{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,1,10]],"date-time":"2026-01-10T19:02:02Z","timestamp":1768071722857,"version":"3.49.0"},"reference-count":48,"publisher":"Springer Science and Business Media LLC","issue":"1","license":[{"start":{"date-parts":[[2021,11,25]],"date-time":"2021-11-25T00:00:00Z","timestamp":1637798400000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.springer.com\/tdm"},{"start":{"date-parts":[[2021,11,25]],"date-time":"2021-11-25T00:00:00Z","timestamp":1637798400000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.springer.com\/tdm"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":["J Cryptogr Eng"],"published-print":{"date-parts":[[2022,4]]},"DOI":"10.1007\/s13389-021-00276-5","type":"journal-article","created":{"date-parts":[[2021,11,25]],"date-time":"2021-11-25T09:02:36Z","timestamp":1637830956000},"page":"15-51","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":7,"title":["Optimized threshold implementations: securing cryptographic accelerators for low-energy and low-latency applications"],"prefix":"10.1007","volume":"12","author":[{"ORCID":"https:\/\/orcid.org\/0000-0001-8629-4115","authenticated-orcid":false,"given":"Du\u0161an","family":"Bo\u017eilov","sequence":"first","affiliation":[]},{"given":"Miroslav","family":"Kne\u017eevi\u0107","sequence":"additional","affiliation":[]},{"given":"Ventzislav","family":"Nikov","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2021,11,25]]},"reference":[{"issue":"1","key":"276_CR1","doi-asserted-by":"publisher","first-page":"269","DOI":"10.46586\/tches.v2018.i1.269-290","volume":"2018","author":"V Arribas","year":"2018","unstructured":"Arribas, V., Bilgin, B., Petrides, G., Nikova, S., Rijmen, V.: Rhythmic Keccak: SCA security and low latency in HW. IACR Trans. Cryptogr. Hardw. Embed. Syst. 2018(1), 269\u2013290 (2018)","journal-title":"IACR Trans. Cryptogr. Hardw. Embed. Syst."},{"key":"276_CR2","doi-asserted-by":"crossref","unstructured":"Banik, S., Bogdanov, A., Isobe, T., Shibutani, K., Hiwatari, H., Akishita, T., Regazzoni, F.: Midori: a block cipher for low energy. In: ASIACRYPT 2015, pp. 411\u2013436. Springer, New York (2015)","DOI":"10.1007\/978-3-662-48800-3_17"},{"key":"276_CR3","doi-asserted-by":"crossref","unstructured":"Borghoff, J., Canteaut, A., G\u00fcneysu, T., Kavun, E.B., Knezevic, M., Knudsen, L.R., Leander, G., Nikov, V., Paar, C., Rechberger, C., Rombouts, P.: PRINCE: a low-latency block cipher for pervasive computing applications. In: ASIACRYPT 2012, LNCS, pp. 208\u2013225. Springer, Berlin (2012)","DOI":"10.1007\/978-3-642-34961-4_14"},{"key":"276_CR4","unstructured":"Bertoni, G., Daemen, J., Peeters, M., Van Assche, G.: The Keccak reference. http:\/\/keccak.noekeon.org\/ (2011)"},{"key":"276_CR5","doi-asserted-by":"crossref","unstructured":"Balasch, J., Gierlichs, B., Grosso, V., Reparaz, O., Standaert, F.X.: On the cost of lazy engineering for masked software implementations. In: Joye, M., Moradi, A. (eds) 13th International Conference on Smart Card Research and Advanced Applications, CARDIS 2014, Paris, France, November 5\u20137, 2014. Revised Selected Papers, Volume 8968 of Lecture Notes in Computer Science, pp. 64\u201381. Springer (2014)","DOI":"10.1007\/978-3-319-16763-3_5"},{"key":"276_CR6","doi-asserted-by":"crossref","unstructured":"Bilgin, B., Gierlichs, B., Nikova, S., Nikov, V., Rijmen, V.: Higher-order threshold implementations. In: ASIACRYPT 2014, LNCS. pp. 326\u2013343. Springer (2014)","DOI":"10.1007\/978-3-662-45608-8_18"},{"key":"276_CR7","doi-asserted-by":"publisher","first-page":"267","DOI":"10.1007\/978-3-319-06734-6_17","volume-title":"Progress in Cryptology\u2013AFRICACRYPT 2014","author":"B Bilgin","year":"2014","unstructured":"Bilgin, B., Gierlichs, B., Nikova, S., Nikov, V., Rijmen, V.: A more efficient AES threshold implementation. In: Pointcheval, D., Vergnaud, D. (eds) Progress in Cryptology\u2013AFRICACRYPT 2014, pp. 267\u2013284. Springer, Cham (2014)"},{"key":"276_CR8","unstructured":"Bilgin, B.: Threshold implementations: as countermeasure against higher-order differential power analysis. PhD thesis, University of Twente, Enschede, Netherlands (2015)"},{"key":"276_CR9","doi-asserted-by":"publisher","first-page":"611","DOI":"10.1023\/A:1018900128545","volume":"86","author":"MJ Brusco","year":"1999","unstructured":"Brusco, M.J., Jacobs, L.W., Thompson, G.M.: A morphing procedure to supplement a simulated annealing heuristic for cost-andcoverage-correlated set-covering problems. Ann. Oper. Res. 86, 611\u2013627 (1999)","journal-title":"Ann. Oper. Res."},{"key":"276_CR10","doi-asserted-by":"publisher","first-page":"450","DOI":"10.1007\/978-3-540-74735-2_31","volume-title":"Cryptographic Hardware and Embedded Systems\u2013CHES 2007","author":"A Bogdanov","year":"2007","unstructured":"Bogdanov, A., Knudsen, L.R., Leander, G., Paar, C., Poschmann, A., Robshaw, M.J., Seurin, Y., Vikkelsoe, C.: PRESENT: An ultra-lightweight block cipher. In: Paillier, P., Verbauwhede, I. (eds.) Cryptographic Hardware and Embedded Systems\u2013CHES 2007, pp. 450\u2013466. Springer, Berlin (2007)"},{"key":"276_CR11","doi-asserted-by":"crossref","unstructured":"Bilgin, B., Nikova, S., Nikov, V., Rijmen, V., St\u00fctz, G.: Threshold implementations of all 3 $$\\times $$3 and 4 $$\\times $$4 s-boxes. In: CHES 2012, LNCS, pp. 76\u201391. Springer (2012)","DOI":"10.1007\/978-3-642-33027-8_5"},{"key":"276_CR12","unstructured":"Bo\u017eilov, D.: PRINCE s-boxes verilog implementation (2021). https:\/\/github.com\/dusanbozilov\/PRINCETI"},{"key":"276_CR13","unstructured":"Cooper, J., DeMulder, E., Goodwill, G., Jaffe, J., Kenworthy, G., Rohatgi, P.: Test vector leakage assessment (TVLA) methodology in practice. In: International Cryptographic Module Conference (2013)"},{"key":"276_CR14","unstructured":"Cassiers, G., Gr\u00e9goire, B., Levi, I., Standaert, F.-X.: Hardware private circuits: from trivial composition to full verification. Cryptology ePrint Archive, Report 2020\/185. https:\/\/eprint.iacr.org\/2020\/185 (2020)"},{"key":"276_CR15","doi-asserted-by":"crossref","unstructured":"De Cnudde, T., Reparaz, O., Bilgin, B., Nikova, S., Nikov, V., Rijmen, V.: Masking AES with d+1 shares in hardware. In: Cryptographic Hardware and Embedded Systems\u2014CHES 2016, pp. 194\u2013212 (2016)","DOI":"10.1007\/978-3-662-53140-2_10"},{"key":"276_CR16","unstructured":"Chu, G., Stuckey, P.J.: Chuffed solver description. https:\/\/github.com\/chuffed\/chuffed (2014)"},{"key":"276_CR17","doi-asserted-by":"crossref","unstructured":"Daemen, J.: Changing of the guards: a simple and efficient method for achieving uniformity in threshold sharing. In: Fischer, W., Homma, N. (eds) Proceedings