{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,11,22]],"date-time":"2025-11-22T11:35:27Z","timestamp":1763811327858,"version":"3.40.3"},"publisher-location":"Cham","reference-count":42,"publisher":"Springer Nature Switzerland","isbn-type":[{"type":"print","value":"9783031547751"},{"type":"electronic","value":"9783031547768"}],"license":[{"start":{"date-parts":[[2024,1,1]],"date-time":"2024-01-01T00:00:00Z","timestamp":1704067200000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"},{"start":{"date-parts":[[2024,1,1]],"date-time":"2024-01-01T00:00:00Z","timestamp":1704067200000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2024]]},"DOI":"10.1007\/978-3-031-54776-8_12","type":"book-chapter","created":{"date-parts":[[2024,2,28]],"date-time":"2024-02-28T07:02:36Z","timestamp":1709103756000},"page":"301-324","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":9,"title":["A Side-Channel Attack on\u00a0a\u00a0Higher-Order Masked CRYSTALS-Kyber Implementation"],"prefix":"10.1007","author":[{"given":"Ruize","family":"Wang","sequence":"first","affiliation":[]},{"given":"Martin","family":"Brisfors","sequence":"additional","affiliation":[]},{"given":"Elena","family":"Dubrova","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2024,2,29]]},"reference":[{"key":"12_CR1","unstructured":"Announcing the commercial national security algorithm suite 2.0. National Security Agency, U.S Department of Defense, September 2022. https:\/\/media.defense.gov\/2022\/Sep\/07\/2003071834\/-1\/-1\/0\/CSA_CNSA_2.0_ALGORITHMS_.PDF"},{"key":"12_CR2","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"189","DOI":"10.1007\/978-3-030-44223-1_11","volume-title":"Post-Quantum Cryptography","author":"D Amiet","year":"2020","unstructured":"Amiet, D., Curiger, A., Leuenberger, L., Zbinden, P.: Defeating NewHope with a single trace. In: Ding, J., Tillich, J.-P. (eds.) PQCrypto 2020. LNCS, vol. 12100, pp. 189\u2013205. Springer, Cham (2020). https:\/\/doi.org\/10.1007\/978-3-030-44223-1_11"},{"key":"12_CR3","unstructured":"Avanzi, R., et al.: CRYSTALS-Kyber algorithm specifications and supporting documentation (2021). https:\/\/pq-crystals.org\/kyber\/data\/kyber-specification-round3-20210131.pdf"},{"key":"12_CR4","first-page":"372","volume":"2022","author":"M Azouaoui","year":"2022","unstructured":"Azouaoui, M., Kuzovkova, Y., Schneider, T., van Vredendaal, C.: Post-quantum authenticated encryption against chosen-ciphertext side-channel attacks. IACR Trans. Crypt. Hardw. Embed. Syst. 2022, 372\u2013396 (2022)","journal-title":"IACR Trans. Crypt. Hardw. Embed. Syst."},{"key":"12_CR5","unstructured":"Backlund, L., Ngo, K., Gartner, J., Dubrova, E.: Secret key recovery attacks on masked and shuffled implementations of CRYSTALS-Kyber and Saber. Cryptology ePrint Archive, Paper 2022\/1692 (2022). https:\/\/eprint.iacr.org\/2022\/1692"},{"key":"12_CR6","doi-asserted-by":"crossref","unstructured":"Bhasin, S., D\u2019Anvers, J.P., Heinz, D., P\u00f6ppelmann, T., Beirendonck, M.V.: Attacking and defending masked polynomial comparison for lattice-based cryptography. Cryptology ePrint Archive, Paper 2021\/104 (2021). https:\/\/eprint.iacr.org\/2021\/104","DOI":"10.46586\/tches.v2021.i3.334-359"},{"key":"12_CR7","first-page":"173","volume":"2021","author":"JW Bos","year":"2021","unstructured":"Bos, J.W., Gourjon, M., Renes, J., Schneider, T., Van Vredendaal, C.: Masking Kyber: first-and higher-order implementations. IACR Trans. Crypt. Hardw. Embed. Syst. 2021, 173\u2013214 (2021)","journal-title":"IACR Trans. Crypt. Hardw. Embed. Syst."},{"key":"12_CR8","unstructured":"Brisfors, M.: Advanced Side-Channel Analysis of USIMs, Bluetooth SoCs and MCUs. Master\u2019s thesis, School of EECS, KTH (2021)"},{"key":"12_CR9","first-page":"553","volume":"2022","author":"O Bronchain","year":"2022","unstructured":"Bronchain, O., Cassiers, G.: Bitslicing arithmetic\/Boolean masking conversions for fun and profit: with application to lattice-based KEMs. IACR Trans. Crypt. Hardw. Embed. Syst. 2022, 553\u2013588 (2022)","journal-title":"IACR Trans. Crypt. Hardw. Embed. Syst."