{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,5,6]],"date-time":"2026-05-06T04:14:56Z","timestamp":1778040896046,"version":"3.51.4"},"reference-count":88,"publisher":"International Association for Cryptologic Research","issue":"1","license":[{"start":{"date-parts":[[2025,10,3]],"date-time":"2025-10-03T00:00:00Z","timestamp":1759449600000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0\/"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["IACR CiC"],"accepted":{"date-parts":[[2025,12,2]]},"abstract":"<jats:p>We present the No IC Encryption (NICE)-PAKE, a (semi)-generic symmetric Password Authenticated Key Exchange (PAKE) framework providing a quantum-safe alternative for the Ideal Cipher (IC), utilizing simpler cryptographic components for the authentication step. To give a formal proof, we introduce the notions of A-Part Secrecy (A-SEC-CCA), Splittable Collision Freeness (A-CFR-CCA) and Public Key Uniformity (SPLIT-PKU) for splittable LWE KEMs. We show the relation of the former to the Non-uniform LWE and the Weak-Hint LWE assumptions, as well as its application to Ring and Module LWE. Finally, we show how to obtain a secure PAKE from our construction with concrete parameter choices for lattice KEMs.<\/jats:p>","DOI":"10.62056\/abksr-iuc","type":"journal-article","created":{"date-parts":[[2026,5,4]],"date-time":"2026-05-04T18:09:08Z","timestamp":1777918148000},"update-policy":"https:\/\/doi.org\/10.62056\/adfjwm02dj","source":"Crossref","is-referenced-by-count":0,"title":["NICE-PAKE: On the Security of KEM-Based PAKE Constructions without Ideal Ciphers"],"prefix":"10.62056","volume":"3","author":[{"ORCID":"https:\/\/orcid.org\/0000-0002-4093-580X","authenticated-orcid":false,"given":"Nouri","family":"Alnahawi","sequence":"first","affiliation":[{"id":[{"id":"https:\/\/ror.org\/047wbd030","id-type":"ROR","asserted-by":"publisher"}],"name":"Hochschule Darmstadt","place":["Germany"]},{"id":[{"id":"https:\/\/ror.org\/0378v2g76","id-type":"ROR","asserted-by":"publisher"}],"name":"National Research Center for Applied Cybersecurity ATHENE","place":["Germany"]},{"name":"European University of Technology","place":["European Union"]},{"id":[{"id":"https:\/\/ror.org\/01eezs655","id-type":"ROR","asserted-by":"publisher"}],"name":"University of Regensburg","place":["Germany"]}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Jacob","family":"Alperin-Sheriff","sequence":"additional","affiliation":[{"name":"Independent Researcher","place":["USA"]}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-5427-0423","authenticated-orcid":false,"given":"Daniel","family":"Apon","sequence":"additional","affiliation":[{"id":[{"id":"https:\/\/ror.org\/03ks2a131","id-type":"ROR","asserted-by":"publisher"}],"name":"Anduril Industries","place":["USA"]}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-5935-5725","authenticated-orcid":false,"given":"Gareth","family":"Davies","sequence":"additional","affiliation":[{"id":[{"id":"https:\/\/ror.org\/031v4g827","id-type":"ROR","asserted-by":"publisher"}],"name":"NXP Semiconductors","place":["Belgium"]}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-1144-549X","authenticated-orcid":false,"given":"Alexander","family":"Wiesmaier","sequence":"additional","affiliation":[{"id":[{"id":"https:\/\/ror.org\/047wbd030","id-type":"ROR","asserted-by":"publisher"}],"name":"Hochschule Darmstadt","place":["Germany"]},{"id":[{"id":"https:\/\/ror.org\/0378v2g76","id-type":"ROR","asserted-by":"publisher"}],"name":"National