{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,11,13]],"date-time":"2025-11-13T18:42:35Z","timestamp":1763059355791,"version":"3.41.2"},"reference-count":77,"publisher":"International Association for Cryptologic Research","issue":"1","license":[{"start":{"date-parts":[[2025,1,10]],"date-time":"2025-01-10T00:00:00Z","timestamp":1736467200000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0\/"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["IACR CiC"],"accepted":{"date-parts":[[2025,3,11]]},"abstract":"<jats:p>The Learning with Errors problem (LWE) and its variants are among the most popular assumptions underlying lattice-based cryptography. The Learning with Rounding problem (LWR) can be thought of as a deterministic variant of LWE. In this work, we present a thorough study of Somewhat Homomorphic Encryption schemes based on Ring-LWR that are the analogue of the Ring-LWE-based BFV scheme. Our main contribution is to present two new schemes, in the LPR and Regev paradigms, and give a thorough analysis of their security (provable and concrete). The technical tools we developed in the process may be of independent interest to the community. Our schemes inherit the many benefits of being based on LWR, including avoiding the need for expensive Gaussian sampling and improved ciphertext size. Indeed, we give a detailed comparison showing that our schemes marginally outperform the BFV scheme in terms of ciphertext size. Moreover, we show that both our schemes support RNS variants. Our Regev-type scheme can be seen as an improved generalisation of the only prior work in this direction (Costache-Smart, 2017). In particular, our scheme resolves the tangled modulus issue in the Costache-Smart proposal that led to unmanageable noise growth, and achieves a factor n improvement in the size of the public key. <\/jats:p>","DOI":"10.62056\/av7tudy6b","type":"journal-article","created":{"date-parts":[[2025,4,8]],"date-time":"2025-04-08T21:23:17Z","timestamp":1744147397000},"update-policy":"https:\/\/doi.org\/10.62056\/adfjwm02dj","source":"Crossref","is-referenced-by-count":2,"title":["Designs for practical SHE schemes based on Ring-LWR"],"prefix":"10.62056","volume":"2","author":[{"given":"Madalina","family":"Bolboceanu","sequence":"first","affiliation":[{"name":"IBM Research","place":["Switzerland"]},{"name":"University of Potsdam","place":["Germany"]}]},{"given":"Anamaria","family":"Costache","sequence":"additional","affiliation":[{"name":"NTNU","place":["Norway"]}]},{"given":"Erin","family":"Hales","sequence":"additional","affiliation":[{"name":"Royal Holloway, University of London","place":["UK"]}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-7292-4702","authenticated-orcid":false,"given":"Rachel","family":"Player","sequence":"additional","affiliation":[{"name":"Royal Holloway, University of London","place":["UK"]}]},{"given":"Miruna","family":"Rosca","sequence":"additional","affiliation":[{"name":"Pi Squared Inc.","place":["USA"]}]},{"given":"Radu","family":"Titiu","sequence":"additional","affiliation":[{"name":"Bitdefender","place":["Romania"]}]}],"member":"48349","published-online":{"date-parts":[[2025,4,8]]},"reference":[{"key":"ref1:STOC:Gentry09","doi-asserted-by":"publisher","first-page":"169","DOI":"10.1145\/1536414.1536440","article-title":"Fully homomorphic encryption using ideal lattices","author":"Craig Gentry","year":"2009"},{"key":"ref2:ITCS:BraGenVai12","doi-asserted-by":"publisher","first-page":"309","DOI":"10.1145\/2090236.2090262","article-title":"(Leveled) fully homomorphic encryption without\n  bootstrapping","author":"Zvika Brakerski","year":"2012"},{"key":"ref3:FOCS:BraVai11","doi-asserted-by":"publisher","first-page":"97","DOI":"10.1109\/FOCS.2011.12","article-title":"Efficient Fully Homomorphic Encryption from (Standard)\n  LWE","author":"Zvika