Memory-Efficient Attacks on Small LWE Keys

Combinatorial attacks on small max norm LWE keys suffer enormous memory requirements, which render them inefficient in realistic attack scenarios. Therefore, more memory-efficient substitutes for these algorithms are needed. In this work, we provide new combinatorial algorithms for recovering small...

Celý popis

Uložené v:

Podrobná bibliografia
Vydané v:	Journal of cryptology Ročník 37; číslo 4; s. 36
Hlavní autori:	Esser, Andre, Mukherjee, Arindam, Sarkar, Santanu
Médium:	Journal Article
Jazyk:	English
Vydavateľské údaje:	New York Springer US 01.10.2024 Springer Nature B.V
Predmet:	Algorithms Binomial distribution Coding and Information Theory Combinatorial analysis Combinatorics Communications Engineering Computational Mathematics and Numerical Analysis Computer Science Networks Polynomials Probability Theory and Stochastic Processes Research Article Nested collision search Time-memory trade-off Representation technique Polynomial memory Combinatorial attacks Learning with errors
ISSN:	0933-2790, 1432-1378
On-line prístup:	Získať plný text
Tagy:	Pridať tag Žiadne tagy, Buďte prvý, kto otaguje tento záznam!

Abstract	Combinatorial attacks on small max norm LWE keys suffer enormous memory requirements, which render them inefficient in realistic attack scenarios. Therefore, more memory-efficient substitutes for these algorithms are needed. In this work, we provide new combinatorial algorithms for recovering small max norm LWE secrets outperforming previous approaches whenever the available memory is limited. We provide analyses of our algorithms for secret key distributions of current NTRU, Kyber and Dilithium variants, showing that our new approach outperforms previous memory-efficient algorithms. For instance, considering uniformly random ternary secrets of length n we improve the best known time complexity for polynomial memory algorithms from 2 1.063 n down-to 2 0.926 n . We obtain even larger gains for LWE secrets in { - m , … , m } n with m = 2 , 3 as found in Kyber and Dilithium. For example, for uniformly random keys in { - 2 , … , 2 } n as is the case for Dilithium we improve the previously best time under polynomial memory restriction from 2 1.742 n down-to 2 1.282 n . Eventually, we provide novel time-memory trade-offs continuously interpolating between our polynomial memory algorithms and the best algorithms in the unlimited memory case (May, in: Malkin, Peikert (eds) CRYPTO 2021, Part II, Springer, Heidelberg 2021. https://doi.org/10.1007/978-3-030-84245-1_24 ).
AbstractList	Combinatorial attacks on small max norm LWE keys suffer enormous memory requirements, which render them inefficient in realistic attack scenarios. Therefore, more memory-efficient substitutes for these algorithms are needed. In this work, we provide new combinatorial algorithms for recovering small max norm LWE secrets outperforming previous approaches whenever the available memory is limited. We provide analyses of our algorithms for secret key distributions of current NTRU, Kyber and Dilithium variants, showing that our new approach outperforms previous memory-efficient algorithms. For instance, considering uniformly random ternary secrets of length n we improve the best known time complexity for polynomial memory algorithms from 21.063n down-to 20.926n. We obtain even larger gains for LWE secrets in {-m,…,m}n with m=2,3 as found in Kyber and Dilithium. For example, for uniformly random keys in {-2,…,2}n as is the case for Dilithium we improve the previously best time under polynomial memory restriction from 21.742n down-to 21.282n. Eventually, we provide novel time-memory trade-offs continuously interpolating between our polynomial memory algorithms and the best algorithms in the unlimited memory case (May, in: Malkin, Peikert (eds) CRYPTO 2021, Part II, Springer, Heidelberg 2021. https://doi.org/10.1007/978-3-030-84245-1_24). Combinatorial attacks on small max norm LWE keys suffer enormous memory requirements, which render them inefficient in realistic attack scenarios. Therefore, more memory-efficient substitutes for these algorithms are needed. In this work, we provide new combinatorial algorithms for recovering small max norm LWE secrets outperforming previous approaches whenever the available memory is limited. We provide analyses of our algorithms for secret key distributions of current NTRU, Kyber and Dilithium variants, showing that our new approach outperforms previous memory-efficient algorithms. For instance, considering uniformly random ternary secrets of length n we improve the best known time complexity for polynomial memory algorithms from 2 1.063 n down-to 2 0.926 n . We obtain even larger gains for LWE secrets in { - m , … , m } n with m = 2 , 3 as found in Kyber and Dilithium. For example, for uniformly random keys in { - 2 , … , 2 } n as is the case for Dilithium we improve the previously best time under polynomial memory restriction from 2 1.742 n down-to 2 1.282 n . Eventually, we provide novel time-memory trade-offs continuously interpolating between our polynomial memory algorithms and the best algorithms in the unlimited memory case (May, in: Malkin, Peikert (eds) CRYPTO 2021, Part II, Springer, Heidelberg 2021. https://doi.org/10.1007/978-3-030-84245-1_24 ).
ArticleNumber	36
Author	Mukherjee, Arindam Esser, Andre Sarkar, Santanu
Author_xml	– sequence: 1 givenname: Andre orcidid: 0000-0001-5806-3600 surname: Esser fullname: Esser, Andre organization: Technology Innovation Institute – sequence: 2 givenname: Arindam orcidid: 0000-0001-5505-6536 surname: Mukherjee fullname: Mukherjee, Arindam email: arindamaths@gmail.com organization: Department of Mathematics, Indian Institute of Technology Madras – sequence: 3 givenname: Santanu orcidid: 0000-0001-6821-920X surname: Sarkar fullname: Sarkar, Santanu organization: Department of Mathematics, Indian Institute of Technology Madras
BookMark	eNp9kMFKAzEQhoNUsK2-gKcFb0J0JpNNusdSahUrHlQ8hjRNpLXdrcn20Lc3dQVvnmZgvv8f-AasVze1Z-wS4QYB9G0CQFlyEJJDVaLidML6KElwJD3qsT5URFzoCs7YIKV1xnWpqc-un_y2iQc-DWHlVr5ui3HbWveZiqYuXrZ2synm79Pi0R_SOTsNdpP8xe8csre76evkns-fZw-T8Zw7oaHlVpFSjtC7pcSFEEtQeQcMKlQhyAqDFPkG1pL2CwzOa6qCVuUoAKpRSUN21fXuYvO196k162Yf6_zSkCil1IjqSImOcrFJKfpgdnG1tfFgEMzRiemcmOzE_DgxlEPUhVKG6w8f_6r_SX0Dukpjyg
Cites_doi	10.1007/978-981-99-8730-6_3 10.1007/PL00003816 10.1007/978-3-031-22301-3_9 10.1145/1060590.1060603 10.1007/978-3-319-79063-3_6 10.1007/978-3-030-10970-7_15 10.1112/S1461157016000206 10.1007/978-3-030-38471-5_18 10.1145/1536414.1536440 10.1007/978-3-642-20465-4_21 10.1007/978-981-99-7563-1_4 10.1007/978-3-030-64834-3_22 10.1007/978-3-642-32009-5_42 10.1007/978-3-642-13190-5_12 10.1007/978-3-030-56880-1_7 10.1109/EuroSP.2018.00032 10.1007/978-3-030-45727-3_4 10.1007/978-3-662-53018-4_6 10.1007/978-3-662-53008-5_7 10.1007/978-3-642-13190-5_1 10.1504/IJACT.2012.045590 10.1007/978-3-031-30589-4_13 10.1007/978-3-642-25385-0_6 10.1007/BFb0054868 10.1007/978-3-540-74143-5_9 10.1007/978-3-031-41326-1_7 10.1007/978-3-642-40041-4_3 10.1007/978-3-030-77886-6_9 10.1007/978-3-319-66787-4_12 10.1007/978-3-031-22912-1_13 10.1007/978-3-031-07082-2_16 10.1007/978-3-030-35199-1_9 10.1007/978-3-030-84245-1_24 10.1007/978-3-642-29011-4_31 10.1007/978-3-642-33027-8_31 10.1109/TIT.1962.1057777 10.1007/978-3-319-72565-9_12 10.1007/978-3-642-29011-4_43 10.1145/1536414.1536461 10.1007/978-3-642-10366-7_36 10.1007/978-3-642-13190-5_13
ContentType	Journal Article
Copyright	International Association for Cryptologic Research 2024. Springer Nature or its licensor (e.g. a society or other partner) holds exclusive rights to this article under a publishing agreement with the author(s) or other rightsholder(s); author self-archiving of the accepted manuscript version of this article is solely governed by the terms of such publishing agreement and applicable law. International Association for Cryptologic Research 2024.
