[1]

M. Ajtai, Generating hard instances of lattice problems, in *Complexity of Computations and Proofs*. Quad. Mat., vol. 13 (Dept. Math., Seconda Univ. Napoli, Caserta, 2004), pp. 1–32

[2]

N. Alon, J.H. Spencer, The Probabilistic Method. Wiley-Interscience Series in Discrete Mathematics and Optimization, 2nd edn. (Wiley, New York, 2000)

MATH[3]

L. Babai, On Lovász lattice reduction and the nearest lattice point problem. Combinatorica 6, 1–13 (1986)

MATHCrossRefMathSciNet[4]

Consortium for Efficient Embedded Security. Efficient embedded security standards #1: Implementation aspects of NTRUencrypt and NTRUsign. Version 2.0 available at

http://grouper.ieee.org/groups/1363/lattPK/index.html, June (2003)

[5]

A. Frieze, M. Jerrum, R. Kannan, Learning linear transformations, in 37th Annual Symposium on Foundations of Computer Science, Burlington, VT, 1996 (IEEE Comput. Soc. Press, Los Alamitos, 1996), pp. 359–368

[6]

C. Gentry, M. Szydlo, Cryptanalysis of the revised NTRU signature scheme, in *Proc. of Eurocrypt ’02*. LNCS, vol. 2332 (Springer, Berlin, 2002)

[7]

C. Gentry, C. Peikert, V. Vaikuntanathan, Trapdoors for hard lattices and new cryptographic constructions, in *Proc. 40th ACM Symp. on Theory of Computing (STOC)*, pp. 197–206 (2008)

[8]

C. Gentry, J. Jonsson, J. Stern, M. Szydlo, Cryptanalysis of the NTRU signature scheme (NSS) from Eurocrypt 2001, in *Proc. of Asiacrypt ’01*. LNCS, vol. 2248 (Springer, Berlin, 2001)

[9]

O. Goldreich, S. Goldwasser, S. Halevi, Public-key cryptosystems from lattice reduction problems, in Proc. of Crypto ’97. LNCS, vol. 1294 (Springer, Berlin, 1997), pp. 112–131. Full version available at ECCC as TR96-056

[10]

O. Goldreich, S. Goldwasser, S. Halevi, Challenges for the GGH cryptosystem. Available at

http://theory.lcs.mit.edu/~shaih/challenge.html
[11]

G. Golub, C. Loan, Matrix Computations (Johns Hopkins Univ. Press, Baltimore, 1996)

MATH[12]

J. Hoffstein, J. Pipher, J. Silverman, NTRU: a ring based public key cryptosystem, in Proc. of ANTS III. LNCS, vol. 1423 (Springer, Berlin, 1998), pp. 267–288. First presented at the rump session of Crypto ’96

[13]

J. Hoffstein, J. Pipher, J.H. Silverman, NSS: An NTRU lattice-based signature scheme, in *Proc. of Eurocrypt ’01*. LNCS, vol. 2045 (Springer, Berlin, 2001)

[14]

J. Hoffstein, N.A.H. Graham, J. Pipher, J.H. Silverman, W. Whyte, NTRUsign: Digital signatures using the NTRU lattice. Full version of *Proc. of CT-RSA*. LNCS, vol. 2612. Draft of April 2, 2002, available on NTRU’s website

[15]

J. Hoffstein, N.A.H. Graham, J. Pipher, J.H. Silverman, W. Whyte, NTRUsign: Digital signatures using the NTRU lattice, in *Proc. of CT-RSA*. LNCS, vol. 2612 (Springer, Berlin, 2003)

[16]

J. Hoffstein, N.A.H. Graham, J. Pipher, J.H. Silverman, W. Whyte, Performances improvements and a baseline parameter generation algorithm for NTRUsign, in *Proc. of Workshop on Mathematical Problems and Techniques in Cryptology* (CRM, 2005), pp. 99–126

[17]

