{"id":"https://openalex.org/W4226316194","doi":"https://doi.org/10.1109/tit.2022.3168439","title":"Ouroboros: An Efficient and Provably Secure KEM Family","display_name":"Ouroboros: An Efficient and Provably Secure KEM Family","publication_year":2022,"publication_date":"2022-04-20","ids":{"openalex":"https://openalex.org/W4226316194","doi":"https://doi.org/10.1109/tit.2022.3168439"},"language":"en","primary_location":{"id":"doi:10.1109/tit.2022.3168439","is_oa":false,"landing_page_url":"https://doi.org/10.1109/tit.2022.3168439","pdf_url":null,"source":{"id":"https://openalex.org/S4502562","display_name":"IEEE Transactions on Information Theory","issn_l":"0018-9448","issn":["0018-9448","1557-9654"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310319808","host_organization_name":"Institute of Electrical and Electronics Engineers","host_organization_lineage":["https://openalex.org/P4310319808"],"host_organization_lineage_names":["Institute of Electrical and Electronics Engineers"],"type":"journal"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"IEEE Transactions on Information Theory","raw_type":"journal-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5073493595","display_name":"Nicolas Aragon","orcid":"https://orcid.org/0000-0002-9446-8688"},"institutions":[{"id":"https://openalex.org/I1294671590","display_name":"Centre National de la Recherche Scientifique","ror":"https://ror.org/02feahw73","country_code":"FR","type":"government","lineage":["https://openalex.org/I1294671590"]},{"id":"https://openalex.org/I2802519937","display_name":"Institut de Recherche en Informatique et Syst\u00e8mes Al\u00e9atoires","ror":"https://ror.org/00myn0z94","country_code":"FR","type":"facility","lineage":["https://openalex.org/I1294671590","https://openalex.org/I1294671590","https://openalex.org/I1326498283","https://openalex.org/I205703379","https://openalex.org/I2802204017","https://openalex.org/I2802519937","https://openalex.org/I28221208","https://openalex.org/I4210127572","https://openalex.org/I4210159245","https://openalex.org/I56067802"]},{"id":"https://openalex.org/I4210115519","display_name":"Centre de Recherche en Informatique","ror":"https://ror.org/020cdve92","country_code":"FR","type":"facility","lineage":["https://openalex.org/I190752583","https://openalex.org/I2746051580","https://openalex.org/I4210091621","https://openalex.org/I4210115519","https://openalex.org/I70768539"]},{"id":"https://openalex.org/I56067802","display_name":"Universit\u00e9 de Rennes","ror":"https://ror.org/015m7wh34","country_code":"FR","type":"education","lineage":["https://openalex.org/I56067802"]}],"countries":["FR"],"is_corresponding":true,"raw_author_name":"Nicolas Aragon","raw_affiliation_strings":["CNRS, Inria, IRISA, University of Rennes, Rennes, France","Institut National de Recherche en Informatique et en Automatique","Centre National de la Recherche Scientifique"],"affiliations":[{"raw_affiliation_string":"CNRS, Inria, IRISA, University of Rennes, Rennes, France","institution_ids":["https://openalex.org/I56067802","https://openalex.org/I2802519937","https://openalex.org/I1294671590"]},{"raw_affiliation_string":"Institut National de Recherche en Informatique et en Automatique","institution_ids":["https://openalex.org/I4210115519"]},{"raw_affiliation_string":"Centre National de la Recherche Scientifique","institution_ids":["https://openalex.org/I1294671590"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5015567963","display_name":"Olivier Blazy","orcid":"https://orcid.org/0000-0001-6205-8249"},"institutions":[{"id":"https://openalex.org/I1294671590","display_name":"Centre National de la Recherche Scientifique","ror":"https://ror.org/02feahw73","country_code":"FR","type":"government","lineage":["https://openalex.org/I1294671590"]},{"id":"https://openalex.org/I4210139461","display_name":"Laboratoire