Brakerski","year":"2011"},{"key":"ref4:C:BraVai11","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"505","DOI":"10.1007\/978-3-642-22792-9_29","article-title":"Fully Homomorphic Encryption from Ring-LWE and Security for\n  Key Dependent Messages","volume":"6841","author":"Zvika Brakerski","year":"2011"},{"key":"ref5:C:Brakerski12","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"868","DOI":"10.1007\/978-3-642-32009-5_50","article-title":"Fully Homomorphic Encryption without Modulus Switching from\n  Classical GapSVP","volume":"7417","author":"Zvika Brakerski","year":"2012"},{"key":"ref6:EPRINT:FanVer12","first-page":"144","article-title":"Somewhat Practical Fully Homomorphic Encryption","author":"Junfeng Fan","year":"2012","journal-title":"IACR Cryptol. ePrint Arch."},{"key":"ref7:PKC:GenHalSma12","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1007\/978-3-642-30057-8_1","article-title":"Better Bootstrapping in Fully Homomorphic Encryption","volume":"7293","author":"Craig Gentry","year":"2012"},{"key":"ref8:EC:GenHalSma12","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"465","DOI":"10.1007\/978-3-642-29011-4_28","article-title":"Fully Homomorphic Encryption with Polylog Overhead","volume":"7237","author":"Craig Gentry","year":"2012"},{"key":"ref9:C:GenHalSma12","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"850","DOI":"10.1007\/978-3-642-32009-5_49","article-title":"Homomorphic Evaluation of the AES Circuit","volume":"7417","author":"Craig Gentry","year":"2012"},{"volume-title":"Homomorphic Encryption Security Standard","year":"2018","author":"M. Albrecht","key":"ref10:HomomorphicEncryptionSecurityStandard"},{"volume-title":"HElib","year":"2019","key":"ref11:helib"},{"volume-title":"PALISADE v1.0","year":"2017","key":"ref12:palisade"},{"volume-title":"Microsoft SEAL (release 4.1)","year":"2023","key":"ref13:sealcrypto"},{"key":"ref14:C:GenSahWat13","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"75","DOI":"10.1007\/978-3-642-40041-4_5","article-title":"Homomorphic Encryption from Learning with Errors:\n  Conceptually-Simpler, Asymptotically-Faster, Attribute-Based","volume":"8042","author":"Craig Gentry","year":"2013"},{"key":"ref15:AC:CGGI16","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"3","DOI":"10.1007\/978-3-662-53887-6_1","article-title":"Faster Fully Homomorphic Encryption: Bootstrapping in Less\n  Than 0.1 Seconds","volume":"10031","author":"Ilaria Chillotti","year":"2016"},{"key":"ref16:EC:DucMic15","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"617","DOI":"10.1007\/978-3-662-46800-5_24","article-title":"FHEW: Bootstrapping Homomorphic Encryption in Less Than a\n  Second","volume":"9056","author":"L\u00e9o Ducas","year":"2015"},{"key":"ref17:AC:CKKS17","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"409","DOI":"10.1007\/978-3-319-70694-8_15","article-title":"Homomorphic Encryption for Arithmetic of Approximate\n  Numbers","volume":"10624","author":"Jung Hee Cheon","year":"2017"},{"key":"ref18:STOC:Regev05","doi-asserted-by":"publisher","first-page":"84","DOI":"10.1145\/1060590.1060603","article-title":"On lattices, learning with errors, random linear codes, and\n  cryptography","author":"Oded Regev","year":"2005"},{"key":"ref19:EC:LyuPeiReg10","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1007\/978-3-642-13190-5_1","article-title":"On Ideal Lattices and Learning with Errors over Rings","volume":"6110","author":"Vadim Lyubashevsky","year":"2010"},{"key":"ref20:AC:SSTX09","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"617","DOI":"10.1007\/978-3-642-10366-7_36","article-title":"Efficient Public Key Encryption Based on Ideal Lattices","volume":"5912","author":"Damien Stehl\u00e9","year":"2009"},{"key":"ref21:EC:BanPeiRos12","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"719","DOI":"10.1007\/978-3-642-29011-4_42","article-title":"Pseudorandom Functions and Lattices","volume":"7237","author":"Abhishek Banerjee","year":"2012"},{"key":"ref22:EPRINT:CosSma17","first-page":"163","article-title":"Homomorphic Encryption without Gaussian Noise","author":"Anamaria Costache","year":"2017","journal-title":"IACR Cryptol. ePrint Arch."