},{"key":"12_CR10","unstructured":"D\u2019Anvers, J.P., Beirendonck, M.V., Verbauwhede, I.: Revisiting higher-order masked comparison for lattice-based cryptography: algorithms and bit-sliced implementations. Cryptology ePrint Archive, Paper 2022\/110 (2022). https:\/\/eprint.iacr.org\/2022\/110"},{"key":"12_CR11","first-page":"115","volume":"2022","author":"JP D\u2019Anvers","year":"2022","unstructured":"D\u2019Anvers, J.P., Heinz, D., Pessl, P., Van Beirendonck, M., Verbauwhede, I.: Higher-order masked ciphertext comparison for lattice-based cryptography. IACR Trans. Crypt. Hardw. Embed. Syst. 2022, 115\u2013139 (2022)","journal-title":"IACR Trans. Crypt. Hardw. Embed. Syst."},{"key":"12_CR12","doi-asserted-by":"publisher","first-page":"156","DOI":"10.1016\/j.cose.2018.12.002","volume":"81","author":"Q Do","year":"2019","unstructured":"Do, Q., Martini, B., Choo, K.K.R.: The role of the adversary model in applied security research. Comput. Secur. 81, 156\u2013181 (2019)","journal-title":"Comput. Secur."},{"key":"12_CR13","doi-asserted-by":"crossref","unstructured":"Dubrova, E., Ngo, K., G\u00e4rtner, J., Wang, R.: Breaking a fifth-order masked implementation of crystals-kyber by copy-paste. In: Proceedings of the 10th ACM Asia Public-Key Cryptography Workshop, pp. 10\u201320 (2023)","DOI":"10.1145\/3591866.3593072"},{"key":"12_CR14","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"537","DOI":"10.1007\/3-540-48405-1_34","volume-title":"Advances in Cryptology \u2014 CRYPTO\u2019 99","author":"E Fujisaki","year":"1999","unstructured":"Fujisaki, E., Okamoto, T.: Secure integration of asymmetric and symmetric encryption schemes. In: Wiener, M. (ed.) CRYPTO 1999. LNCS, vol. 1666, pp. 537\u2013554. Springer, Heidelberg (1999). https:\/\/doi.org\/10.1007\/3-540-48405-1_34"},{"key":"12_CR15","doi-asserted-by":"crossref","unstructured":"Guo, Q., Nabokov, D., Nilsson, A., Johansson, T.: SCA-LDPC: a code-based framework for key-recovery side-channel attacks on post-quantum encryption schemes. Cryptology ePrint Archive (2023)","DOI":"10.1007\/978-981-99-8730-6_7"},{"key":"12_CR16","unstructured":"Hajra, S., Saha, S., Alam, M., Mukhopadhyay, D.: TransNet: shift invariant transformer network for side channel analysis. Cryptology ePrint Archive, Paper 2021\/827 (2021). https:\/\/eprint.iacr.org\/2021\/827"},{"key":"12_CR17","first-page":"88","volume":"2021","author":"M Hamburg","year":"2021","unstructured":"Hamburg, M., et al.: Chosen ciphertext k-trace attacks on masked CCA2 secure Kyber. IACR Trans. Crypt. Hardw. Embed. Syst. 2021, 88\u2013113 (2021)","journal-title":"IACR Trans. Crypt. Hardw. Embed. Syst."},{"key":"12_CR18","unstructured":"Heinz, D., Kannwischer, M.J., Land, G., P\u00f6ppelmann, T., Schwabe, P., Sprenkels, D.: First-order masked Kyber on ARM Cortex-M4. Cryptology ePrint Archive, Paper 2022\/058 (2022). https:\/\/eprint.iacr.org\/2022\/058"},{"key":"12_CR19","unstructured":"Hoffmann, C., Libert, B., Momin, C., Peters, T., Standaert, F.X.: Towards leakage-resistant post-quantum CCA-secure public key encryption. Cryptology ePrint Archive, Paper 2022\/873 (2022). https:\/\/eprint.iacr.org\/2022\/873"},{"key":"12_CR20","unstructured":"Ji, Y., Wang, R., Ngo, K., Dubrova, E., Backlund, L.: A side-channel attack on a hardware implementation of CRYSTALS-Kyber. Cryptology ePrint Archive, Paper 2022\/1452 (2022). https:\/\/eprint.iacr.org\/2022\/1452"},{"key":"12_CR21","unstructured":"Kannwischer, M.J., Petri, R., Rijneveld, J., Schwabe, P., Stoffelen, K.: PQM4: post-quantum crypto library for the ARM