{"id":"https://openalex.org/W4414869309","doi":"https://doi.org/10.62056/ayivom2hd","title":"FrodoKEM: A CCA-Secure Learning With Errors Key Encapsulation Mechanism","display_name":"FrodoKEM: A CCA-Secure Learning With Errors Key Encapsulation Mechanism","publication_year":2025,"publication_date":"2025-10-06","ids":{"openalex":"https://openalex.org/W4414869309","doi":"https://doi.org/10.62056/ayivom2hd"},"language":"en","primary_location":{"id":"doi:10.62056/ayivom2hd","is_oa":true,"landing_page_url":"https://doi.org/10.62056/ayivom2hd","pdf_url":"https://cic.iacr.org/p/2/3/25/pdf","source":{"id":"https://openalex.org/S4394708374","display_name":"IACR Communications in Cryptology","issn_l":"3006-5496","issn":["3006-5496"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310320989","host_organization_name":"International Association for Cryptologic Research","host_organization_lineage":["https://openalex.org/P4310320989"],"host_organization_lineage_names":["International Association for Cryptologic Research"],"type":"journal"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"IACR Communications in Cryptology","raw_type":"journal-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":true,"oa_status":"hybrid","oa_url":"https://cic.iacr.org/p/2/3/25/pdf","any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5119400754","display_name":"Lewis Glabush","orcid":null},"institutions":[],"countries":[],"is_corresponding":true,"raw_author_name":"Lewis Glabush","raw_affiliation_strings":["EPFL"],"affiliations":[{"raw_affiliation_string":"EPFL","institution_ids":[]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5053260383","display_name":"Patrick Longa","orcid":"https://orcid.org/0000-0001-5791-6341"},"institutions":[{"id":"https://openalex.org/I4210164937","display_name":"Microsoft Research (United Kingdom)","ror":"https://ror.org/05k87vq12","country_code":"GB","type":"company","lineage":["https://openalex.org/I1290206253","https://openalex.org/I4210164937"]}],"countries":["GB"],"is_corresponding":false,"raw_author_name":"Patrick Longa","raw_affiliation_strings":["Microsoft Research"],"affiliations":[{"raw_affiliation_string":"Microsoft Research","institution_ids":["https://openalex.org/I4210164937"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5057584611","display_name":"Michael Naehrig","orcid":null},"institutions":[{"id":"https://openalex.org/I4210164937","display_name":"Microsoft Research (United Kingdom)","ror":"https://ror.org/05k87vq12","country_code":"GB","type":"company","lineage":["https://openalex.org/I1290206253","https://openalex.org/I4210164937"]}],"countries":["GB"],"is_corresponding":false,"raw_author_name":"Michael Naehrig","raw_affiliation_strings":["Microsoft Research"],"affiliations":[{"raw_affiliation_string":"Microsoft Research","institution_ids":["https://openalex.org/I4210164937"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5086535374","display_name":"Chris Peikert","orcid":"https://orcid.org/0000-0003-0419-7501"},"institutions":[{"id":"https://openalex.org/I27837315","display_name":"University of Michigan","ror":"https://ror.org/00jmfr291","country_code":"US","type":"education","lineage":["https://openalex.org/I27837315"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Chris Peikert","raw_affiliation_strings":["University of Michigan"],"affiliations":[{"raw_affiliation_string":"University of Michigan","institution_ids":["https://openalex.org/I27837315"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5034733246","display_name":"Douglas Stebila","orcid":"https://orcid.org/0000-0001-9443-3170"},"institutions":[{"id":"https://openalex.org/I151746483","display_name":"University of Waterloo","ror":"https://ror.org/01aff2v68","country_code":"CA","type":"education","lineage":["https://openalex.org/I151746483"]}],"countries":["CA"],"is_corresponding":false,"raw_author_name":"Douglas Stebila","raw_affiliation_strings":["University of Waterloo"],"affiliations":[{"raw_affiliation_string":"University of Waterloo","institution_ids":["https://openalex.org/I151746483"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5013503564","display_name":"Fernando Virdia","orcid":"https://orcid.org/0000-0002-0001-2955"},"institutions":[{"id":"https://openalex.org/I183935753","display_name":"King's