{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,7,3]],"date-time":"2025-07-03T15:15:44Z","timestamp":1751555744679,"version":"3.40.2"},"publisher-location":"Cham","reference-count":44,"publisher":"Springer Nature Switzerland","isbn-type":[{"value":"9783031865985","type":"print"},{"value":"9783031865992","type":"electronic"}],"license":[{"start":{"date-parts":[[2025,1,1]],"date-time":"2025-01-01T00:00:00Z","timestamp":1735689600000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"},{"start":{"date-parts":[[2025,1,1]],"date-time":"2025-01-01T00:00:00Z","timestamp":1735689600000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2025]]},"DOI":"10.1007\/978-3-031-86599-2_7","type":"book-chapter","created":{"date-parts":[[2025,3,24]],"date-time":"2025-03-24T19:02:36Z","timestamp":1742842956000},"page":"199-231","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":1,"title":["SoK: On the\u00a0Physical Security of\u00a0UOV-Based Signature Schemes"],"prefix":"10.1007","author":[{"given":"Thomas","family":"Aulbach","sequence":"first","affiliation":[]},{"given":"Fabio","family":"Campos","sequence":"additional","affiliation":[]},{"given":"Juliane","family":"Kr\u00e4mer","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2025,3,15]]},"reference":[{"key":"7_CR1","unstructured":"FIPS PUB 202: SHA-3 standard: Permutation-based hash and extendable-output functions. Federal Information Processing Standards Publication 202. National Institute of Standards and Technology, U.S. Department of Commerce (2015)"},{"key":"7_CR2","doi-asserted-by":"publisher","unstructured":"Aulbach, T., Campos, F., Kr\u00e4mer, J., Samardjiska, S., St\u00f6ttinger, M.: Separating oil and vinegar with a single trace side-channel assisted Kipnis-Shamir attack on UOV. IACR Trans. Cryptogr. Hardw. Embed. Syst. (2023). https:\/\/doi.org\/10.46586\/tches.v2023.i3.221-245","DOI":"10.46586\/tches.v2023.i3.221-245"},{"key":"7_CR3","doi-asserted-by":"publisher","unstructured":"Aulbach, T., Kovats, T., Kr\u00e4mer, J., Marzougui, S.: Recovering rainbow\u2019s secret key with a first-order fault attack. In: Progress in Cryptology - AFRICACRYPT 2022: 13th International Conference on Cryptology in Africa. Springer, Cham (2022). https:\/\/doi.org\/10.1007\/978-3-031-17433-9_15","DOI":"10.1007\/978-3-031-17433-9_15"},{"key":"7_CR4","doi-asserted-by":"publisher","unstructured":"Aulbach, T., Marzougui, S., Seifert, J.-P., Ulitzsch, V.Q.: Mayo or may-not: exploring implementation security of the post-quantum signature scheme MAYO against physical attacks. In: Workshop on Fault Detection and Tolerance in Cryptography, FDTC 2024. IEEE (2024). https:\/\/doi.org\/10.1109\/FDTC64268.2024.00012","DOI":"10.1109\/FDTC64268.2024.00012"},{"key":"7_CR5","unstructured":"Bertoni, G., Daemen, J., Peeters, M., Van Assche, G.: Building power analysis resistant implementations of Keccak. In: Second SHA-3 Candidate Conference (2010). https:\/\/citeseerx.ist.psu.edu\/document?repid=rep1&type=pdf &doi=fe3d80a12e34d67ce14d438935302c6ef371901c"},{"key":"7_CR6","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"348","DOI":"10.1007\/978-3-030-77870-5_13","volume-title":"Advances in Cryptology \u2013 EUROCRYPT 2021","author":"W Beullens","year":"2021","unstructured":"Beullens, W.: Improved cryptanalysis of UOV and rainbow. In: Canteaut, A., Standaert, F.