d'Informatique de l'\u00c9cole Polytechnique","ror":"https://ror.org/04afed728","country_code":"FR","type":"facility","lineage":["https://openalex.org/I1294671590","https://openalex.org/I1294671590","https://openalex.org/I1326498283","https://openalex.org/I142476485","https://openalex.org/I4210139461","https://openalex.org/I4210145102","https://openalex.org/I4210159245"]}],"countries":["FR"],"is_corresponding":false,"raw_author_name":"Olivier Blazy","raw_affiliation_strings":["LIX, CNRS, Inria, &#x00C9;cole Polytechnique, Palaiseau, France","Geometry, arithmetic, algorithms, codes and encryption"],"affiliations":[{"raw_affiliation_string":"LIX, CNRS, Inria, &#x00C9;cole Polytechnique, Palaiseau, France","institution_ids":["https://openalex.org/I4210139461","https://openalex.org/I1294671590"]},{"raw_affiliation_string":"Geometry, arithmetic, algorithms, codes and encryption","institution_ids":[]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5030657676","display_name":"Jean-Christophe Deneuville","orcid":"https://orcid.org/0000-0002-5128-6729"},"institutions":[{"id":"https://openalex.org/I100296615","display_name":"\u00c9cole Nationale de l\u2019Aviation Civile","ror":"https://ror.org/022zdgq74","country_code":"FR","type":"education","lineage":["https://openalex.org/I100296615","https://openalex.org/I4405258862"]}],"countries":["FR"],"is_corresponding":false,"raw_author_name":"Jean-Christophe Deneuville","raw_affiliation_strings":["ENAC, University of Toulouse, Toulouse, France"],"affiliations":[{"raw_affiliation_string":"ENAC, University of Toulouse, Toulouse, France","institution_ids":["https://openalex.org/I100296615"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5019785896","display_name":"Philippe Gaborit","orcid":"https://orcid.org/0000-0002-4034-521X"},"institutions":[{"id":"https://openalex.org/I65806277","display_name":"Universit\u00e9 de Limoges","ror":"https://ror.org/02cp04407","country_code":"FR","type":"education","lineage":["https://openalex.org/I65806277"]}],"countries":["FR"],"is_corresponding":false,"raw_author_name":"Philippe Gaborit","raw_affiliation_strings":["XLIM-MATHIS, University of Limoges, Limoges, France"],"affiliations":[{"raw_affiliation_string":"XLIM-MATHIS, University of Limoges, Limoges, France","institution_ids":["https://openalex.org/I65806277"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5064676731","display_name":"Gilles Z\u00e9mor","orcid":"https://orcid.org/0000-0002-6041-9554"},"institutions":[{"id":"https://openalex.org/I15057530","display_name":"Universit\u00e9 de Bordeaux","ror":"https://ror.org/057qpr032","country_code":"FR","type":"education","lineage":["https://openalex.org/I15057530"]},{"id":"https://openalex.org/I4210166017","display_name":"Institut de Math\u00e9matiques de Bordeaux","ror":"https://ror.org/05m3r1b84","country_code":"FR","type":"facility","lineage":["https://openalex.org/I1294671590","https://openalex.org/I1294671590","https://openalex.org/I1326498283","https://openalex.org/I15057530","https://openalex.org/I4210141950","https://openalex.org/I4210160189","https://openalex.org/I4210166017"]}],"countries":["FR"],"is_corresponding":false,"raw_author_name":"Gilles Zemor","raw_affiliation_strings":["IMB, University of Bordeaux, Bordeaux, France"],"affiliations":[{"raw_affiliation_string":"IMB, University of