, , p.28
, Number of Random S-boxes for each Multiplicative Complexity for n = 8, vol.38
, Optimal r parameter w.r.t. the CPRR-ISW cost ratio ? for ? ?, p.41
, Graph representation of Circuit 1
, Graph representation of Circuit 1 after maskComp
,
, Overview of the sequence of games
, Graph representation of a second Boolean circuit
, Structure of an SPN-Based Block Cipher
, Timings of a t-probing secure AES s-box implementation, p.76
, Full code size (left graph) and LUT size (right table) w.r.t
, Timings of mask refreshing
, Multiplication performances for TRNG-1 in clock cycles, p.96
, Multiplication performances for TRNG-2 in clock cycles, p.97
,
, Timings of (parallel) ISW and CPRR schemes for n = 8
, Timings of (parallel) ISW and CPRR schemes for n = 4
, 106 5.11 PRESENT s-box circuit for efficient bitslice implementation
, Timings for 16 PRESENT s-boxes
,
, 32 3.3 Achievable smallest randomized basis computed according to Algorithm 1.. 34 3.4 Optimal parameters with rank-drop improvements
,
, Performance results of the implementation AES s-box depending on the number of refresh gadgets
, Size of the full multiplication table (in kilobytes) w.r
, Implementation results for the ISW multiplication over F 2, p.85
, Performance results for BDF + (generic and unrolled), vol.87
, Implementation results for the BBP + multiplication
, Implementation results for the BCPZ multiplication
, Timings of the ISW-based mask refreshing
, 94 5.10 Comparison of the multiplications at the algorithmic level, p.95
, 98 5.15 Performances of parallel ISW and CPRR schemes for n = 4
, 18 Performances in clock cycles, vol.102
, 111 5.22 Timings for masked bistlice AES and PRESENT with a 60 Mhz clock, vol.104, p.111
, NBS FIPS PUB, vol.46, 1977.
, Serpent: A Proposal for the Advanced Encryption Standard, NIST AES Proposal, p.35, 1998.
, Circuit Compilers with O(1/ log(n)) Leakage Rate, EUROCRYPT 2016, Part II, vol.9666, pp.586-615, 2016.
, Verified Proofs of Higher-Order Masking, EUROCRYPT 2015, Part I
URL : https://hal.archives-ouvertes.fr/hal-01216699
, LNCS, vol.9056, pp.457-485, 2015.
, Strong Non-Interference and Type-Directed Higher-Order Masking, ACM CCS 16
URL : https://hal.archives-ouvertes.fr/hal-01410216
, , vol.46, pp.49-52, 2016.
, Randomness Complexity of Private Circuits for Multiplication, EUROCRYPT 2016, Part II, vol.9666, pp.616-648, 2016.
, Horizontal Side-Channel Attacks and Countermeasures on the ISW Masking Scheme, CHES 2016
URL : https://hal.archives-ouvertes.fr/hal-01399577
, LNCS, vol.9813, p.22, 2016.
, Parallel Implementations of Masking Schemes and the Bounded Moment Leakage Model. Cryptology ePrint Archive, p.92, 2016.
URL : https://hal.archives-ouvertes.fr/hal-01414009
, Parallel Implementations of Masking Schemes and the Bounded Moment Leakage Model
URL : https://hal.archives-ouvertes.fr/hal-01414009
, LNCS, vol.10210, pp.535-566, 2017.
, Tight Private Circuits: Achieving Probing Security with the Least Refreshing, p.4, 2018.
, A Fast New DES Implementation in Software, LNCS, vol.1267, p.16, 1997.
, PRESENT: An Ultra-Lightweight Block Cipher, CHES 2007. Ed. by Pascal Paillier and Ingrid Verbauwhede, vol.4727, pp.450-466, 2007.
, Logic Minimization Techniques with Applications to Cryptology, Journal of Cryptology, vol.26, p.73, 2013.
, The Khazad Legacy-Level Block Cipher. First Open NESSIE Workshop
, A Very Compact S-Box for AES, CHES 2005, vol.3659, pp.441-455, 2005.
, Higher-Order Masking Schemes for S-Boxes, FSE 2012, vol.7549, pp.366-384, 2012.
DOI : 10.1007/978-3-642-34047-5_21
URL : https://link.springer.com/content/pdf/10.1007%2F978-3-642-34047-5_21.pdf
, Solving Circuit Optimisation Problems in Cryptography and Cryptanalysis, Cryptology ePrint Archive, p.105, 2011.
, Towards Sound Approaches to Counteract Power-Analysis Attacks, CRYPTO'99
DOI : 10.1007/3-540-48405-1_26
URL : https://link.springer.com/content/pdf/10.1007%2F3-540-48405-1_26.pdf
, LNCS. Springer, vol.1666, pp.398-412, 1999.
, Exact Logic Minimization and Multiplicative Complexity of Concrete Algebraic and Cryptographic Circuits, Advances in Intelligent Systems, vol.6, pp.43-57, 2013.
, Higher Order Masking of Look-Up Tables, LNCS. Springer, vol.8441, p.84, 2014.
