2015. Towards efficient discrete Gaussian sampling for lattice-based cryptography. In FPL. Chaohui Du and Guoqiang Bai. 2015. Towards efficient discrete Gaussian sampling for lattice-based cryptography. In FPL.","DOI":"10.1109\/FPL.2015.7293949"},{"key":"e_1_2_1_81_1","doi-asserted-by":"crossref","unstructured":"C. Du and G. Ba. 2016. High-performance software implementation of discrete Gaussian sampling for lattice-based cryptography. In ITNEACC. C. Du and G. Ba. 2016. High-performance software implementation of discrete Gaussian sampling for lattice-based cryptography. In ITNEACC.","DOI":"10.1109\/ITNEC.2016.7560353"},{"key":"e_1_2_1_82_1","doi-asserted-by":"crossref","unstructured":"A. Khalid J. Howe C. Rafferty and M. O\u2019Neill. 2016. Time-independent discrete Gaussian sampling for post-quantum cryptography. In FPT. A. Khalid J. Howe C. Rafferty and M. O\u2019Neill. 2016. Time-independent discrete Gaussian sampling for post-quantum cryptography. In FPT.","DOI":"10.1109\/FPT.2016.7929543"},{"key":"e_1_2_1_83_1","unstructured":"Donald E. Knuth and Andrew C. Yao. 1976. The complexity of nonuniform random number generation. Algorithms and Complexity: New Directions and Recent Results (1976). Donald E. Knuth and Andrew C. Yao. 1976. The complexity of nonuniform random number generation. Algorithms and Complexity: New Directions and Recent Results (1976)."},{"key":"e_1_2_1_84_1","doi-asserted-by":"crossref","unstructured":"Ruan de Clercq Sujoy Sinha Roy Frederik Vercauteren and Ingrid Verbauwhede. 2015. Efficient software implementation of ring-LWE encryption. In DATE. Ruan de Clercq Sujoy Sinha Roy Frederik Vercauteren and Ingrid Verbauwhede. 2015. Efficient software implementation of ring-LWE encryption. In DATE.","DOI":"10.7873\/DATE.2015.0378"},{"key":"e_1_2_1_85_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-662-43414-7_19"},{"key":"e_1_2_1_86_1","unstructured":"Sujoy Sinha Roy Oscar Reparaz Frederik Vercauteren and Ingrid Verbauwhede. 2014. Compact and side channel secure discrete Gaussian sampling. Cryptology ePrint Archive. (2014). Sujoy Sinha Roy Oscar Reparaz Frederik Vercauteren and Ingrid Verbauwhede. 2014. Compact and side channel secure discrete Gaussian sampling. Cryptology ePrint Archive. (2014)."},{"key":"e_1_2_1_87_1","doi-asserted-by":"publisher","DOI":"10.1137\/S0097539705447360"},{"key":"e_1_2_1_88_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-540-85174-5_31"},{"key":"e_1_2_1_89_1","volume-title":"NTRU: A ring-based public key cryptosystem. In ANTS-III.","author":"Hoffstein Jeffrey","year":"1998"},{"key":"e_1_2_1_90_1","doi-asserted-by":"crossref","unstructured":"Damien Stehl\u00e9 etal 2011. Making NTRU as secure as worst-case problems over ideal lattices. In EUROCRYPT. Damien Stehl\u00e9 et al. 2011. Making NTRU as secure as worst-case problems over ideal lattices. In EUROCRYPT.","DOI":"10.1007\/978-3-642-20465-4_4"},{"key":"e_1_2_1_91_1","volume-title":"Technical Report","author":"Hamburg Mike"},{"key":"e_1_2_1_92_1","doi-asserted-by":"crossref","unstructured":"Miruna Rosca Amin Sakzad Ron Steinfeld and Damien Stehl\u00e9. 2017. Middle-product learning with errors. Cryptology ePrint Archive. (2017). Miruna Rosca Amin Sakzad Ron Steinfeld and Damien Stehl\u00e9. 2017. Middle-product learning with errors. Cryptology ePrint Archive. (2017).","DOI":"10.1007\/978-3-319-63697-9_10"},{"key":"e_1_2_1_93_1","doi-asserted-by":"publisher","DOI":"10.1145\/1374376.1374407"},{"key":"e_1_2_1_94_1","doi-asserted-by":"crossref","unstructured":"Shi Bai and Steven D. Galbraith. 2014. An improved compression technique for signatures based on learning with errors. In CT-RSA. Shi Bai and Steven D. Galbraith. 