College London","ror":"https://ror.org/0220mzb33","country_code":"GB","type":"education","lineage":["https://openalex.org/I124357947","https://openalex.org/I183935753"]}],"countries":["GB"],"is_corresponding":false,"raw_author_name":"Fernando Virdia","raw_affiliation_strings":["King's College London"],"affiliations":[{"raw_affiliation_string":"King's College London","institution_ids":["https://openalex.org/I183935753"]}]}],"institutions":[],"countries_distinct_count":3,"institutions_distinct_count":6,"corresponding_author_ids":["https://openalex.org/A5119400754"],"corresponding_institution_ids":[],"apc_list":null,"apc_paid":null,"fwci":0.0,"has_fulltext":true,"cited_by_count":0,"citation_normalized_percentile":{"value":0.14136943,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":null,"biblio":{"volume":"2","issue":"3","first_page":null,"last_page":null},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T10237","display_name":"Cryptography and Data Security","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T10237","display_name":"Cryptography and Data Security","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10951","display_name":"Cryptographic Implementations and Security","score":0.998199999332428,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11598","display_name":"Internet Traffic Analysis and Secure E-voting","score":0.9976999759674072,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/cryptography","display_name":"Cryptography","score":0.6672000288963318},{"id":"https://openalex.org/keywords/exploit","display_name":"Exploit","score":0.6531000137329102},{"id":"https://openalex.org/keywords/nist","display_name":"NIST","score":0.5673999786376953},{"id":"https://openalex.org/keywords/key-encapsulation","display_name":"Key encapsulation","score":0.5310999751091003},{"id":"https://openalex.org/keywords/encapsulation","display_name":"Encapsulation (networking)","score":0.5123999714851379},{"id":"https://openalex.org/keywords/cryptographic-protocol","display_name":"Cryptographic protocol","score":0.48649999499320984},{"id":"https://openalex.org/keywords/cryptographic-primitive","display_name":"Cryptographic primitive","score":0.48559999465942383},{"id":"https://openalex.org/keywords/implementation","display_name":"Implementation","score":0.48539999127388},{"id":"https://openalex.org/keywords/encryption","display_name":"Encryption","score":0.47620001435279846}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.7276999950408936},{"id":"https://openalex.org/C178489894","wikidata":"https://www.wikidata.org/wiki/Q8789","display_name":"Cryptography","level":2,"score":0.6672000288963318},{"id":"https://openalex.org/C165696696","wikidata":"https://www.wikidata.org/wiki/Q11287","display_name":"Exploit","level":2,"score":0.6531000137329102},{"id":"https://openalex.org/C111219384","wikidata":"https://www.wikidata.org/wiki/Q6954384","display_name":"NIST","level":2,"score":0.5673999786376953},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.5371000170707703},{"id":"https://openalex.org/C35181327","wikidata":"https://www.wikidata.org/wiki/Q6398156","display_name":"Key encapsulation","level":5,"score":0.5310999751091003},{"id":"https://openalex.org/C81147070","wikidata":"https://www.wikidata.org/wiki/Q1172449","display_name":"Encapsulation (networking)","level":2,"score":0.5123999714851379},{"id":"https://openalex.org/C33884865","wikidata":"https://www.wikidata.org/wiki/Q1254335","display_name":"Cryptographic protocol","level":3,"score":0.48649999499320984},{"id":"https://openalex.org/C15927051","wikidata":"https://www.wikidata.org/wiki/Q246593","display_name":"Cryptographic primitive","level":4,"score":0.48559999465942383},{"id":"https://openalex.org/C26713055","wikidata":"https://www.wikidata.org/wiki/Q245962","display_name":"Implementation","level":2,"score":0.48539999127388},{"id":"https://openalex.org/C148730421","wikidata":"https://www.wikidata.org/wiki/Q141090","display_name":"Encryption","level":2,"score":0.47620001435279846},{"id":"https://openalex.org/C80444323","wikidata":"https://www.wikidata.org/wiki/Q2878974","display_name":"Theoretical computer science","level":1,"score":0.46160000562667847},{"id":"https://openalex.org/C203062551","wikidata":"https://www.wikidata.org/wiki/Q201339","display_name":"Public-key