Copyright_xml	– notice: International Association for Cryptologic Research 2024. Springer Nature or its licensor (e.g. a society or other partner) holds exclusive rights to this article under a publishing agreement with the author(s) or other rightsholder(s); author self-archiving of the accepted manuscript version of this article is solely governed by the terms of such publishing agreement and applicable law. – notice: International Association for Cryptologic Research 2024.
DBID	AAYXX CITATION 8FE 8FG ABJCF AFKRA ARAPS AZQEC BENPR BGLVJ CCPQU DWQXO GNUQQ HCIFZ JQ2 K7- L6V M7S P62 PHGZM PHGZT PKEHL PQEST PQGLB PQQKQ PQUKI PRINS PTHSS
DOI	10.1007/s00145-024-09516-3
DatabaseName	CrossRef ProQuest SciTech Collection ProQuest Technology Collection Materials Science & Engineering Collection ProQuest Central UK/Ireland Advanced Technologies & Computer Science Collection ProQuest Central Essentials - QC ProQuest Central ProQuest Technology Collection ProQuest One ProQuest Central Korea ProQuest Central Student SciTech Premium Collection ProQuest Computer Science Collection Computer Science Database ProQuest Engineering Collection Engineering Database ProQuest Advanced Technologies & Aerospace Collection Proquest Central Premium ProQuest One Academic (New) ProQuest One Academic Middle East (New) ProQuest One Academic Eastern Edition (DO NOT USE) ProQuest One Applied & Life Sciences ProQuest One Academic (retired) ProQuest One Academic UKI Edition ProQuest Central China Engineering Collection
DatabaseTitle	CrossRef Computer Science Database ProQuest Central Student Technology Collection ProQuest One Academic Middle East (New) ProQuest Advanced Technologies & Aerospace Collection ProQuest Central Essentials ProQuest Computer Science Collection SciTech Premium Collection ProQuest One Community College ProQuest Central China ProQuest Central ProQuest One Applied & Life Sciences ProQuest Engineering Collection ProQuest Central Korea ProQuest Central (New) Engineering Collection Advanced Technologies & Aerospace Collection Engineering Database ProQuest One Academic Eastern Edition ProQuest Technology Collection ProQuest SciTech Collection ProQuest One Academic UKI Edition Materials Science & Engineering Collection ProQuest One Academic ProQuest One Academic (New)
DatabaseTitleList	Computer Science Database
Database_xml	– sequence: 1 dbid: BENPR name: ProQuest Central url: https://www.proquest.com/central sourceTypes: Aggregation Database
DeliveryMethod	fulltext_linktorsrc
Discipline	Education Computer Science
EISSN	1432-1378
ExternalDocumentID	10_1007_s00145_024_09516_3
GroupedDBID	-4Z -59 -5G -BR -EM -Y2 -~C -~X .4S .86 .DC .VR 06D 0R~ 0VY 199 1N0 1SB 203 28- 29K 2J2 2JN 2JY 2KG 2KM 2LR 2P1 2VQ 2~H 3-Y 30V 4.4 406 408 409 40D 40E 5GY 5QI 5VS 67Z 6NX 6TJ 78A 8TC 8UJ 95- 95. 95~ 96X AABHQ AACDK AAHNG AAIAL AAJBT AAJKR AANZL AAOBN AARHV AARTL AASML AATNV AATVU AAUYE AAWCG AAYIU AAYQN AAYTO AAYZH ABAKF ABBBX ABBXA ABDZT ABECU ABFTD ABFTV ABHLI ABHQN ABJNI ABJOX ABKCH ABKTR ABMNI ABMQK ABNWP ABQBU ABQSL ABSXP ABTEG ABTHY ABTKH ABTMW ABULA ABWNU ABXPI ACAOD ACBXY ACDTI ACGFS ACHSB ACHXU ACIWK ACKNC ACMDZ ACMLO ACOKC ACOMO ACPIV ACSNA ACZOJ ADHHG ADHIR ADIMF ADINQ ADKNI ADKPE ADMLS ADRFC ADTPH ADURQ ADYFF ADZKW AEBTG AEFIE AEFQL AEGAL AEGNC AEJHL AEJRE AEKMD AEMSY AENEX AEOHA AEPYU AESKC AETLH AEVLU AEXYK AFBBN AFEXP AFGCZ AFLOW AFQWF AFWTZ AFZKB AGAYW AGDGC AGGDS AGJBK AGMZJ AGQEE AGQMX AGRTI AGWIL AGWZB AGYKE AHAVH AHBYD AHKAY AHSBF AHYZX AIAKS AIGIU AIIXL AILAN AITGF AJBLW AJRNO AJZVZ ALMA_UNASSIGNED_HOLDINGS ALWAN AMKLP AMXSW AMYLF AMYQR AOCGG ARCSS ARMRJ ASPBG AVWKF AXYYD AYJHY AZFZN B-. BA0 BBWZM BDATZ BGNMA BSONS CAG COF CS3 CSCUP D-I DDRTE DL5 DNIVK DPUIP DU5 EBLON EBS EDO EIOEI EIS EJD ESBYG FEDTE FERAY FFXSO FIGPU FINBP FNLPD FRRFC FSGXE FWDCC GGCAI GGRSB GJIRD GNWQR GQ6 GQ7 GQ8 GXS H13 HF~ HG5 HG6 HMJXF HQYDN HRMNR HVGLF HZ~ I-F I09 IHE IJ- IKXTQ ITM IWAJR IXC IZIGR IZQ I~X I~Z J-C J0Z JBSCW JCJTX JZLTJ KDC KOV KOW LAS LLZTM M4Y MA- N2Q N9A NB0 NDZJH NPVJJ NQJWS NU0 O9- O93 O9G O9I O9J OAM P19 P2P P9O PF0 PT4 PT5 QOK QOS R4E R89 R9I RHV RIG RNI RNS ROL RPX RSV RZK S16 S1Z S26 S27 S28 S3B SAP SCJ SCLPG SCO SDH SDM SHX SISQX SJYHP SNE SNPRN SNX SOHCF SOJ SPISZ SRMVM SSLCW STPWE SZN T13 T16 TN5 TSG TSK TSV TUC TUS U2A UG4 UOJIU UTJUX UZXMN VC2 VFIZW VXZ W23 W48 WK8 YLTOR Z45 Z7R Z7X Z81 Z83 Z88 Z8M Z8R Z8U Z8W Z92 ZMTXR ~EX AAPKM AAYXX ABBRH ABDBE ABFSG ABJCF ABRTQ ACSTC ADHKG ADKFA AEZWR AFDZB AFFHD AFHIU AFKRA AFOHR AGQPQ AHPBZ AHWEU AIXLP ARAPS ATHPR AYFIA BENPR BGLVJ CCPQU CITATION HCIFZ K7- M7S PHGZM PHGZT PQGLB PTHSS 8FE 8FG AZQEC DWQXO GNUQQ JQ2 L6V P62 PKEHL PQEST PQQKQ PQUKI PRINS
ID	FETCH-LOGICAL-c270t-a6366c31ecd41b22d061ec01f6f9ff491f42ecd0aa37eb1fce739f7658f016853
IEDL.DBID	RSV
ISICitedReferencesCount	0
ISICitedReferencesURI	http://www.webofscience.com/api/gateway?GWVersion=2&SrcApp=Summon&SrcAuth=ProQuest&DestLinkType=CitingArticles&DestApp=WOS_CPL&KeyUT=001295054100003&url=https%3A%2F%2Fcvtisr.summon.serialssolutions.com%2F%23%21%2Fsearch%3Fho%3Df%26include.ft.matches%3Dt%26l%3Dnull%26q%3D
ISSN	0933-2790
IngestDate	Mon Oct 06 16:37:08 EDT 2025 Sat Nov 29 06:12:31 EST 2025 Fri Feb 21 02:37:12 EST 2025
IsPeerReviewed	true
IsScholarly	true
Issue	4
Keywords	Nested collision search Time-memory trade-off Representation technique Polynomial memory Combinatorial attacks Learning with errors
Language	English
LinkModel	DirectLink
MergedId	FETCHMERGED-LOGICAL-c270t-a6366c31ecd41b22d061ec01f6f9ff491f42ecd0aa37eb1fce739f7658f016853
