Fix my typo & change refs to proceedings version

docs/algorithms/lwe-dual.rst

@@ -18,7 +18,7 @@ We can improve these results by considering a dual hybrid attack as in [EC:Albre
 
     dual_hybrid(params)
 
-Further improvements are possible using a meet-in-the-middle approach [EPRINT:CHHS19]_::
+Further improvements are possible using a meet-in-the-middle approach [IEEE:CHHS19]_::
 
    dual_hybrid(params, mitm_optimization=True)
 

docs/references.rst

@@ -15,17 +15,16 @@ References
 .. [C:HowgraveGraham07] Nick Howgrave-Graham. A hybrid lattice-reduction and meet-in-the-middle attack against NTRU. In A. Menezes, CRYPTO 2007 (pp. 150–169). : Springer, Heidelberg.
 .. [C:KirFou15] Paul Kirchner & Pierre-Alain Fouque. An improved BKW algorithm for LWE with applications to cryptography and lattices. In R. Gennaro, & M. J. B. Robshaw, CRYPTO 2015, Part~I (pp. 43–62). : Springer, Heidelberg.
 .. [CheNgu12] Yuanmi Chen and Phong Q. Nguyen. BKZ 2.0: Better lattice security estimates (Full Version). 2012. http://www.di.ens.fr/~ychen/research/Full_BKZ.pdf
+.. [DCC:LaaMosPol15] Thijs Laarhoven, Michele Mosca, & Joop van de Pol. Finding shortest lattice vectors faster using quantum search. In Designs, COdes and Cryptography 2015 (pp. 375-400). https://doi.org/10.1007/s10623-015-0067-5
 .. [Dilithium21] Shi Bai, Léo Ducas, Eike Kiltz, Tancrède Lepoint, Vadim Lyubashevsky, Peter Schwabe, Gregor Seiler, Damien Stehlé. CRYSTALS-DILITHIUM. 2021 https://pq-crystals.org/dilithium/data/dilithium-specification-round3-20210208.pdf
 .. [EC:Albrecht17]  Albrecht, M. R. (2017). On dual lattice attacks against small-secret LWE and parameter choices in  HElib and SEAL. In J. Coron, & J. B. Nielsen, EUROCRYPT 2017, Part II (pp. 103–129). : Springer, Heidelberg.
 .. [EC:Ducas18] Léo Ducas (2018). Shortest vector from lattice sieving: A few dimensions for free. In J. B. Nielsen, & V. Rijmen, EUROCRYPT 2018, Part I (pp. 125–145). : Springer, Heidelberg.
 .. [EC:GamNgu08] Gama, N., Nguyen, P.Q. (2008). Predicting Lattice Reduction. In: Smart, N. (eds) Advances in Cryptology – EUROCRYPT 2008. EUROCRYPT 2008. Lecture Notes in Computer Science, vol 4965. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-78967-3_3
 .. [EC:KirFou17] Kirchner, P., Fouque, PA. (2017). Revisiting Lattice Attacks on Overstretched NTRU Parameters. In: Coron, JS., Nielsen, J. (eds) Advances in Cryptology – EUROCRYPT 2017. EUROCRYPT 2017. Lecture Notes in Computer Science(), vol 10210. Springer, Cham. https://doi.org/10.1007/978-3-319-56620-7_1 
-.. [EPRINT:CHHS19] Cheon, J.H., Hhan, M., Hong, S. and Son, Y., 2019. A hybrid of dual and meet-in-the-middle attack on sparse and ternary secret LWE. IEEE Access, 7, pp.89497-89506. https://ia.cr/2019/1114pri
-.. [EPRINT:LaaMosPol14] Thijs Laarhoven, Michele Mosca, & Joop van de Pol. Finding shortest lattice vectors faster using quantum search. Cryptology ePrint Archive, Report 2014/907, 2014. https://eprint.iacr.org/2014/907.
-.. [EPRINT:SonChe19] Son, Y. and Cheon, J.H., 2019. Revisiting the Hybrid Attack on sparse abd ternary LWE. Workshop on Applied Homomorphic Cryptography, WAHC2019.
-.. [EPRINT:Wun16] Wunderer, T. (2016). Revisiting the hybrid attack: improved analysis and refined security estimates. https://eprint.iacr.org/2016/733
+.. [IEEE:CHHS19] Cheon, J.H., Hhan, M., Hong, S. and Son, Y., 2019. A hybrid of dual and meet-in-the-middle attack on sparse and ternary secret LWE. IEEE Access, 7, pp.89497-89506. https://doi.org/10.1109/ACCESS.2019.2925425
 .. [INDOCRYPT:EspJouKha20] Espitau, T., Joux, A. and Kharchenko, N., 2020, December. On a dual/hybrid approach to small secret LWE. In International Conference on Cryptology in India (pp. 440-462). Springer, Cham. https://ia.cr/2020/515
 .. [JMC:AlbPlaSco15] Albrecht, M. R., Player, R., & Scott, S. (2015). On the concrete hardness of Learning with Errors. Journal of Mathematical Cryptology, 9(3), 169–203.
+.. [JMC:Wunderer19] Wunderer, T. (2019). A detailed analysis of the hybrid lattice-reduction and meet-in-the-middle attack. Journal of Mathematical Cryptology, 13(1), 1-26. https://doi.org/10.1515/jmc-2016-0044
 .. [Kyber17] Roberto Avanzi, Joppe Bos, Léo Ducas, Eike Kiltz, Tancrède Lepoint, Vadim Lyubashevsky, John M. Schanck, Peter Schwabe, Gregor Seiler, Damien Stehlé. CRYSTALS-KYBER. 2017                     
 .. [Kyber20] Roberto Avanzi, Joppe Bos, Léo Ducas, Eike Kiltz, Tancrède Lepoint, Vadim Lyubashevsky, John M. Schanck, Peter Schwabe, Gregor Seiler, Damien Stehlé. CRYSTALS-KYBER. 2020 https://pq-crystals.org/kyber/data/kyber-specification-round3-20210804.pdf
 .. [MATZOV22] MATZOV. Report on the Security of LWE: Improved Dual Lattice Attack. https://zenodo.org/record/6412487 2003
@@ -36,5 +35,6 @@ References
 .. [RSA:LiuNgu13] Liu, M., & Nguyen, P. Q.. Solving BDD by enumeration: an update. In E. Dawson, CT-RSA 2013 (pp. 293–309). : Springer, Heidelberg.
 .. [SAC:AlbCurWun19] Albrecht, M. R., Curtis, B. R., & Wunderer, T.. Exploring trade-offs in batch bounded distance decoding. In K. G. Paterson, & D. Stebila, SAC 2019 (pp. 467–491). : Springer, Heidelberg.
 .. [SODA:BDGL16] Becker, A., Ducas, L., Gama, N., & Laarhoven, T. (2016). New directions in nearest neighbor searching with applications to lattice sieving. In SODA 2016, (pp. 10–24).
-.. [Schnorr03] Claus-Peter Schnorr. Lattice Reduction by Random Sampling and Birthday Methods. In: STACS2003, 20th Annual Symposium on Theoretical Aspects of Computer Science, Berlin, Germany, February 27 - March 1, 2003, Proceedings. Ed. by Helmut Alt and Michel Habib. Vol. 2607. Lecture Notes in Computer Science. Springer, 2003, pp. 145–156.doi:10.1007/3-540-36494-3_14. url: http://dx.doi.org/10.1007/3-540-36494-3_14.
+.. [Schnorr03] Claus-Peter Schnorr. Lattice Reduction by Random Sampling and Birthday Methods. In: STACS2003, 20th Annual Symposium on Theoretical Aspects of Computer Science, Berlin, Germany, February 27 - March 1, 2003, Proceedings. Ed. by Helmut Alt and Michel Habib. Vol. 2607. Lecture Notes in Computer Science. Springer, 2003, pp. 145–156. https://dx.doi.org/10.1007/3-540-36494-3_14
 .. [USENIX:ADPS16] Edem Alkim, Léo Ducas, Thomas Pöppelmann, & Peter Schwabe (2016). Post-quantum key exchange - A New Hope. In T. Holz, & S. Savage, 25th USENIX Security Symposium, USENIX Security 16 (pp. 327–343). USENIX Association.
+.. [WAHC:SonChe19] Son, Y. and Cheon, J.H., 2019. Revisiting the Hybrid Attack on sparse abd ternary LWE. Workshop on Applied Homomorphic Cryptography, WAHC2019. https://doi.org/10.1145/3338469.3358941