A. Hyvärinen, E. Oja, A fast fixed-point algorithm for independent component analysis. Neural Comput. 9(7), 1483–1492 (1997)

CrossRef[18]

A. Hyvärinen, J. Karhunen, E. Oja, Independent Component Analysis (Wiley, New York, 2001)

CrossRef[19]

IEEE P1363.1. Public-key cryptographic techniques based on hard problems over lattices. See

http://grouper.ieee.org/groups/1363/lattPK/index.html, June 2003

[20]

P. Klein, Finding the closest lattice vector when it’s unusually close, in *Proc. of SODA ’00* (ACM–SIAM, 2000)

[21]

V. Lyubashevsky, D. Micciancio, Asymptotically efficient lattice-based digital signatures, in *Fifth Theory of Cryptography Conference (TCC)*. Lecture Notes in Computer Science, vol. 4948 (Springer, Berlin, 2008)

[22]

R. McEliece, A public-key cryptosystem based on algebraic number theory. Technical report, Jet Propulsion Laboratory, 1978. DSN Progress Report 42-44

[23]

D. Micciancio, Improving lattice-based cryptosystems using the Hermite normal form, in *Proc. of CALC ’01*. LNCS, vol. 2146 (Springer, Berlin, 2001)

[24]

D. Micciancio, Cryptographic functions from worst-case complexity assumptions. Survey paper prepared for the LLL+25 conference. To appear

[25]

D. Micciancio, S. Goldwasser, Complexity of Lattice Problems: A Cryptographic Perspective. The Kluwer International Series in Engineering and Computer Science, vol. 671 (Kluwer Academic, Boston, 2002)

MATH[26]

D. Micciancio, O. Regev, Lattice-based cryptography, in *Post-Quantum Cryprography*, ed. by D.J. Bernstein, J. Buchmann (Springer, Berlin, 2008)

[27]

D. Micciancio, S. Vadhan, Statistical zero-knowledge proofs with efficient provers: lattice problems and more, in Advances in Cryptology—Proc. CRYPTO ’03. Lecture Notes in Computer Science, vol. 2729 (Springer, Berlin, 2003), pp. 282–298

[28]

M. Naor, M. Yung, Universal one-way hash functions and their cryptographic applications, in *Proc. 21st ACM Symp. on Theory of Computing (STOC)*, pp. 33–43 (1989)

[29]

P.Q. Nguyen, Cryptanalysis of the Goldreich–Goldwasser–Halevi cryptosystem from Crypto ’97, in Proc. of Crypto ’99. LNCS, vol. 1666 (Springer, Berlin, 1999), pp. 288–304

[30]

P.Q. Nguyen, O. Regev, Learning a Parallelepiped: Cryptanalysis of GGH and NTRU Signatures, in Advances in Cryptology—Proceedings of EUROCRYPT ’06. LNCS, vol. 4004 (Springer, Berlin, 2006), pp. 215–233

CrossRef[31]

P.Q. Nguyen, J. Stern, The two faces of lattices in cryptology, in *Proc. of CALC ’01*. LNCS, vol. 2146 (Springer, Berlin, 2001)

[32]

O. Regev, Lattice-based cryptography, in Advances in Cryptology—Proc. of CRYPTO ’06. LNCS, vol. 4117 (Springer, Berlin, 2006), pp. 131–141

[33]

C.P. Schnorr, M. Euchner, Lattice basis reduction: improved practical algorithms and solving subset sum problems. Math. Program. 66, 181–199 (1994)

CrossRefMathSciNet[34]

V. Shoup, NTL: A library for doing number theory. Available at

http://www.shoup.net/ntl/
[35]

M. Szydlo, Hypercubic lattice reduction and analysis of GGH and NTRU signatures, in *Proc. of Eurocrypt ’03*. LNCS, vol. 2656 (Springer, Berlin, 2003)

[36]

W. Whyte, Improved NTRUSign transcript analysis. Presentation at the rump session of Eurocrypt ’06, on May 30 (2006)