<!DOCTYPE html> <html lang="en"> <head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no"> <link href="/css/bootstrap/css/bootstrap.min.css" rel="stylesheet"> <script src="/css/bootstrap/js/bootstrap.bundle.min.js"></script> <title>Efficient Boolean-to-Arithmetic Mask Conversion in Hardware</title> <link rel="stylesheet" href="/css/iacrcc.css"> <link rel="icon" type="image/png" href="/favicon.ico"> <style> div.authorname { font-weight: 500; margin-bottom: .3rem; } div.author { margin-bottom: 1rem; } span.keyword { font-weight: 500; } span.keyword a { color: black; } div.reference { margin-bottom: .5rem; } ol.bib li:before { margin-left: -1.5rem; content: "[" counter(bcounter) "] "; margin-right: .5rem; } ol.bib { list-style: none; counter-reset: bcounter; } ol.bib li { counter-increment: bcounter; margin-bottom: .5rem; } .card-header { background-color: #d1e7dd !important; } .authorlist { /* border: 1px solid #aaa; padding: 1rem; margin-bottom: 1rem; background-color: white;*/ } </style> <script> MathJax = { tex: { inlineMath: [['$', '$'], ['\\(', '\\)']], displayMath: [ ['$$','$$'], ["\\[","\\]"] ], processEnvironments: false, processEscapes: true }, "HTML-CSS": { linebreaks: { automatic: true } } }; </script> <script id="MathJax-script" async src="/js/mathjax/tex-chtml.js"></script> <link rel="schema.DC" href="http://purl.org/dc/elements/1.1/"> <meta name="DC.Creator.PersonalName" content="Aein Rezaei Shahmirzadi"> <meta name="DC.Creator.PersonalName" content="Michael Hutter"> <meta name="DC.Date.created" content="2024-10-07 15:13:12"> <meta name="DC.Date.dateSubmitted" content="2024-07-09"> <meta name="DC.Date.dateAccepted" content="2024-09-02"> <meta name="DC.Description" xml:lang="en" lang="en" content="&lt;p&gt;Masking schemes are key in thwarting side-channel attacks due to their robust theoretical foundation. Transitioning from Boolean to arithmetic (B2A) masking is a necessary step in various cryptography schemes, including hash functions, ARX-based ciphers, and lattice-based cryptography. While there exists a significant body of research focusing on B2A software implementations, studies pertaining to hardware implementations are quite limited, with the majority dedicated solely to creating efficient Boolean masked adders. In this paper, we present first- and second-order secure hardware implementations to perform B2A mask conversion efficiently without using masked adder structures. We first introduce a first-order secure low-latency gadget that executes a B2A2k in a single cycle. Furthermore, we propose a second-order secure B2A2k gadget that has a latency of only 4 clock cycles. Both gadgets are independent of the input word size k. We then show how these new primitives lead to improved B2Aq hardware implementations that perform a B2A mask conversion of integers modulo an arbitrary number. Our results show that our new gadgets outperform comparable solutions by more than a magnitude in terms of resource requirements and are at least 3 times faster in terms of latency and throughput. All gadgets have been formally verified and proven secure in the glitch-robust PINI security model. We additionally confirm the security of our gadgets on an FPGA platform using practical TVLA tests. &lt;/p&gt;"> <meta name="DC.Format" content="application/pdf"> <meta name="DC.Identifier.DOI" content="10.62056/a3c0l2isfg"> <meta name="DC.Identifier.URI" content="https://cic.iacr.org/p/1/3/46"> <meta name="DC.Language" content="en"> <meta name="DC.Rights" content="Copyright (c) 2023 held by author(s)"> <meta name="DC.Rights" content="https://creativecommons.org/licenses/by/4.0/"> <meta name="DC.Source" content="IACR Communications in Cryptology"> <meta name="DC.Source.ISSN" content="3006-5496"> <meta name="DC.Source.Issue" content="3"> <meta name="DC.Source.Volume" content="1"> <meta name="DC.Subject" xml:lang="en" lang="en" content="Secure Mask Conversion"> <meta name="DC.Subject" xml:lang="en" lang="en" content="Mixed Boolean Arithmetic (MBA)"> <meta name="DC.Subject" xml:lang="en" lang="en" content="Boolean-to-Arithmetic (B2A)"> <meta name="DC.Subject" xml:lang="en" lang="en" content="Arithmetic-to-Boolean (A2B)"> <meta name="DC.Subject" xml:lang="en" lang="en" content="Side-Channel Analysis"> <meta name="DC.Subject" xml:lang="en" lang="en" content="DPA Countermeasures"> <meta name="DC.Subject" xml:lang="en" lang="en" content="Hardware Implementation"> <meta name="DC.Subject" xml:lang="en" lang="en" content="Physical Security"> <meta name="DC.Title" content="Efficient Boolean-to-Arithmetic Mask Conversion in Hardware"> <meta name="DC.Type" content="Text.Serial.Journal"> <meta name="DC.Type.articleType" content="Articles"> <meta name="citation_journal_title" content="IACR Communications in Cryptology"> <meta name="citation_journal_abbrev" content="CiC"> <meta name="citation_issn" content="3006-5496"><meta name="citation_author" content="Aein Rezaei Shahmirzadi"> <meta name="citation_author_institution" content="PQShield"> <meta name="citation_author" content="Michael Hutter"> <meta name="citation_author_institution" content="PQShield"> <meta name="citation_title" content="Efficient Boolean-to-Arithmetic Mask Conversion in Hardware"> <meta name="citation_language" content="en"> <meta name="citation_date" content="2024-10-07"> <meta name="citation_volume" content="1"> <meta name="citation_issue" content="3"> <meta name="citation_doi" content="10.62056/a3c0l2isfg"> <meta name="citation_abstract_html_url" content="https://cic.iacr.org/p/1/3/46"> <meta name="citation_keywords" xml:lang="en" lang="en" content="Secure Mask Conversion"><meta name="citation_keywords" xml:lang="en" lang="en" content="Mixed Boolean Arithmetic (MBA)"><meta name="citation_keywords" xml:lang="en" lang="en" content="Boolean-to-Arithmetic (B2A)"><meta name="citation_keywords" xml:lang="en" lang="en" content="Arithmetic-to-Boolean (A2B)"><meta name="citation_keywords" xml:lang="en" lang="en" content="Side-Channel Analysis"><meta name="citation_keywords" xml:lang="en" lang="en" content="DPA Countermeasures"><meta name="citation_keywords" xml:lang="en" lang="en" content="Hardware Implementation"><meta name="citation_keywords" xml:lang="en" lang="en" content="Physical Security"> <meta name="citation_pdf_url" content="https://cic.iacr.org/p/1/3/46/pdf"> </head> <body> <noscript> <h1 class="text-center">What a lovely hat</h1> <h4 class="text-center">Is it made out of <a href="https://iacr.org/tinfoil.html">tin foil</a>?</h4> </noscript> <div class="pageTop d-flex justify-content-md-around justify-content-between align-items-center"> <a href="https://iacr.org"><img id="logo" class="d-none d-lg-block ms-5" src="/images/iacrlogo_small.png" title="International Association for Cryptologic Research" alt="IACR logo"></a> <span class="headerTitle d-none d-md-block">Communications in Cryptology</span> <span class="headerTitle d-md-none">IACR CiC</span> <div class="dropdown ps-lg-2 me-5"> <button class="btn border-0" type="button" id="dropdownMenuButton1" data-bs-toggle="dropdown" aria-expanded="true"> <img src="/images/search.svg" class="searchIcon" alt="Search Button" style="width:33px;"> </button> <div id="searchDd" class="dropdown-menu dropdown-menu-end bg-transparent border-0" aria-labelledby="dropdownMenuButton1" data-bs-popper="none"> <form action="/search" method="GET" class="me-3"> <div class="input-group"> <input id="searchbox" name="q" type="search" class="form-control shadow-none" autocomplete="off" > <input type="hidden" name="d" value="/var/www/wsgi/cicjournal/webapp/search_index/xapian.db"> <button class="btn btn-outline-dark border border-dark input-group-append"> Search </button> </div> </form> <div id="results" class="bg-light"></div> </div> </div> </div> <nav id="sitenav" class="navbar navbar-expand-md"> <div class="container"> <button class="navbar-toggler" type="button" data-bs-toggle="collapse" data-bs-target="#collapseContent" aria-controls="collapseContent" aria-expanded="false" aria-label="Toggle navigation"> <span class="navbar-toggler-icon"></span> </button> <div class="collapse navbar-collapse" id="collapseContent"> <ul class="navbar-nav nav-fill w-100 justify-content-between"> <li class="nav-item"> <a class="nav-link active" aria-current="page" href="/">Home</a> </li> <li class="nav-item"> <a class="nav-link" href="/contents">Papers</a> </li> <li class="nav-item dropdown"> <a class="nav-link dropdown-toggle" href="#" role="button" data-bs-toggle="dropdown" aria-expanded="false"> Submissions </a> <ul class="dropdown-menu ms-3 ms-lg-5"> <li><a class="dropdown-item" href="/callforpapers">Call for papers</a></li> <li><a class="dropdown-item" href="/ethics">Publication ethics</a></li> <li><a class="dropdown-item" href="/irregular">Irregular submissions</a></li> <li><a class="dropdown-item" href="/conflicts">Conflict of interest</a></li> <li><a class="dropdown-item" href="/retraction">Retraction policy</a></li> </ul> </li> <li class="nav-item"> <a class="nav-link" href="/faq">FAQ</a> </li> <li class="nav-item"> <a class="nav-link" href="/contact">Contact</a> </li> <li class="nav-item"> <a class="nav-link" href="/board">Editorial board</a> </li> <li class="nav-item dropdown"> <a href="#" class="ms-md-5 nav-link dropdown-toggle" data-bs-toggle="dropdown"><img alt="Login" src="/images/user.svg"></a> <ul class="dropdown-menu"> <li><a href="/login" class="dropdown-item">Admin login</a></li> </ul> </li> </ul> </div> </div> </nav> <main id="mainContent" class="container"> <nav aria-label="breadcrumb" class="mt-3"> <ol class="breadcrumb"> <li class="breadcrumb-item"><a href="/">Home</a></li> <li class="breadcrumb-item"><a href="/v/1">Volume 1</a></li> <li class="breadcrumb-item"><a href="/i/1/3">Issue 3</a></li> <li class="breadcrumb-item active" aria-current="page">46</li> </ol> </nav> <h2>Efficient Boolean-to-Arithmetic Mask Conversion in Hardware</h2> <div class="row mt-3"> <div class="col-12 col-md-8"> <h3 class="mt-2">Authors</h3> <div class="fs-4 mb-4 mt-2 d-flex justify-content-between flex-column flex-lg-row"> <div>Aein Rezaei