{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,3,21]],"date-time":"2026-03-21T23:41:27Z","timestamp":1774136487297,"version":"3.50.1"},"reference-count":145,"publisher":"International Association for Cryptologic Research","issue":"4","license":[{"start":{"date-parts":[[2024,10,8]],"date-time":"2024-10-08T00:00:00Z","timestamp":1728345600000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0\/"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["IACR CiC"],"accepted":{"date-parts":[[2024,12,3]]},"abstract":"<jats:p>    Fully Homomorphic Encryption (FHE) is a cryptographic primitive that allows performing arbitrary operations on encrypted data.     Since the conception of the idea in [RAD78], it has been considered a holy grail of cryptography.     After the first construction in 2009 [Gen09],     it has evolved to become a practical primitive with strong security guarantees.     Most modern constructions are based on well-known lattice problems such as Learning With Errors (LWE).     Besides its academic appeal, in recent years FHE has also attracted significant attention from industry,     thanks to its applicability to a considerable number of real-world use-cases.     An upcoming standardization effort by ISO\/IEC aims to support the wider adoption of these techniques.     However, one of the main challenges that standards bodies, developers, and end users usually encounter is establishing parameters.     This is particularly hard in the case of FHE because the parameters are not only related to the security level of the system,     but also to the type of operations that the system is able to handle.     In this paper we provide examples of parameter sets for LWE targeting particular security levels, that can be used in the context of FHE constructions.     We also give examples of complete FHE parameter sets, including the parameters relevant for correctness and performance, alongside those relevant for security.     As an additional contribution, we survey the parameter selection support offered in open-source FHE libraries. <\/jats:p>","DOI":"10.62056\/anxra69p1","type":"journal-article","created":{"date-parts":[[2025,1,13]],"date-time":"2025-01-13T17:00:52Z","timestamp":1736787652000},"update-policy":"https:\/\/doi.org\/10.62056\/adfjwm02dj","source":"Crossref","is-referenced-by-count":30,"title":["Security Guidelines for Implementing Homomorphic Encryption"],"prefix":"10.62056","volume":"1","author":[{"ORCID":"https:\/\/orcid.org\/0000-0002-2020-0224","authenticated-orcid":false,"given":"Jean-Philippe","family":"Bossuat","sequence":"first","affiliation":[{"name":"Independent","place":["Switzerland"]}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-2965-8987","authenticated-orcid":false,"given":"Rosario","family":"Cammarota","sequence":"additional","affiliation":[{"name":"Intel Labs","place":["USA"]}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-0319-4707","authenticated-orcid":false,"given":"Ilaria","family":"Chillotti","sequence":"additional","affiliation":[]},{"ORCID":"https:\/\/orcid.org\/0009-0005-6377-0234","authenticated-orcid":false,"given":"Benjamin","family":"Curtis","sequence":"additional","affiliation":[{"name":"Zama","place":["France"]}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-3542-8889","authenticated-orcid":false,"given":"Wei","family":"Dai","sequence":"additional","affiliation":[{"name":"TikTok Inc.","place":["USA"]}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-8284-6795","authenticated-orcid":false,"given":"Huijing","family":"Gong","sequence":"additional","affiliation":[{"name":"Intel Labs","place":["USA"]}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-9551-7912","authenticated-orcid":false,"given":"Erin","family":"Hales","sequence":"additional","affiliation":[{"name":"Royal Holloway, University of London","place":["UK"]}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-4766-3456","authenticated-orcid":false,"given":"Duhyeong","family":"Kim","sequence":"additional","affiliation":[{"name":"Intel Labs","place":["USA"]}]},{"ORCID":"https:\/\/orcid.org\/0009-0000-7623-7053","authenticated-orcid":false,"given":"Bryan","family":"Kumara","sequence":"additional","affiliation":[{"name":"The Alan Turing Institute","place":["UK"]}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-8191-1516","authenticated-orcid":false,"given":"Changmin","family":"Lee","sequence":"additional","affiliation":[{"name":"Korea Institute for Advanced Study","place":["South Korea"]}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-7091-5810","authenticated-orcid":false,"given":"Xianhui","family":"Lu","sequence":"additional","affiliation":[{"name":"Chinese Academy of Sciences","place":["China"]}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-4715-212X","authenticated-orcid":false,"given":"Carsten","family":"Maple","sequence":"additional","affiliation":[{"name":"The Alan Turing Institute","place":["UK"]},{"name":"University of Warwick","place":["UK"]}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-7283-6275","authenticated-orcid":false,"given":"Alberto","family":"Pedrouzo-Ulloa","sequence":"additional","affiliation":[{"name":"atlanTTic, Universidade de Vigo","place":["Spain"]}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-7292-4702","authenticated-orcid":false,"given":"Rachel","family":"Player","sequence":"additional","affiliation":[{"name":"Royal Holloway, University of