M. Albrecht and G. Bard, The M4RI Library ? Version, 2009.

T. Baignères, P. Junod, and S. Vaudenay, How Far Can We Go Beyond Linear Cryptanalysis?, LNCS, vol.3329, pp.432-450, 2004.
DOI : 10.1007/978-3-540-30539-2_31

A. Becker, A. Joux, A. May, and A. Meurer, Decoding Random Binary Linear Codes in 2 n/20: How 1???+???1???=???0 Improves Information Set Decoding, EUROCRYPT 2012, pp.520-536, 2012.
DOI : 10.1007/978-3-642-29011-4_31

S. Bela¨?dbela¨?d, V. Grosso, and F. Standaert, Masking and leakage-resilient primitives: One, the other(s) or both? Cryptology ePrint Archive, 2014.

J. Daniel and . Bernstein, Faster binary-field multiplication and faster binary-field macs, SAC, Lecture Notes in Computer Science, 2014.

L. Bettale, Magma Package: Hybrid Approach for Solving Multivariate Polynomial Systems over Finite Fields
DOI : 10.1515/jmc.2009.009
URL : http://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.188.504

A. Blum, A. Kalai, and H. Wasserman, Noise-tolerant learning, the parity problem, and the statistical query model, Journal of the ACM, vol.50, issue.4, pp.506-519, 2003.
DOI : 10.1145/792538.792543

S. Chari, C. S. Jutla, J. R. Rao, and P. Rohatgi, Towards Sound Approaches to Counteract Power-Analysis Attacks, CRYPTO'99, pp.398-412, 1999.
DOI : 10.1007/3-540-48405-1_26
URL : http://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.94.8951

J. Coron, Higher Order Masking of Look-Up Tables, EUROCRYPT 2014, pp.441-458, 2014.
DOI : 10.1007/978-3-642-55220-5_25

M. Thomas, J. A. Cover, and . Thomas, Information theory, 1991.
URL : https://hal.archives-ouvertes.fr/hal-00756546

F. Durvaux and M. Renauld, François-Xavier Standaert, Lo¨?cLo¨?c van Oldeneel tot Oldenzeel, and Nicolas Veyrat-Charvillon. Efficient Removal of Random Delays from Embedded Software Implementations Using Hidden Markov Models

F. Durvaux, F. Standaert, N. Veyrat-charvillon, J. Mairy, and Y. Deville, Efficient selection of time samples for higherorder DPA with projection pursuits, IACR Cryptology ePrint Archive, p.412, 2014.

J. Faugère, A new efficient algorithm for computing Gröbner bases without reduction to zero F5, International Symposium on Symbolic and Algebraic Computation Symposium -ISSAC, 2002. 14. Niels Ferguson. Authentication weaknesses in GCM, 2005.

V. Grosso, E. Prouff, and F. Standaert, Efficient Masked S-Boxes Processing ??? A Step Forward ???, LNCS, vol.14, issue.8469, pp.251-266, 2014.
DOI : 10.1007/978-3-319-06734-6_16

H. Handschuh and B. Preneel, Key-Recovery Attacks on Universal Hash Function Based MAC Algorithms, LNCS, vol.5157, pp.144-161, 2008.
DOI : 10.1007/978-3-540-85174-5_9

J. Jaffe, A First-Order DPA Attack Against AES in Counter Mode with Unknown Initial Counter, CHES 2007, pp.1-13, 2007.
DOI : 10.1007/978-3-540-74735-2_1

A. Joux, Authentication Failures in NIST version of GCM, 2006.

T. Katashita, A. Satoh, K. Kikuchi, H. Nakagawa, and M. Aoyagi, Evaluation of DPA Characteristics of SASEBO for Board Level Simulation, 2010.

P. Kirchner, Improved generalized birthday attack Cryptology ePrint Archive http://eprint.iacr.org/2011/377. 21. ´ Eric Levieil and Pierre-Alain Fouque. An improved LPN algorithm, LNCS, vol.377, issue.4116, pp.348-359, 2006.

V. Lyubashevsky, The Parity Problem in the Presence of Noise, Decoding Random Linear Codes, and the Subset Sum Problem, APPROX-RANDOM, pp.378-389, 2005.
DOI : 10.1007/11538462_32

S. Mangard, Hardware Countermeasures against DPA ??? A Statistical Analysis of Their Effectiveness, CT-RSA 2004, pp.222-235, 2004.
DOI : 10.1007/978-3-540-24660-2_18

S. Mangard, E. Oswald, and T. Popp, Power analysis attacks revealing the secrets of smart cards, 2007.

D. A. Mcgrew and J. Viega, The Galois/Counter Mode of Operation (GCM), 2005.

M. Medwed, F. Standaert, J. Großschädl, and F. Regazzoni, Fresh Re-keying: Security against Side-Channel and Fault Attacks for Low-Cost Devices, LNCS, vol.10, issue.6055, pp.279-296, 2010.
DOI : 10.1007/978-3-642-12678-9_17

S. Micali and L. Reyzin, Physically observable cryptography (extended abstract), LNCS, vol.2951, pp.278-296, 2004.
DOI : 10.1007/978-3-540-24638-1_16
URL : http://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.14.6299

G. Procter and C. Cid, On weak keys and forgery attacks against polynomial-based MAC schemes, LNCS, vol.2013, issue.8424, pp.287-304, 2013.

M. Rivain and E. Prouff, Provably Secure Higher-Order Masking of AES, CHES 2010, pp.413-427, 2010.
DOI : 10.1007/978-3-642-15031-9_28

M. Saarinen, Cycling Attacks on GCM, GHASH and Other Polynomial MACs and Hashes, LNCS, vol.2012, issue.7549, pp.216-225, 2012.
DOI : 10.1007/978-3-642-34047-5_13
URL : http://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.400.5845

N. Veyrat-charvillon, B. Gérard, M. Renauld, and F. Standaert, An optimal key enumeration algorithm and its application to sidechannel attacks, SAC 2012, pp.390-406, 2012.

N. Veyrat-charvillon, B. Gérard, and F. Standaert, Security Evaluations beyond Computing Power, EUROCRYPT 2013, pp.126-141, 2013.
DOI : 10.1007/978-3-642-38348-9_8
URL : http://hdl.handle.net/2078.1/133720

B. Yang, S. Mishra, and R. Karri, A high speed architecture for galois/counter mode of operation (GCM) Cryptology ePrint Archive, Report, vol.146146, 2005.