2014. An improved compression technique for signatures based on learning with errors. In CT-RSA.","DOI":"10.1007\/978-3-319-04852-9_2"},{"key":"e_1_2_1_95_1","unstructured":"1997. Public-key cryptosystems from lattice reduction problems. In CRYPTO. 1997. Public-key cryptosystems from lattice reduction problems. In CRYPTO."},{"key":"e_1_2_1_96_1","doi-asserted-by":"crossref","unstructured":"Jeffrey Hoffstein etal 2003. NTRUSign: Digital signatures using the NTRU lattice. In CT-RSA. Jeffrey Hoffstein et al. 2003. NTRUSign: Digital signatures using the NTRU lattice. In CT-RSA.","DOI":"10.1007\/3-540-36563-X_9"},{"key":"e_1_2_1_97_1","unstructured":"Jintai Ding Xiang Xie and Xiaodong Lin. 2012. A simple provably secure key exchange scheme based on the learning with errors problem. Cryptology ePrint Archive (2012). Jintai Ding Xiang Xie and Xiaodong Lin. 2012. A simple provably secure key exchange scheme based on the learning with errors problem. Cryptology ePrint Archive (2012)."},{"key":"e_1_2_1_98_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2015.40"},{"key":"e_1_2_1_99_1","doi-asserted-by":"crossref","unstructured":"Eiichiro Fujisaki and Tatsuaki Okamoto. 1999. How to enhance the security of public-key encryption at minimum cost. In PKC. Eiichiro Fujisaki and Tatsuaki Okamoto. 1999. How to enhance the security of public-key encryption at minimum cost. In PKC.","DOI":"10.1007\/3-540-49162-7_5"},{"key":"e_1_2_1_100_1","doi-asserted-by":"crossref","unstructured":"Dennis Hofheinz Kathrin H\u00c3\u0171velmanns and Eike Kiltz. 2017. A modular analysis of the Fujisaki-Okamoto transformation. Cryptology ePrint Archive. (2017). Dennis Hofheinz Kathrin H\u00c3\u0171velmanns and Eike Kiltz. 2017. A modular analysis of the Fujisaki-Okamoto transformation. Cryptology ePrint Archive. (2017).","DOI":"10.1007\/978-3-319-70500-2_12"},{"key":"e_1_2_1_101_1","unstructured":"2017. NIST: National institute for standards and technology. Postquantum Crypto Project. (2017). 2017. NIST: National institute for standards and technology. Postquantum Crypto Project. (2017)."},{"key":"e_1_2_1_102_1","volume-title":"Technical Report","author":"Phong Le Trieu"},{"key":"e_1_2_1_103_1","volume-title":"Lizard: Cut off the tail! Practical post-quantum public-key encryption from LWE and LWR. Cryptology ePrint Archive.","author":"Cheon Jung Hee","year":"2016"},{"key":"e_1_2_1_104_1","unstructured":"Jung Hee Cheon Sangjoon Park Joohee Lee Duhyeong Kim Yongsoo Song Seungwan Hong Dongwoo Kim Jinsu Kim Seong-Min Hong Aaram Yun Jeongsu Kim Haeryong Park Eunyoung Choi Kimoon kim Jun-Sub Kim and Jieun Lee. 2017. Lizard. Technical Report. National Institute of Standards and Technology. Jung Hee Cheon Sangjoon Park Joohee Lee Duhyeong Kim Yongsoo Song Seungwan Hong Dongwoo Kim Jinsu Kim Seong-Min Hong Aaram Yun Jeongsu Kim Haeryong Park Eunyoung Choi Kimoon kim Jun-Sub Kim and Jieun Lee. 2017. Lizard. Technical Report. National Institute of Standards and Technology."},{"key":"e_1_2_1_105_1","doi-asserted-by":"crossref","unstructured":"Jeff Hoffstein Jill Pipher John M. Schanck Joseph H. Silverman William Whyte and Zhenfei Zhang. 2017. Choosing parameters for NTRUEncrypt. In CT-RSA. Jeff Hoffstein Jill Pipher John M. Schanck Joseph H. Silverman William Whyte and Zhenfei Zhang. 2017. Choosing parameters for NTRUEncrypt. In CT-RSA.","DOI":"10.1007\/978-3-319-52153-4_1"},{"key":"e_1_2_1_106_1","unstructured":"Minhye Seo Jong Hwan Park Dong Hoon Lee Suhri Kim and Seung-Joon Lee. 2017. EMBLEM and R.EMBLEM. Technical Report. National Institute of Standards and Technology. Minhye Seo Jong Hwan Park Dong Hoon Lee Suhri Kim and Seung-Joon Lee. 2017. EMBLEM and R.EMBLEM. Technical Report. National Institute of Standards and Technology."