},{"key":"ref23:SCN:LWWLC18","doi-asserted-by":"publisher","DOI":"10.1155\/2018\/5967635","article-title":"LWR-Based Fully Homomorphic Encryption, Revisited","volume":"2018","author":"Fucai Luo","year":"2018","journal-title":"Secur. Commun. Networks"},{"key":"ref24:IET:LWWC19","doi-asserted-by":"publisher","first-page":"639","DOI":"10.1049\/IET-IFS.2018.5427","article-title":"Fully homomorphic encryption based on the ring learning with\n  rounding problem","volume":"13","author":"Fucai Luo","year":"2019","journal-title":"IET Inf. Secur."},{"key":"ref25:CHES:MKKV21","doi-asserted-by":"publisher","first-page":"474","DOI":"10.46586\/tches.v2021.i4.474-509","article-title":"Scabbard: a suite of efficient learning with rounding\n  key-encapsulation mechanisms","volume":"2021","author":"Jose Maria Bermudo Mera","year":"2021","journal-title":"IACR Trans. Cryptogr. Hardw. Embed. Syst."},{"key":"ref26:ACM:KNKGBV24","doi-asserted-by":"publisher","DOI":"10.1145\/3696208","article-title":"Scabbard: An Exploratory Study on Hardware Aware Design\n  Choices of Learning with Rounding-based Key Encapsulation Mechanisms","volume":"24","author":"Suparna Kundu","year":"2025","journal-title":"ACM Trans. Embed. Comput. Syst."},{"key":"ref27:SCN:CKLS18","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"160","DOI":"10.1007\/978-3-319-98113-0_9","article-title":"Lizard: Cut Off the Tail! A Practical Post-quantum\n  Public-Key Encryption from LWE and LWR","volume":"11035","author":"Jung Hee Cheon","year":"2018"},{"volume-title":"Round5: KEM and PKE based on (Ring) Learning with\n  Rounding","year":"2020","author":"Hayo Baan","key":"ref28:Round5"},{"key":"ref29:AFRICACRYPT:DKRV18","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"282","DOI":"10.1007\/978-3-319-89339-6_16","article-title":"Saber: Module-LWR Based Key Exchange, CPA-Secure Encryption\n  and CCA-Secure KEM","volume":"10831","author":"Jan-Pieter D'Anvers","year":"2018"},{"key":"ref30:MICRO:SFKDDPS21","doi-asserted-by":"publisher","first-page":"238","DOI":"10.1145\/3466752.3480070","article-title":"F1: A Fast and Programmable Accelerator for Fully\n  Homomorphic Encryption","author":"Nikola Samardzic","year":"2021"},{"key":"ref31:ISCA:KKKJKRA22","doi-asserted-by":"publisher","first-page":"711","DOI":"10.1145\/3470496.3527415","article-title":"BTS: an accelerator for bootstrappable fully homomorphic\n  encryption","author":"Sangpyo Kim","year":"2022"},{"key":"ref32:CHES:MAKSYLR23","doi-asserted-by":"publisher","first-page":"463","DOI":"10.46586\/tches.v2023.i1.463-500","article-title":"Medha: Microcoded Hardware Accelerator for computing on\n  Encrypted Data","volume":"2023","author":"Ahmet Can Mert","year":"2023","journal-title":"IACR Trans. Cryptogr. Hardw. Embed. Syst."},{"key":"ref33:TCHES:GBLHMSWDVV23","doi-asserted-by":"publisher","first-page":"32","DOI":"10.46586\/TCHES.V2023.I4.32-57","article-title":"BASALISC: Programmable Hardware Accelerator for BGV\n  Fully Homomorphic Encryption","volume":"2023","author":"Robin Geelen","year":"2023","journal-title":"IACR Trans. Cryptogr. Hardw. Embed. Syst."},{"key":"ref34:DDECS:BBTV23","doi-asserted-by":"publisher","first-page":"57","DOI":"10.1109\/DDECS57882.2023.10139347","article-title":"Hardware Acceleration of FHEW","author":"Jonas Bertels","year":"2023"},{"key":"ref35:EPRINT:PBTBV24","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1109\/ARITH61463.2024.00011","volume-title":"31st IEEE Symposium on Computer Arithmetic, ARITH 2024,\n  Malaga, Spain, June 10-12, 2024","author":"David Du Pont","year":"2024"},{"key":"ref36:EPRINT:BGRT17","first-page":"709","article-title":"spKEX: An optimized lattice-based key exchange","author":"Sauvik Bhattacharya","year":"2017","journal-title":"IACR Cryptol. ePrint Arch."