Cortex-M4. https:\/\/github.com\/mupq\/pqm4"},{"key":"12_CR22","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"3","DOI":"10.1007\/978-3-319-49445-6_1","volume-title":"Security, Privacy, and Applied Cryptography Engineering","author":"H Maghrebi","year":"2016","unstructured":"Maghrebi, H., Portigliatti, T., Prouff, E.: Breaking cryptographic implementations using deep learning techniques. In: Carlet, C., Hasan, M.A., Saraswat, V. (eds.) SPACE 2016. LNCS, vol. 10076, pp. 3\u201326. Springer, Cham (2016). https:\/\/doi.org\/10.1007\/978-3-319-49445-6_1"},{"key":"12_CR23","unstructured":"Moody, D.: Status Report on the Third Round of the NIST Post-Quantum Cryptography Standardization Process. NISTIR 8309, pp. 1\u201327 (2022). https:\/\/nvlpubs.nist.gov\/nistpubs\/ir\/2022\/NIST.IR.8413.pdf"},{"key":"12_CR24","first-page":"676","volume":"2012","author":"K Ngo","year":"2021","unstructured":"Ngo, K., Dubrova, E., Guo, Q., Johansson, T.: A side-channel attack on a masked IND-CCA secure Saber KEM implementation. IACR Trans. Crypt. Hardw. Embed. Syst. 2012, 676\u2013707 (2021)","journal-title":"IACR Trans. Crypt. Hardw. Embed. Syst."},{"key":"12_CR25","first-page":"142","volume":"2018","author":"T Oder","year":"2018","unstructured":"Oder, T., Schneider, T., P\u00f6ppelmann, T., G\u00fcneysu, T.: Practical CCA2-secure and masked ring-LWE implementation. IACR Trans. Crypt. Hardw. Embed. Syst. 2018, 142\u2013174 (2018)","journal-title":"IACR Trans. Crypt. Hardw. Embed. Syst."},{"key":"12_CR26","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"157","DOI":"10.1007\/978-3-030-05072-6_10","volume-title":"Security, Privacy, and Applied Cryptography Engineering","author":"S Picek","year":"2018","unstructured":"Picek, S., Samiotis, I.P., Kim, J., Heuser, A., Bhasin, S., Legay, A.: On the performance of convolutional neural networks for side-channel analysis. In: Chattopadhyay, A., Rebeiro, C., Yarom, Y. (eds.) SPACE 2018. LNCS, vol. 11348, pp. 157\u2013176. Springer, Cham (2018). https:\/\/doi.org\/10.1007\/978-3-030-05072-6_10"},{"key":"12_CR27","first-page":"418","volume":"2023","author":"G Rajendran","year":"2023","unstructured":"Rajendran, G., Ravi, P., D\u2019Anvers, J.P., Bhasin, S., Chattopadhyay, A.: Pushing the limits of generic side-channel attacks on LWE-based KEMs-parallel PC oracle attacks on Kyber KEM and beyond. IACR Trans. Crypt. Hardw. Embed. Syst. 2023, 418\u2013446 (2023)","journal-title":"IACR Trans. Crypt. Hardw. Embed. Syst."},{"key":"12_CR28","doi-asserted-by":"publisher","first-page":"684","DOI":"10.1109\/TIFS.2021.3139268","volume":"17","author":"P Ravi","year":"2021","unstructured":"Ravi, P., Bhasin, S., Roy, S.S., Chattopadhyay, A.: On exploiting message leakage in (few) NIST PQC candidates for practical message recovery attacks. IEEE Trans. Inf. Forensics Secur. 17, 684\u2013699 (2021)","journal-title":"IEEE Trans. Inf. Forensics Secur."},{"key":"12_CR29","first-page":"307","volume":"2020","author":"P Ravi","year":"2020","unstructured":"Ravi, P., Roy, S.S., Chattopadhyay, A., Bhasin, S.: Generic side-channel attacks on CCA-secure lattice-based PKE and KEMs. IACR Trans. Crypt. Hardw. Embed. Syst. 2020, 307\u2013335 (2020)","journal-title":"IACR Trans. Crypt. Hardw. Embed. Syst."},{"key":"12_CR30","unstructured":"Rodriguez, R.C., Bruguier, F., Valea, E., Benoit, P.: Correlation electromagnetic analysis on an FPGA implementation of CRYSTALS-Kyber. Cryptology ePrint Archive, Paper 2022\/1361 (2022). https:\/\/eprint.iacr.org\/2022\/1361"},{"key":"12_CR31","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"534","DOI":"10.1007\/978-3-030-17259-6_18","volume-title":"Public-Key Cryptography \u2013 PKC 2019","author":"T Schneider","year":"2019","unstructured":"Schneider, T., Paglialonga, C., Oder, T., G\u00fcneysu, T.: Efficiently masking binomial sampling at arbitrary orders for lattice-based crypto. In: Lin, D., Sako, K. (eds.) PKC 2019. LNCS, vol. 11443, pp. 534\u2013564. Springer, Cham (2019). https:\/\/doi.org\/10.1007\/978-3-030-17259-6_18"},{"key":"12_CR32","first-page":"89","volume":"2023","author":"M Shen","year":"2023","unstructured":"Shen, M., Cheng, C., Zhang, X., Guo, Q., Jiang, T.: Find the bad apples: an efficient method for perfect key recovery under imperfect SCA oracles - a case study of Kyber. IACR Trans. Crypt. Hardw. Embed. Syst. 2023, 89\u2013112 (2023)","journal-title":"IACR Trans. Crypt. Hardw. Embed. Syst."