},{"key":"e_1_2_1_107_1","volume-title":"Technical Report","author":"Naehrig Michael"},{"key":"e_1_2_1_108_1","volume-title":"Technical Report","author":"Plantard Thomas"},{"key":"e_1_2_1_109_1","volume-title":"Technical Report","author":"Garcia-Morchon Oscar"},{"key":"e_1_2_1_110_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-10366-7_35"},{"key":"e_1_2_1_111_1","unstructured":"Erdem Alkim Nina Bindel Johannes Buchmann \u00c3zugijr Dagdelen Edward Eaton Gus Gutoski Juliane Krd'mer and Filip Pawlega. 2015. Revisiting TESLA in the quantum random oracle model. Cryptology ePrint Archive. (2015). Erdem Alkim Nina Bindel Johannes Buchmann \u00c3zugijr Dagdelen Edward Eaton Gus Gutoski Juliane Krd'mer and Filip Pawlega. 2015. Revisiting TESLA in the quantum random oracle model. Cryptology ePrint Archive. (2015)."},{"key":"e_1_2_1_112_1","unstructured":"Sauvik Bhattacharya Oscar Garcia-Morchon Ronald Rietman and Ludo Tolhuizen. 2017. spKEX: An optimized lattice-based key exchange. Cryptology ePrint Archive. (2017). Sauvik Bhattacharya Oscar Garcia-Morchon Ronald Rietman and Ludo Tolhuizen. 2017. spKEX: An optimized lattice-based key exchange. Cryptology ePrint Archive. (2017)."},{"key":"e_1_2_1_113_1","unstructured":"Zhengzhong Jin and Yunlei Zhao. 2017. Optimal key consensus in presence of noise. Cryptology ePrint Archive. (2017). Zhengzhong Jin and Yunlei Zhao. 2017. Optimal key consensus in presence of noise. Cryptology ePrint Archive. (2017)."},{"key":"e_1_2_1_114_1","unstructured":"Yunlei Zhao Zhengzhong jin Boru Gong and Guangye Sui. 2017. A Modular and Systematic Approach to Key Establishment and Public-Key Encryption Based on LWE and Its Variants. Technical Report. National Institute of Standards and Technology. Yunlei Zhao Zhengzhong jin Boru Gong and Guangye Sui. 2017. A Modular and Systematic Approach to Key Establishment and Public-Key Encryption Based on LWE and Its Variants. Technical Report. National Institute of Standards and Technology."},{"key":"e_1_2_1_115_1","unstructured":"Daniel J. Bernstein Chitchanok Chuengsatiansup Tanja Lange and Christine van Vredendaal. 2016. NTRU Prime: Reducing attack surface at low cost. Cryptology ePrint Archive. (2016). Daniel J. Bernstein Chitchanok Chuengsatiansup Tanja Lange and Christine van Vredendaal. 2016. NTRU Prime: Reducing attack surface at low cost. Cryptology ePrint Archive. (2016)."},{"key":"e_1_2_1_116_1","doi-asserted-by":"publisher","DOI":"10.1145\/3055245.3055254"},{"key":"e_1_2_1_117_1","doi-asserted-by":"crossref","unstructured":"Markku-Juhani O. Saarinen. 2017. HILA5: On reliability reconciliation and error correction for Ring-LWE encryption. Cryptology ePrint Archive. (2017). Markku-Juhani O. Saarinen. 2017. HILA5: On reliability reconciliation and error correction for Ring-LWE encryption. Cryptology ePrint Archive. (2017).","DOI":"10.1007\/978-3-319-72565-9_10"},{"key":"e_1_2_1_118_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-29011-4_43"},{"key":"e_1_2_1_119_1","doi-asserted-by":"crossref","unstructured":"Rachid El Bansarkhani and Johannes Buchmann. 2013. Improvement and efficient implementation of a lattice-based signature scheme. In SAC. Rachid El Bansarkhani and Johannes Buchmann. 2013. Improvement and efficient implementation of a lattice-based signature scheme. In SAC.","DOI":"10.1007\/978-3-662-43414-7_3"},{"key":"e_1_2_1_120_1","volume-title":"Accelerating Bliss: The geometry of ternary polynomials. Cryptology ePrint Archive.","author":"Ducas L\u00e9o","year":"2014"},{"key":"e_1_2_1_121_1","unstructured":"Arjun Chopra. 2016. Improved parameters for the Ring-TESLA digital signature scheme. Cryptology ePrint Archive. (2016). Arjun Chopra. 