Shahmirzadi, Michael Hutter</div> <button role="button" aria-expanded="false" aria-controls="authorlist" class="ms-4 btn me-3 dropdown-toggle" data-bs-toggle="collapse" data-bs-target="#authorlist">Author Info</button> </div> <div id="authorlist" class="authorlist collapse"> <div class="author"> <div class="authorname">Aein Rezaei Shahmirzadi <a target="_blank" href="https://orcid.org/0000-0002-9549-268X"><img alt="ORCID" class="align-baseline orcidIcon" src="/images/orcid.svg"></a> </div> <div class="ms-4 mb-2"> PQShield, Oxford, UK<br> <span class="font-monospace">aein dot shahmirzadi at pqshield dot com</span> </div> </div> <div class="author"> <div class="authorname">Michael Hutter <a target="_blank" href="https://orcid.org/0000-0001-9769-7649"><img alt="ORCID" class="align-baseline orcidIcon" src="/images/orcid.svg"></a> </div> <div class="ms-4 mb-2"> PQShield, Oxford, UK<br> <span class="font-monospace">michael dot hutter at pqshield dot com</span> </div> </div> </div> <div class="mb-3"> <strong class="fs-4">Keywords: </strong> <span class="badge p-2 text-bg-light keyword ms-2 my-1" alt="Secure Mask Conversion" title="Secure Mask Conversion"><a href="/search?q=Secure%20Mask%20Conversion">Secure Mask Conversion</a></span> <span class="badge p-2 text-bg-light keyword ms-2 my-1" alt="Mixed Boolean Arithmetic (MBA)" title="Mixed Boolean Arithmetic (MBA)"><a href="/search?q=Mixed%20Boolean%20Arithmetic%20%28MBA%29">Mixed Boolean Arithmetic (MBA)</a></span> <span class="badge p-2 text-bg-light keyword ms-2 my-1" alt="Boolean-to-Arithmetic (B2A)" title="Boolean-to-Arithmetic (B2A)"><a href="/search?q=Boolean-to-Arithmetic%20%28B2A%29">Boolean-to-Arithmetic (B2A)</a></span> <span class="badge p-2 text-bg-light keyword ms-2 my-1" alt="Arithmetic-to-Boolean (A2B)" title="Arithmetic-to-Boolean (A2B)"><a href="/search?q=Arithmetic-to-Boolean%20%28A2B%29">Arithmetic-to-Boolean (A2B)</a></span> <span class="badge p-2 text-bg-light keyword ms-2 my-1" alt="Side-Channel Analysis" title="Side-Channel Analysis"><a href="/search?q=Side-Channel%20Analysis">Side-Channel Analysis</a></span> <span class="badge p-2 text-bg-light keyword ms-2 my-1" alt="DPA Countermeasures" title="DPA Countermeasures"><a href="/search?q=DPA%20Countermeasures">DPA Countermeasures</a></span> <span class="badge p-2 text-bg-light keyword ms-2 my-1" alt="Hardware Implementation" title="Hardware Implementation"><a href="/search?q=Hardware%20Implementation">Hardware Implementation</a></span> <span class="badge p-2 text-bg-light keyword ms-2 my-1" alt="Physical Security" title="Physical Security"><a href="/search?q=Physical%20Security">Physical Security</a></span> </div> <h3 class="mt-4">Abstract</h3> <p><p>Masking schemes are key in thwarting side-channel attacks due to their robust theoretical foundation. Transitioning from Boolean to arithmetic (B2A) masking is a necessary step in various cryptography schemes, including hash functions, ARX-based ciphers, and lattice-based cryptography. While there exists a significant body of research focusing on B2A software implementations, studies pertaining to hardware implementations are quite limited, with the majority dedicated solely to creating efficient Boolean masked adders. In this paper, we present first- and second-order secure hardware implementations to perform B2A mask conversion efficiently without using masked adder structures. We first introduce a first-order secure low-latency gadget that executes a B2A2k in a single cycle. Furthermore, we propose a second-order secure B2A2k gadget that has a latency of only 4 clock cycles. Both gadgets are independent of the input word size k. We then show how these new primitives lead to improved B2Aq hardware implementations that perform a B2A mask conversion of integers modulo an arbitrary number. Our results show that our new gadgets outperform comparable solutions by more than a magnitude in terms of resource requirements and are at least 3 times faster in terms of latency and throughput. All gadgets have been formally verified and proven secure in the glitch-robust PINI security model. We additionally confirm the security of our gadgets on an FPGA platform using practical TVLA tests. </p></p> <h3 class="mb-3">References</h3> <div class="d-flex"> <div style="min-width:9rem;">[AHMP10]</div> <div><div id="ref-Aumasson2010SHA3Blake" class="bibitem">Jean-Philippe Aumasson, Luca Henzen, Willi Meier, and Raphael C.-W. Phan. SHA-3 Proposal BLAKE. <a href="https://131002.net/blake">https://131002.net/blake</a>. December 2010.</div></div> </div> <div class="text-end mb-4"> <a href="https://scholar.google.com/scholar?hl=en&amp;q=Jean-Philippe+Aumasson+Luca+Henzen+Willi+Meier+Raphael+C.-W.+Phan+SHA-3+Proposal+BLAKE+2010" target="_blank" class="ms-3">Google Scholar</a> <a href="https://eprint.iacr.org/search?relevance=on&amp;authors=Jean-Philippe+Aumasson+Luca+Henzen+Willi+Meier+Raphael+C.-W.+Phan&amp;title=SHA-3+Proposal+BLAKE&amp;submittedafter=2009&amp;submittedbefore=2011" target="_blank" class="ms-3">ePrint</a> </div> <div class="d-flex"> <div style="min-width:9rem;">[BBD⁺15]</div> <div><div id="ref-DBLP:conf/eurocrypt/BartheBDFGS15" class="bibitem">Gilles Barthe, Sonia Belaïd, François Dupressoir, Pierre-Alain Fouque, Benjamin Grégoire, and Pierre-Yves Strub. Verified Proofs of Higher-Order Masking. In <em>EUROCRYPT 2015</em>, volume 9056 of <em>LNCS</em>, pages 457–485, Sofia, Bulgaria. April 2015. Springer, Heidelberg. DOI: <a href="https://doi.org/10.1007/978-3-662-46800-5_18">10.1007/978-3-662-46800-5_18</a></div></div> </div> <div class="text-end mb-4"> <a href="https://scholar.google.com/scholar?hl=en&amp;q=Gilles+Barthe+Sonia+Bela%C3%AFd+Fran%C3%A7ois+Dupressoir+Pierre-Alain+Fouque+Benjamin+Gr%C3%A9goire+Pierre-Yves+Strub+Verified+Proofs+of+Higher-Order+Masking+2015" target="_blank" class="ms-3">Google Scholar</a> <a href="https://eprint.iacr.org/search?relevance=on&amp;authors=Gilles+Barthe+Sonia+Bela%C3%AFd+Fran%C3%A7ois+Dupressoir+Pierre-Alain+Fouque+Benjamin+Gr%C3%A9goire+Pierre-Yves+Strub&amp;title=Verified+Proofs+of+Higher-Order+Masking&amp;submittedafter=2014&amp;submittedbefore=2016" target="_blank" class="ms-3">ePrint</a> </div> <div class="d-flex"> <div style="min-width:9rem;">[BBD⁺16]</div> <div><div id="ref-DBLP:conf/ccs/BartheBDFGSZ16" class="bibitem">Gilles Barthe, Sonia Belaïd, François Dupressoir, Pierre-Alain Fouque, Benjamin Grégoire, Pierre-Yves Strub, and Rébecca Zucchini. Strong Non-Interference and Type-Directed Higher-Order Masking. In <em>CCS 2016</em>, pages 116–129, Vienna, Austria. October 2016. ACM. DOI: <a href="https://doi.org/10.1145/2976749.2978427">10.1145/2976749.2978427</a></div></div> </div> <div class="text-end mb-4"> <a href="https://scholar.google.com/scholar?hl=en&amp;q=Gilles+Barthe+Sonia+Bela%C3%AFd+Fran%C3%A7ois+Dupressoir+Pierre-Alain+Fouque+Benjamin+Gr%C3%A9goire+Pierre-Yves+Strub+R%C3%A9becca+Zucchini+Strong+Non-Interference+and+Type-Directed+Higher-Order+Masking+2016" target="_blank" class="ms-3">Google Scholar</a> <a href="https://eprint.iacr.org/search?relevance=on&amp;authors=Gilles+Barthe+Sonia+Bela%C3%AFd+Fran%C3%A7ois+Dupressoir+Pierre-Alain+Fouque+Benjamin+Gr%C3%A9goire+Pierre-Yves+Strub+R%C3%A9becca+Zucchini&amp;title=Strong+Non-Interference+and+Type-Directed+Higher-Order+Masking&amp;submittedafter=2015&amp;submittedbefore=2017" target="_blank" class="ms-3">ePrint</a> </div> <div class="d-flex"> <div style="min-width:9rem;">[BBE⁺18]</div> <div><div id="ref-Barthe2018MaskingTheGLP" class="bibitem">Gilles Barthe, Sonia Belaïd, Thomas Espitau, Pierre-Alain Fouque, Benjamin Grégoire, Mélissa Rossi, and Mehdi Tibouchi. Masking the GLP Lattice-Based Signature Scheme at Any Order. In <em>EUROCRYPT 2018</em>, volume 10821 of <em>LNCS</em>, pages 354–384, Tel Aviv, Israel. April 2018. Springer, Cham. DOI: <a href="https://doi.org/10.1007/978-3-319-78375-8_12">10.1007/978-3-319-78375-8_12</a></div></div> </div> <div class="text-end mb-4"> <a href="https://scholar.google.com/scholar?hl=en&amp;q=Gilles+Barthe+Sonia+Bela%C3%AFd+Thomas+Espitau+Pierre-Alain+Fouque+Benjamin+Gr%C3%A9goire+M%C3%A9lissa+Rossi+Mehdi+Tibouchi+Masking+the+GLP+Lattice-Based+Signature+Scheme+at+Any+Order+2018" target="_blank" class="ms-3">Google Scholar</a> <a href="https://eprint.iacr.org/search?relevance=on&amp;authors=Gilles+Barthe+Sonia+Bela%C3%AFd+Thomas+Espitau+Pierre-Alain+Fouque+Benjamin+Gr%C3%A9goire+M%C3%A9lissa+Rossi+Mehdi+Tibouchi&amp;title=Masking+the+GLP+Lattice-Based+Signature+Scheme+at+Any+Order&amp;submittedafter=2017&amp;submittedbefore=2019" target="_blank" class="ms-3">ePrint</a> </div> <div class="d-flex"> <div style="min-width:9rem;">[BC22]</div> <div><div id="ref-Bronchain2022BitslicingArithmeticBoolean" class="bibitem">Olivier Bronchain and Gaëtan Cassiers. Bitslicing Arithmetic/Boolean Masking Conversions for Fun and Profit with Application to Lattice-Based KEMs. <em>IACR Transactions on Cryptographic Hardware and Embedded Systems (TCHES)</em>, 2022(4):553–588, 2022. DOI: <a href="https://doi.org/10.46586/TCHES.V2022.I4.553-588">10.46586/TCHES.V2022.I4.553-588</a></div></div> </div> <div class="text-end mb-4"> <a href="https://scholar.google.com/scholar?hl=en&amp;q=Olivier+Bronchain+Ga%C3%ABtan+Cassiers+Bitslicing+Arithmetic%2FBoolean+Masking+Conversions+for+Fun+and+Profit+with+Application+to+Lattice-Based+KEMs+2022" target="_blank" class="ms-3">Google Scholar</a> <a href="https://eprint.iacr.org/search?relevance=on&amp;authors=Olivier+Bronchain+Ga%C3%ABtan+Cassiers&amp;title=Bitslicing+Arithmetic%2FBoolean+Masking+Conversions+for+Fun+and+Profit+with+Application+to+Lattice-Based+KEMs&amp;submittedafter=2021&amp;submittedbefore=2023" target="_blank" class="ms-3">ePrint</a> </div> <div class="d-flex"> <div style="min-width:9rem;">[BCZ18]</div> <div><div id="ref-Bettale2018ImprovedHigherOrder" class="bibitem">Luk Bettale, Jean-Sébastien Coron, and Rina Zeitoun. Improved High-Order Conversion From Boolean to Arithmetic Masking. <em>IACR Transactions on Cryptographic Hardware and Embedded Systems (TCHES)</em>, 2018(2):22–45, 2018. DOI: <a href="https://doi.org/10.13154/TCHES.V2018.I2.22-45">10.13154/TCHES.V2018.I2.22-45</a></div></div> </div> <div class="text-end mb-4"> <a href="https://scholar.google.com/scholar?hl=en&amp;q=Luk+Bettale+Jean-S%C3%A9bastien+Coron+Rina+Zeitoun+Improved+High-Order+Conversion+From+Boolean+to+Arithmetic+Masking+2018" target="_blank" class="ms-3">Google Scholar</a> <a href="https://eprint.iacr.org/search?relevance=on&amp;authors=Luk+Bettale+Jean-S%C3%A9bastien+Coron+Rina+Zeitoun&amp;title=Improved+High-Order+Conversion+From+Boolean+to+Arithmetic+Masking&amp;submittedafter=2017&amp;submittedbefore=2019" target="_blank" class="ms-3">ePrint</a> </div> <div class="d-flex"> <div style="min-width:9rem;">[BDCU17]</div> <div><div id="ref-Biryukov2017OptimalFirstOrder" class="bibitem">Alex Biryukov, Daniel Dinu, Yann Le Corre, and Aleksei Udovenko. Optimal First-Order Boolean Masking for Embedded IoT Devices. In <em>CARDIS 2017</em>, volume 10728 of <em>LNCS</em>, pages 22–41, Lugano, Switzerland. November 2017. Springer. DOI: <a href="https://doi.org/10.1007/978-3-319-75208-2_2">10.1007/978-3-319-75208-2_2</a></div></div> </div> <div class="text-end mb-4"> <a href="https://scholar.google.com/scholar?hl=en&amp;q=Alex+Biryukov+Daniel+Dinu+Yann+Le+Corre+Aleksei+Udovenko+Optimal+First-Order+Boolean+Masking+for+Embedded+IoT+Devices+2017" target="_blank" class="ms-3">Google Scholar</a> <a href="https://eprint.iacr.org/search?relevance=on&amp;authors=Alex+Biryukov+Daniel+Dinu+Yann+Le+Corre+Aleksei+Udovenko&amp;title=Optimal+First-Order+Boolean+Masking+for+Embedded+IoT+Devices&amp;submittedafter=2016&amp;submittedbefore=2018" target="_blank" class="ms-3">ePrint</a> </div> <div class="d-flex"> <div style="min-width:9rem;">[BDH⁺21]</div> <div><div id="ref-Bhasin2021AttackingAndDefending" class="bibitem">Shivam Bhasin, Jan-Pieter D'Anvers, Daniel Heinz, Thomas Pöppelmann, and Michiel Van Beirendonck. Attacking and Defending Masked Polynomial Comparison for Lattice-Based Cryptography. <em>IACR Transactions on Cryptographic Hardware and Embedded Systems (TCHES)</em>, 2021(3):334–359, 2021. DOI: <a href="https://doi.org/10.46586/TCHES.V2021.I3.334-359">10.46586/TCHES.V2021.I3.334-359</a></div></div> </div> <div class="text-end mb-4"> <a href="https://scholar.google.com/scholar?hl=en&amp;q=Shivam+Bhasin+Jan-Pieter+D%27Anvers+Daniel+Heinz+Thomas+P%C3%B6ppelmann+Michiel+Van+Beirendonck+Attacking+and+Defending+Masked+Polynomial+Comparison+for+Lattice-Based+Cryptography+2021" target="_blank" class="ms-3">Google Scholar</a> <a href="https://eprint.iacr.org/search?relevance=on&amp;authors=Shivam+Bhasin+Jan-Pieter+D%27Anvers+Daniel+Heinz+Thomas+P%C3%B6ppelmann+Michiel+Van+Beirendonck&amp;title=Attacking+and+Defending+Masked+Polynomial+Comparison+for+Lattice-Based+Cryptography&amp;submittedafter=2020&amp;submittedbefore=2022" target="_blank" class="ms-3">ePrint</a> </div> <div class="d-flex"> <div style="min-width:9rem;">[BDK⁺21]</div> <div><div id="ref-Beirendonck2021ASideChannel" class="bibitem">Michiel Van Beirendonck, Jan-Pieter D'Anvers, Angshuman Karmakar, Josep Balasch, and Ingrid Verbauwhede. A Side-Channel-Resistant Implementation of SABER. <em>ACM Journal on Emerging Technologies in Computing Systems (JETC)</em>, 17(2):1–26, 2021. DOI: <a href="https://doi.org/10.1145/3429983">10.1145/3429983</a></div></div> </div> <div class="text-end mb-4"> <a href="https://scholar.google.com/scholar?hl=en&amp;q=Michiel+Van+Beirendonck+Jan-Pieter+D%27Anvers+Angshuman+Karmakar+Josep+Balasch+Ingrid+Verbauwhede+A+Side-Channel-Resistant+Implementation+of+SABER+2021" target="_blank" class="ms-3">Google Scholar</a> <a href="https://eprint.iacr.org/search?relevance=on&amp;authors=Michiel+Van+Beirendonck+Jan-Pieter+D%27Anvers+Angshuman+Karmakar+Josep+Balasch+Ingrid+Verbauwhede&amp;title=A+Side-Channel-Resistant+Implementation+of+SABER&amp;submittedafter=2020&amp;submittedbefore=2022" target="_blank" class="ms-3">ePrint</a> </div> <div class="d-flex"> <div style="min-width:9rem;">[Ber08]</div> <div><div id="ref-Bernstein2008ChaCha" class="bibitem">Daniel J. Bernstein. <a href="https://cr.yp.to/chacha.html">ChaCha, a Variant of Salsa20</a>. In <em>State of the Art of Stream Ciphers Workshop (SASC)</em>, pages 3–5, Lausanne, Switzerland. Februar 2008. </div></div> </div> <div class="text-end mb-4"> <a href="https://scholar.google.com/scholar?hl=en&amp;q=Daniel+J.+Bernstein+ChaCha%2C+a+Variant+of+Salsa20+2008" target="_blank" class="ms-3">Google Scholar</a> <a href="https://eprint.iacr.org/search?relevance=on&amp;authors=Daniel+J.+Bernstein&amp;title=ChaCha%2C+a+Variant+of+Salsa20&amp;submittedafter=2007&amp;submittedbefore=2009" target="_blank" class="ms-3">ePrint</a> </div> <div class="d-flex"> <div style="min-width:9rem;">[BFG⁺17]</div> <div><div id="ref-DBLP:conf/asiacrypt/BalaschFGPS17" class="bibitem">Josep Balasch, Sebastian Faust, Benedikt Gierlichs, Clara Paglialonga, and François-Xavier Standaert. Consolidating Inner Product Masking. In <em>ASIACRYPT 2017</em>, volume 10624 of <em>LNCS</em>, pages 724–754, Hong Kong, China. December 2017. Springer. DOI: <a href="https://doi.org/10.1007/978-3-319-70694-8_25">10.1007/978-3-319-70694-8_25</a></div></div> </div> <div class="text-end mb-4"> <a href="https://scholar.google.com/scholar?hl=en&amp;q=Josep+Balasch+Sebastian+Faust+Benedikt+Gierlichs+Clara+Paglialonga+Fran%C3%A7ois-Xavier+Standaert+Consolidating+Inner+Product+Masking+2017" target="_blank" class="ms-3">Google Scholar</a> <a href="https://eprint.iacr.org/search?relevance=on&amp;authors=Josep+Balasch+Sebastian+Faust+Benedikt+Gierlichs+Clara+Paglialonga+Fran%C3%A7ois-Xavier+Standaert&amp;title=Consolidating+Inner+Product+Masking&amp;submittedafter=2016&amp;submittedbefore=2018" target="_blank" class="ms-3">ePrint</a> </div> <div class="d-flex"> <div style="min-width:9rem;">[BG22]</div> <div><div id="ref-Bache2022BooleanMaskingFor" class="bibitem">Florian Bache and Tim Güneysu. Boolean Masking for Arithmetic Additions at Arbitrary Order in Hardware. <em>Applied Sciences</em>, 12(5), 2022.</div></div> </div> <div class="text-end mb-4"> <a href="https://scholar.google.com/scholar?hl=en&amp;q=Florian+Bache+Tim+G%C3%BCneysu+Boolean+Masking+for+Arithmetic+Additions+at+Arbitrary+Order+in+Hardware+2022" target="_blank" class="ms-3">Google Scholar</a> <a href="https://eprint.iacr.org/search?relevance=on&amp;authors=Florian+Bache+Tim+G%C3%BCneysu&amp;title=Boolean+Masking+for+Arithmetic+Additions+at+Arbitrary+Order+in+Hardware&amp;submittedafter=2021&amp;submittedbefore=2023" target="_blank" class="ms-3">ePrint</a> </div> <div class="d-flex"> <div style="min-width:9rem;">[BPO⁺20]</div> <div><div id="ref-Bache2020HighSpeedMasking" class="bibitem">Florian Bache, Clara Paglialonga, Tobias Oder, Tobias Schneider, and Tim Güneysu. High-Speed Masking for Polynomial Comparison in Lattice-based KEMs. <em>IACR Transactions on Cryptographic Hardware and Embedded Systems (TCHES)</em>, 2020(3):483–507, 2020. DOI: <a href="https://doi.org/10.13154/TCHES.V2020.I3.483-507">10.13154/TCHES.V2020.I3.483-507</a></div></div> </div> <div class="text-end mb-4"> <a href="https://scholar.google.com/scholar?hl=en&amp;q=Florian+Bache+Clara+Paglialonga+Tobias+Oder+Tobias+Schneider+Tim+G%C3%BCneysu+High-Speed+Masking+for+Polynomial+Comparison+in+Lattice-based+KEMs+2020" target="_blank" class="ms-3">Google Scholar</a> <a href="https://eprint.iacr.org/search?relevance=on&amp;authors=Florian+Bache+Clara+Paglialonga+Tobias+Oder+Tobias+Schneider+Tim+G%C3%BCneysu&amp;title=High-Speed+Masking+for+Polynomial+Comparison+in+Lattice-based+KEMs&amp;submittedafter=2019&amp;submittedbefore=2021" target="_blank" class="ms-3">ePrint</a> </div> <div class="d-flex"> <div style="min-width:9rem;">[Cas22]</div> <div><div id="ref-Cassier2022ComposableAndEfficient" class="bibitem">Gaëtan Cassiers. <em><a href="http://hdl.handle.net/2078.1/264203">Composable and Efficient Masking Schemes for Side-channel Secure Implementations</a></em>. PhD thesis, Université Catholique de Louvain, June 2022.</div></div> </div> <div class="text-end mb-4"> <a href="https://scholar.google.com/scholar?hl=en&amp;q=Ga%C3%ABtan+Cassiers+Composable+and+Efficient+Masking+Schemes+for+Side-channel+Secure+Implementations+2022" target="_blank" class="ms-3">Google Scholar</a> <a href="https://eprint.iacr.org/search?relevance=on&amp;authors=Ga%C3%ABtan+Cassiers&amp;title=Composable+and+Efficient+Masking+Schemes+for+Side-channel+Secure+Implementations&amp;submittedafter=2021&amp;submittedbefore=2023" target="_blank" class="ms-3">ePrint</a> </div> <div class="d-flex"> <div style="min-width:9rem;">[CG00]</div> <div><div id="ref-DBLP:conf/ches/CoronG00" class="bibitem">Jean-Sébastien Coron and Louis Goubin. On Boolean and Arithmetic Masking against Differential Power Analysis. In <em>Cryptographic Hardware and Embedded Systems (CHES)</em>, volume 1965 of <em>LNCS</em>, pages 231–237, Worcester, MA, USA. August 2000. Springer, Heidelberg. DOI: <a href="https://doi.org/10.1007/3-540-44499-8_18">10.1007/3-540-44499-8_18</a></div></div> </div> <div class="text-end mb-4"> <a href="https://scholar.google.com/scholar?hl=en&amp;q=Jean-S%C3%A9bastien+Coron+Louis+Goubin+On+Boolean+and+Arithmetic+Masking+against+Differential+Power+Analysis+2000" target="_blank" class="ms-3">Google Scholar</a> <a href="https://eprint.iacr.org/search?relevance=on&amp;authors=Jean-S%C3%A9bastien+Coron+Louis+Goubin&amp;title=On+Boolean+and+Arithmetic+Masking+against+Differential+Power+Analysis&amp;submittedafter=1999&amp;submittedbefore=2001" target="_blank" class="ms-3">ePrint</a> </div> <div class="d-flex"> <div style="min-width:9rem;">[CGLS21]</div> <div><div id="ref-DBLP:journals/tc/CassiersGLS21" class="bibitem">Gaëtan Cassiers, Benjamin Grégoire, Itamar Levi, and François-Xavier Standaert. Hardware Private Circuits: From Trivial Composition to Full Verification. <em>IEEE Transactions on Computers</em>, 70(10):1677–1690, 2021. DOI: <a href="https://doi.org/10.1109/TC.2020.3022979">10.1109/TC.2020.3022979</a></div></div> </div> <div class="text-end mb-4"> <a href="https://scholar.google.com/scholar?hl=en&amp;q=Ga%C3%ABtan+Cassiers+Benjamin+Gr%C3%A9goire+Itamar+Levi+Fran%C3%A7ois-Xavier+Standaert+Hardware+Private+Circuits%3A+From+Trivial+Composition+to+Full+Verification+2021" target="_blank" class="ms-3">Google Scholar</a> <a href="https://eprint.iacr.org/search?relevance=on&amp;authors=Ga%C3%ABtan+Cassiers+Benjamin+Gr%C3%A9goire+Itamar+Levi+Fran%C3%A7ois-Xavier+Standaert&amp;title=Hardware+Private+Circuits%3A+From+Trivial+Composition+to+Full+Verification&amp;submittedafter=2020&amp;submittedbefore=2022" target="_blank" class="ms-3">ePrint</a> </div> <div class="d-flex"> <div style="min-width:9rem;">[CGM⁺23]</div> <div><div id="ref-Cassiers2023CompressReducingArea" class="bibitem">Gaëtan Cassiers, Barbara Gigerl, Stefan Mangard, Charles Momin, and Rishub Nagpal. <a href="https://eprint.iacr.org/2023/1600">Compress: Reducing Area and Latency of Masked Pipelined Circuits</a>. IACR Cryptology ePrint Archive, Paper 2023/1600. 