cryptography","level":3,"score":0.3569999933242798},{"id":"https://openalex.org/C2780385302","wikidata":"https://www.wikidata.org/wiki/Q367158","display_name":"Protocol (science)","level":3,"score":0.3447999954223633},{"id":"https://openalex.org/C120314980","wikidata":"https://www.wikidata.org/wiki/Q180634","display_name":"Distributed computing","level":1,"score":0.32339999079704285},{"id":"https://openalex.org/C77618280","wikidata":"https://www.wikidata.org/wiki/Q1155772","display_name":"Scheme (mathematics)","level":2,"score":0.3181999921798706},{"id":"https://openalex.org/C9376300","wikidata":"https://www.wikidata.org/wiki/Q168817","display_name":"Algebraic number","level":2,"score":0.30399999022483826},{"id":"https://openalex.org/C26517878","wikidata":"https://www.wikidata.org/wiki/Q228039","display_name":"Key (lock)","level":2,"score":0.3003000020980835},{"id":"https://openalex.org/C99674996","wikidata":"https://www.wikidata.org/wiki/Q1414155","display_name":"Key exchange","level":4,"score":0.28870001435279846},{"id":"https://openalex.org/C38369872","wikidata":"https://www.wikidata.org/wiki/Q7445009","display_name":"Security analysis","level":2,"score":0.2856999933719635},{"id":"https://openalex.org/C113775141","wikidata":"https://www.wikidata.org/wiki/Q428691","display_name":"Computer engineering","level":1,"score":0.28380000591278076},{"id":"https://openalex.org/C121822524","wikidata":"https://www.wikidata.org/wiki/Q5157582","display_name":"Computer security model","level":2,"score":0.2833999991416931},{"id":"https://openalex.org/C65302260","wikidata":"https://www.wikidata.org/wiki/Q327675","display_name":"Symmetric-key algorithm","level":4,"score":0.28209999203681946},{"id":"https://openalex.org/C2780586882","wikidata":"https://www.wikidata.org/wiki/Q7520643","display_name":"Simple (philosophy)","level":2,"score":0.2662000060081482},{"id":"https://openalex.org/C147343967","wikidata":"https://www.wikidata.org/wiki/Q5159078","display_name":"Concrete security","level":3,"score":0.2653000056743622},{"id":"https://openalex.org/C527648132","wikidata":"https://www.wikidata.org/wiki/Q189900","display_name":"Information security","level":2,"score":0.2615000009536743}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.62056/ayivom2hd","is_oa":true,"landing_page_url":"https://doi.org/10.62056/ayivom2hd","pdf_url":"https://cic.iacr.org/p/2/3/25/pdf","source":{"id":"https://openalex.org/S4394708374","display_name":"IACR Communications in Cryptology","issn_l":"3006-5496","issn":["3006-5496"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310320989","host_organization_name":"International Association for Cryptologic Research","host_organization_lineage":["https://openalex.org/P4310320989"],"host_organization_lineage_names":["International Association for Cryptologic Research"],"type":"journal"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"IACR Communications in Cryptology","raw_type":"journal-article"}],"best_oa_location":{"id":"doi:10.62056/ayivom2hd","is_oa":true,"landing_page_url":"https://doi.org/10.62056/ayivom2hd","pdf_url":"https://cic.iacr.org/p/2/3/25/pdf","source":{"id":"https://openalex.org/S4394708374","display_name":"IACR Communications in Cryptology","issn_l":"3006-5496","issn":["3006-5496"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310320989","host_organization_name":"International Association for Cryptologic Research","host_organization_lineage":["https://openalex.org/P4310320989"],"host_organization_lineage_names":["International Association for Cryptologic Research"],"type":"journal"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"IACR Communications in Cryptology","raw_type":"journal-article"},"sustainable_development_goals":[],"awards":[{"id":"https://openalex.org/G1597412403","display_name":null,"funder_award_id":"RGPIN-","funder_id":"https://openalex.org/F4320334593","funder_display_name":"Natural Sciences and Engineering Research Council of Canada"},{"id":"https://openalex.org/G2627508364","display_name":null,"funder_award_id":"ALLRP","funder_id":"https://openalex.org/F4320334593","funder_display_name":"Natural Sciences and Engineering Research Council of