Research Center for Applied Cybersecurity ATHENE","place":["Germany"]},{"name":"European University of Technology","place":["European Union"]}],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"48349","published-online":{"date-parts":[[2026,5,4]]},"reference":[{"key":"ref1:ASIACCS:HaovOo22","doi-asserted-by":"publisher","first-page":"697","DOI":"10.1145\/3488932.3523256","article-title":"SoK: Password-Authenticated Key Exchange - Theory,\n  Practice, Standardization and Real-World Lessons","author":"Feng Hao","year":"2022"},{"key":"ref2:SP:BelMer92","doi-asserted-by":"publisher","first-page":"72","DOI":"10.1109\/RISP.1992.213269","article-title":"Encrypted Key Exchange: Password-Based Protocols Secure\n  against Dictionary Attacks","author":"Steven M. Bellovin","year":"1992"},{"key":"ref3:CCS:McQRosRoy20","doi-asserted-by":"publisher","first-page":"425","DOI":"10.1145\/3372297.3417870","article-title":"Minimal Symmetric PAKE and 1-out-of-N OT from\n  Programmable-Once Public Functions","author":"Ian McQuoid","year":"2020"},{"key":"ref4:ACNS:BCPRR23","series-title":"LNCS","doi-asserted-by":"publisher","first-page":"516","DOI":"10.1007\/978-3-031-33491-7_19","article-title":"GeT a CAKE: Generic Transformations from Key\n  Encaspulation Mechanisms to Password Authenticated Key Exchanges","volume":"13906","author":"Hugo Beguinet","year":"2023"},{"key":"ref5:AC:PanZen23","series-title":"LNCS","doi-asserted-by":"publisher","first-page":"143","DOI":"10.1007\/978-981-99-8742-9_5","article-title":"A Generic Construction of Tightly Secure Password-Based\n  Authenticated Key Exchange","volume":"14445","author":"Jiaxin Pan","year":"2023"},{"key":"ref6:CANS:AHHR24","series-title":"LNCS","doi-asserted-by":"publisher","first-page":"191","DOI":"10.1007\/978-981-97-8016-7_9","article-title":"Towards Post-quantum Secure PAKE - A Tight Security\n  Proof for OCAKE in the BPR Model","volume":"14906","author":"Nouri Alnahawi","year":"2024"},{"key":"ref7:EC:SanGuJar23","series-title":"LNCS","doi-asserted-by":"publisher","first-page":"128","DOI":"10.1007\/978-3-031-30589-4_5","article-title":"Randomized Half-Ideal Cipher on Groups with Applications to\n  UC (a)PAKE","volume":"14008","author":"Bruno Freitas Dos Santos","year":"2023"},{"key":"ref8:EC:JanRoyXu25","series-title":"LNCS","doi-asserted-by":"publisher","first-page":"451","DOI":"10.1007\/978-3-031-91124-8_16","article-title":"Under What Conditions Is Encrypted Key Exchange Actually\n  Secure?","volume":"15602","author":"Jake Januzelli","year":"2025"},{"key":"ref9:AC:ABJS24","series-title":"LNCS","doi-asserted-by":"publisher","first-page":"3","DOI":"10.1007\/978-981-96-0935-2_1","article-title":"C'est Tr\u00e8s CHIC: A Compact Password-Authenticated\n  Key Exchange from Lattice-Based KEM","volume":"15488","author":"Afonso Arriaga","year":"2024"},{"key":"ref10:EPRINT:ArrBarJar25a","volume-title":"NoIC: PAKE from KEM without Ideal Ciphers","author":"Afonso Arriaga","year":"2025"},{"key":"ref11:EPRINT:HHKR25","volume-title":"CAKE requires programming - On the provable post-quantum\n  security of (O)CAKE","author":"Kathrin H\u00f6velmanns","year":"2025"},{"key":"ref12:FSE:Black06","series-title":"LNCS","doi-asserted-by":"publisher","first-page":"328","DOI":"10.1007\/11799313_21","article-title":"The Ideal-Cipher Model, Revisited: An Uninstantiable\n  Blockcipher-Based Hash