-X. (eds.) EUROCRYPT 2021. LNCS, vol. 12696, pp. 348\u2013373. Springer, Cham (2021). https:\/\/doi.org\/10.1007\/978-3-030-77870-5_13"},{"key":"7_CR7","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"355","DOI":"10.1007\/978-3-030-99277-4_17","volume-title":"Selected Areas in Cryptography","author":"W Beullens","year":"2022","unstructured":"Beullens, W.: MAYO: practical post-quantum signatures from oil-and-vinegar maps. In: AlTawy, R., H\u00fclsing, A. (eds.) SAC 2021. LNCS, vol. 13203, pp. 355\u2013376. Springer, Cham (2022). https:\/\/doi.org\/10.1007\/978-3-030-99277-4_17"},{"key":"7_CR8","doi-asserted-by":"publisher","unstructured":"Beullens, W.: Breaking rainbow takes a weekend on a laptop. In: Advances in Cryptology - CRYPTO 2022. Springer, Cham (2022). https:\/\/doi.org\/10.1007\/978-3-031-15979-4_16","DOI":"10.1007\/978-3-031-15979-4_16"},{"key":"7_CR9","unstructured":"Beullens, W.: Improved cryptanalysis of SNOVA. IACR Cryptol. ePrint Arch. (2024). https:\/\/eprint.iacr.org\/2024\/1297"},{"key":"7_CR10","doi-asserted-by":"publisher","unstructured":"Beullens, W., Campos, F., Celi, S., Hess, B., Kannwischer, M.J.: Nibbling MAYO: optimized implementations for AVX2 and cortex-m4. IACR Trans. Cryptogr. Hardw. Embed. Syst. (2024). https:\/\/doi.org\/10.46586\/tches.v2024.i2.252-275","DOI":"10.46586\/tches.v2024.i2.252-275"},{"key":"7_CR11","unstructured":"Beullens, W., Campos, F., Celi, S., Hess, B., Kannwischer, M.J.: MAYO. Technical report, National Institute of Standards and Technology (2023). https:\/\/csrc.nist.gov\/Projects\/pqc-dig-sig\/round-1-additional-signatures"},{"key":"7_CR12","unstructured":"Beullens, W., et al.: UOV. Technical report, National Institute of Standards and Technology (2023). https:\/\/csrc.nist.gov\/Projects\/pqc-dig-sig\/round-1-additional-signatures"},{"key":"7_CR13","doi-asserted-by":"publisher","unstructured":"Beullens, W., et al.: Oil and vinegar: modern parameters and implementations. IACR Trans. Cryptogr. Hardw. Embed. Syst. (2023). https:\/\/doi.org\/10.46586\/tches.v2023.i3.321-365","DOI":"10.46586\/tches.v2023.i3.321-365"},{"key":"7_CR14","doi-asserted-by":"publisher","unstructured":"Bl\u00f6mer, J., Da Silva, R.G., G\u00fcnther, P., Kr\u00e4mer, J., Seifert, J.P.: A practical second-order fault attack against a real-world pairing implementation. In: 2014 Workshop on Fault Diagnosis and Tolerance in Cryptography, FDTC 2014. IEEE Computer Society (2014). https:\/\/doi.org\/10.1109\/FDTC.2014.22","DOI":"10.1109\/FDTC.2014.22"},{"key":"7_CR15","doi-asserted-by":"publisher","unstructured":"Chen, M.-S., Chou, T.: Classic McEliece on the ARM cortex-m4. IACR Trans. Cryptogr. Hardw. Embed. Syst. (2021). https:\/\/doi.org\/10.46586\/tches.v2021.i3.125-148","DOI":"10.46586\/tches.v2021.i3.125-148"},{"key":"7_CR16","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"24","DOI":"10.1007\/978-3-319-66787-4_2","volume-title":"Cryptographic Hardware and Embedded Systems \u2013 CHES 2017","author":"C Clavier","year":"2017","unstructured":"Clavier, C., Reynaud, L.: Improved blind side-channel analysis by exploitation of joint distributions of leakages. In: Fischer, W., Homma, N. (eds.) CHES 2017. LNCS, vol. 10529, pp. 24\u201344. Springer, Cham (2017). https:\/\/doi.org\/10.1007\/978-3-319-66787-4_2"},{"key":"7_CR17","unstructured":"Ding, J., et al.: Rainbow. Technical report, National Institute of Standards and Technology (2020). https:\/\/csrc.nist.gov\/projects\/post-quantum-cryptography\/round-3-submissions"},{"key":"7_CR18","doi-asserted-by":"publisher","unstructured":"Ding, J., Deaton, J., Vishakha, Yang, B.