2016. Improved parameters for the Ring-TESLA digital signature scheme. Cryptology ePrint Archive. (2016)."},{"key":"e_1_2_1_122_1","volume-title":"GLYPH: A new instantiation of the GLP digital signature scheme. Cryptology ePrint Archive.","author":"Chopra Arjun","year":"2017"},{"key":"e_1_2_1_123_1","volume-title":"FALCON: Fast-Fourier Lattice-based Compact Signatures over NTRU.\u2009 Technical Report","author":"Fouque Pierre-Alain","year":"2017"},{"key":"e_1_2_1_125_1","doi-asserted-by":"crossref","unstructured":"Andreas H\u00fclsing Joost Rijneveld John Schanck and Peter Schwabe. 2017. High-speed key encapsulation from NTRU. In CHES. Andreas H\u00fclsing Joost Rijneveld John Schanck and Peter Schwabe. 2017. High-speed key encapsulation from NTRU. In CHES.","DOI":"10.1007\/978-3-319-66787-4_12"},{"key":"e_1_2_1_127_1","volume-title":"Technical Report","author":"H\u00fclsing Andreas"},{"key":"e_1_2_1_128_1","volume-title":"Technical Report","author":"Bernstein Daniel J."},{"key":"e_1_2_1_129_1","volume-title":"Technical Report","author":"Bansarkhani Rachid El"},{"key":"e_1_2_1_130_1","unstructured":"Jan-Pieter D\u2019Anvers Angshuman Karmakar Sujoy Sinha Roy and Frederik Vercauteren. 2017. SABER: Mod-LWR Based KEM. Technical Report. National Institute of Standards and Technology. Jan-Pieter D\u2019Anvers Angshuman Karmakar Sujoy Sinha Roy and Frederik Vercauteren. 2017. SABER: Mod-LWR Based KEM. Technical Report. National Institute of Standards and Technology."},{"key":"e_1_2_1_131_1","unstructured":"L\u00e9o Ducas Tancr\u00e8de Lepoint Vadim Lyubashevsky Peter Schwabe Gregor Seiler and Damien Stehl\u00e9. 2017. CRYSTALS -- Dilithium: Digital signatures from module lattices. Cryptology ePrint Archive. (2017). L\u00e9o Ducas Tancr\u00e8de Lepoint Vadim Lyubashevsky Peter Schwabe Gregor Seiler and Damien Stehl\u00e9. 2017. CRYSTALS -- Dilithium: Digital signatures from module lattices. Cryptology ePrint Archive. (2017)."},{"key":"e_1_2_1_132_1","volume-title":"Technical Report","author":"Ducas L\u00e9o"},{"key":"e_1_2_1_133_1","doi-asserted-by":"crossref","unstructured":"\u00d6zg\u00fcr Dagdelen Rachid El Bansarkhani Florian G\u00f6pfert Tim G\u00fcneysu Tobias Oder Thomas P\u00f6ppelmann Ana Helena S\u00e1nchez and Peter Schwabe. 2014. High-speed signatures from standard lattices. In LATINCRYPT. \u00d6zg\u00fcr Dagdelen Rachid El Bansarkhani Florian G\u00f6pfert Tim G\u00fcneysu Tobias Oder Thomas P\u00f6ppelmann Ana Helena S\u00e1nchez and Peter Schwabe. 2014. High-speed signatures from standard lattices. In LATINCRYPT.","DOI":"10.1007\/978-3-319-16295-9_5"},{"key":"e_1_2_1_134_1","doi-asserted-by":"crossref","unstructured":"Zhe Liu Hwajeong Seo Sujoy Sinha Roy Johann Gro\u00dfsch\u00e4dl Howon Kim and Ingrid Verbauwhede. 2015. Efficient Ring-LWE encryption on 8-bit AVR processors. (2015). Zhe Liu Hwajeong Seo Sujoy Sinha Roy Johann Gro\u00dfsch\u00e4dl Howon Kim and Ingrid Verbauwhede. 2015. Efficient Ring-LWE encryption on 8-bit AVR processors. (2015).","DOI":"10.1007\/978-3-662-48324-4_33"},{"key":"e_1_2_1_135_1","doi-asserted-by":"crossref","unstructured":"Oscar Reparaz Sujoy Sinha Roy Ruan de Clercq Frederik Vercauteren and Ingrid Verbauwhede. 2016. Masking ring-LWE. Journal of Cryptographic Engineering (2016). Oscar Reparaz Sujoy Sinha Roy Ruan de Clercq Frederik Vercauteren and Ingrid Verbauwhede. 2016. Masking ring-LWE. Journal of Cryptographic Engineering (2016).","DOI":"10.1007\/s13389-016-0126-5"},{"key":"e_1_2_1_136_1","doi-asserted-by":"publisher","DOI":"10.1145\/2899007.2899011"},{"key":"e_1_2_1_137_1","doi-asserted-by":"publisher","DOI":"10.1109\/CANDAR.2015.36"},{"key":"e_1_2_1_138_1","doi-asserted-by":"crossref","unstructured":"Tim G\u00fcneysu Tobias Oder Thomas P\u00f6ppelmann and Peter Schwabe. 