Function","volume":"4047","author":"John Black","year":"2006"},{"key":"ref13:EC:HesRos25","series-title":"LNCS","doi-asserted-by":"publisher","first-page":"395","DOI":"10.1007\/978-3-031-91124-8_14","article-title":"PAKE Combiners and Efficient Post-quantum Instantiations","volume":"15602","author":"Julia Hesse","year":"2025"},{"key":"ref14:C:KLSS23b","series-title":"LNCS","doi-asserted-by":"publisher","first-page":"549","DOI":"10.1007\/978-3-031-38554-4_18","article-title":"Toward Practical Lattice-Based Proof of Knowledge from\n  Hint-MLWE","volume":"14085","author":"Duhyeong Kim","year":"2023"},{"key":"ref15:EC:DJKPS25","series-title":"LNCS","doi-asserted-by":"publisher","first-page":"302","DOI":"10.1007\/978-3-031-91101-9_11","article-title":"Triple Ratchet: A Bandwidth Efficient Hybrid-Secure Signal\n  Protocol","volume":"15608","author":"Yevgeniy Dodis","year":"2025"},{"key":"ref16:ASIACCS:Niot25","doi-asserted-by":"publisher","first-page":"298","DOI":"10.1145\/3708821.3736192","article-title":"Practical Deniable Post-Quantum X3DH: A Lightweight\n  Split-KEM for K-Waay","author":"Guilhem Niot","year":"2025"},{"key":"ref17:SAC:BFGJS20","series-title":"LNCS","doi-asserted-by":"publisher","first-page":"404","DOI":"10.1007\/978-3-030-81652-0_16","article-title":"Towards Post-Quantum Security for Signal's X3DH\n  Handshake","volume":"12804","author":"Jacqueline Brendel","year":"2020"},{"key":"ref18:CCS:DFJNO25","doi-asserted-by":"publisher","first-page":"1200","DOI":"10.1145\/3719027.3765165","article-title":"Subversion-resilient Key-exchange in the Post-quantum\n  World","author":"K\u00e9vin Duverger","year":"2025"},{"key":"ref19:EC:EENPSS24","series-title":"LNCS","doi-asserted-by":"publisher","first-page":"316","DOI":"10.1007\/978-3-031-58754-2_12","article-title":"Plover: Masking-Friendly Hash-and-Sign Lattice\n  Signatures","volume":"14657","author":"Muhammed F. Esgin","year":"2024"},{"key":"ref20:EC:DKMMPS24","series-title":"LNCS","doi-asserted-by":"publisher","first-page":"219","DOI":"10.1007\/978-3-031-58723-8_8","article-title":"Threshold Raccoon: Practical Threshold Signatures from\n  Standard Lattice Assumptions","volume":"14652","author":"Rafa\u00ebl Del Pino","year":"2024"},{"key":"ref21:AC:LapPre25","series-title":"LNCS","doi-asserted-by":"publisher","first-page":"461","DOI":"10.1007\/978-981-95-5099-9_15","article-title":"A Lattice-Based IND-CCA Threshold KEM from the BCHK+\n  Transform","volume":"16247","author":"Oleksandra Lapiha","year":"2025"},{"key":"ref22:EC:YamZha21","series-title":"LNCS","doi-asserted-by":"publisher","first-page":"568","DOI":"10.1007\/978-3-030-77886-6_20","article-title":"Classical vs Quantum Random Oracles","volume":"12697","author":"Takashi Yamakawa","year":"2021"},{"key":"ref23:EC:BelPoiRog00","series-title":"LNCS","doi-asserted-by":"publisher","first-page":"139","DOI":"10.1007\/3-540-45539-6_11","article-title":"Authenticated Key Exchange Secure against Dictionary\n  Attacks","volume":"1807","author":"Mihir Bellare","year":"2000"},{"key":"ref24:Jab97","doi-asserted-by":"publisher","first-page":"248","DOI":"10.1109\/ENABL.1997.630822","article-title":"Extended Password Key Exchange Protocols Immune to\n  Dictionary Attacks","author":"David P. Jablon","year":"1997"},{"key":"ref25:RSA:AbdPoi05","series-title":"LNCS","doi-asserted-by":"publisher","first-page":"191","DOI":"10.1007\/978-3-540-30574-3_14","article-title":"Simple Password-Based Encrypted Key Exchange