DOI : 10.1007/978-3-642-55220-5_25
URL : https://link.springer.com/content/pdf/10.1007%2F978-3-642-55220-5_25.pdf
, Formal Verification of Side-channel Countermeasures via Elementary Circuit Transformations. Cryptology ePrint Archive, p.46, 2017.
DOI : 10.1007/978-3-319-93387-0_4
, CTC2 and Fast Algebraic Attacks on Block Ciphers Revisited, p.26, 2007.
, Higher-Order Side Channel Security and Mask Refreshing, FSE 2013, vol.8424, pp.410-424, 2014.
, Algebraic Decomposition for Probing Security, CRYPTO 2015, Part I, vol.9215, pp.742-763, 2015.
DOI : 10.1007/978-3-662-47989-6_36
, Fast Evaluation of Polynomials over Binary Finite Fields and Application to Side-Channel Countermeasures, LNCS. Springer, vol.8731, p.41, 2014.
, Unifying Leakage Models: From Probing Attacks to Noisy Leakage, EUROCRYPT 2014, vol.8441, pp.423-440, 2014.
DOI : 10.1007/s00145-018-9284-1
URL : https://link.springer.com/content/pdf/10.1007%2Fs00145-018-9284-1.pdf
, , p.26
, Advanced Encryption Standard. NIST, p.108, 2001.
, How to Securely Compute with Noisy Leakage in Quasilinear Complexity, Asiacrypt, p.4, 2018.
DOI : 10.1007/978-3-030-03329-3_19
URL : https://hal.archives-ouvertes.fr/hal-01960745
, Secure Multiplication for Bitslice Higher-Order Masking: Optimisation and Comparison, Proceedings. Ed. by Junfeng Fan and Benedikt Gierlichs, vol.10815, pp.3-22, 2018.
DOI : 10.1007/978-3-319-89641-0_1
, LS-Designs: Bitslice Encryption for Efficient Masked Software Implementations". In: FSE 2014, vol.8540, pp.18-37, 2015.
DOI : 10.1007/978-3-662-46706-0_2
URL : https://hal.archives-ouvertes.fr/hal-01093491
, Efficient Masked S-Boxes Processing-A Step Forward, LNCS, vol.8469, p.15, 2014.
DOI : 10.1007/978-3-319-06734-6_16
, On the Multiplicative Complexity of Boolean Functions and Bitsliced Higher-Order Masking, CHES 2016
URL : https://hal.archives-ouvertes.fr/hal-01379296
, LNCS, vol.9813, pp.457-478, 2016.
, How Fast Can Higher-Order Masking Be in Software?, In: EUROCRYPT 2017, Part I, vol.10210, pp.73-76, 2017.
URL : https://hal.archives-ouvertes.fr/hal-01494061
, Lattice Attacks Against Elliptic-Curve Signatures with Blinded Scalar Multiplication, SAC 2016, vol.10532, pp.120-139, 2016.
URL : https://hal.archives-ouvertes.fr/hal-01379249
, Generalized Polynomial Decomposition for S-boxes with Application to SideChannel Countermeasures, CHES 2017. Ed. by Wieland Fischer and Naofumi Homma, vol.10529, pp.154-171, 2017.
URL : https://hal.archives-ouvertes.fr/hal-01613764
, Private Circuits: Securing Hardware against Probing Attacks, CRYPTO 2003, vol.2729, pp.463-481, 2003.
, Very High Order Masking: Efficient Implementation and Security Evaluation, CHES 2017, vol.10529, pp.623-643, 2017.
, A Fast and Provably Secure Higher-Order Masking of AES S-Box, CHES 2011, vol.6917, pp.95-107, 2011.
, On the Power of Bitslice Implementation on Intel Core2 Processor, CHES 2007, vol.4727, p.16, 2007.
, 256 Bit Standardized Crypto for 650 GE-GOST Revisited, CHES 2010, vol.6225, p.26, 2010.
, Side-Channel Resistant Crypto for Less than 2,300 GE, In: Journal of Cryptology, vol.24, p.16, 2011.
, Masking against Side-Channel Attacks: A Formal Security Proof, EUROCRYPT 2013, vol.7881, pp.142-159, 2013.
, On the Number of Nonscalar Multiplications Necessary to Evaluate Polynomials, SIAM J. Comput, vol.2, issue.1, p.24, 1973.
, Provably Secure Higher-Order Masking of AES, CHES 2010, vol.6225, pp.413-427, 2010.
, Analysis and Improvement of the Generic Higher-Order Masking Scheme of FSE, CHES 2013, vol.8086, pp.417-434, 2012.
, A Compact Rijndael Hardware Architecture with S-Box Optimization, 2001.
, LNCS. Springer, vol.2248, p.15, 2001.
, The 128-Bit Blockcipher CLEFIA (Extended Abstract)". In: FSE 2007, vol.4593, pp.181-195, 2007.
, Optimizing S-Box Implementations for Several Criteria Using SAT Solvers, FSE 2016, vol.9783, p.26, 2016.
, The Block Cipher SC2000". In: FSE 2001. Ed. by Mitsuru Matsui, vol.2355, pp.312-327, 2002.