London","place":["UK"]}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-5566-3763","authenticated-orcid":false,"given":"Yuriy","family":"Polyakov","sequence":"additional","affiliation":[{"name":"Duality Technologies","place":["USA"]}]},{"ORCID":"https:\/\/orcid.org\/0009-0005-4616-5542","authenticated-orcid":false,"given":"Luis","family":"Lopez","sequence":"additional","affiliation":[{"name":"Lorica Cybersecurity","place":["USA"]}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-0496-9789","authenticated-orcid":false,"given":"Yongsoo","family":"Song","sequence":"additional","affiliation":[{"name":"Seoul National University","place":["South Korea"]}]},{"given":"Donggeon","family":"Yhee","sequence":"additional","affiliation":[]}],"member":"48349","published-online":{"date-parts":[[2025,1,13]]},"reference":[{"key":"ref1:Rivest1978","first-page":"169","article-title":"On data banks and privacy homomorphisms","volume":"4","author":"Ronald L Rivest","year":"1978","journal-title":"Foundations of secure computation"},{"key":"ref2:Gentry09","doi-asserted-by":"publisher","first-page":"169","DOI":"10.1145\/1536414.1536440","article-title":"Fully homomorphic encryption using ideal lattices","author":"Craig Gentry","year":"2009"},{"key":"ref3:LauDaiLai21","isbn-type":"print","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-030-77287-1","volume-title":"Protecting Privacy through Homomorphic Encryption","year":"2021","ISBN":"https:\/\/id.crossref.org\/isbn\/9783030772871"},{"key":"ref4:10.1007\/3-540-39118-5_12","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"117","DOI":"10.1007\/3-540-39118-5_12","article-title":"On Privacy Homomorphisms (Extended Abstract)","volume":"304","author":"Ernest F. Brickell","year":"1987"},{"key":"ref5:CCS:MCR21","series-title":"CCS '21","isbn-type":"print","doi-asserted-by":"publisher","first-page":"2292","DOI":"10.1145\/3460120.3485381","article-title":"OnionPIR: Response Efficient Single-Server PIR","author":"Muhammad Haris Mughees","year":"2021","ISBN":"https:\/\/id.crossref.org\/isbn\/9781450384544"},{"key":"ref6:10.5555\/3277203.3277326","first-page":"1651","article-title":"GAZELLE: A Low Latency Framework for Secure Neural\n  Network Inference","author":"Chiraag Juvekar","year":"2018"},{"key":"ref7:DBLP:conf\/crypto\/Brakerski12","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"868","DOI":"10.1007\/978-3-642-32009-5_50","article-title":"Fully Homomorphic Encryption without Modulus Switching from\n  Classical GapSVP","volume":"7417","author":"Zvika Brakerski","year":"2012"},{"key":"ref8:fan2012somewhat","first-page":"144","article-title":"Somewhat Practical Fully Homomorphic Encryption","author":"Junfeng Fan","year":"2012","journal-title":"IACR Cryptol. ePrint Arch."},{"key":"ref9:BGV12","doi-asserted-by":"publisher","first-page":"309","DOI":"10.1145\/2090236.2090262","article-title":"(Leveled) fully homomorphic encryption without\n  bootstrapping","author":"Zvika Brakerski","year":"2012"},{"key":"ref10:DBLP:conf\/asiacrypt\/CheonKKS17","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"409","DOI":"10.1007\/978-3-319-70694-8_15","article-title":"Homomorphic Encryption for Arithmetic of Approximate\n  Numbers","volume":"10624","author":"Jung Hee Cheon","year":"2017"},{"key":"ref11:DM15","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"617","DOI":"10.1007\/978-3-662-46800-5_24","article-title":"FHEW: Bootstrapping Homomorphic Encryption in Less Than a\n  Second","volume":"9056","author":"L\u00e9o Ducas","year":"2015"},{"key":"ref12:DBLP:conf\/asiacrypt\/ChillottiGGI16","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"3","DOI":"10.1007\/978-3-662-53887-6_1","article-title":"Faster Fully Homomorphic Encryption: Bootstrapping in Less\n  Than 0.1 Seconds","volume":"10031","author":"Ilaria Chillotti","year":"2016"},{"key":"ref13:LMK+23","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"227","DOI":"10.1007\/978-3-031-30620-4_8","article-title":"Efficient FHEW Bootstrapping with Small Evaluation Keys,\n  and Applications to Threshold Homomorphic Encryption","volume":"14006","author":"Yongwoo Lee","year":"2023"},{"key":"ref14:DBLP:conf\/ccs\/BadawiBBCEGHHKL22","doi-asserted-by":"publisher","first-page":"53","DOI":"10.1145\/3560827.3563379","article-title":"OpenFHE: Open-Source Fully Homomorphic Encryption Library","author":"Ahmad Al Badawi","year":"2022"},{"key":"ref15:XZDDF23","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"3","DOI":"10.1007\/978-3-031-38551-3_1","article-title":"Fast Blind Rotation for Bootstrapping FHEs","volume":"14084","author":"Binwu Xiang","year":"2023"},{"key":"ref16:Regev05","doi-asserted-by":"publisher","first-page":"84","DOI":"10.1145\/1060590.1060603","article-title":"On lattices, learning with errors, random linear codes, and\n  cryptography","author":"Oded Regev","year":"2005"},{"key":"ref17:DBLP:conf\/asiacrypt\/StehleSTX09","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"617","DOI":"10.1007\/978-3-642-10366-7_36","article-title":"Efficient Public Key Encryption Based on Ideal Lattices","volume":"5912","author":"Damien Stehl\u00e9","year":"2009"},{"key":"ref18:DBLP:conf\/eurocrypt\/LyubashevskyPR10","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1007\/978-3-642-13190-5_1","article-title":"On Ideal Lattices and Learning with Errors over Rings","volume":"6110","author":"Vadim Lyubashevsky","year":"2010"},{"key":"ref19:DBLP:journals\/jacm\/LyubashevskyPR13","doi-asserted-by":"publisher","DOI":"10.1145\/2535925","article-title":"On Ideal Lattices and Learning with Errors over Rings","volume":"60","author":"Vadim Lyubashevsky","year":"2013","journal-title":"J. ACM"},{"key":"ref20:DBLP:conf\/asiacrypt\/ChillottiGGI17","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"377","DOI":"10.1007\/978-3-319-70694-8_14","article-title":"Faster Packed Homomorphic Operations and Efficient Circuit\n  Bootstrapping for TFHE","volume":"10624","author":"Ilaria Chillotti","year":"2017"},{"key":"ref21:LS15","doi-asserted-by":"publisher","first-page":"565","DOI":"10.1007\/S10623-014-9938-4","article-title":"Worst-case to average-case reductions for module lattices","volume":"75","author":"Adeline Langlois","year":"2015","journal-title":"Des. Codes Cryptogr."