{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,2,10]],"date-time":"2026-02-10T08:34:46Z","timestamp":1770712486651,"version":"3.49.0"},"publisher-location":"Cham","reference-count":40,"publisher":"Springer Nature Switzerland","isbn-type":[{"value":"9783031159817","type":"print"},{"value":"9783031159824","type":"electronic"}],"license":[{"start":{"date-parts":[[2022,1,1]],"date-time":"2022-01-01T00:00:00Z","timestamp":1640995200000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.springer.com\/tdm"},{"start":{"date-parts":[[2022,1,1]],"date-time":"2022-01-01T00:00:00Z","timestamp":1640995200000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.springer.com\/tdm"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2022]]},"DOI":"10.1007\/978-3-031-15982-4_11","type":"book-chapter","created":{"date-parts":[[2022,10,11]],"date-time":"2022-10-11T04:40:54Z","timestamp":1665463254000},"page":"315-345","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":7,"title":["Secret Can Be Public: Low-Memory AEAD Mode for\u00a0High-Order Masking"],"prefix":"10.1007","author":[{"given":"Yusuke","family":"Naito","sequence":"first","affiliation":[]},{"given":"Yu","family":"Sasaki","sequence":"additional","affiliation":[]},{"given":"Takeshi","family":"Sugawara","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2022,10,12]]},"reference":[{"key":"11_CR1","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"430","DOI":"10.1007\/978-3-662-46800-5_17","volume-title":"Advances in Cryptology \u2013 EUROCRYPT 2015","author":"MR Albrecht","year":"2015","unstructured":"Albrecht, M.R., Rechberger, C., Schneider, T., Tiessen, T., Zohner, M.: Ciphers for MPC and FHE. In: Oswald, E., Fischlin, M. (eds.) EUROCRYPT 2015. LNCS, vol. 9056, pp. 430\u2013454. Springer, Heidelberg (2015). https:\/\/doi.org\/10.1007\/978-3-662-46800-5_17"},{"key":"11_CR2","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"693","DOI":"10.1007\/978-3-319-70694-8_24","volume-title":"Advances in Cryptology \u2013 ASIACRYPT 2017","author":"G Barwell","year":"2017","unstructured":"Barwell, G., Martin, D.P., Oswald, E., Stam, M.: Authenticated encryption in the face of protocol and side channel leakage. In: Takagi, T., Peyrin, T. (eds.) ASIACRYPT 2017. LNCS, vol. 10624, pp. 693\u2013723. Springer, Cham (2017). https:\/\/doi.org\/10.1007\/978-3-319-70694-8_24"},{"key":"11_CR3","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"123","DOI":"10.1007\/978-3-662-53008-5_5","volume-title":"Advances in Cryptology \u2013 CRYPTO 2016","author":"C Beierle","year":"2016","unstructured":"Beierle, C., et al.: The SKINNY family of block ciphers and its low-latency variant MANTIS. In: Robshaw, M., Katz, J. (eds.) CRYPTO 2016. LNCS, vol. 9815, pp. 123\u2013153. Springer, Heidelberg (2016). https:\/\/doi.org\/10.1007\/978-3-662-53008-5_5"},{"issue":"1","key":"11_CR4","doi-asserted-by":"publisher","first-page":"163","DOI":"10.1007\/s12095-014-0113-6","volume":"7","author":"S Bela\u00efd","year":"2014","unstructured":"Bela\u00efd, S., Grosso, V., Standaert, F.-X.: Masking and leakage-resilient primitives: one, the other(s) or both? Cryptogr. Commun. 7(1), 163\u2013184 (2014). https:\/\/doi.org\/10.1007\/s12095-014-0113-6","journal-title":"Cryptogr. Commun."},{"key":"11_CR5","doi-asserted-by":"crossref","unstructured":"Bellizia, D., et al.: Spook: sponge-based leakage-resistant authenticated encryption with a masked tweakable block cipher. IACR Trans. Symmetric Cryptol. 