Bordeaux, Bordeaux, France","institution_ids":["https://openalex.org/I15057530","https://openalex.org/I4210166017"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":5,"corresponding_author_ids":["https://openalex.org/A5073493595"],"corresponding_institution_ids":["https://openalex.org/I1294671590","https://openalex.org/I2802519937","https://openalex.org/I4210115519","https://openalex.org/I56067802"],"apc_list":null,"apc_paid":null,"fwci":0.9653,"has_fulltext":false,"cited_by_count":8,"citation_normalized_percentile":{"value":0.7903977,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":{"min":90,"max":99},"biblio":{"volume":"68","issue":"9","first_page":"6233","last_page":"6244"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11130","display_name":"Coding theory and cryptography","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11130","display_name":"Coding theory and cryptography","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10951","display_name":"Cryptographic Implementations and Security","score":0.9997000098228455,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10237","display_name":"Cryptography and Data Security","score":0.9991999864578247,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/decoding-methods","display_name":"Decoding methods","score":0.5488555431365967},{"id":"https://openalex.org/keywords/coding-theory","display_name":"Coding theory","score":0.49942922592163086},{"id":"https://openalex.org/keywords/notation","display_name":"Notation","score":0.48364269733428955},{"id":"https://openalex.org/keywords/discrete-mathematics","display_name":"Discrete mathematics","score":0.43360599875450134},{"id":"https://openalex.org/keywords/key-exchange","display_name":"Key exchange","score":0.43195879459381104},{"id":"https://openalex.org/keywords/mathematics","display_name":"Mathematics","score":0.4313446283340454},{"id":"https://openalex.org/keywords/cryptography","display_name":"Cryptography","score":0.42820632457733154},{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.41730836033821106},{"id":"https://openalex.org/keywords/simple","display_name":"Simple (philosophy)","score":0.4112464189529419},{"id":"https://openalex.org/keywords/theoretical-computer-science","display_name":"Theoretical computer science","score":0.37658777832984924},{"id":"https://openalex.org/keywords/algebra-over-a-field","display_name":"Algebra over a field","score":0.35717612504959106},{"id":"https://openalex.org/keywords/encryption","display_name":"Encryption","score":0.3045240044593811},{"id":"https://openalex.org/keywords/algorithm","display_name":"Algorithm","score":0.2789304852485657},{"id":"https://openalex.org/keywords/public-key-cryptography","display_name":"Public-key cryptography","score":0.2603738605976105},{"id":"https://openalex.org/keywords/pure-mathematics","display_name":"Pure mathematics","score":0.16368252038955688},{"id":"https://openalex.org/keywords/arithmetic","display_name":"Arithmetic","score":0.15981769561767578}],"concepts":[{"id":"https://openalex.org/C57273362","wikidata":"https://www.wikidata.org/wiki/Q576722","display_name":"Decoding methods","level":2,"score":0.5488555431365967},{"id":"https://openalex.org/C113709454","wikidata":"https://www.wikidata.org/wiki/Q602136","display_name":"Coding theory","level":2,"score":0.49942922592163086},{"id":"https://openalex.org/C45357846","wikidata":"https://www.wikidata.org/wiki/Q2001982","display_name":"Notation","level":2,"score":0.48364269733428955},{"id":"https://openalex.org/C118615104","wikidata":"https://www.wikidata.org/wiki/Q121416","display_name":"Discrete mathematics","level":1,"score":0.43360599875450134},{"id":"https://openalex.org/C99674996","wikidata":"https://www.wikidata.org/wiki/Q1414155","display_name":"Key exchange","level":4,"score":0.43195879459381104},{"id":"https://openalex.org/C33923547","wikidata":"https://www.wikidata.org/wiki/Q395","display_name":"Mathematics","level":0,"score":0.4313446283340454},{"id":"https://openalex.org/C178489894","wikidata":"https://www.wikidata.org/wiki/Q8789","display_name":"Cryptography","level":2,"score":0.42820632457733154},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.41730836033821106},{"id":"https://openalex.org/C2780586882","wikidata":"https://www.wikidata.org/wiki/Q7520643","display_name":"Simple (philosophy)","level":2,"score":0.4112464189529419},{"id":"https://openalex.org/C80444323","wikidata":"https://www.wikidata.org/wiki/Q2878974","display_name":"Theoretical computer science","level":1,"score":0.37658777832984924},{"id":"https://openalex.org/C136119220","wikidata":"https://www.wikidata.org/wiki/Q1000660","display_name":"Algebra over a field","level":2,"score":0.35717612504959106},{"id":"https://openalex.org/C148730421","wikidata":"https://www.wikidata.org/wiki/Q141090","display_name":"Encryption","level":2,"score":0.3045240044593811},{"id":"https://openalex.org/C11413529","wikidata":"https://www.wikidata.org/wiki/Q8366","display_name":"Algorithm","level":1,"score":0.2789304852485657},{"id":"https://openalex.org/C203062551","wikidata":"https://www.wikidata.org/wiki/Q201339","display_name":"Public-key cryptography","level":3,"score":0.2603738605976105},{"id":"https://openalex.org/C202444582","wikidata":"https://www.wikidata.org/wiki/Q837863","display_name":"Pure mathematics","level":1,"score":0.16368252038955688},{"id":"https://openalex.org/C94375191","wikidata":"https://www.wikidata.org/wiki/Q11205","display_name":"Arithmetic","level":1,"score":0.15981769561767578},{"id":"https://openalex.org/C111919701","wikidata":"https://www.wikidata.org/wiki/Q9135","display_name":"Operating system","level":1,"score":0.0},{"id":"https://openalex.org/C111472728","wikidata":"https://www.wikidata.org/wiki/Q9471","display_name":"Epistemology","level":1,"score":0.0},{"id":"https://openalex.org/C138885662","wikidata":"https://www.wikidata.org/wiki/Q5891","display_name":"Philosophy","level":0,"score":0.0}],"mesh":[],"locations_count":2,"locations":[{"id":"doi:10.1109/tit.2022.3168439","is_oa":false,"landing_page_url":"https://doi.org/10.1109/tit.2022.3168439","pdf_url":null,"source":{"id":"https://openalex.org/S4502562","display_name":"IEEE Transactions on Information Theory","issn_l":"0018-9448","issn":["0018-9448","1557-9654"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310319808","host_organization_name":"Institute of Electrical and Electronics Engineers","host_organization_lineage":["https://openalex.org/P4310319808"],"host_organization_lineage_names":["Institute of Electrical and Electronics Engineers"],"type":"journal"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"IEEE Transactions on Information Theory","raw_type":"journal-article"},{"id":"pmh:oai:HAL:hal-03679752v1","is_oa":false,"landing_page_url":"https://enac.hal.science/hal-03679752","pdf_url":null,"source":{"id":"https://openalex.org/S4306402512","display_name":"HAL (Le Centre pour la Communication Scientifique Directe)","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I1294671590","host_organization_name":"Centre National de la Recherche Scientifique","host_organization_lineage":["https://openalex.org/I1294671590"],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":"IEEE Transactions on Information Theory, 2022, pp.1-1. &#x27E8;10.1109/TIT.2022.3168439&#x27E9;","raw_type":"Journal articles"}],"best_oa_location":null,"sustainable_development_goals":[],"awards":[],"funders":[],"has_content":{"grobid_xml":false,"pdf":false},"content_urls":null,"referenced_works_count":26,"referenced_works":["https://openalex.org/W1493399411","https://openalex.org/W1606480398","https://openalex.org/W1675339804","https://openalex.org/W1872498068","https://openalex.org/W1927638654","https://openalex.org/W1965275036","https://openalex.org/W2006504364","https://openalex.org/W2025108828","https://openalex.org/W2035929826","https://openalex.org/W2134427743","https://openalex.org/W2171001107","https://openalex