Notes	ObjectType-Article-1 SourceType-Scholarly Journals-1 ObjectType-Feature-2 content type line 14
ORCID	0000-0001-6821-920X 0000-0001-5505-6536 0000-0001-5806-3600
PQID	3254471165
PQPubID	2043756
ParticipantIDs	proquest_journals_3254471165 crossref_primary_10_1007_s00145_024_09516_3 springer_journals_10_1007_s00145_024_09516_3
PublicationCentury	2000
PublicationDate	20241000
PublicationDateYYYYMMDD	2024-10-01
PublicationDate_xml	– month: 10 year: 2024 text: 20241000
PublicationDecade	2020
PublicationPlace	New York
PublicationPlace_xml	– name: New York
PublicationTitle	Journal of cryptology
PublicationTitleAbbrev	J Cryptol
PublicationYear	2024
Publisher	Springer US Springer Nature B.V
Publisher_xml	– name: Springer US – name: Springer Nature B.V
References	M.R. Albrecht, S. Bai, L. Ducas, A subfield lattice attack on overstretched NTRU assumptions—cryptanalysis of some FHE and graded encoding schemes, in M. Robshaw, J. Katz, editors, CRYPTO 2016, Part I. LNCS, vol. 9814 (Springer, Heidelberg, 2016), pp. 153–178.https://doi.org/10.1007/978-3-662-53018-4_6 A. Becker, J.S. Coron, A. Joux, Improved generic algorithms for hard knapsacks, in K.G. Paterson, editor, EUROCRYPT 2011. LNCS, vol. 6632 (Springer, Heidelberg, 2011), pp. 364–385.https://doi.org/10.1007/978-3-642-20465-4_21 M.R. Albrecht, S. Bai, P.A. Fouque, P. Kirchner, D. Stehlé, W. Wen, Faster enumeration-based lattice reduction: root Hermite factor k1/(2k)\documentclass[12pt]{minimal} \usepackage{amsmath} \usepackage{wasysym} \usepackage{amsfonts} \usepackage{amssymb} \usepackage{amsbsy} \usepackage{mathrsfs} \usepackage{upgreek} \setlength{\oddsidemargin}{-69pt} \begin{document}$$k^{1/(2k)}$$\end{document} time kk/8+o(k)\documentclass[12pt]{minimal} \usepackage{amsmath} \usepackage{wasysym} \usepackage{amsfonts} \usepackage{amssymb} \usepackage{amsbsy} \usepackage{mathrsfs} \usepackage{upgreek} \setlength{\oddsidemargin}{-69pt} \begin{document}$$k^{k/8+o(k)}$$\end{document}, in D. Micciancio, T. Ristenpart, editors, CRYPTO 2020, Part II. LNCS, vol. 12171 (Springer, Heidelberg, 2020), pp. 186–212.https://doi.org/10.1007/978-3-030-56880-1_7 L. Bi, X. Lu, J. Luo, K. Wang, Hybrid dual and meet-LWE attack, in Information Security and Privacy: 27th Australasian Conference, ACISP 2022, Wollongong, NSW, Australia, November 28–30, 2022, Proceedings (Springer, 2022). pp. 168–188 A. Esser, A. May, F. Zweydinger, McEliece needs a break—solving McEliece-1284 and quasi-cyclic-2918 with modern ISD, in O. Dunkelman, S. Dziembowski, editors, EUROCRYPT 2022, Part III. LNCS, vol. 13277 (Springer, Heidelberg, 2022), pp. 433–457.https://doi.org/10.1007/978-3-031-07082-2_16 T. Güneysu, V. Lyubashevsky, T. Pöppelmann, Practical lattice-based cryptography: a signature scheme for embedded systems, in E. Prouff, P. Schaumont, editors, CHES 2012. LNCS, vol. 7428 (Springer, Heidelberg, 2012), pp. 530–547. https://doi.org/10.1007/978-3-642-33027-8_31 C. Peikert, Public-key cryptosystems from the worst-case shortest vector problem: extended abstract, in M. Mitzenmacher, editor, 41st ACM STOC (ACM Press, 2009). pp. 333–342.https://doi.org/10.1145/1536414.1536461 M. Hhan, J. Kim, C. Lee, Y. Son, How to meet ternary LWE keys on Babai’s nearest plane. Cryptology ePrint Archive (2022) X. Bonnetain, R. Bricout, A. Schrottenloher, Y. Shen, Improved classical and quantum algorithms for subset-sum, in S. Moriai, H. Wang, editors, ASIACRYPT 2020, Part II. LNCS, vol. 12492 (Springer, Heidelberg, 2020), pp. 633–666.https://doi.org/10.1007/978-3-030-64834-3_22 A. Hülsing, J. Rijneveld, J.M. Schanck, P. Schwabe, High-speed key encapsulation from NTRU, in W. Fischer, N. Homma, editors, CHES 2017. LNCS, vol. 10529 (Springer, Heidelberg, 2017), pp. 232–252.https://doi.org/10.1007/978-3-319-66787-4_12 A. Esser, A. May, Low weight discrete logarithm and subset sum in 20.65n\documentclass[12pt]{minimal} \usepackage{amsmath} \usepackage{wasysym} \usepackage{amsfonts} \usepackage{amssymb} \usepackage{amsbsy} \usepackage{mathrsfs} \usepackage{upgreek} \setlength{\oddsidemargin}{-69pt} \begin{document}$$2^{0.65n}$$\end{document} with polynomial memory, in A. Canteaut, Y. Ishai, editors, EUROCRYPT 2020, Part III. LNCS, vol. 12107 (Springer, Heidelberg, 2020), pp. 94–122.https://doi.org/10.1007/978-3-030-45727-3_4 I. Dinur, O. Dunkelman, N. Keller, A. Shamir, Memory-efficient algorithms for finding needles in haystacks, in M. Robshaw, J. Katz, editors, CRYPTO 2016, Part II. LNCS, vol. 9815 (Springer, Heidelberg, 2016), pp. 185–206.https://doi.org/10.1007/978-3-662-53008-5_7 J.W. Bos, M.E. Kaihara, T. Kleinjung, A.K. Lenstra, P.L. Montgomery, Solving a 112-bit prime elliptic curve discrete logarithm problem on game consoles using sloppy reduction. Int. J. Appl. Cryptogr.2(3), 212–228 (2012) R. Bricout, A. Chailloux, T. Debris-Alazard, M. Lequesne, Ternary syndrome decoding with large weight, in K.G. Paterson, D. Stebila, editors, SAC 2019. LNCS, vol. 11959 (Springer, Heidelberg, 2019), pp. 437–466.https://doi.org/10.1007/978-3-030-38471-5_18 A. Esser, F. Zweydinger, New time-memory trade-offs for subset sum—improving ISD in theory and practice, in C. Hazay, M. Stam, editors, Advances in Cryptology—EUROCRYPT 2023—42nd Annual International Conference on the Theory and Applications of Cryptographic Techniques, Lyon, France, April 23–27, 2023, Proceedings, Part V. Lecture Notes in Computer Science, vol. 14008 (Springer, 2023), pp. 