Protocols","volume":"3376","author":"Michel Abdalla","year":"2005"},{"key":"ref26:C:ABBJKX20","series-title":"LNCS","doi-asserted-by":"publisher","first-page":"278","DOI":"10.1007\/978-3-030-56784-2_10","article-title":"Universally Composable Relaxed Password Authenticated Key\n  Exchange","volume":"12170","author":"Michel Abdalla","year":"2020"},{"key":"ref27:SCN:HTTY24","series-title":"LNCS","doi-asserted-by":"publisher","first-page":"272","DOI":"10.1007\/978-3-031-71073-5_13","article-title":"Universally Composable Relaxed Asymmetric\n  Password-Authenticated Key Exchange","volume":"14974","author":"Shuya Hanai","year":"2024"},{"key":"ref28:SCN:Hesse20","series-title":"LNCS","doi-asserted-by":"publisher","first-page":"579","DOI":"10.1007\/978-3-030-57990-6_29","article-title":"Separating Symmetric and Asymmetric Password-Authenticated\n  Key Exchange","volume":"12238","author":"Julia Hesse","year":"2020"},{"key":"ref29:AC:McQXu23","series-title":"LNCS","doi-asserted-by":"publisher","first-page":"176","DOI":"10.1007\/978-981-99-8742-9_6","article-title":"An Efficient Strong Asymmetric PAKE Compiler Instantiable\n  from Group Actions","volume":"14445","author":"Ian McQuoid","year":"2023"},{"key":"ref30:EC:LyuLiu25","series-title":"LNCS","doi-asserted-by":"publisher","first-page":"421","DOI":"10.1007\/978-3-031-91124-8_15","article-title":"Hybrid Password Authentication Key Exchange in the UC\n  Framework","volume":"15602","author":"You Lyu","year":"2025"},{"key":"ref31:EPRINT:AHMW25","volume-title":"SoK: PQC PAKEs - Design, Security and Performance","author":"Nouri Alnahawi","year":"2025"},{"key":"ref32:PKC:MarXag23","series-title":"LNCS","doi-asserted-by":"publisher","first-page":"3","DOI":"10.1007\/978-3-031-31368-4_1","article-title":"Post-quantum Anonymity of Kyber","volume":"13940","author":"Varun Maram","year":"2023"},{"key":"ref33:EPRINT:VJWYMS25","volume-title":"A Hybrid Asymmetric Password-Authenticated Key Exchange in\n  the Random Oracle Model","author":"Jelle Vos","year":"2025"},{"key":"ref34:C:GRSV25","series-title":"LNCS","doi-asserted-by":"publisher","first-page":"575","DOI":"10.1007\/978-3-032-01881-6_18","article-title":"Hybrid Obfuscated Key Exchange and KEMs","volume":"16002","author":"Felix G\u00fcnther","year":"2025"},{"key":"ref35:AC:KatVai09a","series-title":"LNCS","doi-asserted-by":"publisher","first-page":"636","DOI":"10.1007\/978-3-642-10366-7_37","article-title":"Smooth Projective Hashing and Password-Based Authenticated\n  Key Exchange from Lattices","volume":"5912","author":"Jonathan Katz","year":"2009"},{"key":"ref36:RSA:DALRS17","series-title":"LNCS","doi-asserted-by":"publisher","first-page":"183","DOI":"10.1007\/978-3-319-52153-4_11","article-title":"Provably Secure Password Authenticated Key Exchange Based on\n  RLWE for the Post-Quantum World","volume":"10159","author":"Jintai Ding","year":"2017"},{"key":"ref37:tang_improved_2021","doi-asserted-by":"publisher","DOI":"10.1155\/2021\/6952869","article-title":"Improved Verifier-Based Three-Party Password-Authenticated\n  Key Exchange Protocol from Ideal Lattices","author":"Yongli Tang","year":"2021","journal-title":"Security and Communication Networks"},{"key":"ref38:wang2022efficient","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-031-30623-5_3","article-title":"Efficient Two-Party Authentication Key Agreement Protocol\n  Using Reconciliation Mechanism from Lattice","author":"Jinhua