},{"key":"12_CR33","doi-asserted-by":"publisher","first-page":"183175","DOI":"10.1109\/ACCESS.2020.3029521","volume":"8","author":"BY Sim","year":"2020","unstructured":"Sim, B.Y., et al.: Single-trace attacks on message encoding in lattice-based KEMs. IEEE Access 8, 183175\u2013183191 (2020)","journal-title":"IEEE Access"},{"key":"12_CR34","doi-asserted-by":"publisher","first-page":"137","DOI":"10.1109\/OJCS.2022.3198073","volume":"3","author":"TT Tsai","year":"2022","unstructured":"Tsai, T.T., Huang, S.S., Tseng, Y.M., Chuang, Y.H., Hung, Y.H.: Leakage-resilient certificate-based authenticated key exchange protocol. IEEE Open J. Comput. Soc. 3, 137\u2013148 (2022)","journal-title":"IEEE Open J. Comput. Soc."},{"key":"12_CR35","first-page":"296","volume":"2022","author":"R Ueno","year":"2022","unstructured":"Ueno, R., Xagawa, K., Tanaka, Y., Ito, A., Takahashi, J., Homma, N.: Curse of re-encryption: a generic power\/EM analysis on post-quantum KEMs. IACR Trans. Crypt. Hardw. Embed. Syst. 2022, 296\u2013322 (2022)","journal-title":"IACR Trans. Crypt. Hardw. Embed. Syst."},{"key":"12_CR36","doi-asserted-by":"crossref","unstructured":"Wang, H., Forsmark, S., Brisfors, M., Dubrova, E.: Multi-source training deep learning side-channel attacks. In: IEEE 50th International Symposium on Multiple-Valued Logic, ISMVL 2020 (2020)","DOI":"10.1109\/ISMVL49045.2020.00-29"},{"key":"12_CR37","doi-asserted-by":"crossref","unstructured":"Wang, J., Cao, W., Chen, H., Li, H.: Practical side-channel attack on message encoding in masked Kyber. In: 2022 IEEE International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom), pp. 882\u2013889. IEEE (2022)","DOI":"10.1109\/TrustCom56396.2022.00122"},{"key":"12_CR38","doi-asserted-by":"publisher","unstructured":"Wang, R., Ngo, K., Dubrova, E.: A message recovery attack on LWE\/LWR-based PKE\/KEMs using amplitude-modulated EM emanations. In: Seo, SH., Seo, H. (eds.) Information Security and Cryptology, ICISC 2022. LNCS, vol. 13849, pp. 450\u2013471. Springer, Cham (2023). https:\/\/doi.org\/10.1007\/978-3-031-29371-9_22","DOI":"10.1007\/978-3-031-29371-9_22"},{"key":"12_CR39","doi-asserted-by":"crossref","unstructured":"Wang, R., Wang, H., Dubrova, E.: Far field EM side-channel attack on AES using deep learning. In: Proceedings of the 4th ACM Workshop on Attacks and Solutions in Hardware Security, pp. 35\u201344 (2020)","DOI":"10.1145\/3411504.3421214"},{"key":"12_CR40","first-page":"389","volume":"2020","author":"L Wu","year":"2020","unstructured":"Wu, L., Picek, S.: Remove some noise: On pre-processing of side-channel measurements with autoencoders. IACR Trans. Crypt. Hardw. Embed. Syst. 2020, 389\u2013415 (2020)","journal-title":"IACR Trans. Crypt. Hardw. Embed. Syst."},{"key":"12_CR41","doi-asserted-by":"publisher","first-page":"2163","DOI":"10.1109\/TC.2021.3122997","volume":"71","author":"Z Xu","year":"2021","unstructured":"Xu, Z., Pemberton, O.M., Roy, S.S., Oswald, D., Yao, W., Zheng, Z.: Magnifying side-channel leakage of lattice-based cryptosystems with chosen ciphertexts: the case study of Kyber. IEEE Trans. Comput. 71, 2163\u20132176 (2021)","journal-title":"IEEE Trans. Comput."