2013. Software speed records for lattice-based signatures. In PQCrypto. Tim G\u00fcneysu Tobias Oder Thomas P\u00f6ppelmann and Peter Schwabe. 2013. Software speed records for lattice-based signatures. In PQCrypto.","DOI":"10.1007\/978-3-642-38616-9_5"},{"key":"e_1_2_1_139_1","doi-asserted-by":"publisher","DOI":"10.1145\/2593069.2593098"},{"key":"e_1_2_1_140_1","doi-asserted-by":"crossref","unstructured":"Ahmad Boorghany Siavash Bayat Sarmadi and Rasool Jalili. 2015. On constrained implementation of lattice-based cryptographic primitives and schemes on smart cards. (2015). Ahmad Boorghany Siavash Bayat Sarmadi and Rasool Jalili. 2015. On constrained implementation of lattice-based cryptographic primitives and schemes on smart cards. (2015).","DOI":"10.1145\/2700078"},{"key":"e_1_2_1_141_1","doi-asserted-by":"crossref","unstructured":"Thomas Poppelmann Tobias Oder and Tim Gijneysu. 2015. High-performance ideal lattice-based cryptography on 8-bit ATxmega microcontrollers. Cryptology ePrint Archive. (2015). Thomas Poppelmann Tobias Oder and Tim Gijneysu. 2015. High-performance ideal lattice-based cryptography on 8-bit ATxmega microcontrollers. Cryptology ePrint Archive. (2015).","DOI":"10.1007\/978-3-319-22174-8_19"},{"key":"e_1_2_1_142_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-319-31517-1_3"},{"key":"e_1_2_1_143_1","doi-asserted-by":"crossref","unstructured":"Shay Gueron and Fabian Schlieker. 2016. Speeding up R-LWE post-quantum key exchange. Cryptology ePrint Archive. (2016). Shay Gueron and Fabian Schlieker. 2016. Speeding up R-LWE post-quantum key exchange. Cryptology ePrint Archive. (2016).","DOI":"10.1007\/978-3-319-47560-8_12"},{"key":"e_1_2_1_144_1","unstructured":"Tim G\u00fcneysu Vadim Lyubashevsky and Thomas P\u00f6ppelmann. 2015. Lattice-based signatures: Optimization and implementation on reconfigurable hardware. (2015). Tim G\u00fcneysu Vadim Lyubashevsky and Thomas P\u00f6ppelmann. 2015. Lattice-based signatures: Optimization and implementation on reconfigurable hardware. (2015)."},{"key":"e_1_2_1_145_1","doi-asserted-by":"crossref","unstructured":"J. Howe C. Rafferty A. Khalid and M. O\u2019Neill. 2017. Compact and provably secure lattice-based signatures in hardware. (2017). J. Howe C. Rafferty A. Khalid and M. O\u2019Neill. 2017. Compact and provably secure lattice-based signatures in hardware. (2017).","DOI":"10.1109\/ISCAS.2017.8050566"},{"key":"e_1_2_1_147_1","unstructured":"Po-Chun Kuo Wen-Ding Li Yu-Wei Chen Yuan-Che Hsu Bo-Yuan Peng Chen-Mou Cheng and Bo-Yin Yang. 2017. High performance post-quantum key exchange on FPGAs. (2017). Po-Chun Kuo Wen-Ding Li Yu-Wei Chen Yuan-Che Hsu Bo-Yuan Peng Chen-Mou Cheng and Bo-Yin Yang. 2017. High performance post-quantum key exchange on FPGAs. (2017)."},{"key":"e_1_2_1_148_1","doi-asserted-by":"crossref","unstructured":"Aydin Aysu Bilgiday Yuce and Patrick Schaumont. 2015. The future of real-time security: Latency-optimized lattice-based digital signatures. (2015). Aydin Aysu Bilgiday Yuce and Patrick Schaumont. 2015. The future of real-time security: Latency-optimized lattice-based digital signatures. (2015).","DOI":"10.1145\/2724714"},{"key":"e_1_2_1_149_1","doi-asserted-by":"publisher","DOI":"10.1109\/TC.2015.2500570"},{"key":"e_1_2_1_150_1","unstructured":"Jeffrey Hoffstein Jill Pipher William Whyte and Zhenfei Zhang. 2017. A signature scheme from learning with truncation. Cryptology ePrint Archive. (2017). Jeffrey Hoffstein Jill Pipher William Whyte and Zhenfei Zhang. 2017. A signature scheme from learning with truncation. Cryptology ePrint Archive. (2017)."