Wang","year":"2022"},{"key":"ref39:guo_pake_2023","doi-asserted-by":"publisher","first-page":"1750","DOI":"10.3390\/SYM15091750","article-title":"Three-Party Password Authentication and Key Exchange\n  Protocol Based on MLWE","volume":"15","author":"Songhui Guo","year":"2023","journal-title":"Symmetry"},{"key":"ref40:chaudhary2023construction","doi-asserted-by":"publisher","first-page":"136947","DOI":"10.1109\/ACCESS.2023.3325886","article-title":"A Construction of Three Party Post Quantum Secure\n  Authenticated Key Exchange Using Ring Learning With Errors and ECC\n  Cryptography","volume":"11","author":"Dharminder Chaudhary","year":"2023","journal-title":"IEEE Access"},{"key":"ref41:Zhu2014EllipticCI","first-page":"672","article-title":"Elliptic Curve Isogenies-Based Three-party Password\n  Authenticated Key Agreement Scheme towards Quantum-Resistant","volume":"5","author":"Hongfeng Zhu","year":"2014","journal-title":"J. Inf. Hiding Multim. Signal Process."},{"key":"ref42:PROVSEC:TerYon19","series-title":"LNCS","doi-asserted-by":"publisher","first-page":"41","DOI":"10.1007\/978-3-030-31919-9_3","article-title":"Password-Based Authenticated Key Exchange from Standard\n  Isogeny Assumptions","volume":"11821","author":"Shintaro Terada","year":"2019"},{"key":"ref43:C:AEKKR22","series-title":"LNCS","doi-asserted-by":"publisher","first-page":"699","DOI":"10.1007\/978-3-031-15979-4_24","article-title":"Password-Authenticated Key Exchange from Group Actions","volume":"13508","author":"Michel Abdalla","year":"2022"},{"key":"ref44:EC:LyuLiuHan24","series-title":"LNCS","doi-asserted-by":"publisher","first-page":"120","DOI":"10.1007\/978-3-031-58754-2_5","article-title":"Universal Composable Password Authenticated Key Exchange for\n  the Post-Quantum World","volume":"14657","author":"You Lyu","year":"2024"},{"key":"ref45:EC:AlaRus17","series-title":"LNCS","doi-asserted-by":"publisher","first-page":"65","DOI":"10.1007\/978-3-319-56617-7_3","article-title":"Quantum-Secure Symmetric-Key Cryptography Based on Hidden\n  Shifts","volume":"10212","author":"Gorjan Alagic","year":"2017"},{"key":"ref46:AC:HosYas18","series-title":"LNCS","doi-asserted-by":"publisher","first-page":"275","DOI":"10.1007\/978-3-030-03326-2_10","article-title":"Building Quantum-One-Way Functions from Block Ciphers:\n  Davies-Meyer and Merkle-Damg\u00e5rd Constructions","volume":"11272","author":"Akinori Hosoyamada","year":"2018"},{"key":"ref47:IMA:SatShi19b","series-title":"LNCS","doi-asserted-by":"publisher","first-page":"317","DOI":"10.1007\/978-3-030-35199-1_16","article-title":"SO-CCA Secure PKE in the Quantum Random Oracle Model\n  or the Quantum Ideal Cipher Model","volume":"11929","author":"Shingo Sato","year":"2019"},{"key":"ref48:EPRINT:CMSZ19","volume-title":"Quantum Lazy Sampling and Game-Playing Proofs for Quantum\n  Indifferentiability","author":"Jan Czajkowski","year":"2019"},{"key":"ref49:EPRINT:Unruh21","volume-title":"Compressed Permutation Oracles (And the Collision-Resistance\n  of Sponge\/SHA3)","author":"Dominique Unruh","year":"2021"},{"key":"ref50:ARXIV:Rosmanis21","article-title":"Tight Bounds for Inverting Permutations via Compressed\n  Oracle Arguments","volume":"abs\/2103.08975","author":"Ansis Rosmanis","year":"2021","journal-title":"CoRR"},{"key":"ref51:CiC:ABPS24b","doi-asserted-by":"publisher","first-page":"27","DOI":"10.62056\/a0qj89n4e","article-title":"On the Two-sided Permutation Inversion