-Y.: The nested subset differential attack - a practical direct attack against LUOV which forges a signature within 210 minutes. In: Advances in Cryptology - EUROCRYPT 2021. Springer, Cham (2021). https:\/\/doi.org\/10.1007\/978-3-030-77870-5_12","DOI":"10.1007\/978-3-030-77870-5_12"},{"key":"7_CR19","unstructured":"Ding, J., et al.: TUOV. Technical report, National Institute of Standards and Technology (2023). https:\/\/csrc.nist.gov\/Projects\/pqc-dig-sig\/round-1-additional-signatures"},{"key":"7_CR20","unstructured":"Furue, H., et al.: QR-UOV. Technical report, National Institute of Standards and Technology (2023). https:\/\/csrc.nist.gov\/Projects\/pqc-dig-sig\/round-1-additional-signatures"},{"key":"7_CR21","doi-asserted-by":"publisher","unstructured":"Furue, H., Kiyomura, Y., Nagasawa, T., Takagi, T.: A new fault attack on UOV multivariate signature scheme. In: Post-Quantum Cryptography - 13th International Workshop, PQCrypto 2022. Springer, Cham (2022). https:\/\/doi.org\/10.1007\/978-3-031-17234-2_7","DOI":"10.1007\/978-3-031-17234-2_7"},{"key":"7_CR22","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"305","DOI":"10.1007\/978-3-642-33481-8_17","volume-title":"Progress in Cryptology \u2013 LATINCRYPT 2012","author":"B Gierlichs","year":"2012","unstructured":"Gierlichs, B., Schmidt, J.-M., Tunstall, M.: Infective computation and dummy rounds: fault protection for block ciphers without check-before-output. In: Hevia, A., Neven, G. (eds.) LATINCRYPT 2012. LNCS, vol. 7533, pp. 305\u2013321. Springer, Heidelberg (2012). https:\/\/doi.org\/10.1007\/978-3-642-33481-8_17"},{"key":"7_CR23","unstructured":"Goubin, L., et al.: PROV. Technical report, National Institute of Standards and Technology (2023). https:\/\/csrc.nist.gov\/Projects\/pqc-dig-sig\/round-1-additional-signatures"},{"key":"7_CR24","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1007\/978-3-642-25405-5_1","volume-title":"Post-Quantum Cryptography","author":"Y Hashimoto","year":"2011","unstructured":"Hashimoto, Y., Takagi, T., Sakurai, K.: General fault attacks on multivariate public key cryptosystems. In: Yang, B.-Y. (ed.) PQCrypto 2011. LNCS, vol. 7071, pp. 1\u201318. Springer, Heidelberg (2011). https:\/\/doi.org\/10.1007\/978-3-642-25405-5_1"},{"key":"7_CR25","doi-asserted-by":"crossref","unstructured":"Jendral, S., Dubrova, E.: MAYO key recovery by fixing vinegar seeds. IACR Cryptol. ePrint Arch. (2024). https:\/\/eprint.iacr.org\/2024\/1550","DOI":"10.62056\/ab0ljbkrz"},{"key":"7_CR26","unstructured":"Jendral, S., Dubrova, E.: Single-trace side-channel attacks on MAYO exploiting leaky modular multiplication. IACR Cryptol. ePrint Arch. (2024). https:\/\/eprint.iacr.org\/2024\/1850"},{"key":"7_CR27","doi-asserted-by":"publisher","unstructured":"Jendral, S., Mattsson, J.P., Dubrova, E.: A single-trace fault injection attack on hedged module lattice digital signature algorithm (ML-DSA). In: Workshop on Fault Detection and Tolerance in Cryptography, FDTC 2024. IEEE (2024). https:\/\/doi.org\/10.1109\/FDTC64268.2024.00013","DOI":"10.1109\/FDTC64268.2024.00013"},{"key":"7_CR28","unstructured":"Kannwischer, M.J., Rijneveld, J., Schwabe, P., Stoffelen, K.: pqm4: testing and benchmarking NIST PQC on ARM cortex-m4. IACR Cryptol. ePrint Arch. (2019). https:\/\/eprint.iacr.org\/2019\/844"},{"key":"7_CR29","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"206","DOI":"10.1007\/3-540-48910-X_15","volume-title":"Advances in Cryptology \u2014 EUROCRYPT \u201999","author":"A Kipnis","year":"1999","unstructured":"Kipnis, A., Patarin, J., Goubin, L.: Unbalanced oil and vinegar signature schemes. In: Stern, J. (ed.) EUROCRYPT 1999. LNCS, vol. 1592, pp. 206\u2013222. Springer, Heidelberg (1999). https:\/\/doi.org\/10.1007\/3-540-48910-X_15"},{"key":"7_CR30","doi-asserted-by":"publisher","unstructured":"Koo, N., Shim, K.