},{"key":"e_1_2_1_151_1","doi-asserted-by":"publisher","DOI":"10.1007\/s00200-014-0218-3"},{"key":"e_1_2_1_152_1","doi-asserted-by":"crossref","unstructured":"Shruti More and Raj Katti. 2015. Discrete Gaussian sampling for low-power devices. In PACRIM. Shruti More and Raj Katti. 2015. Discrete Gaussian sampling for low-power devices. In PACRIM.","DOI":"10.1109\/PACRIM.2015.7334831"},{"key":"e_1_2_1_153_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-03644-6_11"},{"key":"e_1_2_1_154_1","volume-title":"NTL: A library for doing number theory.","author":"Shoup Victor","year":"2016"},{"key":"e_1_2_1_155_1","doi-asserted-by":"crossref","unstructured":"Sedat Akleylek \u00d6zgur Da\u011fdelen and Zaliha Y\u00fcce Tok. 2015. On the efficiency of polynomial multiplication for lattice-based cryptography on GPUs using CUDA. In ICCISB. Sedat Akleylek \u00d6zgur Da\u011fdelen and Zaliha Y\u00fcce Tok. 2015. On the efficiency of polynomial multiplication for lattice-based cryptography on GPUs using CUDA. In ICCISB.","DOI":"10.1007\/978-3-319-29172-7_10"},{"key":"e_1_2_1_156_1","doi-asserted-by":"publisher","DOI":"10.1007\/s11227-015-1570-1"},{"key":"e_1_2_1_157_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-319-29485-8_20"},{"key":"e_1_2_1_158_1","doi-asserted-by":"crossref","unstructured":"Patrick Longa and Michael Naehrig. 2016. Speeding up the number theoretic transform for faster ideal lattice-based cryptography. In CANS. Patrick Longa and Michael Naehrig. 2016. Speeding up the number theoretic transform for faster ideal lattice-based cryptography. In CANS.","DOI":"10.1007\/978-3-319-48965-0_8"},{"key":"e_1_2_1_159_1","doi-asserted-by":"crossref","unstructured":"Aydin Aysu Cameron Patterson and Patrick Schaumont. 2013. Low-cost and area-efficient FPGA implementations of lattice-based cryptography. In HOST. Aydin Aysu Cameron Patterson and Patrick Schaumont. 2013. Low-cost and area-efficient FPGA implementations of lattice-based cryptography. In HOST.","DOI":"10.1109\/HST.2013.6581570"},{"key":"e_1_2_1_160_1","unstructured":"Donald Donglong Chen Nele Mentens Frederik Vercauteren Sujoy Sinha Roy Ray C. C. Cheung Derek Pao and Ingrid Verbauwhede. 2015. High-speed polynomial multiplication architecture for ring-LWE and SHE cryptosystems. TCS (2015). Donald Donglong Chen Nele Mentens Frederik Vercauteren Sujoy Sinha Roy Ray C. C. Cheung Derek Pao and Ingrid Verbauwhede. 2015. High-speed polynomial multiplication architecture for ring-LWE and SHE cryptosystems. TCS (2015)."},{"key":"e_1_2_1_161_1","unstructured":"Chaohui Du and Guoqiang Bai. 2016. A family of scalable polynomial multiplier architectures for Ring-LWE based cryptosystems. (2016). Chaohui Du and Guoqiang Bai. 2016. A family of scalable polynomial multiplier architectures for Ring-LWE based cryptosystems. (2016)."},{"key":"e_1_2_1_162_1","doi-asserted-by":"publisher","DOI":"10.1109\/DSD.2013.136"},{"key":"e_1_2_1_163_1","doi-asserted-by":"crossref","unstructured":"Chaohui Du and Guoqiang Bai. 2016. Towards efficient polynomial multiplication for lattice-based cryptography. In ISCAS. Chaohui Du and Guoqiang Bai. 2016. Towards efficient polynomial multiplication for lattice-based cryptography. In ISCAS.","DOI":"10.1109\/FPL.2015.7293949"},{"key":"e_1_2_1_164_1","unstructured":"Chaohui Du and Guoqiang Bai. 2016. Efficient polynomial multiplier architecture for Ring-LWE based public key cryptosystems. In ISCAS. Chaohui Du and Guoqiang Bai. 2016. Efficient polynomial multiplier architecture for Ring-LWE based public key cryptosystems. In ISCAS."