Problem","volume":"1","author":"Gorjan Alagic","year":"2024","journal-title":"CiC"},{"key":"ref52:AC:Unruh23","series-title":"LNCS","doi-asserted-by":"publisher","first-page":"369","DOI":"10.1007\/978-981-99-8730-6_12","article-title":"Towards Compressed Permutation Oracles","volume":"14441","author":"Dominique Unruh","year":"2023"},{"key":"ref53:STOC:MajMalWal25","doi-asserted-by":"publisher","first-page":"1508","DOI":"10.1145\/3717823.3718266","article-title":"Permutation Superposition Oracles for Quantum Query Lower\n  Bounds","author":"Christian Majenz","year":"2025"},{"key":"ref54:C:Zhandry19","series-title":"LNCS","doi-asserted-by":"publisher","first-page":"239","DOI":"10.1007\/978-3-030-26951-7_9","article-title":"How to Record Quantum Queries, and Applications to Quantum\n  Indifferentiability","volume":"11693","author":"Mark Zhandry","year":"2019"},{"key":"ref55:C:DaiSte16","series-title":"LNCS","doi-asserted-by":"publisher","first-page":"95","DOI":"10.1007\/978-3-662-53018-4_4","article-title":"Indifferentiability of 8-Round Feistel Networks","volume":"9814","author":"Yuanxi Dai","year":"2016"},{"key":"ref56:CCS:BelRog93","doi-asserted-by":"publisher","first-page":"62","DOI":"10.1145\/168588.168596","article-title":"Random Oracles are Practical: A Paradigm for Designing\n  Efficient Protocols","author":"Mihir Bellare","year":"1993"},{"key":"ref57:C:BLMR13","series-title":"LNCS","doi-asserted-by":"publisher","first-page":"410","DOI":"10.1007\/978-3-642-40041-4_23","article-title":"Key Homomorphic PRFs and Their Applications","volume":"8042","author":"Dan Boneh","year":"2013"},{"key":"ref58:ACISP:CKKLSS21","series-title":"LNCS","doi-asserted-by":"publisher","first-page":"653","DOI":"10.1007\/978-3-030-90567-5_33","article-title":"Lattice-Based Secure Biometric Authentication for Hamming\n  Distance","volume":"13083","author":"Jung Hee Cheon","year":"2021"},{"key":"ref59:EPRINT:LKKSSC18","volume-title":"Instant Privacy-Preserving Biometric Authentication for\n  Hamming Distance","author":"Joohee Lee","year":"2018"},{"key":"ref60:EC:LSTW25","series-title":"LNCS","doi-asserted-by":"publisher","first-page":"126","DOI":"10.1007\/978-3-031-91131-6_5","article-title":"Snake-Eye Resistant PKE from LWE for Oblivious Message\n  Retrieval and Robust Encryption","volume":"15603","author":"Zeyu Liu","year":"2025"},{"key":"ref61:CCS:CreDaxMed24","doi-asserted-by":"publisher","first-page":"1046","DOI":"10.1145\/3658644.3670283","article-title":"Keeping Up with the KEMs: Stronger Security Notions for\n  KEMs and Automated Analysis of KEM-based Protocols","author":"Cas Cremers","year":"2024"},{"key":"ref62:C:FujOka99","series-title":"LNCS","doi-asserted-by":"publisher","first-page":"537","DOI":"10.1007\/3-540-48405-1_34","article-title":"Secure Integration of Asymmetric and Symmetric Encryption\n  Schemes","volume":"1666","author":"Eiichiro Fujisaki","year":"1999"},{"key":"ref63:JC:FujOka13","doi-asserted-by":"publisher","first-page":"80","DOI":"10.1007\/s00145-011-9114-1","article-title":"Secure Integration of Asymmetric and Symmetric Encryption\n  Schemes","volume":"26","author":"Eiichiro Fujisaki","year":"2013","journal-title":"Journal of Cryptology"},{"key":"ref64:EUROSP:BDKLLSSSS18","doi-asserted-by":"publisher","first-page":"353","DOI":"10.1109\/EuroSP.2018.00032","article-title":"CRYSTALS - Kyber: A CCA-Secure Module-Lattice-Based\n  KEM","author":"Joppe