-A.: Security analysis of reusing vinegar values in UOV signature scheme. IEEE Access (2024). https:\/\/doi.org\/10.1109\/ACCESS.2024.3409778","DOI":"10.1109\/ACCESS.2024.3409778"},{"key":"7_CR31","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"193","DOI":"10.1007\/978-3-030-16350-1_11","volume-title":"Constructive Side-Channel Analysis and Secure Design","author":"J Kr\u00e4mer","year":"2019","unstructured":"Kr\u00e4mer, J., Loiero, M.: Fault attacks on UOV and rainbow. In: Polian, I., St\u00f6ttinger, M. (eds.) COSADE 2019. LNCS, vol. 11421, pp. 193\u2013214. Springer, Cham (2019). https:\/\/doi.org\/10.1007\/978-3-030-16350-1_11"},{"key":"7_CR32","doi-asserted-by":"publisher","unstructured":"Mus, K., Islam, S., Sunar, B.: Quantumhammer: a practical hybrid attack on the LUOV signature scheme. In: CCS 2020: 2020 ACM SIGSAC Conference on Computer and Communication Security. ACM (2020). https:\/\/doi.org\/10.1145\/3372297.3417272","DOI":"10.1145\/3372297.3417272"},{"key":"7_CR33","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"243","DOI":"10.1007\/978-3-319-10175-0_17","volume-title":"Constructive Side-Channel Analysis and Secure Design","author":"C O\u2019Flynn","year":"2014","unstructured":"O\u2019Flynn, C., Chen, Z.D.: ChipWhisperer: an open-source platform for hardware embedded security research. In: Prouff, E. (ed.) COSADE 2014. LNCS, vol. 8622, pp. 243\u2013260. Springer, Cham (2014). https:\/\/doi.org\/10.1007\/978-3-319-10175-0_17"},{"key":"7_CR34","doi-asserted-by":"publisher","unstructured":"Park, A., Shim, K.-A., Koo, N., Han, D.-G.: Side-channel attacks on post-quantum signature schemes based on multivariate quadratic equations - rainbow and UOV. IACR Trans. Cryptogr. Hardw. Embed. Syst. (2018). https:\/\/doi.org\/10.13154\/tches.v2018.i3.500-523","DOI":"10.13154\/tches.v2018.i3.500-523"},{"key":"7_CR35","unstructured":"Patarin, J., et al.: VOX. Technical report, National Institute of Standards and Technology (2023). https:\/\/csrc.nist.gov\/Projects\/pqc-dig-sig\/round-1-additional-signatures"},{"key":"7_CR36","doi-asserted-by":"publisher","unstructured":"P\u00e9bereau, P.: One vector to rule them all: Key recovery from one vector in UOV schemes. In: Post-Quantum Cryptography - 15th International Workshop, PQCrypto 2024. Springer, Cham (2024). https:\/\/doi.org\/10.1007\/978-3-031-62746-0_5","DOI":"10.1007\/978-3-031-62746-0_5"},{"key":"7_CR37","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"475","DOI":"10.1007\/978-3-642-23951-9_31","volume-title":"Cryptographic Hardware and Embedded Systems \u2013 CHES 2011","author":"A Petzoldt","year":"2011","unstructured":"Petzoldt, A., Thomae, E., Bulygin, S., Wolf, C.: Small public keys and fast verification for $$\\cal{M}$$ultivariate $$\\cal{Q}$$uadratic public key systems. In: Preneel, B., Takagi, T. (eds.) CHES 2011. LNCS, vol. 6917, pp. 475\u2013490. Springer, Heidelberg (2011). https:\/\/doi.org\/10.1007\/978-3-642-23951-9_31"},{"key":"7_CR38","doi-asserted-by":"publisher","unstructured":"Ravi, P., Jap, D., Bhasin, S., Chattopadhyay, A.: Invited paper: machine learning based blind side-channel attacks on PQC-based KEMs - a case study of kyber KEM. In: IEEE\/ACM International Conference on Computer Aided Design, ICCAD 2023. IEEE (2023). https:\/\/doi.org\/10.1109\/ICCAD57390.2023.10323721","DOI":"10.1109\/ICCAD57390.2023.10323721"},{"key":"7_CR39","doi-asserted-by":"publisher","unstructured":"Sayari, O., Marzougui, S., Aulbach, T., Kr\u00e4mer, J., Seifert, J.-P.: HAMAYO: a fault-tolerant reconfigurable hardware implementation of the MAYO signature scheme. In: Constructive Side-Channel Analysis and Secure Design - 15th International Workshop, COSADE 2024. Springer, Cham (2024). https:\/\/doi.org\/10.1007\/978-3-031-57543-3_13","DOI":"10.1007\/978-3-031-57543-3_13"},{"key":"7_CR40","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"495","DOI":"10.1007\/978-3-662-48324-4_25","volume-title":"Cryptographic Hardware and Embedded Systems \u2013 CHES 2015","author":"T Schneider","year":"2015","unstructured":"Schneider, T., Moradi, A.: Leakage assessment methodology. In: G\u00fcneysu, T., Handschuh, H. (eds.) CHES 2015. LNCS, vol. 9293, pp. 495\u2013513. Springer, Heidelberg (2015). https:\/\/doi.org\/10.1007\/978-3-662-48324-4_25"},{"key":"7_CR41","doi-asserted-by":"publisher","unstructured":"Shim, K.