},{"key":"ref22:APS15","doi-asserted-by":"publisher","first-page":"169","DOI":"10.1515\/jmc-2015-0016","article-title":"On the concrete hardness of Learning with Errors","volume":"9","author":"Martin R. Albrecht","year":"2015","journal-title":"J. Math. Cryptol."},{"key":"ref23:he-standard","first-page":"939","article-title":"Homomorphic Encryption Standard","author":"Martin R. Albrecht","year":"2019","journal-title":"IACR Cryptol. ePrint Arch."},{"key":"ref24:Albrecht2021","isbn-type":"print","doi-asserted-by":"publisher","first-page":"31","DOI":"10.1007\/978-3-030-77287-1_2","article-title":"Homomorphic Encryption Standard","author":"Martin Albrecht","year":"2021","ISBN":"https:\/\/id.crossref.org\/isbn\/9783030772871"},{"key":"ref25:BR15","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"119","DOI":"10.1007\/978-3-319-22174-8_7","article-title":"FHEW with Efficient Multibit Bootstrapping","volume":"9230","author":"Jean-Fran\u00e7ois Biasse","year":"2015"},{"key":"ref26:BDF18","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"217","DOI":"10.1007\/978-3-319-89339-6_13","article-title":"Large FHE Gates from Tensored Homomorphic Accumulator","volume":"10831","author":"Guillaume Bonnoron","year":"2018"},{"key":"ref27:KS22","doi-asserted-by":"publisher","first-page":"501","DOI":"10.46586\/TCHES.V2023.I1.501-537","article-title":"FDFB: Full Domain Functional Bootstrapping Towards\n  Practical Fully Homomorphic Encryption","volume":"2023","author":"Kamil Kluczniak","year":"2023","journal-title":"IACR Trans. Cryptogr. Hardw. Embed. Syst."},{"key":"ref28:BDGL16","doi-asserted-by":"publisher","first-page":"10","DOI":"10.1137\/1.9781611974331.ch2","article-title":"New directions in nearest neighbor searching with\n  applications to lattice sieving","author":"Anja Becker","year":"2016"},{"key":"ref29:APS15old","doi-asserted-by":"publisher","first-page":"169","DOI":"10.1515\/jmc-2015-0016","article-title":"On the concrete hardness of Learning with Errors","volume":"9","author":"Martin R. Albrecht","year":"2015","journal-title":"J. Math. Cryptol."},{"key":"ref30:CHHS19","doi-asserted-by":"publisher","first-page":"89497","DOI":"10.1109\/ACCESS.2019.2925425","article-title":"A Hybrid of Dual and Meet-in-the-Middle Attack on Sparse and\n  Ternary Secret LWE","volume":"7","author":"Jung Hee Cheon","year":"2019","journal-title":"IEEE Access"},{"key":"ref31:SC19","doi-asserted-by":"publisher","first-page":"11","DOI":"10.1145\/3338469.3358941","article-title":"Revisiting the Hybrid Attack on Sparse Secret LWE and\n  Application to HE Parameters","author":"Yongha Son","year":"2019"},{"key":"ref32:EJK20","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"440","DOI":"10.1007\/978-3-030-65277-7_20","article-title":"On a Dual\/Hybrid Approach to Small Secret LWE - A\n  Dual\/Enumeration Technique for Learning with Errors and Application to\n  Security Estimates of FHE Schemes","volume":"12578","author":"Thomas Espitau","year":"2020"},{"key":"ref33:GJ21","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"33","DOI":"10.1007\/978-3-030-92068-5_2","article-title":"Faster Dual Lattice Attacks for Solving LWE with\n  Applications to CRYSTALS","volume":"13093","author":"Qian Guo","year":"2021"},{"key":"ref34:BLLW22","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"168","DOI":"10.1007\/978-3-031-22301-3_9","article-title":"Hybrid Dual and Meet-LWE Attack","volume":"13494","author":"Lei Bi","year":"2022"},{"key":"ref35:matzovduallaticce","doi-asserted-by":"publisher","DOI":"10.5281\/zenodo.6412487","volume-title":"Report on the Security of LWE: Improved Dual Lattice\n  Attack","author":"MATZOV","year":"2022"},{"key":"ref36:CST22","first-page":"1750","article-title":"Faster Dual Lattice Attacks by Using Coding Theory","author":"K\u00e9vin Carrier","year":"2022","journal-title":"IACR Cryptol. ePrint Arch."},{"key":"ref37:DP23","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"37","DOI":"10.1007\/978-3-031-38548-3_2","article-title":"Does the Dual-Sieve Attack on Learning with Errors Even\n  Work?","volume":"14083","author":"L\u00e9o Ducas","year":"2023"},{"key":"ref38:PS23","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"256","DOI":"10.1007\/978-3-031-58754-2_10","article-title":"Provable Dual Attacks on Learning with Errors","volume":"14656","author":"Amaury Pouly","year":"2024"},{"key":"ref39:DP23b","first-page":"1850","article-title":"Accurate Score Prediction for Dual-Sieve Attacks","author":"L\u00e9o Ducas","year":"2023","journal-title":"IACR Cryptol. ePrint Arch."