W. Bos","year":"2018"},{"key":"ref65:CCS:BCDMNN16","doi-asserted-by":"publisher","first-page":"1006","DOI":"10.1145\/2976749.2978425","article-title":"Frodo: Take off the Ring! Practical, Quantum-Secure Key\n  Exchange from LWE","author":"Joppe W. Bos","year":"2016"},{"key":"ref66:EC:GruMarPat22","series-title":"LNCS","doi-asserted-by":"publisher","first-page":"402","DOI":"10.1007\/978-3-031-07082-2_15","article-title":"Anonymous, Robust Post-quantum Public Key Encryption","volume":"13277","author":"Paul Grubbs","year":"2022"},{"key":"ref67:EPRINT:Lyubashevsky24","volume-title":"Basic Lattice Cryptography: The concepts behind Kyber\n  (ML-KEM) and Dilithium (ML-DSA)","author":"Vadim Lyubashevsky","year":"2024"},{"key":"ref68:PQCRYPTO:HovKud25","doi-asserted-by":"publisher","first-page":"325","DOI":"10.1007\/978-3-031-86602-9_12","article-title":"Treating Dishonest Ciphertexts in Post-quantum KEMs -\n  Explicit vs. Implicit Rejection in the FO Transform","author":"Kathrin H\u00f6velmanns","year":"2025"},{"key":"ref69:EC:HHMS25","series-title":"LNCS","doi-asserted-by":"publisher","first-page":"245","DOI":"10.1007\/978-3-031-91124-8_9","article-title":"(Un)breakable Curses - Re-encryption in the\n  Fujisaki-Okamoto Transform","volume":"15602","author":"Kathrin H\u00f6velmanns","year":"2025"},{"key":"ref70:C:ONePeiWat11","series-title":"LNCS","doi-asserted-by":"publisher","first-page":"525","DOI":"10.1007\/978-3-642-22792-9_30","article-title":"Bi-Deniable Public-Key Encryption","volume":"6841","author":"Adam O'Neill","year":"2011"},{"key":"ref71:STOC:BLPRS13","doi-asserted-by":"publisher","first-page":"575","DOI":"10.1145\/2488608.2488680","article-title":"Classical hardness of learning with errors","author":"Zvika Brakerski","year":"2013"},{"key":"ref72:EC:BraDot20","series-title":"LNCS","doi-asserted-by":"publisher","first-page":"551","DOI":"10.1007\/978-3-030-45724-2_19","article-title":"Hardness of LWE on General Entropic Distributions","volume":"12106","author":"Zvika Brakerski","year":"2020"},{"key":"ref73:JMC:AlbPlaSco15","doi-asserted-by":"crossref","first-page":"169","DOI":"10.1515\/jmc-2015-0016","article-title":"On the concrete hardness of Learning with Errors","volume":"9","author":"Martin R. Albrecht","year":"2015","journal-title":"J. Math. Cryptol."},{"key":"ref74:C:ACPS09","series-title":"LNCS","doi-asserted-by":"publisher","first-page":"595","DOI":"10.1007\/978-3-642-03356-8_35","article-title":"Fast Cryptographic Primitives and Circular-Secure Encryption\n  Based on Hard Learning Problems","volume":"5677","author":"Benny Applebaum","year":"2009"},{"key":"ref75:ITCS:GKPV10","first-page":"230","article-title":"Robustness of the Learning with Errors Assumption","author":"Shafi Goldwasser","year":"2010"},{"key":"ref76:AC:BBPS19","series-title":"LNCS","doi-asserted-by":"publisher","first-page":"91","DOI":"10.1007\/978-3-030-34621-8_4","article-title":"Order-LWE and the Hardness of Ring-LWE with Entropic\n  Secrets","volume":"11922","author":"Madalina Bolboceanu","year":"2019"},{"key":"ref77:C:LiuWan20","series-title":"LNCS","doi-asserted-by":"publisher","first-page":"296","DOI":"10.1007\/978-3-030-56880-1_11","article-title":"Rounding in the Rings","volume":"12171","author":"Feng-Hao Liu","year":"2020"},{"key":"ref78:ACMCS:RHCB22","doi-asserted-by":"publisher","DOI":"10.1145\/3422178","article-title":"Lattice-based Key-sharing Schemes: A Survey","volume":"54","author":"Prasanna Ravi","year":"2022","journal-title":"ACM Comput. Surv."