Q. Ge, Y. Yarom, D. Cock, and G. Heiser, A survey of microarchitectural timing attacks and countermeasures on contemporary hardware, Journal of Cryptographic Engineering, pp.1-27, 2016.

P. C. Kocher, Timing Attacks on Implementations of Diffie-Hellman, RSA, DSS, and Other Systems, CRYPTO '96, pp.104-113, 1996.

S. Bhattacharya and D. Mukhopadhyay, Who watches the watchmen?: Utilizing performance monitors for compromising keys of RSA on intel platforms, CHES, pp.248-266, 2015.

J. Coron, Resistance against differential power analysis for elliptic curve cryptosystems, CHES, pp.292-302, 1999.

C. Clavier and M. Joye, Universal exponentiation algorithm, CHES, pp.300-308, 2001.
URL : https://hal.archives-ouvertes.fr/hal-02487050

D. F. Aranha and C. P. Gouvêa, RELIC is an Efficient LIbrary for Cryptography

N. E. Mrabet and M. Joye, Guide to Pairing-Based Cryptography, 2016.
URL : https://hal.archives-ouvertes.fr/hal-01579628

, OpenSSL

. Bouncycastle,

, mbedTLS

O. Aciiçmez, Ç. K. Koç, and J. Seifert, On the power of simple branch prediction analysis, IACR Cryptology ePrint Archive, p.351, 2006.

O. Aciiçmez, J. Seifert, and Ç. K. Koç, Predicting secret keys via branch prediction, IACR Cryptology ePrint Archive, p.288, 2006.

D. Evtyushkin, R. Riley, N. Abu-ghazaleh, and D. Ponomarev, BranchScope: A New Side-Channel Attack on Directional Branch Predictor, ASPLOS'18, 2018.

, Ubuntu Manuals, "perf event open-set up performance monitoring, 2017.

J. Danger, S. Guilley, P. Hoogvorst, C. Murdica, and D. Naccache, Improving the big mac attack on elliptic curve cryptography, The New Codebreakers -Essays Dedicated to David Kahn on the Occasion of His 85th Birthday, pp.374-386, 2016.
URL : https://hal.archives-ouvertes.fr/hal-02287332

S. Chari, J. R. Rao, and P. Rohatgi, Template Attacks, CHES, 2002.

M. Joye, Highly regular right-to-left algorithms for scalar multiplication, CHES, pp.135-147, 2007.

A. Bauer, E. Jaulmes, E. Prouff, J. Reinhard, and J. Wild, Horizontal collision correlation attack on elliptic curves, Cryptography and Communications, vol.7, issue.1, pp.91-119, 2015.

S. Mangard, E. Oswald, and T. Popp, Power Analysis Attacks -Revealing the Secrets of Smart Cards, 2007.

O. Choudary and M. G. Kuhn, Efficient template attacks, International Conference on Smart Card Research and Advanced Applications, pp.253-270, 2013.

P. L. Montgomery, Speeding the pollard and elliptic curve methods of factorization, Mathematics of computation, vol.48, issue.177, pp.243-264, 1987.

P. Koppermann, F. De, J. Santis, G. Heyszl, and . Sigl, X25519 hardware implementation for low-latency applications, p.2016

, Euromicro Conference on Digital System Design (DSD). IEEE, pp.99-106, 2016.

C. Costello and B. Smith, Montgomery curves and their arithmetic, Journal of Cryptographic Engineering, vol.8, issue.3, pp.227-240, 2018.
URL : https://hal.archives-ouvertes.fr/hal-01483768

O. Aciiçmez, . Etin-kaya, J. Koç, and . Seifert, Predicting Secret Keys Via Branch Prediction, pp.225-242, 2007.

O. Aciiçmez, S. Gueron, and J. Seifert, New Branch Prediction Vulnerabilities in OpenSSL and Necessary Software Countermeasures, IMA Int. Conf., ser. Lecture Notes in Computer Science, S. D. Galbraith, vol.4887, pp.185-203, 2007.

O. Aciiçmez, J. Seifert, and Ç. Koç, Micro-Architectural Cryptanalysis, IEEE Security & Privacy, vol.5, issue.4, pp.62-64, 2007.

S. Lee, M. Shih, P. Gera, T. Kim, H. Kim et al., Inferring fine-grained control flow inside sgx enclaves with branch shadowing, 26th USENIX Security Symposium, 2017.

D. Molnar, M. Piotrowski, D. Schultz, and D. Wagner, The program counter security model: Automatic detection and removal of control-flow side channel attacks, Information Security and Cryptology -ICISC 2005, 8th International Conference, pp.156-168, 2005.

P. Fouque and F. Valette, The doubling attack -why upwards is better than downwards, CHES, pp.269-280, 2003.
URL : https://hal.archives-ouvertes.fr/inria-00563965

A. Chakraborty, S. Bhattacharya, T. H. Dixit, C. Rebeiro, and D. Mukhopadhyay, Template attack on SPA and FA resistant implementation of montgomery ladder, IET Information Security, vol.10, issue.5, pp.245-251, 2016.

E. Nascimento, ?. Chmielewski, D. Oswald, and P. Schwabe, Attacking embedded ecc implementations through cmov side channels, International Conference on Selected Areas in Cryptography, pp.99-119, 2016.

D. Evtyushkin, D. V. Ponomarev, and N. B. Abu-ghazaleh, Jump over ASLR: attacking branch predictors to bypass ASLR, 2016.

, Covert channels through branch predictors: a feasibility study, Workshop on Hardware and Architectural Support for Security and Privacy, HASP@ISCA 2015, 2015.

D. Evtyushkin, D. Ponomarev, and N. B. Abu-ghazaleh, Understanding and mitigating covert channels through branch predictors, TACO, vol.13, issue.1, pp.1-10, 2016.

P. Kocher, J. Horn, A. Fogh, D. Genkin, D. Gruss et al., Spectre attacks: Exploiting speculative execution, S&P, 2019.

L. Uhsadel, A. Georges, and I. Verbauwhede, Exploiting hardware performance counters, Fifth International Workshop on Fault Diagnosis and Tolerance in Cryptography (FDTC), pp.59-67, 2008.

M. Milenkovic, A. Milenkovic, and J. Kulick, Microbenchmarks for determining branch predictor organization, Software: Practice and Experience, vol.34, issue.5, pp.465-487, 2004.

V. Uzelac and A. Milenkovi?, Experiment flows and microbenchmarks for reverse engineering of branch predictor structures, Proceedings of the 2009 IEEE International Symposium on Performance Analysis of Systems and Software (ISPASS'09, pp.207-217, 2009.

C. Maurice, N. L. Scouarnec, C. Neumann, O. Heen, and A. Francillon, Reverse engineering intel last-level cache complex addressing using performance counters, RAID, 2015.

P. Pessl, D. Gruss, C. Maurice, M. Schwarz, and S. Mangard, DRAMA: exploiting DRAM addressing for cross-cpu attacks, USENIX Security Symposium, 2016.

N. A. Howgrave-graham and N. P. Smart, Lattice attacks on digital signature schemes, Designs, Codes and Cryptography, vol.23, issue.3, pp.283-290, 2001.

D. Coppersmith, Finding a small root of a univariate modular equation, International Conference on the Theory and Applications of Cryptographic Techniques, pp.155-165, 1996.

. Microsoft, Sidh v3, vol.2

, Sarani Bhattacharya is currently joining as a post-doctorate researcher at KU Leuven Belgium. She has just finished her Ph.D from IIT Kharagpur, India. Her current research interests include micro-architectural attacks and countermeasures, secure system design and computer architecture security