of 19th International Conference on Cryptographic Hardware and Embedded Systems\u2014CHES 2017, Taipei, Taiwan, September 25\u201328, 2017, Volume 10529 of Lecture Notes in Computer Science, pp. 137\u2013153. Springer (2017)","DOI":"10.1007\/978-3-319-66787-4_7"},{"key":"276_CR18","doi-asserted-by":"publisher","DOI":"10.1515\/9781400884179","volume-title":"Linear Programming and Extensions","author":"G Dantzig","year":"1963","unstructured":"Dantzig, G.: Linear Programming and Extensions. Rand Corporation Research Study. Princeton University Press, Princeton (1963)"},{"issue":"3","key":"276_CR19","doi-asserted-by":"publisher","first-page":"119","DOI":"10.46586\/tches.v2019.i3.119-147","volume":"2019","author":"L De Meyer","year":"2019","unstructured":"De Meyer, L., Bilgin, B., Reparaz, O.: Consolidating security notions in hardware masking. IACR Trans. Cryptogr. Hardw. Embed. Syst. 2019(3), 119\u2013147 (2019)","journal-title":"IACR Trans. Cryptogr. Hardw. Embed. Syst."},{"issue":"3","key":"276_CR20","doi-asserted-by":"publisher","first-page":"508","DOI":"10.46586\/tches.v2020.i3.508-543","volume":"2020","author":"J Daemen","year":"2020","unstructured":"Daemen, J., Dobraunig, C.E., Eichlseder, M., Gross, H., Mendel, F., Primas, R.: Protecting against statistical ineffective fault attacks. IACR Trans. Cryptogr. Hardw. Embed. Syst. 2020(3), 508\u2013543 (2020)","journal-title":"IACR Trans. Cryptogr. Hardw. Embed. Syst."},{"key":"276_CR21","doi-asserted-by":"publisher","first-page":"25","DOI":"10.46586\/tches.v2019.i1.25-50","volume":"2019","author":"L De Meyer","year":"2018","unstructured":"De Meyer, L., Arribas Abril, V., Nikova, S., Nikov, V., Rijmen, V.: M&M: masks and macs against physical attacks. IACR Trans. Cryptogr. Hardwa. Embed. Syst. 2019, 25\u201350 (2018)","journal-title":"IACR Trans. Cryptogr. Hardwa. Embed. Syst."},{"issue":"2","key":"276_CR22","first-page":"1","volume":"2018","author":"H Gross","year":"2018","unstructured":"Gross, H., Iusupov, R., Bloem, R.: Generic low-latency masking in hardware. IACR Trans. Cryptogr. Hardw. Embed. Syst. 2018(2), 1\u201321 (2018)","journal-title":"IACR Trans. Cryptogr. Hardw. Embed. Syst."},{"key":"276_CR23","doi-asserted-by":"crossref","unstructured":"Gross, H., Mangard, S.: Reconciling $$d+1$$ masking in hardware and software. In: Cryptographic Hardware and Embedded Systems\u2014CHES, Springer (2017)","DOI":"10.1007\/978-3-319-66787-4_6"},{"key":"276_CR24","doi-asserted-by":"crossref","unstructured":"Gross, H., Mangard, S., Korak, T.: Domain-oriented masking: compact masked hardware implementations with arbitrary protection order. In: Proceedings of the ACM Workshop on Theory of Implementation Security, TIS@CCS 2016 Vienna, Austria, p.\u00a03 (2016)","DOI":"10.1145\/2996366.2996426"},{"key":"276_CR25","doi-asserted-by":"crossref","unstructured":"Gross, H., Mangard, S., Korak, T.: An efficient side-channel protected AES implementation with arbitrary protection order. In: Handschuh, H. (ed.) Topics in Cryptology\u2014CT-RSA, vol. 2017, pp. 95\u2013112 (2017)","DOI":"10.1007\/978-3-319-52153-4_6"},{"key":"276_CR26","unstructured":"LLC Gurobi\u00a0Optimization. Gurobi optimizer reference manual. http:\/\/www.gurobi.com (2020)"},{"key":"276_CR27","doi-asserted-by":"crossref","unstructured":"Ishai, Y., Sahai, A., Wagner, D.: Private circuits: securing hardware