Canada"},{"id":"https://openalex.org/G400116904","display_name":null,"funder_award_id":"unknow","funder_id":"https://openalex.org/F4320334593","funder_display_name":"Natural Sciences and Engineering Research Council of Canada"},{"id":"https://openalex.org/G5840930817","display_name":null,"funder_award_id":"ALLRP 578463-22","funder_id":"https://openalex.org/F4320334593","funder_display_name":"Natural Sciences and Engineering Research Council of Canada"},{"id":"https://openalex.org/G6221715925","display_name":null,"funder_award_id":"RGPIN","funder_id":"https://openalex.org/F4320334593","funder_display_name":"Natural Sciences and Engineering Research Council of Canada"},{"id":"https://openalex.org/G6876074386","display_name":null,"funder_award_id":"RGPIN-2022-03187","funder_id":"https://openalex.org/F4320334593","funder_display_name":"Natural Sciences and Engineering Research Council of Canada"},{"id":"https://openalex.org/G8105784103","display_name":null,"funder_award_id":"RGPIN-202","funder_id":"https://openalex.org/F4320334593","funder_display_name":"Natural Sciences and Engineering Research Council of Canada"}],"funders":[{"id":"https://openalex.org/F4320314731","display_name":"UK Research and Innovation","ror":"https://ror.org/001aqnf71"},{"id":"https://openalex.org/F4320334593","display_name":"Natural Sciences and Engineering Research Council of Canada","ror":"https://ror.org/01h531d29"}],"has_content":{"pdf":true,"grobid_xml":true},"content_urls":{"pdf":"https://content.openalex.org/works/W4414869309.pdf","grobid_xml":"https://content.openalex.org/works/W4414869309.grobid-xml"},"referenced_works_count":113,"referenced_works":["https://openalex.org/W39036742","https://openalex.org/W56544557","https://openalex.org/W80562455","https://openalex.org/W112021158","https://openalex.org/W118688756","https://openalex.org/W130353434","https://openalex.org/W148211867","https://openalex.org/W151792660","https://openalex.org/W155540543","https://openalex.org/W1447686308","https://openalex.org/W1489262079","https://openalex.org/W1536683582","https://openalex.org/W1547036183","https://openalex.org/W1570438493","https://openalex.org/W1576391039","https://openalex.org/W1595771334","https://openalex.org/W1598269861","https://openalex.org/W1607264302","https://openalex.org/W1675339804","https://openalex.org/W1689385595","https://openalex.org/W1788833175","https://openalex.org/W1820018505","https://openalex.org/W1856342626","https://openalex.org/W1871739018","https://openalex.org/W1901278359","https://openalex.org/W1939171670","https://openalex.org/W1972050218","https://openalex.org/W1983370494","https://openalex.org/W1985439922","https://openalex.org/W1989510734","https://openalex.org/W1992282993","https://openalex.org/W1994790157","https://openalex.org/W2007466965","https://openalex.org/W2037426925","https://openalex.org/W2038761522","https://openalex.org/W2042518996","https://openalex.org/W2058785578","https://openalex.org/W2066651691","https://openalex.org/W2069278600","https://openalex.org/W2071825329","https://openalex.org/W2077244027","https://openalex.org/W2089477764","https://openalex.org/W2089540019","https://openalex.org/W2106970188","https://openalex.org/W2111809688","https://openalex.org/W2113333997","https://openalex.org/W2113717903","https://openalex.org/W2126483728","https://openalex.org/W2140256428","https://openalex.org/W2141040012","https://openalex.org/W2142048307","https://openalex.org/W2148555789","https://openalex.org/W2152783950","https://openalex.org/W2152926062","https://openalex.org/W2156186849","https://openalex.org/W2161195863","https://openalex.org/W2162903136","https://openalex.org/W2167236842","https://openalex.org/W2170154494","https://openalex.org/W2180929963","https://openalex.org/W2210958136","https://openalex.org/W2216359073","https://openalex.org/W2296067100","https://openalex.org/W2398534851","https://openalex.org/W2398538644","https://openalex.org/W2400700555","https://openalex.org/W2407452345","https://openalex.org/W2465263483","https://openalex.org/W2468486877","https://openalex.org/W2480523195","https://openalex.org/W2489545452","https://openalex.org/W2494078997","https://openalex.org/W2514587965","https://openalex.org/W2514893051","https://openalex.org/W2578134341","https://