},{"key":"e_1_2_1_165_1","doi-asserted-by":"publisher","DOI":"10.1145\/2902961.2902969"},{"key":"e_1_2_1_166_1","volume-title":"NAEP: Provable security in the presence of decryption failures. Cryptology ePrint Archive.","author":"Howgrave-Graham Nick","year":"2003"},{"key":"e_1_2_1_167_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-540-68351-3_8"},{"key":"e_1_2_1_168_1","first-page":"1","volume":"136","author":"IEEE","year":"2009","journal-title":"IEEE Std"},{"key":"e_1_2_1_169_1","volume-title":"LARA: A design concept for lattice-based encryption. Cryptology ePrint Archive.","author":"Rachid El Bansarkhani","year":"2017"},{"key":"e_1_2_1_170_1","doi-asserted-by":"crossref","unstructured":"Chris Peikert. 2014. Lattice cryptography for the Internet. In PQCrypto. Chris Peikert. 2014. Lattice cryptography for the Internet. In PQCrypto.","DOI":"10.1007\/978-3-319-11659-4_12"},{"key":"e_1_2_1_171_1","unstructured":"Scott Fluhrer. 2016. Cryptanalysis of Ring-LWE based key exchange with key share reuse. Cryptology ePrint Archive. (2016). Scott Fluhrer. 2016. Cryptanalysis of Ring-LWE based key exchange with key share reuse. Cryptology ePrint Archive. (2016)."},{"key":"e_1_2_1_172_1","unstructured":"Matt Braithwaite. 2016. Experimenting with post-quantum cryptography. (2016). Matt Braithwaite. 2016. Experimenting with post-quantum cryptography. (2016)."},{"key":"e_1_2_1_173_1","unstructured":"Daniel J. Bernstein. 200"},{"key":"e_1_2_1_174_1","unstructured":"Morris J. Dworkin. 201"},{"key":"e_1_2_1_175_1","doi-asserted-by":"crossref","unstructured":"Douglas Stebila and Michele Mosca. 2016. Post-quantum key exchange for the Internet and the Open Quantum Safe Project. Cryptology ePrint Archive. (2016). Douglas Stebila and Michele Mosca. 2016. Post-quantum key exchange for the Internet and the Open Quantum Safe Project. Cryptology ePrint Archive. (2016).","DOI":"10.1007\/978-3-319-69453-5_2"},{"key":"e_1_2_1_176_1","unstructured":"Alexander W. Dent. 2003. A designer\u2019s guide to KEMs. In Cryptography and Coding Kenneth G. Paterson (Ed.). Alexander W. Dent. 2003. A designer\u2019s guide to KEMs. In Cryptography and Coding Kenneth G. Paterson (Ed.)."},{"key":"e_1_2_1_177_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-03356-8_34"},{"key":"e_1_2_1_178_1","unstructured":"Gu Chunsheng. 2017. Integer version of Ring-LWE and its applications. Cryptology ePrint Archive. (2017). Gu Chunsheng. 2017. Integer version of Ring-LWE and its applications. Cryptology ePrint Archive. (2017)."},{"key":"e_1_2_1_179_1","doi-asserted-by":"crossref","unstructured":"Guido Bertoni Joan Daemen Michael Peeters and Gilles Van Assche. 2013. Keccak. In EUROCRYPT. Guido Bertoni Joan Daemen Michael Peeters and Gilles Van Assche. 2013. Keccak. In EUROCRYPT.","DOI":"10.1007\/978-3-642-38348-9_19"},{"key":"e_1_2_1_180_1","unstructured":"Ahmad Boorghany and Rasool Jalili. 2014. Implementation and comparison of lattice-based identification protocols on smart cards and microcontrollers. Cryptology ePrint Archive. (2014). Ahmad Boorghany and Rasool Jalili. 2014. Implementation and comparison of lattice-based identification protocols on smart cards and microcontrollers. Cryptology ePrint Archive. (2014)."},{"key":"e_1_2_1_181_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-29011-4_41"},{"key":"e_1_2_1_182_1","doi-asserted-by":"crossref","unstructured":"John Kelsey. 2016. SHA-3 derived functions: cSHAKE KMAC TupleHash and ParallelHash. NIST Special Publication (2016). John Kelsey. 2016. SHA-3 derived functions: cSHAKE KMAC TupleHash and ParallelHash. NIST Special Publication (2016).","DOI":"10.6028\/NIST.SP.800-185"},{"key":"e_1_2_1_183_1","doi-asserted-by":"crossref","unstructured":"Nina Bindel Johannes Buchmann Juliane Kramer Heiko Mantel Johannes Schickel and Alexandra Weber. 