},{"key":"ref40:XWWGW24","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"3","DOI":"10.1007\/978-3-031-57725-3_1","article-title":"A Refined Hardness Estimation of LWE in Two-Step Mode","volume":"14603","author":"Wenwen Xia","year":"2024"},{"key":"ref41:HPS98","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"267","DOI":"10.1007\/BFb0054868","article-title":"NTRU: A Ring-Based Public Key Cryptosystem","volume":"1423","author":"Jeffrey Hoffstein","year":"1998"},{"key":"ref42:SS11","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"27","DOI":"10.1007\/978-3-642-20465-4_4","article-title":"Making NTRU as Secure as Worst-Case Problems over Ideal\n  Lattices","volume":"6632","author":"Damien Stehl\u00e9","year":"2011"},{"key":"ref43:LTV12","doi-asserted-by":"publisher","first-page":"1219","DOI":"10.1145\/2213977.2214086","article-title":"On-the-fly multiparty computation on the cloud via multikey\n  fully homomorphic encryption","author":"Adriana L\u00f3pez-Alt","year":"2012"},{"key":"ref44:BLLN13","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"45","DOI":"10.1007\/978-3-642-45239-0_4","article-title":"Improved Security for a Ring-Based Fully Homomorphic\n  Encryption Scheme","volume":"8308","author":"Joppe W. Bos","year":"2013"},{"key":"ref45:Kluczniak22","doi-asserted-by":"publisher","first-page":"1783","DOI":"10.1145\/3548606.3560700","article-title":"NTRU-v-um: Secure Fully Homomorphic Encryption from NTRU\n  with Small Modulus","author":"Kamil Kluczniak","year":"2022"},{"key":"ref46:BIPPS22","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"188","DOI":"10.1007\/978-3-031-22966-4_7","article-title":"FINAL: Faster FHE Instantiated with NTRU and LWE","volume":"13792","author":"Charlotte Bonte","year":"2022"},{"key":"ref47:ABD16","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"153","DOI":"10.1007\/978-3-662-53018-4_6","article-title":"A Subfield Lattice Attack on Overstretched NTRU\n  Assumptions - Cryptanalysis of Some FHE and Graded Encoding Schemes","volume":"9814","author":"Martin R. Albrecht","year":"2016"},{"key":"ref48:CJL16","doi-asserted-by":"publisher","first-page":"255","DOI":"10.1112\/S1461157016000371","article-title":"An algorithm for NTRU problems and cryptanalysis of the\n  GGH multilinear map without a low-level encoding of zero","volume":"19","author":"Jung Hee Cheon","year":"2016","journal-title":"LMS J. Comput. Math."},{"key":"ref49:KF17","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"3","DOI":"10.1007\/978-3-319-56620-7_1","article-title":"Revisiting Lattice Attacks on Overstretched NTRU\n  Parameters","volume":"10210","author":"Paul Kirchner","year":"2017"},{"key":"ref50:DW21","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"3","DOI":"10.1007\/978-3-030-92068-5_1","article-title":"NTRU Fatigue: How Stretched is Overstretched?","volume":"13093","author":"L\u00e9o Ducas","year":"2021"},{"key":"ref51:HSS23","first-page":"933","article-title":"Concrete NTRU Security and Advances in Practical\n  Lattice-Based Electronic Voting","author":"Patrick Hough","year":"2023","journal-title":"IACR Cryptol. ePrint Arch."},{"key":"ref52:Regev09","doi-asserted-by":"publisher","DOI":"10.1145\/1568318.1568324","article-title":"On lattices, learning with errors, random linear codes, and\n  cryptography","volume":"56","author":"Oded Regev","year":"2009","journal-title":"J. ACM"},{"key":"ref53:DBLP:conf\/stoc\/Peikert09","doi-asserted-by":"publisher","first-page":"333","DOI":"10.1145\/1536414.1536461","article-title":"Public-key cryptosystems from the worst-case shortest vector\n  problem: extended abstract","author":"Chris Peikert","year":"2009"},{"key":"ref54:BLPRS13","doi-asserted-by":"publisher","first-page":"575","DOI":"10.1145\/2488608.2488680","article-title":"Classical hardness of learning with errors","author":"Zvika Brakerski","year":"2013"},{"key":"ref55:DBLP:conf\/crypto\/ApplebaumCPS09","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"595","DOI":"10.1007\/978-3-642-03356-8_35","article-title":"Fast Cryptographic Primitives and Circular-Secure Encryption\n  Based on Hard Learning Problems","volume":"5677","author":"Benny Applebaum","year":"2009"},{"key":"ref56:cheon2016practical","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"51","DOI":"10.1007\/978-3-319-53177-9_3","article-title":"A Practical Post-Quantum Public-Key Cryptosystem Based on\n  \\textsf spLWE","volume":"10157","author":"Jung Hee Cheon","year":"2016"},{"key":"ref57:PeiRegSte17","doi-asserted-by":"publisher","first-page":"461","DOI":"10.1145\/3055399.3055489","article-title":"Pseudorandomness of ring-LWE for any ring and modulus","author":"Chris Peikert","year":"2017"},{"key":"ref58:CDPR16","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"559","DOI":"10.1007\/978-3-662-49896-5_20","article-title":"Recovering Short Generators of Principal Ideals in\n  Cyclotomic Rings","volume":"9666","author":"Ronald Cramer","year":"2016"},{"key":"ref59:PHS19","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"685","DOI":"10.1007\/978-3-030-17656-3_24","article-title":"Approx-SVP in Ideal Lattices with Pre-processing","volume":"11477","author":"Alice Pellet-Mary","year":"2019"},{"key":"ref60:BL21","first-page":"1428","article-title":"Non-randomness of S-unit lattices","author":"Daniel J. Bernstein","year":"2021","journal-title":"IACR Cryptol. ePrint Arch."