2020(S1), 295\u2013349 (2020)","DOI":"10.46586\/tosc.v2020.iS1.295-349"},{"issue":"1","key":"11_CR6","first-page":"256","volume":"2020","author":"F Berti","year":"2020","unstructured":"Berti, F., Guo, C., Pereira, O., Peters, T., Standaert, F.: TEDT, a leakage-resist AEAD mode for high physical security applications. IACR Trans. Cryptogr. Hardw. Embed. Syst. 2020(1), 256\u2013320 (2020)","journal-title":"IACR Trans. Cryptogr. Hardw. Embed. Syst."},{"key":"11_CR7","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"326","DOI":"10.1007\/978-3-662-45608-8_18","volume-title":"Advances in Cryptology \u2013 ASIACRYPT 2014","author":"B Bilgin","year":"2014","unstructured":"Bilgin, B., Gierlichs, B., Nikova, S., Nikov, V., Rijmen, V.: Higher-order threshold implementations. In: Sarkar, P., Iwata, T. (eds.) ASIACRYPT 2014. LNCS, vol. 8874, pp. 326\u2013343. Springer, Heidelberg (2014). https:\/\/doi.org\/10.1007\/978-3-662-45608-8_18"},{"key":"11_CR8","unstructured":"Cassiers, G.: FullVerif (2021). https:\/\/github.com\/cassiersg\/fullverif"},{"key":"11_CR9","doi-asserted-by":"crossref","unstructured":"Cassiers, G., Gregoire, B., Levi, I., Standaert, F.X.: Hardware private circuits: from trivial composition to full verification. IEEE Trans. Comput. 1 (2020)","DOI":"10.1109\/TC.2020.3022979"},{"key":"11_CR10","unstructured":"Cassiers, G., Levi, I.: AND depth 2, 4 ANDs, 4-bit (optimized) S-boxes. IACR Cryptol. ePrint Arch. 2020, 185 (2020). https:\/\/eprint.iacr.org\/2020\/185"},{"key":"11_CR11","unstructured":"Chakraborti, A., Datta, N., Jha, A., Mancillas-L\u00f3pez, C., Nandi, M., Sasaki, Y.: Elastic-tweak: a framework for short tweak tweakable block cipher. IACR Cryptol. ePrint Arch. 2019, 440 (2019). https:\/\/eprint.iacr.org\/2019\/440"},{"issue":"2","key":"11_CR12","doi-asserted-by":"publisher","first-page":"218","DOI":"10.46586\/tches.v2018.i2.218-241","volume":"2018","author":"A Chakraborti","year":"2018","unstructured":"Chakraborti, A., Datta, N., Nandi, M., Yasuda, K.: Beetle family of lightweight and secure authenticated encryption ciphers. IACR Trans. Cryptogr. Hardw. Embed. Syst. 2018(2), 218\u2013241 (2018)","journal-title":"IACR Trans. Cryptogr. Hardw. Embed. Syst."},{"key":"11_CR13","doi-asserted-by":"crossref","unstructured":"Dobraunig, C., et al.: ISAP v2.0. IACR Trans. Symmetric Cryptol. 2020(S1), 390\u2013416 (2020)","DOI":"10.46586\/tosc.v2020.iS1.390-416"},{"key":"11_CR14","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"377","DOI":"10.1007\/978-3-030-77886-6_13","volume-title":"Advances in Cryptology \u2013 EUROCRYPT 2021","author":"C Dobraunig","year":"2021","unstructured":"Dobraunig, C., Mennink, B.: Leakage resilient value comparison with application to message authentication. In: Canteaut, A., Standaert, F.-X. (eds.) EUROCRYPT 2021. LNCS, vol. 12697, pp. 377\u2013407. Springer, Cham (2021). https:\/\/doi.org\/10.1007\/978-3-030-77886-6_13"},{"key":"11_CR15","doi-asserted-by":"crossref","unstructured":"Dziembowski, S., Pietrzak, K.: Leakage-resilient cryptography. In: IEEE Symposium on Foundations of Computer Science, FOCS 2008. pp. 293\u2013302 (2008)","DOI":"10.1109\/FOCS.2008.56"},{"key":"11_CR16","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"383","DOI":"10.1007\/978-3-642-40349-1_22","volume-title":"Cryptographic Hardware and Embedded Systems - CHES 2013","author":"B G\u00e9rard","year":"2013","unstructured":"G\u00e9rard, B., Grosso, V., Naya-Plasencia, M., Standaert, F.-X.: Block ciphers that are easier to mask: how far can we go? In: Bertoni, G., Coron, J.-S. (eds.) CHES 2013. LNCS, vol. 8086, pp. 383\u2013399. Springer, Heidelberg (2013). https:\/\/doi.org\/10.1007\/978-3-642-40349-1_22"},{"key":"11_CR17","doi-asserted-by":"crossref","unstructured":"Goudarzi, D., et al.: Pyjamask: block cipher and authenticated encryption with highly efficient masked implementation. IACR Trans. Symmetric Cryptol. 