2023.</div></div> </div> <div class="text-end mb-4"> <a href="https://scholar.google.com/scholar?hl=en&amp;q=Ga%C3%ABtan+Cassiers+Barbara+Gigerl+Stefan+Mangard+Charles+Momin+Rishub+Nagpal+Compress%3A+Reducing+Area+and+Latency+of+Masked+Pipelined+Circuits+2023" target="_blank" class="ms-3">Google Scholar</a> <a href="https://eprint.iacr.org/search?relevance=on&amp;authors=Ga%C3%ABtan+Cassiers+Barbara+Gigerl+Stefan+Mangard+Charles+Momin+Rishub+Nagpal&amp;title=Compress%3A+Reducing+Area+and+Latency+of+Masked+Pipelined+Circuits&amp;submittedafter=2022&amp;submittedbefore=2024" target="_blank" class="ms-3">ePrint</a> </div> <div class="d-flex"> <div style="min-width:9rem;">[CGMZ23]</div> <div><div id="ref-Coron2023HigherOrderPolynomial" class="bibitem">Jean-Sébastien Coron, François Gérard, Simon Montoya, and Rina Zeitoun. High-order Polynomial Comparison and Masking Lattice-based Encryption. <em>IACR Transactions on Cryptographic Hardware and Embedded Systems (TCHES)</em>, 2023(1):153–192, 2023. DOI: <a href="https://doi.org/10.46586/TCHES.V2023.I1.153-192">10.46586/TCHES.V2023.I1.153-192</a></div></div> </div> <div class="text-end mb-4"> <a href="https://scholar.google.com/scholar?hl=en&amp;q=Jean-S%C3%A9bastien+Coron+Fran%C3%A7ois+G%C3%A9rard+Simon+Montoya+Rina+Zeitoun+High-order+Polynomial+Comparison+and+Masking+Lattice-based+Encryption+2023" target="_blank" class="ms-3">Google Scholar</a> <a href="https://eprint.iacr.org/search?relevance=on&amp;authors=Jean-S%C3%A9bastien+Coron+Fran%C3%A7ois+G%C3%A9rard+Simon+Montoya+Rina+Zeitoun&amp;title=High-order+Polynomial+Comparison+and+Masking+Lattice-based+Encryption&amp;submittedafter=2022&amp;submittedbefore=2024" target="_blank" class="ms-3">ePrint</a> </div> <div class="d-flex"> <div style="min-width:9rem;">[CGTV15]</div> <div><div id="ref-Coron2015ConversionFromArithmetic" class="bibitem">Jean-Sébastien Coron, Johann Großschädl, Mehdi Tibouchi, and Praveen Kumar Vadnala. Conversion from Arithmetic to Boolean Masking with Logarithmic Complexity. In <em>FSE 2015</em>, volume 8731 of <em>LNCS</em>, pages 130–149, Istanbul, Turkey. March 2015. Springer, Heidelberg. DOI: <a href="https://doi.org/10.1007/978-3-662-48116-5_7">10.1007/978-3-662-48116-5_7</a></div></div> </div> <div class="text-end mb-4"> <a href="https://scholar.google.com/scholar?hl=en&amp;q=Jean-S%C3%A9bastien+Coron+Johann+Gro%C3%9Fsch%C3%A4dl+Mehdi+Tibouchi+Praveen+Kumar+Vadnala+Conversion+from+Arithmetic+to+Boolean+Masking+with+Logarithmic+Complexity+2015" target="_blank" class="ms-3">Google Scholar</a> <a href="https://eprint.iacr.org/search?relevance=on&amp;authors=Jean-S%C3%A9bastien+Coron+Johann+Gro%C3%9Fsch%C3%A4dl+Mehdi+Tibouchi+Praveen+Kumar+Vadnala&amp;title=Conversion+from+Arithmetic+to+Boolean+Masking+with+Logarithmic+Complexity&amp;submittedafter=2014&amp;submittedbefore=2016" target="_blank" class="ms-3">ePrint</a> </div> <div class="d-flex"> <div style="min-width:9rem;">[CGTZ23]</div> <div><div id="ref-Coron2023ImprovedGadgetsFor" class="bibitem">Jean-Sébastien Coron, François Gérard, Matthias Trannoy, and Rina Zeitoun. Improved Gadgets for the High-Order Masking of Dilithium. <em>IACR Transactions on Cryptographic Hardware and Embedded Systems (TCHES)</em>, 2023(4):110–145, 2023. DOI: <a href="https://doi.org/10.46586/TCHES.V2023.I4.110-145">10.46586/TCHES.V2023.I4.110-145</a></div></div> </div> <div class="text-end mb-4"> <a href="https://scholar.google.com/scholar?hl=en&amp;q=Jean-S%C3%A9bastien+Coron+Fran%C3%A7ois+G%C3%A9rard+Matthias+Trannoy+Rina+Zeitoun+Improved+Gadgets+for+the+High-Order+Masking+of+Dilithium+2023" target="_blank" class="ms-3">Google Scholar</a> <a href="https://eprint.iacr.org/search?relevance=on&amp;authors=Jean-S%C3%A9bastien+Coron+Fran%C3%A7ois+G%C3%A9rard+Matthias+Trannoy+Rina+Zeitoun&amp;title=Improved+Gadgets+for+the+High-Order+Masking+of+Dilithium&amp;submittedafter=2022&amp;submittedbefore=2024" target="_blank" class="ms-3">ePrint</a> </div> <div class="d-flex"> <div style="min-width:9rem;">[CGV14]</div> <div><div id="ref-Coron2014SecureConversionBetween" class="bibitem">Jean-Sébastien Coron, Johann Großschädl, and Praveen Kumar Vadnala. Secure Conversion between Boolean and Arithmetic Masking of Any Order. In <em>Cryptographic Hardware and Embedded Systems (CHES)</em>, volume 8731 of <em>LNCS</em>, pages 188–205, Busan, South Korea. September 2014. Springer, Heidelberg. DOI: <a href="https://doi.org/10.1007/978-3-662-44709-3_11">10.1007/978-3-662-44709-3_11</a></div></div> </div> <div class="text-end mb-4"> <a href="https://scholar.google.com/scholar?hl=en&amp;q=Jean-S%C3%A9bastien+Coron+Johann+Gro%C3%9Fsch%C3%A4dl+Praveen+Kumar+Vadnala+Secure+Conversion+between+Boolean+and+Arithmetic+Masking+of+Any+Order+2014" target="_blank" class="ms-3">Google Scholar</a> <a href="https://eprint.iacr.org/search?relevance=on&amp;authors=Jean-S%C3%A9bastien+Coron+Johann+Gro%C3%9Fsch%C3%A4dl+Praveen+Kumar+Vadnala&amp;title=Secure+Conversion+between+Boolean+and+Arithmetic+Masking+of+Any+Order&amp;submittedafter=2013&amp;submittedbefore=2015" target="_blank" class="ms-3">ePrint</a> </div> <div class="d-flex"> <div style="min-width:9rem;">[Cor17]</div> <div><div id="ref-Coron2017HigherOrderConversion" class="bibitem">Jean-Sébastien Coron. Higher-Order Conversion from Boolean to Arithmetic Masking. In <em>Cryptographic Hardware and Embedded Systems (CHES)</em>, volume 10529 of <em>LNCS</em>, pages 93–114, Taipei, Taiwan. September 2017. Springer. DOI: <a href="https://doi.org/10.1007/978-3-319-66787-4_5">10.1007/978-3-319-66787-4_5</a></div></div> </div> <div class="text-end mb-4"> <a href="https://scholar.google.com/scholar?hl=en&amp;q=Jean-S%C3%A9bastien+Coron+Higher-Order+Conversion+from+Boolean+to+Arithmetic+Masking+2017" target="_blank" class="ms-3">Google Scholar</a> <a href="https://eprint.iacr.org/search?relevance=on&amp;authors=Jean-S%C3%A9bastien+Coron&amp;title=Higher-Order+Conversion+from+Boolean+to+Arithmetic+Masking&amp;submittedafter=2016&amp;submittedbefore=2018" target="_blank" class="ms-3">ePrint</a> </div> <div class="d-flex"> <div style="min-width:9rem;">[CS20]</div> <div><div id="ref-DBLP:journals/tifs/CassiersS20" class="bibitem">Gaëtan Cassiers and François-Xavier Standaert. Trivially and Efficiently Composing Masked Gadgets With Probe Isolating Non-Interference. <em>IEEE Transactions on Information Forensics and Security</em>, 15:2542–2555, 2020. DOI: <a href="https://doi.org/10.1109/TIFS.2020.2971153">10.1109/TIFS.2020.2971153</a></div></div> </div> <div class="text-end mb-4"> <a href="https://scholar.google.com/scholar?hl=en&amp;q=Ga%C3%ABtan+Cassiers+Fran%C3%A7ois-Xavier+Standaert+Trivially+and+Efficiently+Composing+Masked+Gadgets+With+Probe+Isolating+Non-Interference+2020" target="_blank" class="ms-3">Google Scholar</a> <a href="https://eprint.iacr.org/search?relevance=on&amp;authors=Ga%C3%ABtan+Cassiers+Fran%C3%A7ois-Xavier+Standaert&amp;title=Trivially+and+Efficiently+Composing+Masked+Gadgets+With+Probe+Isolating+Non-Interference&amp;submittedafter=2019&amp;submittedbefore=2021" target="_blank" class="ms-3">ePrint</a> </div> <div class="d-flex"> <div style="min-width:9rem;">[FBR⁺22]</div> <div><div id="ref-Fritzmann2022MaskedAcceleratorsAnd" class="bibitem">Tim Fritzmann, Michiel Van Beirendonck, Debapriya Basu Roy, Patrick Karl, Thomas Schamberger, Ingrid Verbauwhede, and Georg Sigl. Masked Accelerators and Instruction Set Extensions for Post-Quantum Cryptography. <em>IACR Transactions on Cryptographic Hardware and Embedded Systems (TCHES)</em>, 2022(1):414–460, 2022. DOI: <a href="https://doi.org/10.46586/TCHES.V2022.I1.414-460">10.46586/TCHES.V2022.I1.414-460</a></div></div> </div> <div class="text-end mb-4"> <a href="https://scholar.google.com/scholar?hl=en&amp;q=Tim+Fritzmann+Michiel+Van+Beirendonck+Debapriya+Basu+Roy+Patrick+Karl+Thomas+Schamberger+Ingrid+Verbauwhede+Georg+Sigl+Masked+Accelerators+and+Instruction+Set+Extensions+for+Post-Quantum+Cryptography+2022" target="_blank" class="ms-3">Google Scholar</a> <a href="https://eprint.iacr.org/search?relevance=on&amp;authors=Tim+Fritzmann+Michiel+Van+Beirendonck+Debapriya+Basu+Roy+Patrick+Karl+Thomas+Schamberger+Ingrid+Verbauwhede+Georg+Sigl&amp;title=Masked+Accelerators+and+Instruction+Set+Extensions+for+Post-Quantum+Cryptography&amp;submittedafter=2021&amp;submittedbefore=2023" target="_blank" class="ms-3">ePrint</a> </div> <div class="d-flex"> <div style="min-width:9rem;">[FGP⁺18]</div> <div><div id="ref-DBLP:journals/tches/FaustGPPS18" class="bibitem">Sebastian Faust, Vincent Grosso, Santos Merino Del Pozo, Clara Paglialonga, and François-Xavier Standaert. Composable Masking Schemes in the Presence of Physical Defaults & the Robust Probing Model. <em>IACR Transactions on Cryptographic Hardware and Embedded Systems (TCHES)</em>, 2018(3):89–120, 2018. DOI: <a href="https://doi.org/10.13154/TCHES.V2018.I3.89-120">10.13154/TCHES.V2018.I3.89-120</a></div></div> </div> <div class="text-end mb-4"> <a href="https://scholar.google.com/scholar?hl=en&amp;q=Sebastian+Faust+Vincent+Grosso+Santos+Merino+Del+Pozo+Clara+Paglialonga+Fran%C3%A7ois-Xavier+Standaert+Composable+Masking+Schemes+in+the+Presence+of+Physical+Defaults+%26+the+Robust+Probing+Model+2018" target="_blank" class="ms-3">Google Scholar</a> <a href="https://eprint.iacr.org/search?relevance=on&amp;authors=Sebastian+Faust+Vincent+Grosso+Santos+Merino+Del+Pozo+Clara+Paglialonga+Fran%C3%A7ois-Xavier+Standaert&amp;title=Composable+Masking+Schemes+in+the+Presence+of+Physical+Defaults+%26+the+Robust+Probing+Model&amp;submittedafter=2017&amp;submittedbefore=2019" target="_blank" class="ms-3">ePrint</a> </div> <div class="d-flex"> <div style="min-width:9rem;">[FLS⁺10]</div> <div><div id="ref-Ferguson2010TheSkeinHash" class="bibitem">Niels Ferguson, Stefan Lucks, Bruce Schneier, Doug Whiting, Mihir Bellare, Tadayoshi Kohno, Jon Callas, and Jesse Walker. The Skein Hash Function Family. <a href="https://www.schneier.com/wp-content/uploads/2015/01/skein.pdf">https://www.schneier.com/wp-content/uploads/2015/01/skein.pdf</a>. October 2010.