},{"key":"ref61:WCCL22","article-title":"SALSA: Attacking Lattice Cryptography with Transformers","author":"Emily Wenger","year":"2022"},{"key":"ref62:salsa-picante","doi-asserted-by":"publisher","first-page":"2606","DOI":"10.1145\/3576915.3623076","article-title":"SalsaPicante: A Machine Learning Attack on LWE with\n  Binary Secrets","author":"Cathy Yuanchen Li","year":"2023"},{"key":"ref63:salsa-verde","article-title":"SALSA VERDE: a machine learning attack on LWE with\n  sparse small secrets","author":"Cathy Yuanchen Li","year":"2023"},{"key":"ref64:salsa-fresca","first-page":"150","article-title":"SALSA FRESCA: Angular Embeddings and Pre-Training for\n  ML Attacks on Learning With Errors","author":"Samuel Stevens","year":"2024","journal-title":"IACR Cryptol. ePrint Arch."},{"key":"ref65:DBLP:conf\/ches\/PrimasPM17","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"513","DOI":"10.1007\/978-3-319-66787-4_25","article-title":"Single-Trace Side-Channel Attacks on Masked Lattice-Based\n  Encryption","volume":"10529","author":"Robert Primas","year":"2017"},{"key":"ref66:RevEAL","doi-asserted-by":"publisher","first-page":"1527","DOI":"10.23919\/DATE54114.2022.9774724","article-title":"RevEAL: Single-Trace Side-Channel Leakage of the SEAL\n  Homomorphic Encryption Library","author":"Furkan Aydin","year":"2022"},{"key":"ref67:seal-ntt-attack","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"99","DOI":"10.1007\/978-3-031-07689-3_8","article-title":"Timing Leakage Analysis of Non-constant-time NTT\n  Implementations with Harvey Butterflies","volume":"13301","author":"Nir Drucker","year":"2022"},{"key":"ref68:seal-em-attack","doi-asserted-by":"publisher","first-page":"95","DOI":"10.1145\/3560834.3563833","article-title":"Exposing Side-Channel Leakage of SEAL Homomorphic\n  Encryption Library","author":"Furkan Aydin","year":"2022"},{"key":"ref69:DBLP:conf\/crypto\/Dachman-SoledDG20","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"329","DOI":"10.1007\/978-3-030-56880-1_12","article-title":"LWE with Side Information: Attacks and Concrete Security\n  Estimation","volume":"12171","author":"Dana Dachman-Soled","year":"2020"},{"key":"ref70:C_manual:DGHK23","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"748","DOI":"10.1007\/978-3-031-38554-4_24","article-title":"Revisiting Security Estimation for LWE with Hints from a\n  Geometric Perspective","volume":"14085","author":"Dana Dachman-Soled","year":"2023"},{"key":"ref71:DBLP:conf\/pldi\/DathathriKSDLM20","doi-asserted-by":"publisher","first-page":"546","DOI":"10.1145\/3385412.3386023","article-title":"EVA: an encrypted vector arithmetic language and compiler\n  for efficient homomorphic computation","author":"Roshan Dathathri","year":"2020"},{"key":"ref72:HECATE","doi-asserted-by":"publisher","first-page":"193","DOI":"10.1109\/CGO53902.2022.9741265","article-title":"HECATE: Performance-Aware Scale Optimization for\n  Homomorphic Encryption Compiler","author":"Yongwoo Lee","year":"2022"},{"key":"ref73:ELASM","first-page":"4697","article-title":"ELASM: Error-Latency-Aware Scale Management for Fully\n  Homomorphic Encryption","author":"Yongwoo Lee","year":"2023"},{"key":"ref74:BBBCLOT23","doi-asserted-by":"publisher","first-page":"28","DOI":"10.1007\/s00145-023-09463-5","article-title":"Parameter Optimization and Larger Precision for (T)FHE","volume":"36","author":"Loris Bergerat","year":"2023","journal-title":"J. Cryptol."},{"key":"ref75:CHP23","doi-asserted-by":"publisher","first-page":"120460","DOI":"10.1016\/J.ESWA.2023.120460","article-title":"Towards automated homomorphic encryption parameter selection\n  with fuzzy logic and linear programming","volume":"229","author":"Jos\u00e9 Cabrero-Holgueras","year":"2023","journal-title":"Expert Syst. Appl."},{"key":"ref76:bgv-parameter","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"370","DOI":"10.1007\/978-3-031-37679-5_16","article-title":"Finding and Evaluating Parameters for BGV","volume":"14064","author":"Johannes Mono","year":"2023"},{"key":"ref77:KMR24","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"376","DOI":"10.1007\/978-3-031-64381-1_17","article-title":"Guidance for Efficient Selection of Secure Parameters for\n  Fully Homomorphic Encryption","volume":"14861","author":"Elena Kirshanova","year":"2024"},{"key":"ref78:AG11","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"403","DOI":"10.1007\/978-3-642-22006-7_34","article-title":"New Algorithms for Learning in Presence of Errors","volume":"6755","author":"Sanjeev Arora","year":"2011"},{"key":"ref79:cryptoeprint:2020\/1481","first-page":"1481","article-title":"Design and implementation of HElib: a homomorphic encryption\n  library","author":"Shai Halevi","year":"2020","journal-title":"IACR Cryptol. ePrint Arch."},{"key":"ref80:FIPS203final","doi-asserted-by":"publisher","DOI":"10.6028\/NIST.FIPS.203","volume-title":"Module-Lattice-based Key-Encapsulation Mechanism Standard","author":"National Institute of Standards NIST","year":"2024"},{"key":"ref81:halevi2021bootstrapping","doi-asserted-by":"publisher","first-page":"7","DOI":"10.1007\/S00145-020-09368-7","article-title":"Bootstrapping for HElib","volume":"34","author":"Shai Halevi","year":"2021","journal-title":"J. Cryptol."