4480                                                      软件学报  2025  年第  36  卷第  10  期


                     1976.1055638]
                  [2]   Shor PW. Polynomial-time algorithms for prime factorization and discrete logarithms on a quantum computer. SIAM Review, 1999,
                     41(2): 303–332. [doi: 10.1137/S0036144598347011]
                  [3]   Shor PW. Algorithms for quantum computation: Discrete logarithms and factoring. In: Proc. of the 35th Annual Symp. on Foundations of
                     Computer Science. Santa Fe: IEEE, 1994. 124–134. [doi: 10.1109/SFCS.1994.365700]
                  [4]   Grover  LK.  A  fast  quantum  mechanical  algorithm  for  database  search.  In:  Proc.  of  the  28th  Annual  ACM  Symp.  on  Theory  of
                     Computing. 1996. 212–219.
                  [5]   National Institute of Standards and Technology. Post-quantum cryptography—Call for proposals. 2017. https://csrc.nist.gov/Projects/post-
                     quantum-cryptography/post-quantum-cryptography-standardization/Call-for-Proposals
                  [6]   Chinese Association for Cryptologic Research. Public key algorithms selected to the second round competition of national cyptographic
                     algorithm competitions. 2019. https://sfjs.cacrnet.org.cn/site/term/list_77_1.html
                  [7]   National Institute of Standards and Technology. Post-quantum cryptography—Round 3 submissions. 2020. https://csrc.nist.gov/Projects/
                     post-quantum-cryptography/post-quantum-cryptography-standardization/round-3-submissions
                  [8]   Kumari S, Singh M, Singh R, Tewari H. Signature based Merkle Hash Multiplication algorithm to secure the communication in IoT
                     devices. Knowledge-based Systems, 2022, 253: 109543. [doi: 10.1016/j.knosys.2022.109543]
                  [9]   Engelbert  D,  Overbeck  R,  Schmidt  A.  A  summary  of  McEliece-type  cryptosystems  and  their  security.  Journal  of  Mathematical
                     Cryptology, 2007, 1(2): 151–199. [doi: 10.1515/JMC.2007.009]
                 [10]   Courtois N, Klimov A, Patarin J, Shamir A. Efficient algorithms for solving overdefined systems of multivariate polynomial equations.
                     In:  Proc.  of  the  2000  Int’l  Conf.  on  the  Theory  and  Applications  of  Cryptographic  Techniques.  Belgium:  Springer,  2000.  392–407.
                     [doi: 10.1007/3-540-45539-6_27]
                 [11]   Peng C, Chen JH, Zeadally S, He DB. Isogeny-based cryptography: A promising post-quantum technique. IT Professional, 2019, 21(6):
                     27–32. [doi: 10.1109/MITP.2019.2943136]
                 [12]   Nejatollahi  H,  Dutt  N,  Ray  S,  Regazzoni  F,  Banerjee  I,  Cammarota  R.  Post-quantum  lattice-based  cryptography  implementations:  A
                     survey. ACM Computing Surveys (CSUR), 2019, 51(6): 129. [doi: 10.1145/3292548]
                 [13]   Avanzi  R,  Bos  J,  Ducas  L,  Kiltz  E,  Lepoint  T,  Lyubashevsky  V,  Schanck  JM,  Schwabe  P,  Seiler  G,  Stehlé  D.  CRYSTALS-Kyber:
                     Algorithm specifications and supporting documentation (version 3.01). 2021. https://pq-crystals.org/kyber/data/kyber-specificationround3-
                     20210131.pdf
                 [14]   Bai S, Ducas L, Kiltz E, Lepoint T, Lyubashevsky V, Schwabe P, Seiler G, Stehlé D. CRYSTALS-Dilithium algorithm specifications and
                     supporting documentation (version 3.1). 2021. https://pq-crystals.org/dilithium/data/dilithium-specification-round3-20210208.pdf
                 [15]   Fouque PA, Hoffstein J, Kirchner P, Lyubashevsky V, Pornin T, Prest T, Ricosset T, Seiler G, Whyte W, Zhang ZF. Falcon: Fast-Fourier
                     lattice-based compact signatures over NTRU (Specification v1.2). NIST PQC Round 3 Submission, 2020. https://falcon-sign.info/falcon.
                     pdf
                 [16]   National Institute of Standards and Technology. PQC standardization process: Announcing four candidates to be standardized, plus fourth
                     round candidates. 2022. https://csrc.nist.gov/News/2022/pqc-candidates-to-be-standardized-and-round-4
                 [17]   National Institute of Standards and Technology. Module-lattice-based digital signature standard. 2024. https://nvlpubs.nist.gov/nistpubs/
                     FIPS/NIST.FIPS.204.pdf
                 [18]   Langlois  A,  Stehlé  D.  Worst-case  to  average-case  reductions  for  module  lattices.  Designs,  Codes  and  Cryptography,  2015,  75(3):
                     565–599. [doi: 10.1007/s10623-014-9938-4]
                 [19]   Kannwischer MJ, Rijneveld J, Schwabe P, Stoelen K. pqm4: Testing and Benchmarking NIST PQC on ARM Cortex-M4. Cryptology
                     ePrint Archive, 2019/844, 2019.
                 [20]   Kim Y, Song JY, Youn TY, Seo SC. Crystals-Dilithium on ARMv8. Security and Communication Networks, 2022, 2022: 5226390. [doi:
                     10.1155/2022/5226390]
                 [21]   Zheng  JY,  He  F,  Shen  SY,  Xue  CX,  Zhao  YL.  Parallel  small  polynomial  multiplication  for  Dilithium:  A  faster  design  and
                     implementation.  In:  Proc.  of  the  38th  Annual  Computer  Security  Applications  Conf.  Austin:  ACM,  2022.  304–317.  [doi:  10.1145/
                     3564625.3564629]
                 [22]   Soni D, Basu K, Nabeel MM, Karri R. A hardware evaluation study of NIST post-quantum cryptographic signature schemes. In: Proc. of
                     the  2nd  PQC  Standardization  Conf.  National  Institute  of  Standards  and  Technology,  2019. https://api.semanticscholar.org/CorpusID:
                     198939541
                 [23]   Ricci  S,  Malina  L,  Jedlicka  P,  Smékal  D,  Hajny  J,  Cibik  P,  Dzurenda  P,  Dobias  P.  Implementing  CRYSTALS-Dilithium  signature
                     scheme on FPGAs. In: Proc. of the 16th Int’l Conf. on Availability, Reliability and Security. Vienna: ACM, 2021. 1–11. [doi: 10.1145/