360–390.https://doi.org/10.1007/978-3-031-30589-4_13 D. Stehlé, R. Steinfeld, K. Tanaka, K. Xagawa, Efficient public key encryption based on ideal lattices, in M. Matsui, editor, ASIACRYPT 2009. LNCS, vol. 5912 (Springer, Heidelberg, 2009), pp. 617–635. https://doi.org/10.1007/978-3-642-10366-7_36 J. Bos, L. Ducas, E. Kiltz, T. Lepoint, V. Lyubashevsky, J.M. Schanck, P. Schwabe, G. Seiler, D. Stehlé, Crystals-kyber: a CCA-secure module-lattice-based KEM, in 2018 IEEE European Symposium on Security and Privacy (EuroS &P) (IEEE, 2018), pp. 353–367 D.J. Bernstein, C. Chuengsatiansup, T. Lange, C. van Vredendaal, NTRU prime: reducing attack surface at low cost, in C. Adams, J. Camenisch, editors, SAC 2017. LNCS, vol. 10719 (Springer, Heidelberg, 2017), pp. 235–260.https://doi.org/10.1007/978-3-319-72565-9_12 C. Delaplace, A. Esser, A. May, Improved low-memory subset sum and LPN algorithms via multiple collisions, in M. Albrecht, editor, 17th IMA International Conference on Cryptography and Coding. LNCS, vol. 11929 (Springer, Heidelberg, 2019), pp. 178–199.https://doi.org/10.1007/978-3-030-35199-1_9 I. Dinur, O. Dunkelman, N. Keller, A. Shamir, Efficient dissection of composite problems, with applications to cryptanalysis, knapsacks, and combinatorial search problems, in R. Safavi-Naini, R. Canetti, editors. CRYPTO 2012. LNCS, vol. 7417 (Springer, Heidelberg, 2012), pp. 719–740.https://doi.org/10.1007/978-3-642-32009-5_42 K. Carrier, V. Hatey, J. Tillich, Projective space stern decoding and application to SDitH. IACR Cryptol. ePrint Arch (2023), p. 1865. https://eprint.iacr.org/2023/1865 L. Ducas, M. Stevens, W.P.J. van Woerden, Advanced lattice sieving on GPUs, with tensor cores, in A. Canteaut, F.X. Standaert, editors, EUROCRYPT 2021, Part II. LNCS, vol. 12697 (Springer, Heidelberg, 2021), pp. 249–279.https://doi.org/10.1007/978-3-030-77886-6_9 N. Gama, P.Q. Nguyen, O. Regev, Lattice enumeration using extreme pruning, in H. Gilbert, editor, EUROCRYPT 2010. LNCS, vol. 6110 (Springer, Heidelberg, 2010), pp. 257–278.https://doi.org/10.1007/978-3-642-13190-5_13 A. Esser, R. Girme, A. Mukherjee, S. Sarkar, Memory-efficient attacks on small LWE keys, in J. Guo, R. Steinfeld, editors, Advances in Cryptology—ASIACRYPT 2023—29th International Conference on the Theory and Application of Cryptology and Information Security, Guangzhou, China, December 4–8, 2023, Proceedings, Part IV. Lecture Notes in Computer Science, vol. 14441 (Springer, 2023), pp. 72–105.https://doi.org/10.1007/978-981-99-8730-6_3. D.H. Nguyen, T.T. Nguyen, T.N. Duong, P.H. Pham, Cryptanalysis of md5 on GPU cluster, in Proceedings of International Conference on Information Security and Artificial Intelligence, vol. 2 (2010), pp. 910–914 E. Prange, The use of information sets in decoding cyclic codes. IRE Trans. Inf. Theory8(5), 5–9 (1962) C. Gentry, Fully homomorphic encryption using ideal lattices, in M. Mitzenmacher, editor, 41st ACM STOC (ACM Press, 2009). pp. 169–178.https://doi.org/10.1145/1536414.1536440 O. Regev, On lattices, learning with errors, random linear codes, and cryptography, in H.N. Gabow, R. Fagin, editors, 37th ACM STOC (ACM Press, 2005). pp. 84–93. https://doi.org/10.1145/1060590.1060603 E. Bellini, J. Chavez-Saab, J.J. Chi-Domínguez, A. Esser, S. Ionica, L. Rivera-Zamarripa, F. Rodríguez-Henríquez, M. Trimoska, F. Zweydinger, Parallel isogeny path finding with limited memory, in Progress in Cryptology–INDOCRYPT 2022: 23rd International Conference on Cryptology in India, Kolkata, India, December 11–14, 2022, Proceedings (Springer, 2023), pp. 294–316 J. Hoffstein, J. Pipher, J.H. Silverman, NTRU: a ring-based public key cryptosystem, in Third Algorithmic Number Theory Symposium (ANTS). LNCS, vol. 1423 (Springer, Heidelberg, 1998), pp. 267–288 V. Lyubashevsky, C. Peikert, O. Regev, On ideal lattices and learning with errors over rings, in H. Gilbert, editor, EUROCRYPT 2010. LNCS, vol. 6110 (Springer, Heidelberg, 2010), pp. 1–23.https://doi.org/10.1007/978-3-642-13190-5_1 V. Lyubashevsky, Lattice signatures without trapdoors, in D. Pointcheval, T. Johansson, editors, EUROCRYPT 2012. LNCS, vol. 7237 (Springer, Heidelberg, 2012), pp. 738–755.https://doi.org/10.1007/978-3-642-29011-4_43 L. Ducas, A. Durmus, T. Lepoint, V. Lyubashevsky, Lattice signatures and bimodal Gaussians, in R. Canetti, J.A. Garay, editors, CRYPTO 2013, Part I. LNCS, vol. 8042 (Springer, Heidelberg, 2013), pp. 40–56.https://doi.org/10.1007/978-3-642-40041-4_3 A. Esser, P. Santini, Not just regular decoding: asymptotics and improvements of regular syndrome decoding attacks. IACR Cryptol. ePrint Arch (2023), p. 1568. https://eprint.iacr.org/2023/1568 T. Glaser, A. May, How to enumerate LWE keys as narrow as in Kyber/Dilithium, in International Conference on Cryptology and Network Security (Springer, 2023), pp. 75–100 A. May, A. Meurer, E. Thomae, Decoding random linear codes in O~(20.054n)\documentclass[12pt]{minimal} \usepackage{amsmath} \usepackage{wasysym} \usepackage{amsfonts} \usepackage{amssymb} \usepackage{amsbsy} \usepackage{mathrsfs} \usepackage{upgreek} \setlength{\oddsidemargin}{-69pt} \begin{document}$$\tilde{\cal O\it }(2^{0.054n})$$\end{document}, in D.H. Lee, X. Wang, editors, ASIACRYPT 2011. LNCS, vol. 7073 (Springer, Heidelberg, 2011), pp. 107–124.https://doi.org/10.1007/978-3-642-25385-0_6 P.C. van Oorschot, M.J. Wi 9516_CR21 9516_CR43 9516_CR22 9516_CR44 9516_CR23 9516_CR45 9516_CR24 9516_CR40 9516_CR41 9516_CR20 9516_CR42 9516_CR29 9516_CR25 9516_CR26 9516_CR27 9516_CR28 9516_CR10 9516_CR32 9516_CR11 9516_CR33 9516_CR12 9516_CR34 9516_CR9 9516_CR13 9516_CR35 9516_CR8 9516_CR7 9516_CR6 9516_CR30 9516_CR5 9516_CR31 9516_CR4 9516_CR3 9516_CR2 9516_CR1 9516_CR18 9516_CR19 9516_CR14 9516_CR36 9516_CR15 9516_CR37 9516_CR16 9516_CR38 9516_CR17 9516_CR39