},{"key":"ref82:chen2018homomorphic","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"315","DOI":"10.1007\/978-3-319-78381-9_12","article-title":"Homomorphic Lower Digits Removal and Improved FHE\n  Bootstrapping","volume":"10820","author":"Hao Chen","year":"2018"},{"key":"ref83:10.1007\/978-3-319-78381-9_14","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"360","DOI":"10.1007\/978-3-319-78381-9_14","article-title":"Bootstrapping for Approximate Homomorphic Encryption","volume":"10820","author":"Jung Hee Cheon","year":"2018"},{"key":"ref84:CCS19","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"34","DOI":"10.1007\/978-3-030-17656-3_2","article-title":"Improved Bootstrapping for Approximate Homomorphic\n  Encryption","volume":"11477","author":"Hao Chen","year":"2019"},{"key":"ref85:HK20","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"364","DOI":"10.1007\/978-3-030-40186-3_16","article-title":"Better Bootstrapping for Approximate Homomorphic\n  Encryption","volume":"12006","author":"Kyoohyung Han","year":"2020"},{"key":"ref86:MHWW24","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"403","DOI":"10.1007\/978-3-031-58723-8_14","article-title":"Accelerating BGV Bootstrapping for Large $p$ Using Null\n  Polynomials over $\\mathbb{Z}_{p^e}$","volume":"14652","author":"Shihe Ma","year":"2024"},{"key":"ref87:BTH22","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"521","DOI":"10.1007\/978-3-031-09234-3_26","article-title":"Bootstrapping for Approximate Homomorphic Encryption with\n  Negligible Failure-Probability by Using Sparse-Secret Encapsulation","volume":"13269","author":"Jean-Philippe Bossuat","year":"2022"},{"key":"ref88:BMTPH21","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"587","DOI":"10.1007\/978-3-030-77870-5_21","article-title":"Efficient Bootstrapping for Approximate Homomorphic\n  Encryption with Non-sparse Keys","volume":"12696","author":"Jean-Philippe Bossuat","year":"2021"},{"key":"ref89:cryptoeprint:2023\/1304","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"69","DOI":"10.1007\/978-981-99-8736-8_3","article-title":"Homomorphic Polynomial Evaluation Using Galois Structure and\n  Applications to BFV Bootstrapping","volume":"14443","author":"Hiroki Okada","year":"2023"},{"key":"ref90:GKPV10","first-page":"230","article-title":"Robustness of the Learning with Errors Assumption","author":"Shafi Goldwasser","year":"2010"},{"key":"ref91:Howgrave-Graham07","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"150","DOI":"10.1007\/978-3-540-74143-5_9","article-title":"A Hybrid Lattice-Reduction and Meet-in-the-Middle Attack\n  Against NTRU","volume":"4622","author":"Nick Howgrave-Graham","year":"2007"},{"key":"ref92:curtis2019feasibility","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1145\/3338469.3358940","article-title":"On the Feasibility and Impact of Standardising Sparse-secret\n  LWE Parameter Sets for Homomorphic Encryption","author":"Benjamin R. Curtis","year":"2019"},{"key":"ref93:DBLP:conf\/crypto\/May21","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"701","DOI":"10.1007\/978-3-030-84245-1_24","article-title":"How to Meet Ternary LWE Keys","volume":"12826","author":"Alexander May","year":"2021"},{"key":"ref94:cheon2022practical","doi-asserted-by":"publisher","first-page":"35","DOI":"10.4134\/JKMS.J200650","article-title":"Practical FHE parameters against lattice attacks","volume":"59","author":"Jung Hee Cheon","year":"2022","journal-title":"Journal of the Korean Mathematical Society"},{"key":"ref95:hhan2022meet","first-page":"1473","article-title":"How to Meet Ternary LWE Keys on Babai's Nearest Plane","author":"Minki Hhan","year":"2022","journal-title":"IACR Cryptol. ePrint Arch."},{"key":"ref96:cryptoeprint:2024\/824","first-page":"824","article-title":"Improved Meet-LWE Attack via Ternary Trees","author":"Eunmin Lee","year":"2024","journal-title":"IACR Cryptol. ePrint Arch."},{"key":"ref97:NMWSLCL24","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"428","DOI":"10.1007\/978-3-031-64381-1_19","article-title":"The Cool and the Cruel: Separating Hard Parts of LWE\n  Secrets","volume":"14861","author":"Niklas Nolte","year":"2024"},{"key":"ref98:SAC:LMSV12","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"55","DOI":"10.1007\/978-3-642-28496-0_4","article-title":"On CCA-Secure Somewhat Homomorphic Encryption","volume":"7118","author":"Jake Loftus","year":"2011"},{"key":"ref99:ITCS:BSW12","doi-asserted-by":"publisher","first-page":"350","DOI":"10.1145\/2090236.2090264","article-title":"Targeted malleability: homomorphic encryption for restricted\n  computations","author":"Dan Boneh","year":"2012"},{"key":"ref100:cryptography:FHR22","doi-asserted-by":"publisher","first-page":"13","DOI":"10.3390\/CRYPTOGRAPHY6010013","article-title":"On the IND-CCA1 Security of FHE Schemes","volume":"6","author":"Prastudy Fauzi","year":"2022","journal-title":"Cryptography"},{"key":"ref101:TOC:AGHV22","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"70","DOI":"10.1007\/978-3-031-22365-5_3","article-title":"Achievable CCA2 Relaxation for Homomorphic Encryption","volume":"13748","author":"Adi Akavia","year":"2022"},{"key":"ref102:EC:MN24","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"63","DOI":"10.1007\/978-3-031-58723-8_3","article-title":"Fully Homomorphic Encryption Beyond IND-CCA1 Security:\n  Integrity Through Verifiability","volume":"14652","author":"Mark Manulis","year":"2024"},{"key":"ref103:DBLP:conf\/eurocrypt\/LiM21","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"648","DOI":"10.1007\/978-3-030-77870-5_23","article-title":"On the Security of Homomorphic Encryption on Approximate\n  Numbers","volume":"12696","author":"Baiyu Li","year":"2021"},{"key":"ref104:LMSS22","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"560","DOI":"10.1007\/978-3-031-15802-5_20","article-title":"Securing