2020, 31\u201359 (2020)","DOI":"10.46586\/tosc.v2020.iS1.31-59"},{"key":"11_CR18","unstructured":"Grosso, V., et al.: SCREAM & iSCREAM side-channel resistant authenticated encryption with masking. Submitted to CAESAR (2014)"},{"key":"11_CR19","doi-asserted-by":"crossref","unstructured":"Hadipour, H., Bagheri, N., Song, L.: Improved rectangle attacks on SKINNY and CRAFT. IACR Cryptol. ePrint Arch. 1317 (2020)","DOI":"10.46586\/tosc.v2021.i2.140-198"},{"key":"11_CR20","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"463","DOI":"10.1007\/978-3-540-45146-4_27","volume-title":"Advances in Cryptology - CRYPTO 2003","author":"Y Ishai","year":"2003","unstructured":"Ishai, Y., Sahai, A., Wagner, D.: Private circuits: securing hardware against probing attacks. In: Boneh, D. (ed.) CRYPTO 2003. LNCS, vol. 2729, pp. 463\u2013481. Springer, Heidelberg (2003). https:\/\/doi.org\/10.1007\/978-3-540-45146-4_27"},{"issue":"1","key":"11_CR21","doi-asserted-by":"publisher","first-page":"43","DOI":"10.46586\/tosc.v2020.i1.43-120","volume":"2020","author":"T Iwata","year":"2020","unstructured":"Iwata, T., Khairallah, M., Minematsu, K., Peyrin, T.: Duel of the titans: the romulus and remus families of lightweight AEAD algorithms. IACR Trans. Symmetric Cryptol. 2020(1), 43\u2013120 (2020)","journal-title":"IACR Trans. Symmetric Cryptol."},{"key":"11_CR22","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"274","DOI":"10.1007\/978-3-662-45608-8_15","volume-title":"Advances in Cryptology \u2013 ASIACRYPT 2014","author":"J Jean","year":"2014","unstructured":"Jean, J., Nikoli\u0107, I., Peyrin, T.: Tweaks and keys for block ciphers: the TWEAKEY framework. In: Sarkar, P., Iwata, T. (eds.) ASIACRYPT 2014. LNCS, vol. 8874, pp. 274\u2013288. Springer, Heidelberg (2014). https:\/\/doi.org\/10.1007\/978-3-662-45608-8_15"},{"issue":"3","key":"11_CR23","doi-asserted-by":"publisher","first-page":"243","DOI":"10.46586\/tches.v2020.i3.243-268","volume":"2020","author":"MJ Kannwischer","year":"2020","unstructured":"Kannwischer, M.J., Pessl, P., Primas, R.: Single-trace attacks on Keccak. IACR Trans. Cryptogr. Hardw. Embed. Syst. 2020(3), 243\u2013268 (2020)","journal-title":"IACR Trans. Cryptogr. Hardw. Embed. Syst."},{"key":"11_CR24","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"388","DOI":"10.1007\/3-540-48405-1_25","volume-title":"Advances in Cryptology \u2014 CRYPTO\u2019 99","author":"PC Kocher","year":"1999","unstructured":"Kocher, P.C., Jaffe, J., Jun, B.: Differential power analysis. In: Wiener, M. (ed.) CRYPTO 1999. LNCS, vol. 1666, pp. 388\u2013397. Springer, Heidelberg (1999). https:\/\/doi.org\/10.1007\/3-540-48405-1_25"},{"issue":"2","key":"11_CR25","doi-asserted-by":"publisher","first-page":"192","DOI":"10.46586\/tches.v2018.i2.192-217","volume":"2018","author":"Y Naito","year":"2018","unstructured":"Naito, Y., Matsui, M., Sugawara, T., Suzuki, D.: SAEB: a lightweight blockcipher-based AEAD mode of operation. IACR Trans. Cryptogr. Hardw. Embed. Syst. 2018(2), 192\u2013217 (2018)","journal-title":"IACR Trans. Cryptogr. Hardw. Embed. Syst."