References_xml	– reference: A. Esser, A. May, F. Zweydinger, McEliece needs a break—solving McEliece-1284 and quasi-cyclic-2918 with modern ISD, in O. Dunkelman, S. Dziembowski, editors, EUROCRYPT 2022, Part III. LNCS, vol. 13277 (Springer, Heidelberg, 2022), pp. 433–457.https://doi.org/10.1007/978-3-031-07082-2_16 – reference: A. Becker, J.S. Coron, A. Joux, Improved generic algorithms for hard knapsacks, in K.G. Paterson, editor, EUROCRYPT 2011. LNCS, vol. 6632 (Springer, Heidelberg, 2011), pp. 364–385.https://doi.org/10.1007/978-3-642-20465-4_21 – reference: A. Esser, A. May, Low weight discrete logarithm and subset sum in 20.65n\documentclass[12pt]{minimal} \usepackage{amsmath} \usepackage{wasysym} \usepackage{amsfonts} \usepackage{amssymb} \usepackage{amsbsy} \usepackage{mathrsfs} \usepackage{upgreek} \setlength{\oddsidemargin}{-69pt} \begin{document}$$2^{0.65n}$$\end{document} with polynomial memory, in A. Canteaut, Y. Ishai, editors, EUROCRYPT 2020, Part III. LNCS, vol. 12107 (Springer, Heidelberg, 2020), pp. 94–122.https://doi.org/10.1007/978-3-030-45727-3_4 – reference: I. Dinur, O. Dunkelman, N. Keller, A. Shamir, Memory-efficient algorithms for finding needles in haystacks, in M. Robshaw, J. Katz, editors, CRYPTO 2016, Part II. LNCS, vol. 9815 (Springer, Heidelberg, 2016), pp. 185–206.https://doi.org/10.1007/978-3-662-53008-5_7 – reference: T. Glaser, A. May, How to enumerate LWE keys as narrow as in Kyber/Dilithium, in International Conference on Cryptology and Network Security (Springer, 2023), pp. 75–100 – reference: G. Adj, D. Cervantes-Vázquez, J.J. Chi-Domínguez, A. Menezes, F. Rodríguez-Henríquez, On the cost of computing isogenies between supersingular elliptic curves, in C. Cid, M.J. Jacobson Jr, editors, SAC 2018. LNCS, vol. 11349 (Springer, Heidelberg, 2019), pp. 322–343. https://doi.org/10.1007/978-3-030-10970-7_15 – reference: D. Stehlé, R. Steinfeld, K. Tanaka, K. Xagawa, Efficient public key encryption based on ideal lattices, in M. Matsui, editor, ASIACRYPT 2009. LNCS, vol. 5912 (Springer, Heidelberg, 2009), pp. 617–635. https://doi.org/10.1007/978-3-642-10366-7_36 – reference: N. Gama, P.Q. Nguyen, O. Regev, Lattice enumeration using extreme pruning, in H. Gilbert, editor, EUROCRYPT 2010. LNCS, vol. 6110 (Springer, Heidelberg, 2010), pp. 257–278.https://doi.org/10.1007/978-3-642-13190-5_13 – reference: K. Carrier, V. Hatey, J. Tillich, Projective space stern decoding and application to SDitH. IACR Cryptol. ePrint Arch (2023), p. 1865. https://eprint.iacr.org/2023/1865 – reference: N. Howgrave-Graham, A. Joux, New generic algorithms for hard knapsacks, in H. Gilbert, editor, EUROCRYPT 2010. LNCS, vol. 6110 (Springer, Heidelberg, 2010), pp. 235–256.https://doi.org/10.1007/978-3-642-13190-5_12 – reference: A. Hülsing, J. Rijneveld, J.M. Schanck, P. Schwabe, High-speed key encapsulation from NTRU, in W. Fischer, N. Homma, editors, CHES 2017. LNCS, vol. 10529 (Springer, Heidelberg, 2017), pp. 232–252.https://doi.org/10.1007/978-3-319-66787-4_12 – reference: E. Bellini, J. Chavez-Saab, J.J. Chi-Domínguez, A. Esser, S. Ionica, L. Rivera-Zamarripa, F. Rodríguez-Henríquez, M. Trimoska, F. Zweydinger, Parallel isogeny path finding with limited memory, in Progress in Cryptology–INDOCRYPT 2022: 23rd International Conference on Cryptology in India, Kolkata, India, December 11–14, 2022, Proceedings (Springer, 2023), pp. 294–316 – reference: V. Lyubashevsky, C. Peikert, O. Regev, On ideal lattices and learning with errors over rings, in H. Gilbert, editor, EUROCRYPT 2010. LNCS, vol. 6110 (Springer, Heidelberg, 2010), pp. 1–23.https://doi.org/10.1007/978-3-642-13190-5_1 – reference: J.W. Bos, M.E. Kaihara, T. Kleinjung, A.K. Lenstra, P.L. Montgomery, Solving a 112-bit prime elliptic curve discrete logarithm problem on game consoles using sloppy reduction. Int. J. Appl. Cryptogr.2(3), 212–228 (2012) – reference: A. Esser, F. Zweydinger, New time-memory trade-offs for subset sum—improving ISD in theory and practice, in C. Hazay, M. Stam, editors, Advances in Cryptology—EUROCRYPT 2023—42nd Annual International Conference on the Theory and Applications of Cryptographic Techniques, Lyon, France, April 23–27, 2023, Proceedings, Part V. Lecture Notes in Computer Science, vol. 14008 (Springer, 2023), pp. 360–390.https://doi.org/10.1007/978-3-031-30589-4_13 – reference: M. Hhan, J. Kim, C. Lee, Y. Son, How to meet ternary LWE keys on Babai’s nearest plane. Cryptology ePrint Archive (2022) – reference: J. Hoffstein, J. Pipher, J.H. Silverman, NTRU: a ring-based public key cryptosystem, in Third Algorithmic Number Theory Symposium (ANTS). LNCS, vol. 1423 (Springer, Heidelberg, 1998), pp. 267–288 – reference: A. May, How to meet ternary LWE keys, in T. Malkin, C. Peikert, editors, CRYPTO 2021, Part II. LNCS, vol. 12826 (Springer, Heidelberg, Virtual Event, 2021), pp. 701–731.https://doi.org/10.1007/978-3-030-84245-1_24 – reference: X. Bonnetain, R. Bricout, A. Schrottenloher, Y. Shen, Improved classical and quantum algorithms for subset-sum, in S. Moriai, H. Wang, editors, ASIACRYPT 2020, Part II. LNCS, vol. 12492 (Springer, Heidelberg, 2020), pp. 