openalex.org/W2593939958","https://openalex.org/W2603065436","https://openalex.org/W2626019822","https://openalex.org/W2740966734","https://openalex.org/W2768572961","https://openalex.org/W2795008797","https://openalex.org/W2866028610","https://openalex.org/W2883833668","https://openalex.org/W2890428003","https://openalex.org/W2920734175","https://openalex.org/W2946791252","https://openalex.org/W2952033682","https://openalex.org/W2962941363","https://openalex.org/W2963036931","https://openalex.org/W3013288840","https://openalex.org/W3032199016","https://openalex.org/W3037033594","https://openalex.org/W3097076849","https://openalex.org/W3097084125","https://openalex.org/W3112217460","https://openalex.org/W3166530960","https://openalex.org/W3213593742","https://openalex.org/W3215125479","https://openalex.org/W4205104754","https://openalex.org/W4205765479","https://openalex.org/W4226027719","https://openalex.org/W4285306799","https://openalex.org/W4317928287","https://openalex.org/W4385654504","https://openalex.org/W4390865640","https://openalex.org/W4395688711","https://openalex.org/W4401442713","https://openalex.org/W4401459825","https://openalex.org/W4401628819","https://openalex.org/W4403175140","https://openalex.org/W4403580081","https://openalex.org/W4405182447","https://openalex.org/W7076052986"],"related_works":[],"abstract_inverted_index":{"Large-scale":[0],"quantum":[1],"computers":[2],"capable":[3],"of":[4,15,55,66,174,226],"implementing":[5],"Shor's":[6],"algorithm":[7],"pose":[8],"a":[9,64,156,163,172,190,216],"significant":[10],"threat":[11],"to":[12,35,85,179,203],"the":[13,16,43,51,56,86,98,110,142,175,194,210,222],"security":[14,72,147,170,225],"most":[17,57],"widely":[18],"used":[19],"public-key":[20,182],"cryptographic":[21,40],"schemes.":[22],"This":[23,60],"risk":[24],"has":[25,48],"motivated":[26],"substantial":[27],"efforts":[28],"by":[29],"standards":[30],"bodies":[31],"and":[32,37,122,135,159,214],"government":[33],"agencies":[34],"identify":[36],"standardize":[38],"quantum-safe":[39],"systems.":[41],"Among":[42],"proposed":[44,81],"solutions,":[45],"lattice-based":[46],"cryptography":[47],"emerged":[49],"as":[50,82,97],"foundation":[52],"for":[53,112],"some":[54],"promising":[58],"protocols.":[59],"paper":[61],"describes":[62],"FrodoKEM,":[63],"family":[65],"conservative":[67,133],"key-encapsulation":[68],"mechanisms":[69],"(KEMs)":[70],"whose":[71],"is":[73,80,200],"based":[74,220],"on":[75,105,155,162,221],"generic,":[76],"\u201cunstructured\u201d":[77],"lattices.":[78],"FrodoKEM":[79,108,137,166,199],"an":[83,180],"alternative":[84],"more":[87],"efficient":[88],"lattice":[89],"schemes":[90],"that":[91,115],"utilize":[92],"algebraically":[93],"structured":[94],"lattices,":[95,107],"such":[96],"recently":[99],"standardized":[100],"ML-KEM":[101],"scheme.":[102],"By":[103],"relying":[104],"generic":[106],"minimizes":[109],"potential":[111],"future":[113],"attacks":[114],"exploit":[116],"algebraic":[117],"structures":[118],"while":[119],"enabling":[120],"simple":[121],"compact":[123],"implementations.":[124],"Our":[125],"plain":[126],"C":[127],"implementations":[128],"demonstrate":[129],"that,":[130],"despite":[131],"its":[132],"design":[134],"parameterization,":[136],"remains":[138],"practical.":[139],"For":[140],"instance,":[141],"full":[143],"protocol":[144],"at":[145],"NIST":[146],"level":[148],"1":[149],"runs":[150],"in":[151],"approximately":[152],"0.97":[153],"ms":[154,161],"server-class":[157],"processor,":[158],"4.98":[160],"smartphone-class":[164],"processor.":[165],"obtains":[167],"(single-target)":[168],"IND-CCA":[169],"using":[171,189],"variant":[173],"Fujisaki-Okamoto":[176,196],"transform,":[177,198],"applied":[178],"underlying":[181],"encryption":[183],"scheme":[184],"called":[185,193],"FrodoPKE.":[186,227],"In":[187],"addition,":[188],"new":[191],"tool":[192],"Salted":[195],"(SFO)":[197],"also":[201],"shown":[202],"tightly":[204],"achieve":[205],"multi-target":[206,223],"security,":[207],"without":[208],"increasing":[209],"FrodoPKE":[211],"message":[212],"length":[213],"with":[215],"negligible":[217],"performance":[218],"impact,":[219],"IND-CPA":[224]},"counts_by_year":[],"updated_date":"2026-04-13T07:58:08.660418","created_date":"2025-10-10T00:00:00"}