Approximate Homomorphic Encryption Using\n  Differential Privacy","volume":"13507","author":"Baiyu Li","year":"2022"},{"key":"ref105:CSBB24","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"3","DOI":"10.1007\/978-3-031-68382-4_1","article-title":"On the Practical CPA\\({}^{\\mbox{D}}\\) Security of \"exact\"\n  and Threshold FHE Schemes and Libraries","volume":"14922","author":"Marina Checri","year":"2024"},{"key":"ref106:10.1145\/3658644.3690341","doi-asserted-by":"publisher","first-page":"2505","DOI":"10.1145\/3658644.3690341","article-title":"Attacks Against the IND-CPA\\({}^{\\mbox{D}}\\) Security of\n  Exact FHE Schemes","author":"Jung Hee Cheon","year":"2024"},{"key":"ref107:MaLi24","doi-asserted-by":"publisher","first-page":"2240","DOI":"10.1007\/S11424-024-3221-1","article-title":"On the Security of Homomorphic Encryption Schemes with\n  Restricted Decryption Oracles","volume":"37","author":"Guangsheng Ma","year":"2024","journal-title":"J. Syst. Sci. Complex."},{"key":"ref108:ICS:HGS99","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"2","DOI":"10.1007\/978-3-540-47942-0_2","article-title":"Reaction Attacks against several Public-Key Cryptosystems","volume":"1726","author":"Chris Hall","year":"1999"},{"key":"ref109:FSE:BDPS14","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"367","DOI":"10.1007\/978-3-662-43933-3_19","article-title":"On Symmetric Encryption with Distinguishable Decryption\n  Failures","volume":"8424","author":"Alexandra Boldyreva","year":"2013"},{"key":"ref110:PKC:DGJ19","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"565","DOI":"10.1007\/978-3-030-17259-6_19","article-title":"Decryption Failure Attacks on IND-CCA Secure Lattice-Based\n  Schemes","volume":"11443","author":"Jan-Pieter D'Anvers","year":"2019"},{"key":"ref111:cryptoeprint:2020\/1581","first-page":"1581","article-title":"Remark on the Security of CKKS Scheme in Practice","author":"Jung Hee Cheon","year":"2020","journal-title":"IACR Cryptol. ePrint Arch."},{"key":"ref112:GND+24","article-title":"Key Recovery Attacks on Approximate Homomorphic Encryption\n  with Non-Worst-Case Noise Flooding Countermeasures","author":"Qian Guo","year":"2024"},{"key":"ref113:cryptoeprint:2024\/203","first-page":"203","article-title":"Application-Aware Approximate Homomorphic Encryption:\n  Configuring FHE for Practical Use","author":"Andreea Alexandru","year":"2024","journal-title":"IACR Cryptol. ePrint Arch."},{"key":"ref114:cryptoeprint:2024\/853","first-page":"853","article-title":"Practical q-IND-CPA-D-Secure Approximate Homomorphic\n  Encryption","author":"Jean-Philippe Bossuat","year":"2024","journal-title":"IACR Cryptol. ePrint Arch."},{"key":"ref115:SP800-57p1","doi-asserted-by":"publisher","DOI":"10.6028\/NIST.SP.800-57pt1r5","volume-title":"Recommendation for Key Management: Part 1 \u2013 General","author":"Elaine Barker","year":"2020"},{"key":"ref116:BG14","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"322","DOI":"10.1007\/978-3-319-08344-5_21","article-title":"Lattice Decoding Attacks on Binary LWE","volume":"8544","author":"Shi Bai","year":"2014"},{"key":"ref117:DBLP:conf\/uss\/AlkimDPS16","first-page":"327","article-title":"Post-quantum Key Exchange - A New Hope","author":"Erdem Alkim","year":"2016"},{"key":"ref118:MR09","doi-asserted-by":"publisher","first-page":"147","DOI":"10.1007\/978-3-540-88702-7_5","article-title":"Lattice-based Cryptography","author":"Daniele Micciancio","year":"2009"},{"key":"ref119:Albrecht17","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"103","DOI":"10.1007\/978-3-319-56614-6_4","article-title":"On Dual Lattice Attacks Against Small-Secret LWE and\n  Parameter Choices in HElib and SEAL","volume":"10211","author":"Martin R. Albrecht","year":"2017"},{"key":"ref120:LN13","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"293","DOI":"10.1007\/978-3-642-36095-4_19","article-title":"Solving BDD by Enumeration: An Update","volume":"7779","author":"Mingjie Liu","year":"2013"},{"key":"ref121:GJS15","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"23","DOI":"10.1007\/978-3-662-47989-6_2","article-title":"Coded-BKW: Solving LWE Using Lattice Codes","volume":"9215","author":"Qian Guo","year":"2015"},{"key":"ref122:KF15","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"43","DOI":"10.1007\/978-3-662-47989-6_3","article-title":"An Improved BKW Algorithm for LWE with Applications to\n  Cryptography and Lattices","volume":"9215","author":"Paul Kirchner","year":"2015"},{"key":"ref123:ACFFP15","doi-asserted-by":"publisher","first-page":"62","DOI":"10.1145\/2815111.2815158","article-title":"Algebraic algorithms for LWE problems","volume":"49","author":"Martin R. Albrecht","year":"2015","journal-title":"ACM Commun. Comput. Algebra"},{"key":"ref124:ACW19","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"467","DOI":"10.1007\/978-3-030-38471-5_19","article-title":"Exploring Trade-offs in Batch Bounded Distance Decoding","volume":"11959","author":"Martin R. Albrecht","year":"2019"},{"key":"ref125:EGMS23","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"72","DOI":"10.1007\/978-981-99-8730-6_3","article-title":"Memory-Efficient Attacks on Small LWE Keys","volume":"14441","author":"Andre Esser","year":"2023"},{"key":"ref126:ACDDPPVW18","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"351","DOI":"10.1007\/978-3-319-98113-0_19","article-title":"Estimate