633–666.https://doi.org/10.1007/978-3-030-64834-3_22 – reference: A. Esser, R. Girme, A. Mukherjee, S. Sarkar, Memory-efficient attacks on small LWE keys, in J. Guo, R. Steinfeld, editors, Advances in Cryptology—ASIACRYPT 2023—29th International Conference on the Theory and Application of Cryptology and Information Security, Guangzhou, China, December 4–8, 2023, Proceedings, Part IV. Lecture Notes in Computer Science, vol. 14441 (Springer, 2023), pp. 72–105.https://doi.org/10.1007/978-981-99-8730-6_3. – reference: D.J. Bernstein, C. Chuengsatiansup, T. Lange, C. van Vredendaal, NTRU prime: reducing attack surface at low cost, in C. Adams, J. Camenisch, editors, SAC 2017. LNCS, vol. 10719 (Springer, Heidelberg, 2017), pp. 235–260.https://doi.org/10.1007/978-3-319-72565-9_12 – reference: T. Güneysu, V. Lyubashevsky, T. Pöppelmann, Practical lattice-based cryptography: a signature scheme for embedded systems, in E. Prouff, P. Schaumont, editors, CHES 2012. LNCS, vol. 7428 (Springer, Heidelberg, 2012), pp. 530–547. https://doi.org/10.1007/978-3-642-33027-8_31 – reference: V. Lyubashevsky, Lattice signatures without trapdoors, in D. Pointcheval, T. Johansson, editors, EUROCRYPT 2012. LNCS, vol. 7237 (Springer, Heidelberg, 2012), pp. 738–755.https://doi.org/10.1007/978-3-642-29011-4_43 – reference: R. Bricout, A. Chailloux, T. Debris-Alazard, M. Lequesne, Ternary syndrome decoding with large weight, in K.G. Paterson, D. Stebila, editors, SAC 2019. LNCS, vol. 11959 (Springer, Heidelberg, 2019), pp. 437–466.https://doi.org/10.1007/978-3-030-38471-5_18 – reference: M.R. Albrecht, S. Bai, L. Ducas, A subfield lattice attack on overstretched NTRU assumptions—cryptanalysis of some FHE and graded encoding schemes, in M. Robshaw, J. Katz, editors, CRYPTO 2016, Part I. LNCS, vol. 9814 (Springer, Heidelberg, 2016), pp. 153–178.https://doi.org/10.1007/978-3-662-53018-4_6 – reference: C. van Vredendaal, Reduced memory meet-in-the-middle attack against the NTRU private key. LMS J. Comput. Math.19(1), 43–57 (2016). https://doi.org/10.1112/S1461157016000206 – reference: C. Delaplace, A. Esser, A. May, Improved low-memory subset sum and LPN algorithms via multiple collisions, in M. Albrecht, editor, 17th IMA International Conference on Cryptography and Coding. LNCS, vol. 11929 (Springer, Heidelberg, 2019), pp. 178–199.https://doi.org/10.1007/978-3-030-35199-1_9 – reference: L. Ducas, M. Stevens, W.P.J. van Woerden, Advanced lattice sieving on GPUs, with tensor cores, in A. Canteaut, F.X. Standaert, editors, EUROCRYPT 2021, Part II. LNCS, vol. 12697 (Springer, Heidelberg, 2021), pp. 249–279.https://doi.org/10.1007/978-3-030-77886-6_9 – reference: C. Gentry, Fully homomorphic encryption using ideal lattices, in M. Mitzenmacher, editor, 41st ACM STOC (ACM Press, 2009). pp. 169–178.https://doi.org/10.1145/1536414.1536440 – reference: P.C. van Oorschot, M.J. Wiener, Parallel collision search with cryptanalytic applications. J. Cryptol.12(1), 1–28 (1999). https://doi.org/10.1007/PL00003816 – reference: A. May, A. Meurer, E. Thomae, Decoding random linear codes in O~(20.054n)\documentclass[12pt]{minimal} \usepackage{amsmath} \usepackage{wasysym} \usepackage{amsfonts} \usepackage{amssymb} \usepackage{amsbsy} \usepackage{mathrsfs} \usepackage{upgreek} \setlength{\oddsidemargin}{-69pt} \begin{document}$$\tilde{\cal O\it }(2^{0.054n})$$\end{document}, in D.H. Lee, X. Wang, editors, ASIACRYPT 2011. LNCS, vol. 7073 (Springer, Heidelberg, 2011), pp. 107–124.https://doi.org/10.1007/978-3-642-25385-0_6 – reference: M.R. Albrecht, S. Bai, P.A. Fouque, P. Kirchner, D. Stehlé, W. Wen, Faster enumeration-based lattice reduction: root Hermite factor k1/(2k)\documentclass[12pt]{minimal} \usepackage{amsmath} \usepackage{wasysym} \usepackage{amsfonts} \usepackage{amssymb} \usepackage{amsbsy} \usepackage{mathrsfs} \usepackage{upgreek} \setlength{\oddsidemargin}{-69pt} \begin{document}$$k^{1/(2k)}$$\end{document} time kk/8+o(k)\documentclass[12pt]{minimal} \usepackage{amsmath} \usepackage{wasysym} \usepackage{amsfonts} \usepackage{amssymb} \usepackage{amsbsy} \usepackage{mathrsfs} \usepackage{upgreek} \setlength{\oddsidemargin}{-69pt} \begin{document}$$k^{k/8+o(k)}$$\end{document}, in D. Micciancio, T. Ristenpart, editors, CRYPTO 2020, Part II. LNCS, vol. 12171 (Springer, Heidelberg, 2020), pp. 186–212.https://doi.org/10.1007/978-3-030-56880-1_7 – reference: O. Regev, On lattices, learning with errors, random linear codes, and cryptography, in H.N. Gabow, R. Fagin, editors, 37th ACM STOC (ACM Press, 2005). pp. 84–93. https://doi.org/10.1145/1060590.1060603 – reference: L. Ducas, A. Durmus, T. Lepoint, V. Lyubashevsky, Lattice signatures and bimodal Gaussians, in R. Canetti, J.A. Garay, editors, CRYPTO 2013, Part I. LNCS, vol. 8042 (Springer, Heidelberg, 2013), pp. 40–56.https://doi.org/10.1007/978-3-642-40041-4_3 – reference: D.H. Nguyen, T.T. Nguyen, T.N. Duong, P.H. Pham, Cryptanalysis of md5 on GPU cluster, in Proceedings of International Conference on Information Security and Artificial Intelligence, vol. 2 (2010), pp. 910–914 – reference: A. Esser, P. Santini, Not just regular decoding: asymptotics and improvements of regular syndrome decoding attacks. IACR Cryptol. ePrint Arch (2023), p. 1568. https://eprint.iacr.org/2023/1568 – reference: H. Zhu, S. Kamada, M. Kudo, T. Takagi, Improved hybrid attack via error-splitting method for finding quinary short lattice vectors, in J. Shikata, H. Kuzuno, editors, Advances in Information