</div></div> </div> <div class="text-end mb-4"> <a href="https://scholar.google.com/scholar?hl=en&amp;q=Niels+Ferguson+Stefan+Lucks+Bruce+Schneier+Doug+Whiting+Mihir+Bellare+Tadayoshi+Kohno+Jon+Callas+Jesse+Walker+The+Skein+Hash+Function+Family+2010" target="_blank" class="ms-3">Google Scholar</a> <a href="https://eprint.iacr.org/search?relevance=on&amp;authors=Niels+Ferguson+Stefan+Lucks+Bruce+Schneier+Doug+Whiting+Mihir+Bellare+Tadayoshi+Kohno+Jon+Callas+Jesse+Walker&amp;title=The+Skein+Hash+Function+Family&amp;submittedafter=2009&amp;submittedbefore=2011" target="_blank" class="ms-3">ePrint</a> </div> <div class="d-flex"> <div style="min-width:9rem;">[GJJR11]</div> <div><div id="ref-TVLA" class="bibitem">Gilbert Goodwill, Benjamin Jun, Josh Jaffe, and Pankaj Rohatgi. A Testing Methodology for Side-Channel Resistance Validation. Non-Invasive Attack Testing (NIAT) Workshop. <a href="https://csrc.nist.gov/csrc/media/events/non-invasive-attack-testing-workshop/documents/08_goodwill.pdf">https://csrc.nist.gov/csrc/media/events/non-invasive-attack-testing-workshop/documents/08_goodwill.pdf</a>. 2011.</div></div> </div> <div class="text-end mb-4"> <a href="https://scholar.google.com/scholar?hl=en&amp;q=Gilbert+Goodwill+Benjamin+Jun+Josh+Jaffe+Pankaj+Rohatgi+A+Testing+Methodology+for+Side-Channel+Resistance+Validation+2011" target="_blank" class="ms-3">Google Scholar</a> <a href="https://eprint.iacr.org/search?relevance=on&amp;authors=Gilbert+Goodwill+Benjamin+Jun+Josh+Jaffe+Pankaj+Rohatgi&amp;title=A+Testing+Methodology+for+Side-Channel+Resistance+Validation&amp;submittedafter=2010&amp;submittedbefore=2012" target="_blank" class="ms-3">ePrint</a> </div> <div class="d-flex"> <div style="min-width:9rem;">[GJM⁺16]</div> <div><div id="ref-Gross2016ConcealingSecretsIn" class="bibitem">Hannes Groß, Manuel Jelinek, Stefan Mangard, Thomas Unterluggauer, and Mario Werner. Concealing Secrets in Embedded Processors Designs. In <em>CARDIS 2016</em>, volume 10146 of <em>LNCS</em>, pages 89–104, Cannes, France. November 2016. Springer. DOI: <a href="https://doi.org/10.1007/978-3-319-54669-8_6">10.1007/978-3-319-54669-8_6</a></div></div> </div> <div class="text-end mb-4"> <a href="https://scholar.google.com/scholar?hl=en&amp;q=Hannes+Gro%C3%9F+Manuel+Jelinek+Stefan+Mangard+Thomas+Unterluggauer+Mario+Werner+Concealing+Secrets+in+Embedded+Processors+Designs+2016" target="_blank" class="ms-3">Google Scholar</a> <a href="https://eprint.iacr.org/search?relevance=on&amp;authors=Hannes+Gro%C3%9F+Manuel+Jelinek+Stefan+Mangard+Thomas+Unterluggauer+Mario+Werner&amp;title=Concealing+Secrets+in+Embedded+Processors+Designs&amp;submittedafter=2015&amp;submittedbefore=2017" target="_blank" class="ms-3">ePrint</a> </div> <div class="d-flex"> <div style="min-width:9rem;">[GMK16]</div> <div><div id="ref-DBLP:conf/ccs/GrossMK16" class="bibitem">Hannes Groß, Stefan Mangard, and Thomas Korak. Domain-Oriented Masking: Compact Masked Hardware Implementations with Arbitrary Protection Order. In <em>Workshop on Theory of Implementation Security (TIS)</em>, Vienna, Austria. October 2016. ACM. DOI: <a href="https://doi.org/10.1145/2996366.2996426">10.1145/2996366.2996426</a></div></div> </div> <div class="text-end mb-4"> <a href="https://scholar.google.com/scholar?hl=en&amp;q=Hannes+Gro%C3%9F+Stefan+Mangard+Thomas+Korak+Domain-Oriented+Masking%3A+Compact+Masked+Hardware+Implementations+with+Arbitrary+Protection+Order+2016" target="_blank" class="ms-3">Google Scholar</a> <a href="https://eprint.iacr.org/search?relevance=on&amp;authors=Hannes+Gro%C3%9F+Stefan+Mangard+Thomas+Korak&amp;title=Domain-Oriented+Masking%3A+Compact+Masked+Hardware+Implementations+with+Arbitrary+Protection+Order&amp;submittedafter=2015&amp;submittedbefore=2017" target="_blank" class="ms-3">ePrint</a> </div> <div class="d-flex"> <div style="min-width:9rem;">[Gou01]</div> <div><div id="ref-Goubin2001SoundMethodSwitching" class="bibitem">Louis Goubin. A Sound Method for Switching between Boolean and Arithmetic Masking. In <em>Cryptographic Hardware and Embedded Systems (CHES)</em>, volume 2162 of <em>LNCS</em>, pages 3–15, Paris, France. May 2001. Springer, Heidelberg. DOI: <a href="https://doi.org/10.1007/3-540-44709-1_2">10.1007/3-540-44709-1_2</a></div></div> </div> <div class="text-end mb-4"> <a href="https://scholar.google.com/scholar?hl=en&amp;q=Louis+Goubin+A+Sound+Method+for+Switching+between+Boolean+and+Arithmetic+Masking+2001" target="_blank" class="ms-3">Google Scholar</a> <a href="https://eprint.iacr.org/search?relevance=on&amp;authors=Louis+Goubin&amp;title=A+Sound+Method+for+Switching+between+Boolean+and+Arithmetic+Masking&amp;submittedafter=2000&amp;submittedbefore=2002" target="_blank" class="ms-3">ePrint</a> </div> <div class="d-flex"> <div style="min-width:9rem;">[GP99]</div> <div><div id="ref-DBLP:conf/ches/GoubinP99" class="bibitem">Louis Goubin and Jacques Patarin. DES and Differential Power Analysis. In <em>Cryptographic Hardware and Embedded Systems (CHES)</em>, volume 1717 of <em>LNCS</em>, pages 158–172, Worcester, MA, USA. August 1999. Springer. DOI: <a href="https://doi.org/10.1007/3-540-48059-5_15">10.1007/3-540-48059-5_15</a></div></div> </div> <div class="text-end mb-4"> <a href="https://scholar.google.com/scholar?hl=en&amp;q=Louis+Goubin+Jacques+Patarin+DES+and+Differential+Power+Analysis+1999" target="_blank" class="ms-3">Google Scholar</a> <a href="https://eprint.iacr.org/search?relevance=on&amp;authors=Louis+Goubin+Jacques+Patarin&amp;title=DES+and+Differential+Power+Analysis&amp;submittedafter=1998&amp;submittedbefore=2000" target="_blank" class="ms-3">ePrint</a> </div> <div class="d-flex"> <div style="min-width:9rem;">[GT02]</div> <div><div id="ref-DBLP:conf/ches/GolicT02" class="bibitem">Jovan Dj. Golic and Christophe Tymen. Multiplicative Masking and Power Analysis of AES. In <em>Cryptographic Hardware and Embedded Systems (CHES)</em>, volume 2523 of <em>LNCS</em>, pages 198–212, San Francisco, USA. August 2002. Springer. DOI: <a href="https://doi.org/10.1007/3-540-36400-5_16">10.1007/3-540-36400-5_16</a></div></div> </div> <div class="text-end mb-4"> <a href="https://scholar.google.com/scholar?hl=en&amp;q=Jovan+Dj.+Golic+Christophe+Tymen+Multiplicative+Masking+and+Power+Analysis+of+AES+2002" target="_blank" class="ms-3">Google Scholar</a> <a href="https://eprint.iacr.org/search?relevance=on&amp;authors=Jovan+Dj.+Golic+Christophe+Tymen&amp;title=Multiplicative+Masking+and+Power+Analysis+of+AES&amp;submittedafter=2001&amp;submittedbefore=2003" target="_blank" class="ms-3">ePrint</a> </div> <div class="d-flex"> <div style="min-width:9rem;">[HT16]</div> <div><div id="ref-Hutter2016ConstantTimeHigher" class="bibitem">Michael Hutter and Michael Tunstall. Constant Time Higher-Order Boolean-to-Arithmetic Masking. <a href="https://eprint.iacr.org/2016/1023">https://eprint.iacr.org/2016/1023</a>. IACR Cryptology ePrint Archive, Paper 2016/1023. 2016.</div></div> </div> <div class="text-end mb-4"> <a href="https://scholar.google.com/scholar?hl=en&amp;q=Michael+Hutter+Michael+Tunstall+Constant+Time+Higher-Order+Boolean-to-Arithmetic+Masking+2016" target="_blank" class="ms-3">Google Scholar</a> <a href="https://eprint.iacr.org/search?relevance=on&amp;authors=Michael+Hutter+Michael+Tunstall&amp;title=Constant+Time+Higher-Order+Boolean-to-Arithmetic+Masking&amp;submittedafter=2015&amp;submittedbefore=2017" target="_blank" class="ms-3">ePrint</a> </div> <div class="d-flex"> <div style="min-width:9rem;">[HT19]</div> <div><div id="ref-Hutter2016ConstantTimeHigher_JOCE" class="bibitem">Michael Hutter and Michael Tunstall. Constant-Time Higher-Order Boolean-to-Arithmetic Masking. <em>Journal of Cryptographic Engineering</em>, 9(2):173–184, 2019. DOI: <a href="https://doi.org/10.1007/S13389-018-0191-Z">10.1007/S13389-018-0191-Z</a></div></div> </div> <div class="text-end mb-4"> <a href="https://scholar.google.com/scholar?hl=en&amp;q=Michael+Hutter+Michael+Tunstall+Constant-Time+Higher-Order+Boolean-to-Arithmetic+Masking+2019" target="_blank" class="ms-3">Google Scholar</a> <a href="https://eprint.iacr.org/search?relevance=on&amp;authors=Michael+Hutter+Michael+Tunstall&amp;title=Constant-Time+Higher-Order+Boolean-to-Arithmetic+Masking&amp;submittedafter=2018&amp;submittedbefore=2020" target="_blank" class="ms-3">ePrint</a> </div> <div class="d-flex"> <div style="min-width:9rem;">[ISW03]</div> <div><div id="ref-Ishai2003PrivateCircuits" class="bibitem">Yuval Ishai, Amit Sahai, and David A. Wagner. Private Circuits: Securing Hardware against Probing Attacks. In <em>CRYPTO 2003</em>, volume 2729 of <em>LNCS</em>, pages 463–481, Santa Barbara, California, USA. August 2003. Springer, Heidelberg. DOI: <a href="https://doi.org/10.1007/978-3-540-45146-4_27">10.1007/978-3-540-45146-4_27</a></div></div> </div> <div class="text-end mb-4"> <a href="https://scholar.google.com/scholar?hl=en&amp;q=Yuval+Ishai+Amit+Sahai+David+A.+Wagner+Private+Circuits%3A+Securing+Hardware+against+Probing+Attacks+2003" target="_blank" class="ms-3">Google Scholar</a> <a href="https://eprint.iacr.org/search?relevance=on&amp;authors=Yuval+Ishai+Amit+Sahai+David+A.