1. 1) R. Rivest, A. Shamir, and L. Adleman, “A method for obtaining digital signatures and public-key cryptosystems,” Commun. ACM, vol. 21, no. 2, pp. 120-126, 1978.

2. 2) N. Koblitz, “Elliptic curve cryptosystems,” Math. Comput., vol. 48, no. 177, pp. 203-209, 1987.

3. 3) P. Shor, “Polynomial-time algorithms for prime factorization and discrete logarithms on a quantum computer,” SIAM J. Comput., vol. 26, no. 5, pp. 1484-1509, 1997.

4. 4) U.S. Department of Commerce/National Institute of Standards and Technology (G. Alagic, D. Cooper, Q. Dang, T. Dang, J. Kelsey, J. Lichtinger, Y.-K. Liu, C. Miller, D. Moody, R. Peralta, R. Perlner, A. Robinson, D. Smith-Tone, and D. Apon), “Status report on the third round of the NIST post-quantum cryptography standardization process,” NIST Interagency/Internal Report (NISTIR) 8413, 2022．

5. 5) 高木剛，“ポスト量子暗号の構成法とその安全性評価，”信学FR誌，vol. 11, no. 1, pp. 17-27, 2017.