},{"key":"11_CR26","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"705","DOI":"10.1007\/978-3-030-45724-2_24","volume-title":"Advances in Cryptology \u2013 EUROCRYPT 2020","author":"Y Naito","year":"2020","unstructured":"Naito, Y., Sasaki, Y., Sugawara, T.: Lightweight authenticated encryption mode suitable for threshold implementation. In: Canteaut, A., Ishai, Y. (eds.) EUROCRYPT 2020. LNCS, vol. 12106, pp. 705\u2013735. Springer, Cham (2020). https:\/\/doi.org\/10.1007\/978-3-030-45724-2_24"},{"key":"11_CR27","doi-asserted-by":"crossref","unstructured":"Naito, Y., Sasaki, Y., Sugawara, T.: LM-DAE: low-memory deterministic authenticated encryption for 128-bit security. IACR Trans. Symmetric Cryptol. 2020(4), 1\u201338 (2020)","DOI":"10.46586\/tosc.v2020.i4.1-38"},{"key":"11_CR28","unstructured":"Naito, Y., Sasaki, Y., Sugawara, T.: Secret can be public: low-memory AEAD mode for high-order masking. IACR Cryptol. ePrint Arch. 2022, 812 (2022). https:\/\/eprint.iacr.org\/2022\/812"},{"issue":"1","key":"11_CR29","first-page":"66","volume":"2020","author":"Y Naito","year":"2020","unstructured":"Naito, Y., Sugawara, T.: Lightweight authenticated encryption mode of operation for tweakable block ciphers. IACR Trans. Cryptogr. Hardw. Embed. Syst. 2020(1), 66\u201394 (2020)","journal-title":"IACR Trans. Cryptogr. Hardw. Embed. Syst."},{"key":"11_CR30","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"257","DOI":"10.1007\/978-3-642-55220-5_15","volume-title":"Advances in Cryptology \u2013 EUROCRYPT 2014","author":"C Namprempre","year":"2014","unstructured":"Namprempre, C., Rogaway, P., Shrimpton, T.: Reconsidering generic composition. In: Nguyen, P.Q., Oswald, E. (eds.) EUROCRYPT 2014. LNCS, vol. 8441, pp. 257\u2013274. Springer, Heidelberg (2014). https:\/\/doi.org\/10.1007\/978-3-642-55220-5_15"},{"key":"11_CR31","unstructured":"NanGate: NanGate FreePDK45 Open Cell Library (2021). https:\/\/si2.org\/open-cell-library\/. Accessed 06 May 2021"},{"key":"11_CR32","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"529","DOI":"10.1007\/11935308_38","volume-title":"Information and Communications Security","author":"S Nikova","year":"2006","unstructured":"Nikova, S., Rechberger, C., Rijmen, V.: Threshold implementations against side-channel attacks and glitches. In: Ning, P., Qing, S., Li, N. (eds.) ICICS 2006. LNCS, vol. 4307, pp. 529\u2013545. Springer, Heidelberg (2006). https:\/\/doi.org\/10.1007\/11935308_38"},{"key":"11_CR33","unstructured":"NIST: National Institute of Standards and Technology: Submission Requirements and Evaluation Criteria for the Lightweight Cryptography Standardization Process (2018). https:\/\/csrc.nist.gov\/Projects\/lightweight-cryptography"},{"key":"11_CR34","unstructured":"NIST: National Institute of Standards and Technology: Lightweight Cryptography Standardization: Finalists Announced (2021). https:\/\/csrc.nist.gov\/News\/2021\/lightweight-crypto-finalists-announced"},{"key":"11_CR35","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"328","DOI":"10.1007\/978-3-642-04159-4_21","volume-title":"Selected Areas in Cryptography","author":"J Patarin","year":"2009","unstructured":"Patarin, J.: The \u201ccoefficients H\u2019\u2019 technique. In: Avanzi, R.M., Keliher, L., Sica, F. (eds.) SAC 2008. LNCS, vol. 5381, pp. 328\u2013345. Springer, Heidelberg (2009). https:\/\/doi.org\/10.1007\/978-3-642-04159-4_21"},{"key":"11_CR36","doi-asserted-by":"crossref","unstructured":"Pereira, O., Standaert, F., Vivek, S.: Leakage-resilient authentication and encryption from symmetric cryptographic primitives. In: CCS 2015, pp. 96\u2013108 (2015)","DOI":"10.1145\/2810103.2813626"},{"key":"11_CR37","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"142","DOI":"10.1007\/978-3-642-38348-9_9","volume-title":"Advances in Cryptology \u2013 EUROCRYPT 2013","author":"E Prouff","year":"2013","unstructured":"Prouff, E., Rivain, M.: Masking against side-channel attacks: a formal security proof. In: Johansson, T., Nguyen, P.Q. (eds.) EUROCRYPT 2013. LNCS, vol. 7881, pp. 142\u2013159. Springer, Heidelberg (2013). https:\/\/doi.org\/10.1007\/978-3-642-38348-9_9"},{"key":"11_CR38","unstructured":"Reparaz, O.: A note on the security of higher-order threshold implementations. IACR Cryptol. ePrint Arch. 1 (2015). http:\/\/eprint.iacr.org\/2015\/001"},{"key":"11_CR39","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"764","DOI":"10.1007\/978-3-662-47989-6_37","volume-title":"Advances in Cryptology \u2013 CRYPTO 2015","author":"O Reparaz","year":"2015","unstructured":"Reparaz, O., Bilgin, B., Nikova, S., Gierlichs, B., Verbauwhede, I.: Consolidating masking schemes. In: Gennaro, R., Robshaw, M. (eds.) CRYPTO 2015. LNCS, vol. 9215, pp. 764\u2013783. Springer, Heidelberg (2015). https:\/\/doi.org\/10.1007\/978-3-662-47989-6_37"},{"key":"11_CR40","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"117","DOI":"10.1007\/978-3-319-57339-7_7","volume-title":"Progress in Cryptology - AFRICACRYPT 2017","author":"M Tolba","year":"2017","unstructured":"Tolba, M., Abdelkhalek, A., Youssef, A.M.: Impossible differential cryptanalysis of reduced-round SKINNY. In: Joye, M., Nitaj, A. (eds.) AFRICACRYPT 2017. LNCS, vol. 10239, pp. 117\u2013134. Springer, Cham (2017). https:\/\/doi.org\/10.1007\/978-3-319-57339-7_7"}],"container-title":["Lecture Notes in Computer Science","Advances in Cryptology \u2013 CRYPTO 2022"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-031-15982-4_11","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,10,10]],"date-time":"2025-10-10T22:04:10Z","timestamp":1760133850000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/978-3-031-15982-4_11"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2022]]},"ISBN":["9783031159817","9783031159824"],"references-count":40,"URL":"https:\/\/doi.org\/10.1007\/978-3-031-15982-4_11","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"value":"0302-9743","type":"print"},{"value":"1611-3349","type":"electronic"}],"subject":[],"published":{"date-parts":[[2022]]},"assertion":[{"value":"12 October 2022","order":1,"name":"first_online","label":"First Online","group":{"name":"ChapterHistory","label":"Chapter History"}},{"value":"CRYPTO","order":1,"name":"conference_acronym","label":"Conference Acronym","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Annual International Cryptology Conference","order":2,"name":"conference_name","label":"Conference Name","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Santa Barbara, CA","order":3,"name":"conference_city","label":"Conference City","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"USA","order":4,"name":"conference_country","label":"Conference Country","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"2022","order":5,"name":"conference_year","label":"Conference Year","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"15 August 2022","order":7,"name":"conference_start_date","label":"Conference Start Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"18 August 2022","order":8,"name":"conference_end_date","label":"Conference End Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"42","order":9,"name":"conference_number","label":"Conference Number","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"crypto2022","order":10,"name":"conference_id","label":"Conference ID","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"https:\/\/crypto.iacr.org\/2022\/","order":11,"name":"conference_url","label":"Conference URL","group":{"name":"ConferenceInfo","label":"Conference Information"}}]}}