+Wagner&amp;title=Private+Circuits%3A+Securing+Hardware+against+Probing+Attacks&amp;submittedafter=2002&amp;submittedbefore=2004" target="_blank" class="ms-3">ePrint</a> </div> <div class="d-flex"> <div style="min-width:9rem;">[KJJ99]</div> <div><div id="ref-KJJ99" class="bibitem">Paul Kocher, Joshua Jaffe, and Benjamin Jun. Differential Power Analysis. In <em>CRYPTO 1999</em>, volume 1666 of <em>LNCS</em>, pages 388–397, Santa Barbara, California, USA. August 1999. Springer, Heidelberg. DOI: <a href="https://doi.org/10.1007/3-540-48405-1_25">10.1007/3-540-48405-1_25</a></div></div> </div> <div class="text-end mb-4"> <a href="https://scholar.google.com/scholar?hl=en&amp;q=Paul+Kocher+Joshua+Jaffe+Benjamin+Jun+Differential+Power+Analysis+1999" target="_blank" class="ms-3">Google Scholar</a> <a href="https://eprint.iacr.org/search?relevance=on&amp;authors=Paul+Kocher+Joshua+Jaffe+Benjamin+Jun&amp;title=Differential+Power+Analysis&amp;submittedafter=1998&amp;submittedbefore=2000" target="_blank" class="ms-3">ePrint</a> </div> <div class="d-flex"> <div style="min-width:9rem;">[KMMS22]</div> <div><div id="ref-Knichel2022AutomatedGenerationOf" class="bibitem">David Knichel, Amir Moradi, Nicolai Müller, and Pascal Sasdrich. Automated Generation of Masked Hardware. <em>IACR Transactions on Cryptographic Hardware and Embedded Systems (TCHES)</em>, 2022(1):589–629, 2022. DOI: <a href="https://doi.org/10.46586/TCHES.V2022.I1.589-629">10.46586/TCHES.V2022.I1.589-629</a></div></div> </div> <div class="text-end mb-4"> <a href="https://scholar.google.com/scholar?hl=en&amp;q=David+Knichel+Amir+Moradi+Nicolai+M%C3%BCller+Pascal+Sasdrich+Automated+Generation+of+Masked+Hardware+2022" target="_blank" class="ms-3">Google Scholar</a> <a href="https://eprint.iacr.org/search?relevance=on&amp;authors=David+Knichel+Amir+Moradi+Nicolai+M%C3%BCller+Pascal+Sasdrich&amp;title=Automated+Generation+of+Masked+Hardware&amp;submittedafter=2021&amp;submittedbefore=2023" target="_blank" class="ms-3">ePrint</a> </div> <div class="d-flex"> <div style="min-width:9rem;">[Kni23]</div> <div><div id="ref-DBLP:phd/dnb/Knichel23" class="bibitem">David Knichel. <em><a href="https://hss-opus.ub.ruhr-uni-bochum.de/opus4/frontdoor/index/index/docId/10666">Formal Verification and Automated Masking of Cryptographic Hardware</a></em>. PhD thesis, Ruhr University Bochum, Germany, September 2023.</div></div> </div> <div class="text-end mb-4"> <a href="https://scholar.google.com/scholar?hl=en&amp;q=David+Knichel+Formal+Verification+and+Automated+Masking+of+Cryptographic+Hardware+2023" target="_blank" class="ms-3">Google Scholar</a> <a href="https://eprint.iacr.org/search?relevance=on&amp;authors=David+Knichel&amp;title=Formal+Verification+and+Automated+Masking+of+Cryptographic+Hardware&amp;submittedafter=2022&amp;submittedbefore=2024" target="_blank" class="ms-3">ePrint</a> </div> <div class="d-flex"> <div style="min-width:9rem;">[Koc96]</div> <div><div id="ref-Koc96" class="bibitem">Paul Kocher. Timing Attacks on Implementations of Diffie-Hellman, RSA, DSS, and Other Systems. In <em>CRYPTO 1996</em>, volume 1109 of <em>LNCS</em>, pages 104–113, Santa Barbara, California, USA. August 1996. Springer, Heidelberg. DOI: <a href="https://doi.org/10.1007/3-540-68697-5_9">10.1007/3-540-68697-5_9</a></div></div> </div> <div class="text-end mb-4"> <a href="https://scholar.google.com/scholar?hl=en&amp;q=Paul+Kocher+Timing+Attacks+on+Implementations+of+Diffie-Hellman%2C+RSA%2C+DSS%2C+and+Other+Systems+1996" target="_blank" class="ms-3">Google Scholar</a> <a href="https://eprint.iacr.org/search?relevance=on&amp;authors=Paul+Kocher&amp;title=Timing+Attacks+on+Implementations+of+Diffie-Hellman%2C+RSA%2C+DSS%2C+and+Other+Systems&amp;submittedafter=1995&amp;submittedbefore=1997" target="_blank" class="ms-3">ePrint</a> </div> <div class="d-flex"> <div style="min-width:9rem;">[KS73]</div> <div><div id="ref-DBLP:journals/tc/KoggeS73" class="bibitem">Peter M. Kogge and Harold S. Stone. A Parallel Algorithm for the Efficient Solution of a General Class of Recurrence Equations. <em>IEEE Transactions on Computers</em>, 22(8):786–793, 1973. DOI: <a href="https://doi.org/10.1109/TC.1973.5009159">10.1109/TC.1973.5009159</a></div></div> </div> <div class="text-end mb-4"> <a href="https://scholar.google.com/scholar?hl=en&amp;q=Peter+M.+Kogge+Harold+S.+Stone+A+Parallel+Algorithm+for+the+Efficient+Solution+of+a+General+Class+of+Recurrence+Equations+1973" target="_blank" class="ms-3">Google Scholar</a> <a href="https://eprint.iacr.org/search?relevance=on&amp;authors=Peter+M.+Kogge+Harold+S.+Stone&amp;title=A+Parallel+Algorithm+for+the+Efficient+Solution+of+a+General+Class+of+Recurrence+Equations&amp;submittedafter=1972&amp;submittedbefore=1974" target="_blank" class="ms-3">ePrint</a> </div> <div class="d-flex"> <div style="min-width:9rem;">[KSM19]</div> <div><div id="ref-Komano2019IntegrativeAccelerationOf" class="bibitem">Yuichi Komano, Hideo Shimizu, and Hideyuki Miyake. Integrative Acceleration of First-order Boolean Masking for Embedded IoT Devices. <em>Journal of Information Processing</em>, 27:585–592, 2019. DOI: <a href="https://doi.org/10.2197/IPSJJIP.27.585">10.2197/IPSJJIP.27.585</a></div></div> </div> <div class="text-end mb-4"> <a href="https://scholar.google.com/scholar?hl=en&amp;q=Yuichi+Komano+Hideo+Shimizu+Hideyuki+Miyake+Integrative+Acceleration+of+First-order+Boolean+Masking+for+Embedded+IoT+Devices+2019" target="_blank" class="ms-3">Google Scholar</a> <a href="https://eprint.iacr.org/search?relevance=on&amp;authors=Yuichi+Komano+Hideo+Shimizu+Hideyuki+Miyake&amp;title=Integrative+Acceleration+of+First-order+Boolean+Masking+for+Embedded+IoT+Devices&amp;submittedafter=2018&amp;submittedbefore=2020" target="_blank" class="ms-3">ePrint</a> </div> <div class="d-flex"> <div style="min-width:9rem;">[KSM20]</div> <div><div id="ref-silver" class="bibitem">David Knichel, Pascal Sasdrich, and Amir Moradi. SILVER - Statistical Independence and Leakage Verification. In <em>ASIACRYPT 2020</em>, volume 12491 of <em>LNCS</em>, pages 787–816, Daejeon, South Korea. December 2020. Springer. DOI: <a href="https://doi.org/10.1007/978-3-030-64837-4_26">10.1007/978-3-030-64837-4_26</a></div></div> </div> <div class="text-end mb-4"> <a href="https://scholar.google.com/scholar?hl=en&amp;q=David+Knichel+Pascal+Sasdrich+Amir+Moradi+SILVER+-+Statistical+Independence+and+Leakage+Verification+2020" target="_blank" class="ms-3">Google Scholar</a> <a href="https://eprint.iacr.org/search?relevance=on&amp;authors=David+Knichel+Pascal+Sasdrich+Amir+Moradi&amp;title=SILVER+-+Statistical+Independence+and+Leakage+Verification&amp;submittedafter=2019&amp;submittedbefore=2021" target="_blank" class="ms-3">ePrint</a> </div> <div class="d-flex"> <div style="min-width:9rem;">[MBR19]</div> <div><div id="ref-DBLP:journals/tches/MeyerBR19" class="bibitem">Lauren De Meyer, Begül Bilgin, and Oscar Reparaz. Consolidating Security Notions in Hardware Masking. <em>IACR Transactions on Cryptographic Hardware and Embedded Systems (TCHES)</em>, 2019(3):119–147, 2019. DOI: <a href="https://doi.org/10.13154/TCHES.V2019.I3.119-147">10.13154/TCHES.V2019.I3.119-147</a></div></div> </div> <div class="text-end mb-4"> <a href="https://scholar.google.com/scholar?hl=en&amp;q=Lauren+De+Meyer+Beg%C3%BCl+Bilgin+Oscar+Reparaz+Consolidating+Security+Notions+in+Hardware+Masking+2019" target="_blank" class="ms-3">Google Scholar</a> <a href="https://eprint.iacr.org/search?relevance=on&amp;authors=Lauren+De+Meyer+Beg%C3%BCl+Bilgin+Oscar+Reparaz&amp;title=Consolidating+Security+Notions+in+Hardware+Masking&amp;submittedafter=2018&amp;submittedbefore=2020" target="_blank" class="ms-3">ePrint</a> </div> <div class="d-flex"> <div style="min-width:9rem;">[MME10]</div> <div><div id="ref-DBLP:conf/ches/MoradiME10" class="bibitem">Amir Moradi, Oliver Mischke, and Thomas Eisenbarth. Correlation-Enhanced Power Analysis Collision Attack. In <em>Cryptographic Hardware and Embedded Systems (CHES)</em>, volume 6225 of <em>LNCS</em>, pages 125–139, Santa Barbara, California, USA. August 2010. Springer. DOI: <a href="https://doi.org/10.1007/978-3-642-15031-9_9">10.1007/978-3-642-15031-9_9</a></div></div> </div> <div class="text-end mb-4"> <a href="https://scholar.google.com/scholar?hl=en&amp;q=Amir+Moradi+Oliver+Mischke+Thomas+Eisenbarth+Correlation-Enhanced+Power+Analysis+Collision+Attack+2010" target="_blank" class="ms-3">Google Scholar</a> <a href="https://eprint.iacr.org/search?relevance=on&amp;authors=Amir+Moradi+Oliver+Mischke+Thomas+Eisenbarth&amp;title=Correlation-Enhanced+Power+Analysis+Collision+Attack&amp;submittedafter=2009&amp;submittedbefore=2011" target="_blank" class="ms-3">ePrint</a> </div> <div class="d-flex"> <div style="min-width:9rem;">[MPO05]</div> <div><div id="ref-DBLP:conf/ches/MangardPO05" class="bibitem">Stefan Mangard, Norbert Pramstaller, and Elisabeth Oswald. Successfully Attacking Masked AES Hardware Implementations. In <em>Cryptographic Hardware and Embedded Systems (CHES)</em>, volume 3659 of <em>LNCS</em>, pages 157–171, Edinburgh, Scotland. August 2005. Springer. DOI: <a href="https://doi.org/10.1007/11545262_12">10.1007/11545262_12</a></div></div> </div> <div class="text-end mb-4"> <a href="https://scholar.google.com/scholar?hl=en&amp;q=Stefan+Mangard+Norbert+Pramstaller+Elisabeth+Oswald+Successfully+Attacking+Masked+AES+Hardware+Implementations+2005" target="_blank" class="ms-3">Google Scholar</a> <a href="https://eprint.iacr.org/search?relevance=on&amp;authors=Stefan+Mangard+Norbert+Pramstaller+Elisabeth+Oswald&amp;title=Successfully+Attacking+Masked+AES+Hardware+Implementations&amp;submittedafter=2004&amp;submittedbefore=2006" target="_blank" class="ms-3">ePrint</a> </div> <div class="d-flex"> <div style="min-width:9rem;">[NDKV24]</div> <div><div id="ref-Norga2024MaskConversionFor" class="bibitem">Quinten Norga, Jan-Pieter D'Anvers, Suparna Kundu, and Ingrid Verbauwhede. Mask Conversions for d+1 Shares in Hardware, with Application to Lattice-based PQC. <a href="https://eprint.iacr.org/archive/2024/114/20240126:091208">https://eprint.iacr.org/archive/2024/114/20240126:091208</a>. IACR Cryptology ePrint Archive, Paper 2024/114/20240126:091208. 