, , p.28
, Number of Random S-boxes for each Multiplicative Complexity for n = 8, vol.38
, Optimal r parameter w.r.t. the CPRR-ISW cost ratio ? for ? ?, p.41
, Graph representation of Circuit 1
Graph representation of Circuit 1 after maskComp ,
,
Overview of the sequence of games ,
Graph representation of a second Boolean circuit ,
Structure of an SPN-Based Block Cipher ,
, Timings of a t-probing secure AES s-box implementation, p.76
Full code size (left graph) and LUT size (right table) w.r.t ,
Timings of mask refreshing ,
Multiplication performances for TRNG-1 in clock cycles, p.96 ,
, Multiplication performances for TRNG-2 in clock cycles, p.97
,
Timings of (parallel) ISW and CPRR schemes for n = 8 ,
Timings of (parallel) ISW and CPRR schemes for n = 4 ,
106 5.11 PRESENT s-box circuit for efficient bitslice implementation ,
Timings for 16 PRESENT s-boxes ,
,
32 3.3 Achievable smallest randomized basis computed according to Algorithm 1.. 34 3.4 Optimal parameters with rank-drop improvements ,
,
Performance results of the implementation AES s-box depending on the number of refresh gadgets ,
, Size of the full multiplication table (in kilobytes) w.r
, Implementation results for the ISW multiplication over F 2, p.85
Performance results for BDF + (generic and unrolled), vol.87 ,
Implementation results for the BBP + multiplication ,
Implementation results for the BCPZ multiplication ,
Timings of the ISW-based mask refreshing ,
94 5.10 Comparison of the multiplications at the algorithmic level, p.95 ,
98 5.15 Performances of parallel ISW and CPRR schemes for n = 4 ,
18 Performances in clock cycles, vol.102 ,
111 5.22 Timings for masked bistlice AES and PRESENT with a 60 Mhz clock, vol.104, p.111 ,
, NBS FIPS PUB, vol.46, 1977.
Serpent: A Proposal for the Advanced Encryption Standard, NIST AES Proposal, p.35, 1998. ,
Circuit Compilers with O(1/ log(n)) Leakage Rate, EUROCRYPT 2016, Part II, vol.9666, pp.586-615, 2016. ,
Verified Proofs of Higher-Order Masking, EUROCRYPT 2015, Part I ,
URL : https://hal.archives-ouvertes.fr/hal-01216699
, LNCS, vol.9056, pp.457-485, 2015.
Strong Non-Interference and Type-Directed Higher-Order Masking, ACM CCS 16 ,
URL : https://hal.archives-ouvertes.fr/hal-01410216
, , vol.46, pp.49-52, 2016.
Randomness Complexity of Private Circuits for Multiplication, EUROCRYPT 2016, Part II, vol.9666, pp.616-648, 2016. ,
Horizontal Side-Channel Attacks and Countermeasures on the ISW Masking Scheme, CHES 2016 ,
URL : https://hal.archives-ouvertes.fr/hal-01399577
, LNCS, vol.9813, p.22, 2016.
, Parallel Implementations of Masking Schemes and the Bounded Moment Leakage Model. Cryptology ePrint Archive, p.92, 2016.
URL : https://hal.archives-ouvertes.fr/hal-01414009
Parallel Implementations of Masking Schemes and the Bounded Moment Leakage Model ,
URL : https://hal.archives-ouvertes.fr/hal-01414009
, LNCS, vol.10210, pp.535-566, 2017.
Tight Private Circuits: Achieving Probing Security with the Least Refreshing, p.4, 2018. ,
A Fast New DES Implementation in Software, LNCS, vol.1267, p.16, 1997. ,
PRESENT: An Ultra-Lightweight Block Cipher, CHES 2007. Ed. by Pascal Paillier and Ingrid Verbauwhede, vol.4727, pp.450-466, 2007. ,
Logic Minimization Techniques with Applications to Cryptology, Journal of Cryptology, vol.26, p.73, 2013. ,
The Khazad Legacy-Level Block Cipher. First Open NESSIE Workshop ,
A Very Compact S-Box for AES, CHES 2005, vol.3659, pp.441-455, 2005. ,
Higher-Order Masking Schemes for S-Boxes, FSE 2012, vol.7549, pp.366-384, 2012. ,
DOI : 10.1007/978-3-642-34047-5_21
URL : https://link.springer.com/content/pdf/10.1007%2F978-3-642-34047-5_21.pdf
Solving Circuit Optimisation Problems in Cryptography and Cryptanalysis, Cryptology ePrint Archive, p.105, 2011. ,
Towards Sound Approaches to Counteract Power-Analysis Attacks, CRYPTO'99 ,
DOI : 10.1007/3-540-48405-1_26
URL : https://link.springer.com/content/pdf/10.1007%2F3-540-48405-1_26.pdf
, LNCS. Springer, vol.1666, pp.398-412, 1999.