},{"key":"ref37:TCC:GenHal19","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"438","DOI":"10.1007\/978-3-030-36033-7_17","article-title":"Compressible FHE with Applications to PIR","volume":"11892","author":"Craig Gentry","year":"2019"},{"key":"ref38:CCS:CheLaiRin17","doi-asserted-by":"publisher","first-page":"1243","DOI":"10.1145\/3133956.3134061","article-title":"Fast Private Set Intersection from Homomorphic Encryption","author":"Hao Chen","year":"2017"},{"key":"ref39:SAC:RoyVerVer13","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"383","DOI":"10.1007\/978-3-662-43414-7_19","article-title":"High Precision Discrete Gaussian Sampling on FPGAs","volume":"8282","author":"Sujoy Sinha Roy","year":"2013"},{"key":"ref40:CHES:BHLY16","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"323","DOI":"10.1007\/978-3-662-53140-2_16","article-title":"Flush, Gauss, and Reload - A Cache Attack on the BLISS\n  Lattice-Based Signature Scheme","volume":"9813","author":"Leon Groot Bruinderink","year":"2016"},{"key":"ref41:AppSc:KimHon18","doi-asserted-by":"publisher","DOI":"10.3390\/app8101809","article-title":"Single Trace Analysis on Constant Time CDT Sampler and Its\n  Countermeasure","volume":"1809","author":"Suhri Kim","year":"2018","journal-title":"Appl. Sci."},{"key":"ref42:EC:ZLYW23","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"565","DOI":"10.1007\/978-3-031-30634-1_19","article-title":"Improved Power Analysis Attacks on Falcon","volume":"14007","author":"Shiduo Zhang","year":"2023"},{"key":"ref43:RSA:HalPolSho19","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"83","DOI":"10.1007\/978-3-030-12612-4_5","article-title":"An Improved RNS Variant of the BFV Homomorphic\n  Encryption Scheme","volume":"11405","author":"Shai Halevi","year":"2019"},{"key":"ref44:EC:DodReySmi04","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"523","DOI":"10.1007\/978-3-540-24676-3_31","article-title":"Fuzzy Extractors: How to Generate Strong Keys from\n  Biometrics and Other Noisy Data","volume":"3027","author":"Yevgeniy Dodis","year":"2004"},{"key":"ref45:SCN:BDLOP18","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"368","DOI":"10.1007\/978-3-319-98113-0_20","article-title":"More Efficient Commitments from Structured Lattice\n  Assumptions","volume":"11035","author":"Carsten Baum","year":"2018"},{"key":"ref46:EC:LyuSei18","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"204","DOI":"10.1007\/978-3-319-78381-9_8","article-title":"Short, Invertible Elements in Partially Splitting Cyclotomic\n  Rings and Applications to Lattice-Based Zero-Knowledge Proofs","volume":"10820","author":"Vadim Lyubashevsky","year":"2018"},{"key":"ref47:SAC:BEHZ16","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"423","DOI":"10.1007\/978-3-319-69453-5_23","article-title":"A Full RNS Variant of FV Like Somewhat Homomorphic\n  Encryption Schemes","volume":"10532","author":"Jean-Claude Bajard","year":"2016"},{"key":"ref48:AC:KimPolZuc21","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"608","DOI":"10.1007\/978-3-030-92078-4_21","article-title":"Revisiting Homomorphic Encryption Schemes for Finite\n  Fields","volume":"13092","author":"Andrey Kim","year":"2021"},{"key":"ref49:ESORICS:CosLaiPla20","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"546","DOI":"10.1007\/978-3-030-59013-0_27","article-title":"Evaluating the Effectiveness of Heuristic Worst-Case Noise\n  Analysis in FHE","volume":"12309","author":"Anamaria Costache","year":"2020"},{"key":"ref50:RSA:CosSma16","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"325","DOI":"10.1007\/978-3-319-29485-8_19","article-title":"Which Ring Based Somewhat Homomorphic Encryption Scheme is\n  Best?","volume":"9610","author":"Ana