All the {LWE, NTRU} Schemes!","volume":"11035","author":"Martin R. Albrecht","year":"2018"},{"key":"ref127:AGPS20","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"583","DOI":"10.1007\/978-3-030-64834-3_20","article-title":"Estimating Quantum Speedups for Lattice Sieves","volume":"12492","author":"Martin R. Albrecht","year":"2020"},{"key":"ref128:JaqRat23","doi-asserted-by":"publisher","DOI":"10.48550\/arXiv.2305.10310","volume-title":"QRAM: A Survey and Critique","author":"Samuel Jaques","year":"2023"},{"key":"ref129:AlbShe22","doi-asserted-by":"publisher","DOI":"10.48550\/ARXIV.2205.13983","article-title":"Quantum Augmented Dual Attack","volume":"abs\/2205.13983","author":"Martin R. Albrecht","year":"2022","journal-title":"CoRR"},{"key":"ref130:ChaLoy21","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"63","DOI":"10.1007\/978-3-030-92068-5_3","article-title":"Lattice Sieving via Quantum Random Walks","volume":"13093","author":"Andr\u00e9 Chailloux","year":"2021"},{"key":"ref131:kyberspe64:online","volume-title":"CRYSTALS-Kyber, Algorithm Specifications And Supporting\n  Documentation (version 3.0)","author":"Roberto Avanzi","year":"2020"},{"key":"ref132:sealcrypto","volume-title":"Microsoft SEAL (release 4.1)","year":"2023"},{"key":"ref133:DBLP:journals\/joc\/GeelenV23","doi-asserted-by":"publisher","first-page":"12","DOI":"10.1007\/S00145-023-09454-6","article-title":"Bootstrapping for BGV and BFV Revisited","volume":"36","author":"Robin Geelen","year":"2023","journal-title":"J. Cryptol."},{"key":"ref134:DBLP:conf\/eurocrypt\/GeelenIKV23","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"257","DOI":"10.1007\/978-3-031-30620-4_9","article-title":"On Polynomial Functions Modulo p\\({}^{\\mbox{e}}\\) and Faster\n  Bootstrapping for Homomorphic Encryption","volume":"14006","author":"Robin Geelen","year":"2023"},{"key":"ref135:DBLP:journals\/cic\/Geelen24","doi-asserted-by":"publisher","first-page":"37","DOI":"10.62056\/A01ZOGY4E-","article-title":"Revisiting the Slot-to-Coefficient Transformation for BGV\n  and BFV","volume":"1","author":"Robin Geelen","year":"2024","journal-title":"IACR Commun. Cryptol."},{"key":"ref136:DBLP:conf\/ccs\/0002SS24","doi-asserted-by":"publisher","first-page":"2535","DOI":"10.1145\/3658644.3670302","article-title":"Simpler and Faster BFV Bootstrapping for Arbitrary\n  Plaintext Modulus from CKKS","author":"Jaehyung Kim","year":"2024"},{"key":"ref137:DBLP:journals\/tc\/KimDECLGY24","doi-asserted-by":"publisher","first-page":"86","DOI":"10.1109\/TC.2023.3318405","article-title":"General Bootstrapping Approach for RLWE-Based Homomorphic\n  Encryption","volume":"73","author":"Andrey Kim","year":"2024","journal-title":"IEEE Trans. Computers"},{"key":"ref138:10.1007\/978-981-96-0875-1_7","isbn-type":"print","doi-asserted-by":"publisher","first-page":"208","DOI":"10.1007\/978-981-96-0875-1_7","article-title":"Relaxed Functional Bootstrapping: A New Perspective on\n  BGV\/BFV Bootstrapping","author":"Zeyu Liu","year":"2025","ISBN":"https:\/\/id.crossref.org\/isbn\/9789819608751"},{"key":"ref139:KPZ21","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"608","DOI":"10.1007\/978-3-030-92078-4_21","article-title":"Revisiting Homomorphic Encryption Schemes for Finite\n  Fields","volume":"13092","author":"Andrey Kim","year":"2021"},{"key":"ref140:WAHC:MicPol20","doi-asserted-by":"publisher","first-page":"17","DOI":"10.1145\/3474366.3486924","article-title":"Bootstrapping in FHEW-like Cryptosystems","author":"Daniele Micciancio","year":"2021"},{"key":"ref141:lattigo","volume-title":"Lattigo v5","author":"Tune Insight EPFL-LDS","year":"2023"},{"key":"ref142:BCCKK22","doi-asserted-by":"publisher","first-page":"223","DOI":"10.1145\/3548606.3560696","article-title":"META-BTS: Bootstrapping Precision Beyond the Limit","author":"Youngjin Bae","year":"2022"},{"key":"ref143:TFHE-rs","volume-title":"TFHE-rs: A Pure Rust Implementation of the TFHE Scheme for\n  Boolean and Integer Arithmetics Over Encrypted Data","author":"Zama","year":"2022"},{"key":"ref144:Concrete","volume-title":"Concrete: TFHE Compiler that converts python programs into\n  FHE equivalent","author":"Zama","year":"2022"},{"key":"ref145:Viand_2021","doi-asserted-by":"publisher","first-page":"1092","DOI":"10.1109\/SP40001.2021.00068","article-title":"SoK: Fully Homomorphic Encryption Compilers","author":"Alexander Viand","year":"2021"}],"container-title":["IACR Communications in Cryptology"],"original-title":[],"language":"en","deposited":{"date-parts":[[2025,1,13]],"date-time":"2025-01-13T17:12:06Z","timestamp":1736788326000},"score":1,"resource":{"primary":{"URL":"https:\/\/cic.iacr.org\/p\/1\/4\/26"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2025,1,13]]},"references-count":145,"journal-issue":{"issue":"4","published-online":{"date-parts":[[2025,1,13]]}},"URL":"https:\/\/doi.org\/10.62056\/anxra69p1","archive":["Internet Archive","Internet Archive"],"relation":{},"ISSN":["3006-5496"],"issn-type":[{"value":"3006-5496","type":"electronic"}],"subject":[],"published":{"date-parts":[[2025,1,13]]},"assertion":[{"value":"2024-10-08","order":0,"name":"received","label":"Received","group":{"name":"publication_history","label":"Publication History"}},{"value":"2024-12-03","order":1,"name":"accepted","label":"Accepted","group":{"name":"publication_history","label":"Publication History"}}],"article-number":"cc1-4-51"}}