王洋 等: 半均匀   LWE  问题的紧致归约                                                        4415


                     114481. [doi: 10.1016/j.tcs.2024.114481]
                  [5]   Brakerski Z, Langlois A, Peikert C, Regev O, Stehlé D. Classical hardness of learning with errors. In: Proc. of the 45th Annual ACM
                     Symp. on Theory of Computing. Palo Alto: ACM, 2005. 575–584. [doi: 10.1145/2488608.2488680]
                  [6]   Goldwasser S, Kalai YT, Peikert C, Vaikuntanathan V. Robustness of the learning with errors assumption. In: Innovations in Computer
                     Science—ICS 2010. Beijing: Tsinghua University Press, 2010. 230–240.
                  [7]   Micciancio D. On the hardness of learning with errors with binary secrets. Theory of Computing, 2018, 14: 13. [doi: 10.4086/toc.2018.
                     v014a013]
                  [8]   Brakerski Z, Döttling N. Hardness of LWE on general entropic distributions. In: Canteaut A, Ishai Y, eds. Proc. of the 39th Annual Int’l
                     Conf. on the Theory and Applications of Cryptographic Techniques. Zagreb: Springer, 2020. 551–575. [doi: 10.1007/978-3-030-45724-
                     2_19]
                  [9]   Boudgoust K, Jeudy C, Roux-Langlois A, Wen WQ. On the hardness of module learning with errors with short distributions. Journal of
                     Cryptology, 2023, 36(1): 1. [doi: 10.1007/s00145-022-09441-3]
                 [10]   Kim D, Lee D, Seo J, Song Y. Toward practical lattice-based proof of knowledge from Hint-MLWE. In: Handschuh H, Lysyanskaya A,
                     eds.  Proc.  of  the 43rd  Annual  Int’l  Cryptology  Conf.  on  Advances  in  Cryptology  (CRYPTO  2023).  Santa  Barbara:  Springer,  2023.
                     549–580. [doi: 10.1007/978-3-031-38554-4_18]
                 [11]   Dottling N, Kolonelos D, Lai RWF, Lin CW, Malavolta G, Rahimi A. Efficient laconic cryptography from learning with errors. In: Hazay
                     C, Stam M, eds. Proc. of the 42nd Annual Int’l Conf. on the Theory and Applications of Cryptographic Techniques. Lyon: Springer,
                     2023. 417–446. [doi: 10.1007/978-3-031-30620-4_14]
                 [12]   Agrawal S, Libert B, Stehlé D. Fully secure functional encryption for inner products, from standard assumptions. In: Robshaw M, Katz J,
                     eds.  Proc.  of  the 36th  Annual  Int’l  Cryptology  Conf.  on  Advances  in  Cryptology  (CRYPTO  2016).  Santa  Barbara:  Springer,  2023.
                     333–362. [doi: 10.1007/978-3-662-53015-3_12]
                 [13]   Mera JMB, Karmakar A, Marc T, Soleimanian A. Efficient lattice-based inner-product functional encryption. In: Hanaoka G, Shikata J,
                     Watanabe Y, eds. Proc. of the 25th IACR Int’l Conf. on Practice and Theory of Public-key Cryptography. Springer, 2022. 163–193.
                     [doi: 10.1007/978-3-030-97131-1_6]
                 [14]   Alperin-Sheriff J, Peikert C. Circular and KDM security for identity-based encryption. In: Fischlin M, Buchmann J, Manulis M, eds. Proc.
                     of the 15th Int’l Conf. on Practice and Theory in Public Key Cryptography. Darmstadt: Springer, 2012. 334–352. [doi: 10.1007/978-3-642-
                     30057-8_20]
                 [15]   O’Neill A, Peikert C, Waters B. Bi-deniable public-key encryption. In: Rogaway P, ed. Proc. of the 31st Annual Cryptology Conf. on
                     Advances in Cryptology (CRYPTO 2011). Santa Barbara: Springer, 2011. 525–542. [doi: 10.1007/978-3-642-22792-9_30]
                 [16]   Boneh D, Lewi K, Montgomery H, Raghunathan A. Key homomorphic PRFs and their applications. In: Canetti R, Garay JA, eds. Proc. of
                     the 33rd Annual Cryptology Conf. on Advances in Cryptology. Santa Barbara: Springer, 2013. 410–428. [doi: 10.1007/978-3-642-40041-
                     4_23]
                 [17]   Jia WJ, Zhang J, Wang BC. Hardness of module-LWE with semiuniform seeds from module-NTRU. IET Information Security, 2023,
                     2023: 2969432. [doi: 10.1049/2023/2969432]
                 [18]   Jia WJ, Wang BC. Hardness of (Semiuniform) MLWE with short distributions using the Rényi divergence. IET Information Security,
                     2023, 2023: 2104380. [doi: 10.1049/2023/2104380]
                 [19]   National Institute of Standards and Technology. Post-quantum cryptography—Round 1 submissions. 2024. https://csrc.nist.gov/Projects/
                     post-quantum-cryptography/post-quantum-cryptography-standardization/round-1-submissions
                 [20]   Bos J, Ducas L, Kiltz E, Lepoint T, Lyubashevsky V, Schanck JM, Schwabe P, Seiler G, Stehle D. CRYSTALS-Kyber: A CCA-secure
                     module-lattice-based  KEM.  In:  Proc.  of  the 2018  IEEE  European  Symp.  on  Security  and  Privacy  (EuroS&P).  London:  IEEE,  2018.
                     353–367. [doi: 10.1109/EuroSP.2018.00032]
                 [21]   Lindner R, Peikert C. Better key sizes (and attacks) for LWE-based encryption. In: Kiayias A, ed. Topics in Cryptology—CT-RSA 2011.
                     Berlin, Heidelberg: Springer, 2011. 319–339. [doi: 10.1007/978-3-642-19074-2_21]
                 [22]   National Institute of Standards and Technology. Post-quantum cryptography—Round 2 submissions. 2024. https://csrc.nist.gov/Projects/
                     post-quantum-cryptography/post-quantum-cryptography-standardization/round-2-submissions
                 [23]   National Institute of Standards and Technology. Post-quantum cryptography—Round 3 submissions. 2024. https://csrc.nist.gov/Projects/
                     post-quantum-cryptography/post-quantum-cryptography-standardization/round-3-submissions
                 [24]   National  Institute  of  Standards  and  Technology.  Post-quantum  cryptography —Selected  algorithms  2022.  2024. https://csrc.nist.gov/
                     Projects/post-quantum-cryptography/selected-algorithms-2022
                 [25]   Jin ZZ, Zhao YL. Optimal key consensus in presence of noise. arXiv:1611.06150, 2017.