},{"key":"ref79:C:Regev06","series-title":"LNCS","doi-asserted-by":"publisher","first-page":"131","DOI":"10.1007\/11818175_8","article-title":"Lattice-Based Cryptography (Invited Talk)","volume":"4117","author":"Oded Regev","year":"2006"},{"key":"ref80:regev_learning_2010","doi-asserted-by":"publisher","DOI":"10.1109\/ccc.2010.26","article-title":"The learning with errors problem","author":"Oded Regev","year":"2010","journal-title":"Invited survey in CCC"},{"key":"ref81:STOC:Regev05","doi-asserted-by":"publisher","first-page":"84","DOI":"10.1145\/1060590.1060603","article-title":"On lattices, learning with errors, random linear codes, and\n  cryptography","author":"Oded Regev","year":"2005"},{"key":"ref82:EC:LyuPeiReg10","series-title":"LNCS","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1007\/978-3-642-13190-5_1","article-title":"On Ideal Lattices and Learning with Errors over Rings","volume":"6110","author":"Vadim Lyubashevsky","year":"2010"},{"key":"ref83:ITCS:BraGenVai12","doi-asserted-by":"publisher","first-page":"309","DOI":"10.1145\/2090236.2090262","article-title":"(Leveled) fully homomorphic encryption without\n  bootstrapping","author":"Zvika Brakerski","year":"2012"},{"key":"ref84:DCC:LanSte15","doi-asserted-by":"publisher","first-page":"565","DOI":"10.1007\/s10623-014-9938-4","article-title":"Worst-case to average-case reductions for module lattices","volume":"75","author":"Adeline Langlois","year":"2015","journal-title":"DCC"},{"key":"ref85:TCC:ApoFanLiu16","series-title":"LNCS","doi-asserted-by":"publisher","first-page":"299","DOI":"10.1007\/978-3-662-53644-5_12","article-title":"Deniable Attribute Based Encryption for Branching Programs\n  from LWE","volume":"9986","author":"Daniel Apon","year":"2016"},{"key":"ref86:PKC:AlpPei12","series-title":"LNCS","doi-asserted-by":"publisher","first-page":"334","DOI":"10.1007\/978-3-642-30057-8_20","article-title":"Circular and KDM Security for Identity-Based Encryption","volume":"7293","author":"Jacob Alperin-Sheriff","year":"2012"},{"key":"ref87:EC:CanChe17","series-title":"LNCS","doi-asserted-by":"publisher","first-page":"446","DOI":"10.1007\/978-3-319-56620-7_16","article-title":"Constraint-Hiding Constrained PRFs for\n  NC1 from LWE","volume":"10210","author":"Ran Canetti","year":"2017"},{"key":"ref88:EPRINT:AlpApo16","volume-title":"Dimension-Preserving Reductions from LWE to LWR","author":"Jacob Alperin-Sheriff","year":"2016"}],"container-title":["IACR Communications in Cryptology"],"original-title":[],"language":"en","deposited":{"date-parts":[[2026,5,6]],"date-time":"2026-05-06T04:00:35Z","timestamp":1778040035000},"score":1,"resource":{"primary":{"URL":"https:\/\/cic.iacr.org\/p\/3\/1\/1"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2026,5,4]]},"references-count":88,"journal-issue":{"issue":"1","published-online":{"date-parts":[[2026,5,4]]}},"URL":"https:\/\/doi.org\/10.62056\/abksr-iuc","archive":["Internet Archive","Internet Archive"],"relation":{},"ISSN":["3006-5496"],"issn-type":[{"value":"3006-5496","type":"electronic"}],"subject":[],"published":{"date-parts":[[2026,5,4]]},"assertion":[{"value":"2025-10-03","order":0,"name":"received","label":"Received","group":{"name":"publication_history","label":"Publication History"}},{"value":"2025-12-02","order":1,"name":"accepted","label":"Accepted","group":{"name":"publication_history","label":"Publication History"}}],"article-number":"cc2-4-19"}}