and Computer Security—18th International Workshop on Security, IWSEC 2023, Yokohama, Japan, August 29–31, 2023, Proceedings. Lecture Notes in Computer Science, vol. 14128 (Springer, 2023), pp. 117–136. https://doi.org/10.1007/978-3-031-41326-1_7. – reference: J. Bos, L. Ducas, E. Kiltz, T. Lepoint, V. Lyubashevsky, J.M. Schanck, P. Schwabe, G. Seiler, D. Stehlé, Crystals-kyber: a CCA-secure module-lattice-based KEM, in 2018 IEEE European Symposium on Security and Privacy (EuroS &P) (IEEE, 2018), pp. 353–367 – reference: R. Niederhagen, K.C. Ning, B.Y. Yang, Implementing Joux-Vitse’s crossbred algorithm for solving MQ\documentclass[12pt]{minimal} \usepackage{amsmath} \usepackage{wasysym} \usepackage{amsfonts} \usepackage{amssymb} \usepackage{amsbsy} \usepackage{mathrsfs} \usepackage{upgreek} \setlength{\oddsidemargin}{-69pt} \begin{document}$${\cal{M}\cal{Q}}$$\end{document} systems over F2\documentclass[12pt]{minimal} \usepackage{amsmath} \usepackage{wasysym} \usepackage{amsfonts} \usepackage{amssymb} \usepackage{amsbsy} \usepackage{mathrsfs} \usepackage{upgreek} \setlength{\oddsidemargin}{-69pt} \begin{document}$${\mathbb{F}} _2$$\end{document} on GPUs, in T. Lange, R. Steinwandt, editors, Post-Quantum Cryptography—9th International Conference, PQCrypto 2018 (Springer, Heidelberg, 2018). pp. 121–141.https://doi.org/10.1007/978-3-319-79063-3_6 – reference: C. Peikert, Public-key cryptosystems from the worst-case shortest vector problem: extended abstract, in M. Mitzenmacher, editor, 41st ACM STOC (ACM Press, 2009). pp. 333–342.https://doi.org/10.1145/1536414.1536461 – reference: A. Becker, A. Joux, A. May, A. Meurer, Decoding random binary linear codes in 2n/20\documentclass[12pt]{minimal} \usepackage{amsmath} \usepackage{wasysym} \usepackage{amsfonts} \usepackage{amssymb} \usepackage{amsbsy} \usepackage{mathrsfs} \usepackage{upgreek} \setlength{\oddsidemargin}{-69pt} \begin{document}$$2^{n/20}$$\end{document}: how 1 + 1 = 0 improves information set decoding, in D. Pointcheval, T. Johansson, editors, EUROCRYPT 2012. LNCS, vol. 7237 (Springer, Heidelberg, 2012), pp. 520–536.https://doi.org/10.1007/978-3-642-29011-4_31 – reference: L. Bi, X. Lu, J. Luo, K. Wang, Hybrid dual and meet-LWE attack, in Information Security and Privacy: 27th Australasian Conference, ACISP 2022, Wollongong, NSW, Australia, November 28–30, 2022, Proceedings (Springer, 2022). pp. 168–188 – reference: N. Howgrave-Graham, A hybrid lattice-reduction and meet-in-the-middle attack against NTRU, in A. Menezes, editor, CRYPTO 2007. LNCS, vol. 4622 (Springer, Heidelberg, 2007), pp. 150–169.https://doi.org/10.1007/978-3-540-74143-5_9 – reference: E. Prange, The use of information sets in decoding cyclic codes. IRE Trans. Inf. Theory8(5), 5–9 (1962) – reference: I. Dinur, O. Dunkelman, N. Keller, A. Shamir, Efficient dissection of composite problems, with applications to cryptanalysis, knapsacks, and combinatorial search problems, in R. Safavi-Naini, R. Canetti, editors. CRYPTO 2012. LNCS, vol. 7417 (Springer, Heidelberg, 2012), pp. 719–740.https://doi.org/10.1007/978-3-642-32009-5_42 – ident: 9516_CR19 doi: 10.1007/978-981-99-8730-6_3 – ident: 9516_CR43 doi: 10.1007/PL00003816 – ident: 9516_CR8 doi: 10.1007/978-3-031-22301-3_9 – ident: 9516_CR41 doi: 10.1145/1060590.1060603 – ident: 9516_CR38 doi: 10.1007/978-3-319-79063-3_6 – ident: 9516_CR1 doi: 10.1007/978-3-030-10970-7_15 – ident: 9516_CR44 doi: 10.1112/S1461157016000206 – ident: 9516_CR12 doi: 10.1007/978-3-030-38471-5_18 – ident: 9516_CR25 doi: 10.1145/1536414.1536440 – ident: 9516_CR4 doi: 10.1007/978-3-642-20465-4_21 – ident: 9516_CR26 doi: 10.1007/978-981-99-7563-1_4 – ident: 9516_CR9 doi: 10.1007/978-3-030-64834-3_22 – ident: 9516_CR15 doi: 10.1007/978-3-642-32009-5_42 – ident: 9516_CR31 doi: 10.1007/978-3-642-13190-5_12 – ident: 9516_CR37 – ident: 9516_CR3 doi: 10.1007/978-3-030-56880-1_7 – ident: 9516_CR10 doi: 10.1109/EuroSP.2018.00032 – ident: 9516_CR20 doi: 10.1007/978-3-030-45727-3_4 – ident: 9516_CR2 doi: 10.1007/978-3-662-53018-4_6 – ident: 9516_CR16 doi: 10.1007/978-3-662-53008-5_7 – ident: 9516_CR34 doi: 10.1007/978-3-642-13190-5_1 – ident: 9516_CR11 doi: 10.1504/IJACT.2012.045590 – ident: 9516_CR23 doi: 10.1007/978-3-031-30589-4_13 – ident: 9516_CR28 – ident: 9516_CR36 doi: 10.1007/978-3-642-25385-0_6 – ident: 9516_CR29 doi: 10.1007/BFb0054868 – ident: 9516_CR30 doi: 10.1007/978-3-540-74143-5_9 – ident: 9516_CR45 doi: 10.1007/978-3-031-41326-1_7 – ident: 9516_CR17 doi: 10.1007/978-3-642-40041-4_3 – ident: 9516_CR18 doi: 10.1007/978-3-030-77886-6_9 – ident: 9516_CR22 – ident: 9516_CR32 doi: 10.1007/978-3-319-66787-4_12 – ident: 9516_CR6 doi: 10.1007/978-3-031-22912-1_13 – ident: 9516_CR21 doi: 10.1007/978-3-031-07082-2_16 – ident: 9516_CR14 doi: 10.1007/978-3-030-35199-1_9 – ident: 9516_CR13 – ident: 9516_CR35 doi: 10.1007/978-3-030-84245-1_24 – ident: 9516_CR5 doi: 10.1007/978-3-642-29011-4_31 – ident: 9516_CR27 doi: 10.1007/978-3-642-33027-8_31 – ident: 9516_CR40 doi: 10.1109/TIT.1962.1057777 – ident: 9516_CR7 doi: 10.1007/978-3-319-72565-9_12 – ident: 9516_CR33 doi: 10.1007/978-3-642-29011-4_43 – ident: 9516_CR39 doi: 10.1145/1536414.1536461 – ident: 9516_CR42 doi: 10.1007/978-3-642-10366-7_36 – ident: 9516_CR24 doi: 10.1007/978-3-642-13190-5_13
SSID	ssj0017573
Score	2.3883762
Snippet	Combinatorial attacks on small max norm LWE keys suffer enormous memory requirements, which render them inefficient in realistic attack scenarios. Therefore,...