-A., Koo, N.: Algebraic fault analysis of UOV and rainbow with the leakage of random vinegar values. IEEE Trans. Inf. Forensics Secur. (2020). https:\/\/doi.org\/10.1109\/TIFS.2020.2969555","DOI":"10.1109\/TIFS.2020.2969555"},{"key":"7_CR42","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"70","DOI":"10.1007\/978-3-030-84242-0_4","volume-title":"Advances in Cryptology \u2013 CRYPTO 2021","author":"C Tao","year":"2021","unstructured":"Tao, C., Petzoldt, A., Ding, J.: Efficient key recovery for all HFE signature variants. In: Malkin, T., Peikert, C. (eds.) CRYPTO 2021. LNCS, vol. 12825, pp. 70\u201393. Springer, Cham (2021). https:\/\/doi.org\/10.1007\/978-3-030-84242-0_4"},{"key":"7_CR43","unstructured":"NewAE Technology. Repository of ChipWhisperer tool chain - commit a9527b5 (2023). https:\/\/github.com\/newaetech\/chipwhisperer"},{"key":"7_CR44","unstructured":"Wang, L.-C., et al.: SNOVA. Technical report, National Institute of Standards and Technology (2023). https:\/\/csrc.nist.gov\/Projects\/pqc-dig-sig\/round-1-additional-signatures"}],"container-title":["Lecture Notes in Computer Science","Post-Quantum Cryptography"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-031-86599-2_7","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,3,24]],"date-time":"2025-03-24T19:02:46Z","timestamp":1742842966000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/978-3-031-86599-2_7"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2025]]},"ISBN":["9783031865985","9783031865992"],"references-count":44,"URL":"https:\/\/doi.org\/10.1007\/978-3-031-86599-2_7","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"value":"0302-9743","type":"print"},{"value":"1611-3349","type":"electronic"}],"subject":[],"published":{"date-parts":[[2025]]},"assertion":[{"value":"15 March 2025","order":1,"name":"first_online","label":"First Online","group":{"name":"ChapterHistory","label":"Chapter History"}},{"value":"PQCrypto","order":1,"name":"conference_acronym","label":"Conference Acronym","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"International Conference on Post-Quantum Cryptography","order":2,"name":"conference_name","label":"Conference Name","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Taipei","order":3,"name":"conference_city","label":"Conference City","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Taiwan","order":4,"name":"conference_country","label":"Conference Country","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"2025","order":5,"name":"conference_year","label":"Conference Year","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"9 April 2025","order":7,"name":"conference_start_date","label":"Conference Start Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"11 April 2025","order":8,"name":"conference_end_date","label":"Conference End Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"16","order":9,"name":"conference_number","label":"Conference Number","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"pqcrypto2025","order":10,"name":"conference_id","label":"Conference ID","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"https:\/\/pqcrypto2025.iis.sinica.edu.tw\/","order":11,"name":"conference_url","label":"Conference URL","group":{"name":"ConferenceInfo","label":"Conference Information"}}]}}