“…Ongoing progress towards building such quantum computers recently motivated standardization bodies to set up programs for standardizing post-quantum public key primitives, focusing on schemes for digital signatures, public key encryption, and key exchange [7,20,27]. A particularly interesting area of post-quantum cryptography is lattice-based cryptography; there exist efficient lattice-based proposals for signatures, encryption, and key exchange [10,25,16,30,4,42,1] and several of the proposed schemes have implementations, including implementations in open source libraries [39]. While the theoretical and practical security of these schemes is under active research, security of implementations is an open issue.…”