2024.</div></div> </div> <div class="text-end mb-4"> <a href="https://scholar.google.com/scholar?hl=en&amp;q=Quinten+Norga+Jan-Pieter+D%27Anvers+Suparna+Kundu+Ingrid+Verbauwhede+Mask+Conversions+for+d%2B1+Shares+in+Hardware%2C+with+Application+to+Lattice-based+PQC+2024" target="_blank" class="ms-3">Google Scholar</a> <a href="https://eprint.iacr.org/search?relevance=on&amp;authors=Quinten+Norga+Jan-Pieter+D%27Anvers+Suparna+Kundu+Ingrid+Verbauwhede&amp;title=Mask+Conversions+for+d%2B1+Shares+in+Hardware%2C+with+Application+to+Lattice-based+PQC&amp;submittedafter=2023&amp;submittedbefore=2025" target="_blank" class="ms-3">ePrint</a> </div> <div class="d-flex"> <div style="min-width:9rem;">[New]</div> <div><div id="ref-cw305" class="bibitem">NewAE. CW305 Artix FPGA Target. <a href="https://rtfm.newae.com/Targets">https://rtfm.newae.com/Targets</a>. </div></div> </div> <div class="text-end mb-4"> <a href="https://scholar.google.com/scholar?hl=en&amp;q=NewAE+CW305+Artix+FPGA+Target" target="_blank" class="ms-3">Google Scholar</a> <a href="https://eprint.iacr.org/search?relevance=on&amp;authors=NewAE&amp;title=CW305+Artix+FPGA+Target" target="_blank" class="ms-3">ePrint</a> </div> <div class="d-flex"> <div style="min-width:9rem;">[NRR06]</div> <div><div id="ref-Nikova2006ThresholdImplementationsAgainst" class="bibitem">Svetla Nikova, Christian Rechberger, and Vincent Rijmen. Threshold Implementations Against Side-Channel Attacks and Glitches. In <em>Information and Communications Security (ICICS)</em>, volume 4307 of <em>LNCS</em>, pages 529–545, Raleigh, NC, USA. December 2006. Springer, Heidelberg. DOI: <a href="https://doi.org/10.1007/11935308_38">10.1007/11935308_38</a></div></div> </div> <div class="text-end mb-4"> <a href="https://scholar.google.com/scholar?hl=en&amp;q=Svetla+Nikova+Christian+Rechberger+Vincent+Rijmen+Threshold+Implementations+Against+Side-Channel+Attacks+and+Glitches+2006" target="_blank" class="ms-3">Google Scholar</a> <a href="https://eprint.iacr.org/search?relevance=on&amp;authors=Svetla+Nikova+Christian+Rechberger+Vincent+Rijmen&amp;title=Threshold+Implementations+Against+Side-Channel+Attacks+and+Glitches&amp;submittedafter=2005&amp;submittedbefore=2007" target="_blank" class="ms-3">ePrint</a> </div> <div class="d-flex"> <div style="min-width:9rem;">[NW97]</div> <div><div id="ref-needham1997tea" class="bibitem">Roger M. Needham and David J. Wheeler. TEA Extensions. Technical Report, Computer Laboratory, University of Cambridge. <a href="https://www.cix.co.uk/ klockstone/xtea.pdf">https://www.cix.co.uk/ klockstone/xtea.pdf</a>. 1997.</div></div> </div> <div class="text-end mb-4"> <a href="https://scholar.google.com/scholar?hl=en&amp;q=Roger+M.+Needham+David+J.+Wheeler+TEA+Extensions+1997" target="_blank" class="ms-3">Google Scholar</a> <a href="https://eprint.iacr.org/search?relevance=on&amp;authors=Roger+M.+Needham+David+J.+Wheeler&amp;title=TEA+Extensions&amp;submittedafter=1996&amp;submittedbefore=1998" target="_blank" class="ms-3">ePrint</a> </div> <div class="d-flex"> <div style="min-width:9rem;">[RBN⁺15]</div> <div><div id="ref-DBLP:conf/crypto/ReparazBNGV15" class="bibitem">Oscar Reparaz, Begül Bilgin, Svetla Nikova, Benedikt Gierlichs, and Ingrid Verbauwhede. Consolidating Masking Schemes. In <em>CRYPTO 2015</em>, volume 9215 of <em>LNCS</em>, pages 764–783, Santa Barbara, California, USA. August 2015. Springer. DOI: <a href="https://doi.org/10.1007/978-3-662-47989-6_37">10.1007/978-3-662-47989-6_37</a></div></div> </div> <div class="text-end mb-4"> <a href="https://scholar.google.com/scholar?hl=en&amp;q=Oscar+Reparaz+Beg%C3%BCl+Bilgin+Svetla+Nikova+Benedikt+Gierlichs+Ingrid+Verbauwhede+Consolidating+Masking+Schemes+2015" target="_blank" class="ms-3">Google Scholar</a> <a href="https://eprint.iacr.org/search?relevance=on&amp;authors=Oscar+Reparaz+Beg%C3%BCl+Bilgin+Svetla+Nikova+Benedikt+Gierlichs+Ingrid+Verbauwhede&amp;title=Consolidating+Masking+Schemes&amp;submittedafter=2014&amp;submittedbefore=2016" target="_blank" class="ms-3">ePrint</a> </div> <div class="d-flex"> <div style="min-width:9rem;">[SM15]</div> <div><div id="ref-DBLP:conf/ches/SchneiderM15" class="bibitem">Tobias Schneider and Amir Moradi. Leakage Assessment Methodology - A Clear Roadmap for Side-Channel Evaluations. In <em>Cryptographic Hardware and Embedded Systems (CHES)</em>, volume 9293 of <em>LNCS</em>, pages 495–513, Saint Malo, France. September 2015. Springer. DOI: <a href="https://doi.org/10.1007/978-3-662-48324-4_25">10.1007/978-3-662-48324-4_25</a></div></div> </div> <div class="text-end mb-4"> <a href="https://scholar.google.com/scholar?hl=en&amp;q=Tobias+Schneider+Amir+Moradi+Leakage+Assessment+Methodology+-+A+Clear+Roadmap+for+Side-Channel+Evaluations+2015" target="_blank" class="ms-3">Google Scholar</a> <a href="https://eprint.iacr.org/search?relevance=on&amp;authors=Tobias+Schneider+Amir+Moradi&amp;title=Leakage+Assessment+Methodology+-+A+Clear+Roadmap+for+Side-Channel+Evaluations&amp;submittedafter=2014&amp;submittedbefore=2016" target="_blank" class="ms-3">ePrint</a> </div> <div class="d-flex"> <div style="min-width:9rem;">[SMG15]</div> <div><div id="ref-Schneider2015ArithmeticAdditionOver" class="bibitem">Tobias Schneider, Amir Moradi, and Tim Güneysu. Arithmetic Addition Over Boolean Masking—Towards First- and Second-Order Resistance in Hardware. In <em>ACNS 2015</em>, volume 9092 of <em>LNCS</em>, pages 559–578, St.Petersburg, Russia. June 2015. Springer, Heidelberg. DOI: <a href="https://doi.org/10.1007/978-3-319-28166-7_27">10.1007/978-3-319-28166-7_27</a></div></div> </div> <div class="text-end mb-4"> <a href="https://scholar.google.com/scholar?hl=en&amp;q=Tobias+Schneider+Amir+Moradi+Tim+G%C3%BCneysu+Arithmetic+Addition+Over+Boolean+Masking%E2%80%94Towards+First-+and+Second-Order+Resistance+in+Hardware+2015" target="_blank" class="ms-3">Google Scholar</a> <a href="https://eprint.iacr.org/search?relevance=on&amp;authors=Tobias+Schneider+Amir+Moradi+Tim+G%C3%BCneysu&amp;title=Arithmetic+Addition+Over+Boolean+Masking%E2%80%94Towards+First-+and+Second-Order+Resistance+in+Hardware&amp;submittedafter=2014&amp;submittedbefore=2016" target="_blank" class="ms-3">ePrint</a> </div> <div class="d-flex"> <div style="min-width:9rem;">[SPOG19]</div> <div><div id="ref-Schneider2019EfficientlyMaskingBinomial" class="bibitem">Tobias Schneider, Clara Paglialonga, Tobias Oder, and Tim Güneysu. Efficiently Masking Binomial Sampling at Arbitrary Orders for Lattice-Based Crypto. In <em>PKC 2019</em>, volume 11443 of <em>LNCS</em>, pages 534–564, Beijing, China. April 2019. Springer. DOI: <a href="https://doi.org/10.1007/978-3-030-17259-6_18">10.1007/978-3-030-17259-6_18</a></div></div> </div> <div class="text-end mb-4"> <a href="https://scholar.google.com/scholar?hl=en&amp;q=Tobias+Schneider+Clara+Paglialonga+Tobias+Oder+Tim+G%C3%BCneysu+Efficiently+Masking+Binomial+Sampling+at+Arbitrary+Orders+for+Lattice-Based+Crypto+2019" target="_blank" class="ms-3">Google Scholar</a> <a href="https://eprint.iacr.org/search?relevance=on&amp;authors=Tobias+Schneider+Clara+Paglialonga+Tobias+Oder+Tim+G%C3%BCneysu&amp;title=Efficiently+Masking+Binomial+Sampling+at+Arbitrary+Orders+for+Lattice-Based+Crypto&amp;submittedafter=2018&amp;submittedbefore=2020" target="_blank" class="ms-3">ePrint</a> </div> <div class="d-flex"> <div style="min-width:9rem;">[WH17]</div> <div><div id="ref-Won2017EfficientConversionMethod" class="bibitem">Yoo-Seung Won and Dong-Guk Han. Efficient Conversion Method from Arithmetic to Boolean Masking in Constrained Devices. In <em>COSADE 2017</em>, volume 10348 of <em>LNCS</em>, pages 120–137, Paris, France. April 2017. Springer. DOI: <a href="https://doi.org/10.1007/978-3-319-64647-3_8">10.1007/978-3-319-64647-3_8</a></div></div> </div> <div class="text-end mb-4"> <a href="https://scholar.google.com/scholar?hl=en&amp;q=Yoo-Seung+Won+Dong-Guk+Han+Efficient+Conversion+Method+from+Arithmetic+to+Boolean+Masking+in+Constrained+Devices+2017" target="_blank" class="ms-3">Google Scholar</a> <a href="https://eprint.iacr.org/search?relevance=on&amp;authors=Yoo-Seung+Won+Dong-Guk+Han&amp;title=Efficient+Conversion+Method+from+Arithmetic+to+Boolean+Masking+in+Constrained+Devices&amp;submittedafter=2016&amp;submittedbefore=2018" target="_blank" class="ms-3">ePrint</a> </div> </div> <div class="col-12 col-md-4"> <p class="mt-4"> <a class="btn btn-outline-dark" href="/p/1/3/46/pdf"><img alt="PDF" class="icon" src="/images/file-pdf.svg">PDF</a> <img style="margin-left: 1rem;max-width: 1.2rem;" src="/images/open_access.svg" title="Open access" alt="Open access"> </p> <div class="my-4"> <span class="fw-bold me-2">DOI:</span> <a href="https://doi.org/10.62056/a3c0l2isfg">https://doi.org/10.62056/a3c0l2isfg</a> </div> <div class="card mb-4"> <h5 class="card-header">History</h5> <div class="card-body"> <strong>Submitted</strong>: 2024-07-09<br> <strong>Accepted</strong>: 2024-09-02<br> <strong>Published</strong>: 2024-10-07<br> <!-- begin crossmark --> <script src="https://crossmark-cdn.crossref.org/widget/v2.0/widget.js"></script> <a data-target="crossmark"><img style="margin-top:4px;" src="https://crossmark-cdn.crossref.org/widget/v2.0/logos/CROSSMARK_Color_horizontal.svg" width="150" /></a> <!