estimator/lwe_dual.py

@@ -364,7 +364,7 @@ def __call__(
         - When ζ > 1 and ``solver`` is ``exhaustive_search`` this function estimates
             the hybrid attack as given in [INDOCRYPT:EspJouKha20]_
         - When ζ > 1 and ``solver`` is ``mitm`` this function estimates the dual MITM
-            hybrid attack roughly following [EPRINT:CHHS19]_
+            hybrid attack roughly following [IEEE:CHHS19]_
 
         EXAMPLES::
 

estimator/prob.py

@@ -80,7 +80,7 @@ def gaussian_cdf(mu, sigma, t):
 def mitm_babai_probability(r, stddev, fast=False):
     """
     Compute the "e-admissibility" probability associated to the mitm step, according to
-    [EPRINT:SonChe19]_
+    [WAHC:SonChe19]_
 
     :params r: the squared GSO lengths
     :params stddev: the std.dev of the error distribution
@@ -92,7 +92,7 @@ def mitm_babai_probability(r, stddev, fast=False):
         return 1
 
     # Note: `r` contains *square norms*, so convert to non-square norms.
-    # Follow the proof of Lemma 4.2 [EPRINT_SonChe19]_, because that one uses standard deviation.
+    # Follow the proof of Lemma 4.2 [WAHC:SonChe19]_, because that one uses standard deviation.
     xs = [sqrt(.5 * ri) / stddev for ri in r]
     p = prod(RR(erf(x) - (1 - exp(-x**2)) / (x * sqrt(pi))) for x in xs)
     assert 0.0 <= p <= 1.0
@@ -101,7 +101,7 @@ def mitm_babai_probability(r, stddev, fast=False):
 
 def babai(r, norm):
     """
-    Babai probability following [EPRINT:Wun16]_.
+    Babai probability following [JMC:Wunderer19]_.
 
     """
     denom = float(2 * norm) ** 2

estimator/reduction.py

@@ -480,7 +480,7 @@ class LaaMosPol14(ReductionCost):
 
     def __call__(self, beta, d, B=None):
         """
-        Runtime estimation for quantum sieving following [EPRINT:LaaMosPol14]_ and [PhD:Laarhoven15]_.
+        Runtime estimation for quantum sieving following [DCC:LaaMosPol15]_ and [PhD:Laarhoven15]_.
 
         :param beta: Block size ≥ 2.
         :param d: Lattice dimension.