Costache","year":"2016"},{"key":"ref51:STOC:GenPeiVai08","doi-asserted-by":"publisher","first-page":"197","DOI":"10.1145\/1374376.1374407","article-title":"Trapdoors for hard lattices and new cryptographic\n  constructions","author":"Craig Gentry","year":"2008"},{"key":"ref52:EC:CheHan18","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"315","DOI":"10.1007\/978-3-319-78381-9_12","article-title":"Homomorphic Lower Digits Removal and Improved FHE\n  Bootstrapping","volume":"10820","author":"Hao Chen","year":"2018"},{"key":"ref53:JoC:HalSho21","doi-asserted-by":"publisher","first-page":"7","DOI":"10.1007\/s00145-020-09368-7","article-title":"Bootstrapping for HElib","volume":"34","author":"Shai Halevi","year":"2021","journal-title":"J. Cryptol."},{"key":"ref54:JoC:GeeVer23","doi-asserted-by":"publisher","first-page":"12","DOI":"10.1007\/s00145-023-09454-6","article-title":"Bootstrapping for BGV and BFV Revisited","volume":"36","author":"Robin Geelen","year":"2023","journal-title":"J. Cryptol."},{"key":"ref55:EC:GIKV23","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"257","DOI":"10.1007\/978-3-031-30620-4_9","article-title":"On Polynomial Functions Modulo p\\({}^{\\mbox{e}}\\) and Faster\n  Bootstrapping for Homomorphic Encryption","volume":"14006","author":"Robin Geelen","year":"2023"},{"key":"ref56:AC:OkaPlaPoh23","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"69","DOI":"10.1007\/978-981-99-8736-8_3","article-title":"Homomorphic Polynomial Evaluation Using Galois Structure and\n  Applications to BFV Bootstrapping","volume":"14443","author":"Hiroki Okada","year":"2023"},{"key":"ref57:CiC-1-4-26","doi-asserted-by":"publisher","first-page":"26","DOI":"10.62056\/ANXRA69P1","article-title":"Security Guidelines for Implementing Homomorphic\n  Encryption","volume":"1","author":"Jean-Philippe Bossuat","year":"2024","journal-title":"IACR Commun. Cryptol."},{"volume-title":"Optimisations of fully homomorphic encryption","year":"2019","author":"I. Iliashenko","key":"ref58:PhD:Iliashenko19"},{"key":"ref59:EC:LyuPeiReg13","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"35","DOI":"10.1007\/978-3-642-38348-9_3","article-title":"A Toolkit for Ring-LWE Cryptography","volume":"7881","author":"Vadim Lyubashevsky","year":"2013"},{"key":"ref60:C:DPSZ12","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"643","DOI":"10.1007\/978-3-642-32009-5_38","article-title":"Multiparty Computation from Somewhat Homomorphic\n  Encryption","volume":"7417","author":"Ivan Damg\u00e5rd","year":"2012"},{"volume-title":"Parameter selection in lattice-based cryptography","year":"2018","author":"R. Player","key":"ref61:PhD:Player18"},{"key":"ref62:FOCS:Micciancio02","doi-asserted-by":"publisher","first-page":"356","DOI":"10.1109\/SFCS.2002.1181960","article-title":"Generalized Compact Knapsacks, Cyclic Lattices, and\n  Efficient One-Way Functions from Worst-Case Complexity Assumptions","author":"Daniele Micciancio","year":"2002"},{"key":"ref63:C:MicMol11","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"465","DOI":"10.1007\/978-3-642-22792-9_26","article-title":"Pseudorandom Knapsacks and the Sample Complexity of LWE\n  Search-to-Decision Reductions","volume":"6841","author":"Daniele Micciancio","year":"2011"},{"key":"ref64:JMC:AlbPlaSco15","doi-asserted-by":"crossref","first-page":"169","DOI":"10.1515\/jmc-2015-0016","article-title":"On the concrete hardness of Learning with Errors","volume":"9","author":"M. R. Albrecht","year":"2015","journal-title":"J. Mathematical Cryptology"},{"key":"ref65:SCN:ACDDPP18","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"351","DOI":"10.1007\/978-3-319-98113-0_19","article-title":"Estimate All the {LWE, NTRU} Schemes!","volume":"11035","author":"Martin R. Albrecht","year":"2018"},{"key":"ref66:WAHC:CurPla19","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1145\/3338469.3358940","article-title":"On