},{"issue":"10","key":"12_CR42","doi-asserted-by":"publisher","first-page":"1489","DOI":"10.3390\/e24101489","volume":"24","author":"C Yajing","year":"2022","unstructured":"Yajing, C., Yan, Y., Zhu, C., Guo, P.: Template attack of LWE\/LWR-based schemes with cyclic message rotation. Entropy 24(10), 1489 (2022)","journal-title":"Entropy"}],"container-title":["Lecture Notes in Computer Science","Applied Cryptography and Network Security"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-031-54776-8_12","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2024,3,5]],"date-time":"2024-03-05T16:17:46Z","timestamp":1709655466000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/978-3-031-54776-8_12"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2024]]},"ISBN":["9783031547751","9783031547768"],"references-count":42,"URL":"https:\/\/doi.org\/10.1007\/978-3-031-54776-8_12","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"type":"print","value":"0302-9743"},{"type":"electronic","value":"1611-3349"}],"subject":[],"published":{"date-parts":[[2024]]},"assertion":[{"value":"29 February 2024","order":1,"name":"first_online","label":"First Online","group":{"name":"ChapterHistory","label":"Chapter History"}},{"value":"ACNS","order":1,"name":"conference_acronym","label":"Conference Acronym","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"International Conference on Applied Cryptography and Network Security","order":2,"name":"conference_name","label":"Conference Name","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Abu Dhabi","order":3,"name":"conference_city","label":"Conference City","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"United Arab Emirates","order":4,"name":"conference_country","label":"Conference Country","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"2024","order":5,"name":"conference_year","label":"Conference Year","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"5 March 2024","order":7,"name":"conference_start_date","label":"Conference Start Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"8 March 2024","order":8,"name":"conference_end_date","label":"Conference End Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"22","order":9,"name":"conference_number","label":"Conference Number","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"acns2024","order":10,"name":"conference_id","label":"Conference ID","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"https:\/\/wp.nyu.edu\/acns2024\/","order":11,"name":"conference_url","label":"Conference URL","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Double-blind","order":1,"name":"type","label":"Type","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"HotCRP","order":2,"name":"conference_management_system","label":"Conference Management System","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"230","order":3,"name":"number_of_submissions_sent_for_review","label":"Number of Submissions Sent for Review","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"54","order":4,"name":"number_of_full_papers_accepted","label":"Number of Full Papers Accepted","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"0","order":5,"name":"number_of_short_papers_accepted","label":"Number of Short Papers Accepted","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"23% - The value is computed by the equation \"Number of Full Papers Accepted \/ Number of Submissions Sent for Review * 100\" and then rounded to a whole number.","order":6,"name":"acceptance_rate_of_full_papers","label":"Acceptance Rate of Full Papers","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"4","order":7,"name":"average_number_of_reviews_per_paper","label":"Average Number of Reviews per Paper","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"4-6","order":8,"name":"average_number_of_papers_per_reviewer","label":"Average Number of Papers per Reviewer","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"Yes","order":9,"name":"external_reviewers_involved","label":"External Reviewers Involved","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}}]}}