-- end crossmark --> </div> </div> <div class="card mb-4"> <h5 class="card-header">How to cite</h5> <div class="card-body"> <p>Aein Rezaei Shahmirzadi and Michael Hutter, Efficient Boolean-to-Arithmetic Mask Conversion in Hardware. <span class="fst-italic">IACR Communications in Cryptology</span>, vol. 1, no. 3, Oct 07, 2024, doi: 10.62056/a3c0l2isfg. </p> <button type="button" id="citationModalLabel" class="float-end btn btn-outline-dark" data-bs-toggle="modal" data-bs-target="#citationModal"> BibTeX, etc </button> </div> </div> <div class="card mb-4"> <h5 class="card-header">License</h5> <div class="card-body"> <p>Copyright is held by the author(s)</p> <p> This work is licensed under a <a target="_blank" href="https://creativecommons.org/licenses/by/4.0/">Creative Commons Attribution (CC BY)</a> license. </p> </div> </div> </div> </div> <div class="modal fade" id="citationModal" tabindex="-1" aria-labelledby="citationModalLabel" aria-hidden="true"> <div class="modal-dialog modal-xl"> <div class="modal-content"> <div class="modal-header"> <h1 class="modal-title fs-3">How to cite this</h1> <button type="button" class="btn-close" data-bs-dismiss="modal" aria-label="Close"></button> </div> <div class="modal-body p-4"> <ul class="nav nav-tabs" id="myTab" role="tablist"> <li class="nav-item" role="presentation"> <button class="nav-link active" id="bibtex-tab" data-bs-toggle="tab" data-bs-target="#bibtex-pane" type="button" role="tab" aria-controls="bibtex-pane" aria-selected="true">BibTeX</button> </li> <li class="nav-item" role="presentation"> <button class="nav-link" id="ris-tab" data-bs-toggle="tab" data-bs-target="#ris-pane" type="button" role="tab" aria-controls="ris-pane" aria-selected="false">RIS/Endnote/Zotero/Mendeley</button> </li> <li class="nav-item" role="presentation"> <button class="nav-link" id="text-tab" data-bs-toggle="tab" data-bs-target="#text-pane" type="button" role="tab" aria-controls="text-pane" aria-selected="false">Text</button> </li> </ul> <div class="tab-content p-4"> <div class="tab-pane active" id="bibtex-pane" role="tabpanel" aria-labelledby="bibtex-tab" tabindex="0"> <pre id="bib">@article{CiC-1-3-46, author = &#34;Shahmirzadi, Aein Rezaei and Hutter, Michael&#34;, journal = &#34;{IACR} {C}ommunications in {C}ryptology&#34;, publisher = &#34;{I}nternational {A}ssociation for {C}ryptologic {R}esearch&#34;, title = &#34;Efficient Boolean-to-Arithmetic Mask Conversion in Hardware&#34;, volume = &#34;1&#34;, number = &#34;3&#34;, date = &#34;2024-10-07&#34;, year = &#34;2024&#34;, issn = &#34;3006-5496&#34;, doi = &#34;10.62056/a3c0l2isfg&#34; } </pre> <button id="bibtexcopy" class="btn btn-sm btn-primary" aria-label="Copy to clipboard" onclick="copyMetadata('bibtexcopy', 'bib')">Copy to clipboard</button> <button id="bibtexdownload" class="ms-3 btn btn-sm btn-primary" aria-label="Download BibTeX .bib file" onclick="sendCitation('bib')">Download .bib file</button> </div> <div class="tab-pane" id="ris-pane" role="tabpanel" aria-labelledby="ris-tab" tabindex="0"> <pre id="ris">TY - JOUR AU - Shahmirzadi, Aein AU - Hutter, Michael PY - 2024 TI - Efficient Boolean-to-Arithmetic Mask Conversion in Hardware JF - IACR Communications in Cryptology JA - CIC VL - 1 IS - 3 DO - 10.62056/a3c0l2isfg UR - https://doi.org/10.62056/a3c0l2isfg AB - &lt;p&gt;Masking schemes are key in thwarting side-channel attacks due to their robust theoretical foundation. Transitioning from Boolean to arithmetic (B2A) masking is a necessary step in various cryptography schemes, including hash functions, ARX-based ciphers, and lattice-based cryptography. While there exists a significant body of research focusing on B2A software implementations, studies pertaining to hardware implementations are quite limited, with the majority dedicated solely to creating efficient Boolean masked adders. In this paper, we present first- and second-order secure hardware implementations to perform B2A mask conversion efficiently without using masked adder structures. We first introduce a first-order secure low-latency gadget that executes a B2A2k in a single cycle. Furthermore, we propose a second-order secure B2A2k gadget that has a latency of only 4 clock cycles. Both gadgets are independent of the input word size k. We then show how these new primitives lead to improved B2Aq hardware implementations that perform a B2A mask conversion of integers modulo an arbitrary number. Our results show that our new gadgets outperform comparable solutions by more than a magnitude in terms of resource requirements and are at least 3 times faster in terms of latency and throughput. All gadgets have been formally verified and proven secure in the glitch-robust PINI security model. We additionally confirm the security of our gadgets on an FPGA platform using practical TVLA tests. &lt;/p&gt; ER -</pre> <button id="riscopy" class="btn btn-sm btn-primary" aria-label="Copy to clipboard" onclick="copyMetadata('riscopy', 'ris')">Copy to clipboard</button> <button id="risdownload" class="ms-3 btn btn-sm btn-primary" aria-label="Download RIS file" onclick="sendCitation('ris')">Download .ris file</button> </div> <div class="tab-pane" id="text-pane" role="tabpanel" aria-labelledby="text-tab" tabindex="0"> <div class="w-75" id="textcitation">Aein Rezaei Shahmirzadi and Michael Hutter, Efficient Boolean-to-Arithmetic Mask Conversion in Hardware. <span class="fst-italic">IACR Communications in Cryptology</span>, vol. 1, no. 3, Oct 07, 2024, doi: 10.62056/a3c0l2isfg.</div> <button id="textcopy" class="btn btn-sm btn-primary mt-3" aria-label="Copy to clipboard" onclick="copyMetadata('textcopy', 'textcitation')">Copy to clipboard</button> </div> </div> </div> <div class="modal-footer"> <button type="button" class="btn btn-secondary" data-bs-dismiss="modal">Close</button> </div> </div> </div> </div> <div class="modal fade" id="citationsModal" tabindex="-1" aria-labelledby="citationsModalLabel" aria-hidden="true"> <div class="modal-dialog modal-dialog-scrollable modal-lg"> <div class="modal-content"> <div class="modal-header"> <h1 class="modal-title fs-3">Known citations</h1> <button type="button" class="btn-close" data-bs-dismiss="modal" aria-label="Close"></button> </div> <div class="modal-body p-4"> <p> We do not crawl the web, so we are only able to identify citations from papers that are registered with a DOI in crossref.org and the publisher reports their citations to crossref, and crossref can identify a DOI from the reference. That includes (most) articles from Springer and many from ACM, but it excludes citations from USENIX because they don't issue DOIs. It also excludes citations from arxiv and eprint. You may find more citations in <a href="https://scholar.google.com/scholar?hl=en&q=Efficient+Boolean-to-Arithmetic+Mask+Conversion+in+Hardware">Google Scholar</a>. </p> <ol> </ol> </div> <div class="modal-footer"> <button type="button" class="btn btn-secondary" data-bs-dismiss="modal">Close</button> </div> </div> </div> </div> <script> function copyMetadata(buttid, id) { let range = document.createRange(); range.selectNode(document.getElementById(id)); window.getSelection().removeAllRanges(); window.getSelection().addRange(range); document.execCommand('copy'); window.getSelection().removeAllRanges(); const copyTooltip = new bootstrap.Tooltip('#' + buttid, {trigger: 'manual', title: 'Copied!'}); copyTooltip.show(); setTimeout(function() { copyTooltip.dispose(); }, 2000); } function sendCitation(typ) { // typ is 'bib' or 'ris' let data = document.getElementById(typ).innerHTML; atag = document.createElement('a'); atag.setAttribute('href', 'data:text/plain;charset=utf-8,' + encodeURIComponent(data)); atag.setAttribute('download', '1-3-46.' + typ); if (document.createEvent) { let event = document.createEvent('MouseEvents'); event.initEvent('click', true, true); atag.dispatchEvent(event); } else { atag.click(); } } </script> </main> <div class="container-fluid mt-auto" id="pageFooter"> </div> <footer class="text-center footer py-3"> <small> <a href="https://iacr.org/copyright.html">Copyright © 2025</a> <span class="d-none d-md-inline">by the </span><span class="d-md-none">IACR</span> <span class="d-none d-md-inline">International Association for Cryptologic Research</span> <span class="d-none d-md-inline">• </span><br class="d-md-none"> <a href="https://iacr.org/privacy.html">Privacy Policy</a> </small> </footer> <script id="results-template" type="text/x-handlebars-template"> <div class="p-3 shadow" style="margin-bottom:1rem;max-height:70vh;overflow-y:scroll"> <p>{{estimated_results}} results (if more than 100, then refine your query)</p> <ol> {{#each results}} <li role="presentation"><a href="{{url}}">{{title}}</a><br> {{#each authors }}{{this}}{{#unless @last}}, {{/unless}}{{/each}}</li> {{/each}} </ol> </div> </script> <script src="/static/js/handlebars-v4.7.7.js"></script> <script> var theTemplateScript = document.getElementById('results-template').innerHTML; var resultsTemplate = Handlebars.compile(theTemplateScript); var textinput = document.getElementById('searchbox'); // Returns a function, that, as long as it continues to be invoked, will not // be triggered. The function will be called after it stops being called for // N milliseconds. If `immediate` is passed, trigger the function on the // leading edge, instead of the trailing. function debounce(func, wait, immediate) { var timeout; return function() { var context = this, args = arguments; var later = function() { timeout = null; if (!immediate) func.apply(context, args); }; var callNow = immediate && !timeout; clearTimeout(timeout); timeout = setTimeout(later, wait); if (callNow) func.apply(context, args); }; }; let controller; let signal; var doSearch = debounce(function() { args = {'d': '/var/www/wsgi/cicjournal/webapp/search_index/xapian.db'} if (textinput.value) { args['q'] = textinput.value; if (controller !== undefined) { console.log('killing'); controller.abort(); } controller = new AbortController(); signal = controller.signal; let search_url = "https://cic.iacr.org/api/search" + "?" + new URLSearchParams(args); console.log(search_url); fetch(search_url, {signal}) .then((response) => response.json()) .then((data) => { console.log(data); let elem = document.getElementById('view'); if (elem) {elem.innerHTML = '';} if (data.results.length > 0) { document.getElementById('results').innerHTML = resultsTemplate(data); } else { document.getElementById('results').innerHTML = '<div class="p-3 shadow">no results</div>'; } controller = undefined; }).catch((error) => { console.log('error in fetch'); console.log(error); }); } else { console.log('no query'); } }, 500); // only after 250 ms. document.querySelectorAll('input').forEach((elem) => { elem.addEventListener('input', doSearch); }); </script> </body> </html>