the Feasibility and Impact of Standardising Sparse-secret\n  LWE Parameter Sets for Homomorphic Encryption","author":"Benjamin R. Curtis","year":"2019"},{"key":"ref67:AC:BBSS20","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"633","DOI":"10.1007\/978-3-030-64834-3_22","article-title":"Improved Classical and Quantum Algorithms for Subset-Sum","volume":"12492","author":"Xavier Bonnetain","year":"2020"},{"key":"ref68:C:May21","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"701","DOI":"10.1007\/978-3-030-84245-1_24","article-title":"How to Meet Ternary LWE Keys","volume":"12826","author":"Alexander May","year":"2021"},{"key":"ref69:EPRINT:GlaMay22","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"75","DOI":"10.1007\/978-981-99-7563-1_4","article-title":"How to Enumerate LWE Keys as Narrow as in\n  Kyber\/Dilithium","volume":"14342","author":"Timo Glaser","year":"2023"},{"volume-title":"Personal communication","year":"2023","author":"Yixin Shen","key":"ref70:Shen23"},{"key":"ref71:AC:Lyubashevsky16","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"196","DOI":"10.1007\/978-3-662-53890-6_7","article-title":"Digital Signatures Based on the Hardness of Ideal Lattice\n  Problems in All Rings","volume":"10032","author":"Vadim Lyubashevsky","year":"2016"},{"key":"ref72:JoC:BGLS19","doi-asserted-by":"publisher","first-page":"35","DOI":"10.1007\/s00145-018-9304-1","article-title":"Improved Combinatorial Algorithms for the Inhomogeneous\n  Short Integer Solution Problem","volume":"32","author":"Shi Bai","year":"2019","journal-title":"J. Cryptol."},{"key":"ref73:DCC:BouSakSte22","doi-asserted-by":"publisher","first-page":"1899","DOI":"10.1007\/s10623-022-01083-7","article-title":"Vandermonde meets Regev: public key encryption schemes based\n  on partial Vandermonde problems","volume":"90","author":"Katharina Boudgoust","year":"2022","journal-title":"Des. Codes Cryptogr."},{"key":"ref74:IEEE:Regev10","doi-asserted-by":"publisher","first-page":"191","DOI":"10.1109\/CCC.2010.26","article-title":"The Learning with Errors Problem (Invited Survey)","author":"Oded Regev","year":"2010"},{"key":"ref75:EUROSP:BDKLLSSSS18","doi-asserted-by":"publisher","first-page":"353","DOI":"10.1109\/EUROSP.2018.00032","article-title":"CRYSTALS - Kyber: A CCA-Secure Module-Lattice-Based\n  KEM","author":"Joppe W. Bos","year":"2018"},{"key":"ref76:CHES:DKLLSSS18","doi-asserted-by":"publisher","first-page":"238","DOI":"10.13154\/TCHES.V2018.I1.238-268","article-title":"CRYSTALS-Dilithium: A Lattice-Based Digital Signature\n  Scheme","volume":"2018","author":"L\u00e9o Ducas","year":"2018","journal-title":"IACR Trans. Cryptogr. Hardw. Embed. Syst."},{"key":"ref77:EPRINT:BCHPRT24","first-page":"960","article-title":"Designs for practical SHE schemes based on Ring-LWR","author":"Madalina Bolboceanu","year":"2024","journal-title":"IACR Cryptol. ePrint Arch."}],"container-title":["IACR Communications in Cryptology"],"original-title":[],"language":"en","deposited":{"date-parts":[[2025,4,8]],"date-time":"2025-04-08T21:24:32Z","timestamp":1744147472000},"score":1,"resource":{"primary":{"URL":"https:\/\/cic.iacr.org\/p\/2\/1\/21"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2025,4,8]]},"references-count":77,"journal-issue":{"issue":"1","published-online":{"date-parts":[[2025,4,8]]}},"URL":"https:\/\/doi.org\/10.62056\/av7tudy6b","archive":["Internet Archive","Internet Archive"],"relation":{},"ISSN":["3006-5496"],"issn-type":[{"type":"electronic","value":"3006-5496"}],"subject":[],"published":{"date-parts":[[2025,4,8]]},"assertion":[{"value":"2025-01-10","order":0,"name":"received","label":"Received","group":{"name":"publication_history","label":"Publication History"}},{"value":"2025-03-11","order":1,"name":"accepted","label":"Accepted","group":{"name":"publication_history","label":"Publication History"}}],"article-number":"cc2-1-28"}}