2017. Bounding the cache-side-channel leakage of lattice-based signature schemes using program semantics. Cryptology ePrint Archive. (2017). Nina Bindel Johannes Buchmann Juliane Kramer Heiko Mantel Johannes Schickel and Alexandra Weber. 2017. Bounding the cache-side-channel leakage of lattice-based signature schemes using program semantics. Cryptology ePrint Archive. (2017).","DOI":"10.1007\/978-3-319-75650-9_15"},{"key":"e_1_2_1_184_1","doi-asserted-by":"crossref","unstructured":"Nina Bindel Johannes Buchmann and Juliane Kramer. 2016. Lattice-based signature schemes and their sensitivity to fault attacks. (2016). Nina Bindel Johannes Buchmann and Juliane Kramer. 2016. Lattice-based signature schemes and their sensitivity to fault attacks. (2016).","DOI":"10.1109\/FDTC.2016.11"},{"key":"e_1_2_1_185_1","doi-asserted-by":"crossref","unstructured":"Eike Kiltz Vadim Lyubashevsky and Christian Schaffner. 2017. A concrete treatment of Fiat-Shamir signatures in the quantum random-oracle model. Cryptology ePrint Archive. (2017). Eike Kiltz Vadim Lyubashevsky and Christian Schaffner. 2017. A concrete treatment of Fiat-Shamir signatures in the quantum random-oracle model. Cryptology ePrint Archive. (2017).","DOI":"10.1007\/978-3-319-78372-7_18"},{"key":"e_1_2_1_186_1","doi-asserted-by":"crossref","unstructured":"L\u00e9o Ducas Vadim Lyubashevsky and Thomas Prest. 2014. Efficient identity-based encryption over NTRU lattices. In ASIACRYPT. L\u00e9o Ducas Vadim Lyubashevsky and Thomas Prest. 2014. Efficient identity-based encryption over NTRU lattices. In ASIACRYPT.","DOI":"10.1007\/978-3-662-45608-8_2"},{"key":"e_1_2_1_187_1","doi-asserted-by":"publisher","DOI":"10.1145\/2930889.2930923"},{"key":"e_1_2_1_188_1","doi-asserted-by":"crossref","unstructured":"Damien Stehl\u00e9 and Ron Steinfeld. 2011. Making NTRU as secure as worst-case problems over ideal lattices. In EUROCRYPT. Damien Stehl\u00e9 and Ron Steinfeld. 2011. Making NTRU as secure as worst-case problems over ideal lattices. In EUROCRYPT.","DOI":"10.1007\/978-3-642-20465-4_4"},{"key":"e_1_2_1_189_1","doi-asserted-by":"crossref","unstructured":"Jeff Hoffstein Jill Pipher John M. Schanck Joseph H. Silverman and William Whyte. 2014. Transcript secure signatures based on modular lattices. In PQCrypto. Jeff Hoffstein Jill Pipher John M. Schanck Joseph H. Silverman and William Whyte. 2014. Transcript secure signatures based on modular lattices. In PQCrypto.","DOI":"10.1007\/978-3-319-11659-4_9"}],"container-title":["ACM Computing Surveys"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3292548","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3292548","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,18]],"date-time":"2025-06-18T00:58:07Z","timestamp":1750208287000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3292548"}},"subtitle":["A Survey"],"short-title":[],"issued":{"date-parts":[[2019,1,28]]},"references-count":185,"journal-issue":{"issue":"6","published-print":{"date-parts":[[2019,11,30]]}},"alternative-id":["10.1145\/3292548"],"URL":"https:\/\/doi.org\/10.1145\/3292548","relation":{},"ISSN":["0360-0300","1557-7341"],"issn-type":[{"value":"0360-0300","type":"print"},{"value":"1557-7341","type":"electronic"}],"subject":[],"published":{"date-parts":[[2019,1,28]]},"assertion":[{"value":"2017-11-01","order":0,"name":"received","label":"Received","group":{"name":"publication_history","label":"Publication History"}},{"value":"2018-11-01","order":1,"name":"accepted","label":"Accepted","group":{"name":"publication_history","label":"Publication History"}},{"value":"2019-01-28","order":2,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}