Exact Logic Minimization and Multiplicative Complexity of Concrete Algebraic and Cryptographic Circuits, Advances in Intelligent Systems, vol.6, pp.43-57, 2013. ,
Higher Order Masking of Look-Up Tables, LNCS. Springer, vol.8441, p.84, 2014. ,
DOI : 10.1007/978-3-642-55220-5_25
URL : https://link.springer.com/content/pdf/10.1007%2F978-3-642-55220-5_25.pdf
Formal Verification of Side-channel Countermeasures via Elementary Circuit Transformations. Cryptology ePrint Archive, p.46, 2017. ,
DOI : 10.1007/978-3-319-93387-0_4
CTC2 and Fast Algebraic Attacks on Block Ciphers Revisited, p.26, 2007. ,
Higher-Order Side Channel Security and Mask Refreshing, FSE 2013, vol.8424, pp.410-424, 2014. ,
Algebraic Decomposition for Probing Security, CRYPTO 2015, Part I, vol.9215, pp.742-763, 2015. ,
DOI : 10.1007/978-3-662-47989-6_36
Fast Evaluation of Polynomials over Binary Finite Fields and Application to Side-Channel Countermeasures, LNCS. Springer, vol.8731, p.41, 2014. ,
Unifying Leakage Models: From Probing Attacks to Noisy Leakage, EUROCRYPT 2014, vol.8441, pp.423-440, 2014. ,
DOI : 10.1007/s00145-018-9284-1
URL : https://link.springer.com/content/pdf/10.1007%2Fs00145-018-9284-1.pdf
, , p.26
Advanced Encryption Standard. NIST, p.108, 2001. ,
How to Securely Compute with Noisy Leakage in Quasilinear Complexity, Asiacrypt, p.4, 2018. ,
DOI : 10.1007/978-3-030-03329-3_19
URL : https://hal.archives-ouvertes.fr/hal-01960745
Secure Multiplication for Bitslice Higher-Order Masking: Optimisation and Comparison, Proceedings. Ed. by Junfeng Fan and Benedikt Gierlichs, vol.10815, pp.3-22, 2018. ,
DOI : 10.1007/978-3-319-89641-0_1
, LS-Designs: Bitslice Encryption for Efficient Masked Software Implementations". In: FSE 2014, vol.8540, pp.18-37, 2015.
DOI : 10.1007/978-3-662-46706-0_2
URL : https://hal.archives-ouvertes.fr/hal-01093491
Efficient Masked S-Boxes Processing-A Step Forward, LNCS, vol.8469, p.15, 2014. ,
DOI : 10.1007/978-3-319-06734-6_16
On the Multiplicative Complexity of Boolean Functions and Bitsliced Higher-Order Masking, CHES 2016 ,
URL : https://hal.archives-ouvertes.fr/hal-01379296
, LNCS, vol.9813, pp.457-478, 2016.
How Fast Can Higher-Order Masking Be in Software?, In: EUROCRYPT 2017, Part I, vol.10210, pp.73-76, 2017. ,
URL : https://hal.archives-ouvertes.fr/hal-01494061
Lattice Attacks Against Elliptic-Curve Signatures with Blinded Scalar Multiplication, SAC 2016, vol.10532, pp.120-139, 2016. ,
URL : https://hal.archives-ouvertes.fr/hal-01379249
Generalized Polynomial Decomposition for S-boxes with Application to SideChannel Countermeasures, CHES 2017. Ed. by Wieland Fischer and Naofumi Homma, vol.10529, pp.154-171, 2017. ,
URL : https://hal.archives-ouvertes.fr/hal-01613764
Private Circuits: Securing Hardware against Probing Attacks, CRYPTO 2003, vol.2729, pp.463-481, 2003. ,
Very High Order Masking: Efficient Implementation and Security Evaluation, CHES 2017, vol.10529, pp.623-643, 2017. ,
A Fast and Provably Secure Higher-Order Masking of AES S-Box, CHES 2011, vol.6917, pp.95-107, 2011. ,
On the Power of Bitslice Implementation on Intel Core2 Processor, CHES 2007, vol.4727, p.16, 2007. ,
256 Bit Standardized Crypto for 650 GE-GOST Revisited, CHES 2010, vol.6225, p.26, 2010. ,
Side-Channel Resistant Crypto for Less than 2,300 GE, In: Journal of Cryptology, vol.24, p.16, 2011. ,
Masking against Side-Channel Attacks: A Formal Security Proof, EUROCRYPT 2013, vol.7881, pp.142-159, 2013. ,
On the Number of Nonscalar Multiplications Necessary to Evaluate Polynomials, SIAM J. Comput, vol.2, issue.1, p.24, 1973. ,
Provably Secure Higher-Order Masking of AES, CHES 2010, vol.6225, pp.413-427, 2010. ,
Analysis and Improvement of the Generic Higher-Order Masking Scheme of FSE, CHES 2013, vol.8086, pp.417-434, 2012. ,
A Compact Rijndael Hardware Architecture with S-Box Optimization, 2001. ,
, LNCS. Springer, vol.2248, p.15, 2001.
, The 128-Bit Blockcipher CLEFIA (Extended Abstract)". In: FSE 2007, vol.4593, pp.181-195, 2007.
Optimizing S-Box Implementations for Several Criteria Using SAT Solvers, FSE 2016, vol.9783, p.26, 2016. ,
, The Block Cipher SC2000". In: FSE 2001. Ed. by Mitsuru Matsui, vol.2355, pp.312-327, 2002.