SourceID	proquest crossref springer
SourceType	Aggregation Database Index Database Publisher
StartPage	36
SubjectTerms	Algorithms Binomial distribution Coding and Information Theory Combinatorial analysis Combinatorics Communications Engineering Computational Mathematics and Numerical Analysis Computer Science Networks Polynomials Probability Theory and Stochastic Processes Research Article
SummonAdditionalLinks	– databaseName: ProQuest Central dbid: BENPR link: http://cvtisr.summon.serialssolutions.com/2.0.0/link/0/eLvHCXMwpV1LSwMxEA7aevDiW6xW2YMnNZhstpvmJFVaBLUUH9jbkuYBQt3WdhX8907SbIuCXjwHQvgymfkm80LoOFGSMKnBUwVyjxNJCJasSTDXDSMYVXIgtR82wbvdZr8veuHDbRrSKkud6BW1Hin3R37OXC8t7prFXIzfsJsa5aKrYYTGMqq6TmUg59XLdrd3P48j8MYsxizcxDIuSCib8cVzzjtw1ckJdjQjxey7aVrwzR8hUm95Ouv_PfMGWgucM2rNhGQTLZl8y41rDqkd2-jkzuXbfuK27ycBZihqFYUrvo9GefTwKofD6Pa5Hd3Are-gp0778eoahyEKWMWcFFimLE0Vo0bphA7iWIMBN4pQm1phbSKoTWJYI1IyDnrbKsOZsByIiQU2CMZ8F1XyUW72UMQEvH8qNLXgRFmjmpobYGwKSKa1dGBr6LTELxvPemVk867IHu0M0M482hmroXoJWhbezTRbIFZDZyXsi-Xfd9v_e7cDtBq7m_ZZeHVUKSbv5hCtqI_iZTo5ClLzBf9ixcM priority: 102 providerName: ProQuest
Title	Memory-Efficient Attacks on Small LWE Keys
URI	https://link.springer.com/article/10.1007/s00145-024-09516-3 https://www.proquest.com/docview/3254471165
Volume	37
WOSCitedRecordID	wos001295054100003&url=https%3A%2F%2Fcvtisr.summon.serialssolutions.com%2F%23%21%2Fsearch%3Fho%3Df%26include.ft.matches%3Dt%26l%3Dnull%26q%3D
hasFullText	1
inHoldings	1
isFullTextHit
isPrint
journalDatabaseRights	– providerCode: PRVPQU databaseName: Computer Science Database customDbUrl: eissn: 1432-1378 dateEnd: 20241213 omitProxy: false ssIdentifier: ssj0017573 issn: 0933-2790 databaseCode: K7- dateStart: 20230101 isFulltext: true titleUrlDefault: http://search.proquest.com/compscijour providerName: ProQuest – providerCode: PRVPQU databaseName: Engineering Database customDbUrl: eissn: 1432-1378 dateEnd: 20241213 omitProxy: false ssIdentifier: ssj0017573 issn: 0933-2790 databaseCode: M7S dateStart: 20230101 isFulltext: true titleUrlDefault: http://search.proquest.com providerName: ProQuest – providerCode: PRVPQU databaseName: ProQuest Central customDbUrl: eissn: 1432-1378 dateEnd: 20241213 omitProxy: false ssIdentifier: ssj0017573 issn: 0933-2790 databaseCode: BENPR dateStart: 20230101 isFulltext: true titleUrlDefault: https://www.proquest.com/central providerName: ProQuest – providerCode: PRVAVX databaseName: SpringerLINK Contemporary 1997-Present customDbUrl: eissn: 1432-1378 dateEnd: 99991231 omitProxy: false ssIdentifier: ssj0017573 issn: 0933-2790 databaseCode: RSV dateStart: 19970101 isFulltext: true titleUrlDefault: https://link.springer.com/search?facet-content-type=%22Journal%22 providerName: Springer Nature
link	http://cvtisr.summon.serialssolutions.com/2.0.0/link/0/eLvHCXMwnV3PS8MwFH64zYMXp1NxOksOntRA03TNcpzSIUzHcP7YrWRpAsLsZKuC_71J1m4oetBzSihf8vK-x3vvewCnoRQ-FamJVA25x6HwfSxox8csbStOiRQTkbphE2ww6IzHfFg0hS3KavcyJele6lWzm2Xztps4xJYWRJhWoNa2ajM2Rh89rnIHrL3MK3M7pYxxv2iV-XmPr-5ozTG_pUWdt-nV__efO7BdsEvUXV6HXdhQWQPq5eQGVBhyw85qLuo69uDs1hbbfuDYiUkYH4S6eW4779EsQ6MXMZ2im6cY9c2R78NDL76_usbFBAUsA-bnWEQ0iiQlSqYhmQRBary3kj7RkeZah5zoMDBrvhCUmUdbS8Uo18ywEm2ooPHkB1DNZpk6BES5MX7CU6JNBKWV7KRMGbomDcPUmkx0E85LIJPXpVBGspJEdpAkBpLEQZLQJrRKrJPCaBYJtXJpzOoBNeGixHa9_PtuR3_7_Bi2Ans8riSvBdV8_qZOYFO-58-LuQe1y3gwvPOg0mfYs7WgI89dsE8D78Qf
linkProvider	Springer Nature
linkToHtml	http://cvtisr.summon.serialssolutions.com/2.0.0/link/0/eLvHCXMw1V1LS8NAEB5KK-jFt1itmoNe1MUkm2a7B5GqLUofFK3oLW43uyDUtrZR6Z_yNzqbJi0KevPgeWEJ-SYz32QeH8C-J4VNRYiZKpJ74gnbJoKWbMLCouLUkaIjwlhsgjWbpYcH3srARzoLY9oqU58YO-qwL80_8hNqdmkxsyzmbPBCjGqUqa6mEhoTs6ip8TumbKPT60vE98B1q5X2xRVJVAWIdJkdEeFT35fUUTL0nI7rhhjRlLQd7Wuutccd7bl4ZgtBGToyLRWjXDOM1BrpUcmoRKDLz3nU84tZyJ1Xmq2bad2CFSc1bW4U0hi3kzGdeFjPZCNmGtojhtb4hH4NhTN--60kG0e66tJ_e0fLsJhwaqs8-QhWIKN6q0aOOmldWYPDhuknHpNKvC8Dw6xVjiKzXMDq96zbZ9HtWvX7ioUPPVqHuz951A3I9vo9tQkW5ejfHB46GpNErWQpZAoZqUQSrbXT0Xk4SvEKBpNdIMF063OMboDoBjG6Ac1DIQUpSPzCKJghlIfjFObZ8c-3bf1-2x7MX7Ub9aB-3axtw4JrrCzuOCxANhq-qh2Yk2_R02i4m1isBY9_bQCfuv4jhQ
linkToPdf	http://cvtisr.summon.serialssolutions.com/2.0.0/link/0/eLvHCXMwpV3fT8IwEL4oGuOLKGpEUfvgk9rYrWOlj0QhGpAQ8QdvS-naxAQHgWnif29bNlCjD8bnLt3y7dr7Lnf3HcBJIAWhIjaRqiH3OBCEYEFrBLO4qjj1pBiI2A2bYJ1Ord_n3U9d_K7aPU9JznoarEpTkl6MY30xb3yzzN52FgfYUoQQ02VYCUwkY4u67nqP8zwCq85yzNxOLGOcZG0zP-_x1TUt-Oa3FKnzPM3i_795EzYy1onqMzPZgiWVlKCYT3RA2QEv2RnOWb3HNpze2iLcd9xwIhPmPaieprYjH40S1HsRwyFqPzVQy5jCDjw0G_eX1zibrIClz0iKRUjDUFJPyTjwBr4fG6-uJPF0qLnWAfd04Js1IgRl5jLXUjHKNTNsRRuKaDz8LhSSUaL2AFFuLgWPx542kZVWshYzZWicNMxTa2-gy3CWgxqNZwIa0Vwq2UESGUgiB0lEy1DJcY-ywzSNqJVRY1YnqAznOc6L5d932__b48ew1r1qRu2bTusA1n37p1zVXgUK6eRVHcKqfEufp5MjZ2MfnjvMhQ
openUrl	ctx_ver=Z39.88-2004&ctx_enc=info%3Aofi%2Fenc%3AUTF-8&rfr_id=info%3Asid%2Fsummon.serialssolutions.com&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=article&rft.atitle=Memory-Efficient+Attacks+on+Small+LWE+Keys&rft.jtitle=Journal+of+cryptology&rft.au=Esser%2C+Andre&rft.au=Mukherjee%2C+Arindam&rft.au=Sarkar%2C+Santanu&rft.date=2024-10-01&rft.issn=0933-2790&rft.eissn=1432-1378&rft.volume=37&rft.issue=4&rft_id=info:doi/10.1007%2Fs00145-024-09516-3&rft.externalDBID=n%2Fa&rft.externalDocID=10_1007_s00145_024_09516_3
thumbnail_l	http://covers-cdn.summon.serialssolutions.com/index.aspx?isbn=/lc.gif&issn=0933-2790&client=summon
thumbnail_m	http://covers-cdn.summon.serialssolutions.com/index.aspx?isbn=/mc.gif&issn=0933-2790&client=summon
thumbnail_s	http://covers-cdn.summon.serialssolutions.com/index.aspx?isbn=/sc.gif&issn=0933-2790&client=summon