.org/W2295684241","https://openalex.org/W2517312222","https://openalex.org/W2566390621","https://openalex.org/W2604850172","https://openalex.org/W2621331947","https://openalex.org/W2778213072","https://openalex.org/W2885670388","https://openalex.org/W2885731197","https://openalex.org/W2963320596","https://openalex.org/W2967670694","https://openalex.org/W3034712312","https://openalex.org/W3103858320","https://openalex.org/W4213186577","https://openalex.org/W6694889516","https://openalex.org/W6724049718"],"related_works":["https://openalex.org/W2768765413","https://openalex.org/W223331605","https://openalex.org/W2258715480","https://openalex.org/W1582299817","https://openalex.org/W2801596938","https://openalex.org/W25273802","https://openalex.org/W1565942289","https://openalex.org/W4390188610","https://openalex.org/W2491864954","https://openalex.org/W4389292202"],"abstract_inverted_index":{"In":[0,247],"this":[1,248],"paper":[2],"we":[3,155,219],"introduce":[4],"Ouroboros,":[5],"a":[6,20,51,77,88,97,137,181,196],"new":[7],"family":[8,148],"of":[9,64,149,160,198,239],"Key":[10],"Exchange":[11],"protocols":[12,18],"based":[13,26,118,123,177],"on":[14,27,124,202,230],"coding":[15],"theory.":[16],"The":[17,120],"propose":[19],"middle":[21],"ground":[22],"between":[23],"the":[24,57,62,65,68,81,91,102,132,146,152,157,164,190,203,211,216,231,235,251,265,269,275],"cryptosystems":[25],"<inline-formula":[28,36,103,111,170],"xmlns:mml=\"http://www.w3.org/1998/Math/MathML\"":[29,37,104,112,171],"xmlns:xlink=\"http://www.w3.org/1999/xlink\">":[30,38,105,113,172],"<tex-math":[31,39,106,114,173],"notation=\"LaTeX\">$\\mathsf":[32,40,107,115,174],"{QC}$":[33,108],"</tex-math></inline-formula>":[34,42,109,117,176],"-":[35,110],"{MDPC}$":[41,116,175],"codes,":[43],"which":[44,71],"feature":[45],"small":[46,98],"parameter":[47],"sizes,":[48],"but":[49,75,179],"have":[50,256],"security":[52,78,182,266],"reduction":[53,79,89,183,197],"to":[54,80,90,101,184,200,208,228],"two":[55],"problems:":[56],"syndrome":[58,82,92],"decoding":[59,83,93,185,254],"problem":[60,84,94],"and":[61,67,128,140,253,268],"indistinguishability":[63],"code,":[66],"HQC":[69],"protocol,":[70],"features":[72,87],"bigger":[73],"parameters":[74,161,222],"has":[76],"only.":[85],"Ouroboros":[86,147],"with":[95,180],"only":[96],"overhead":[99],"compared":[100,207],"cryptosystems.":[119],"approach":[121,142],"is":[122,271],"an":[125],"ideal":[126],"structure":[127],"also":[129],"works":[130],"for":[131,143,169,210,224,234,274],"rank":[133,217,276],"metric.":[134,277],"This":[135,194],"yields":[136],"simple,":[138],"secure":[139,213,237],"efficient":[141],"key":[144,205,233],"exchange,":[145],"protocols.":[150],"For":[151,215],"Hamming":[153],"metric":[154],"obtain":[156,220],"same":[158,165],"type":[159],"(and":[162],"almost":[163],"simple":[166],"decoding)":[167],"as":[168],"cryptosystems,":[178],"random":[186],"quasi-cyclic":[187],"codes":[188],"in":[189,245,264],"Random":[191],"Oracle":[192],"Model.":[193],"represents":[195],"up":[199,227],"38%":[201],"public":[204,232],"size":[206],"HQC,":[209],"most":[212,236],"parameters.":[214],"metric,":[218],"better":[221],"than":[223],"RQC,":[225],"saving":[226],"31%":[229],"set":[238],"parameters,":[240],"using":[241],"non":[242],"homogeneous":[243],"errors":[244],"Ouroboros.":[246],"full":[249],"version,":[250],"protocol":[252,270],"algorithm":[255],"been":[257],"slightly":[258],"improved,":[259],"additional":[260],"details":[261],"are":[262],"given":[263],"proof,":[267],"fully":[272],"described":[273]},"counts_by_year":[{"year":2026,"cited_by_count":1},{"year":2025,"cited_by_count":2},{"year":2024,"cited_by_count":1},{"year":2023,"cited_by_count":4}],"updated_date":"2026-03-27T05:58:40.876381","created_date":"2025-10-10T00:00:00"}