against probing attacks. In: CRYPTO 2003, pp. 463\u2013481. Springer, Berlin (2003)","DOI":"10.1007\/978-3-540-45146-4_27"},{"issue":"4598","key":"276_CR28","doi-asserted-by":"publisher","first-page":"671","DOI":"10.1126\/science.220.4598.671","volume":"220","author":"S Kirkpatrick","year":"1983","unstructured":"Kirkpatrick, S., Gelatt, C.D., Vecchi, M.P.: Optimization by simulated annealing. Science 220(4598), 671\u2013680 (1983)","journal-title":"Science"},{"key":"276_CR29","doi-asserted-by":"crossref","unstructured":"Knezevi\u0107, M., Nikov, V., Rombouts, P.: Low-latency encryption\u2014Is \u201cLightweight = Light + Wait\u201d? In: CHES 2012, LNCS, pp. 426\u2013446. Springer (2012)","DOI":"10.1007\/978-3-642-33027-8_25"},{"key":"276_CR30","unstructured":"Minotra, D.: A study of heuristic-algorithms for set-covering problems (2008)"},{"key":"276_CR31","first-page":"256","volume":"2","author":"T Moos","year":"2019","unstructured":"Moos, T., Moradi, A., Schneider, T., Standaert, F.X.: Glitch-resistant masking revisited- or why proofs in the robust probing model are needed. Cryptogr. Hardw. Embed. Syst. TCHES 2: 256\u2013292 (2019)","journal-title":"IACR Trans. Cryptogr. Hardw. Embed. Syst. TCHES"},{"key":"276_CR32","doi-asserted-by":"crossref","unstructured":"Moradi, A., Poschmann, A., Ling, S., Paar, C., Wang, H.: Pushing the limits: a very compact and a threshold implementation of AES. In: Paterson, K.G. (ed.) Advances in Cryptology\u2014EUROCRYPT 2011, pp. 69\u201388 (2011)","DOI":"10.1007\/978-3-642-20465-4_6"},{"key":"276_CR33","doi-asserted-by":"crossref","unstructured":"Moradi, A., Schneider, T.: Side-channel analysis protection and low-latency in action\u2014case study of PRINCE and Midori. In: ASIACRYPT 2016, LNCS. Springer (2016)","DOI":"10.1007\/978-3-662-53887-6_19"},{"key":"276_CR34","unstructured":"Nikova, S.: TI tools for the 3 x 3 and 4 x 4 S-boxes. http:\/\/homes.esat.kuleuven.be\/~snikova\/ti_tools.html (2012)"},{"key":"276_CR35","doi-asserted-by":"publisher","first-page":"379","DOI":"10.1007\/s12095-018-0317-2","volume":"11","author":"S Nikova","year":"2019","unstructured":"Nikova, S., Nikov, V., Rijmen, V.: Decomposition of permutations in a finite field. Cryptogr. Commun. 11, 379\u2013384 (2019)","journal-title":"Cryptogr. Commun."},{"key":"276_CR36","doi-asserted-by":"crossref","unstructured":"Nikova, S., Rechberger, C., Rijmen, V.: Threshold implementations against side-channel attacks and glitches. In: ICICS 2006, LNCS, pp. 529\u2013545. Springer (2006)","DOI":"10.1007\/11935308_38"},{"key":"276_CR37","doi-asserted-by":"publisher","first-page":"529","DOI":"10.1007\/978-3-540-74970-7_38","volume-title":"Principles and Practice of Constraint Programming\u2013CP 2007","author":"N Nethercote","year":"2007","unstructured":"Nethercote, N., Stuckey, P.J., Becket, R., Brand, S., Duck, G.J., Tack, G.: MiniZinc: towards a standard CP modelling language. In: Christian Bessi\u00e8re, (ed.) Principles and Practice of Constraint Programming\u2013CP 2007, pp. 529\u2013543. Springer, Berlin (2007)"},{"key":"276_CR38","doi-asserted-by":"crossref","unstructured":"Papapagiannopoulos, K.: High throughput in slices: the case of PRESENT, PRINCE and KATAN64 ciphers. In: RFIDSec 2014, LNCS, pp. 137\u2013155. Springer (2014)","DOI":"10.1007\/978-3-319-13066-8_9"},{"key":"276_CR39","unstructured":"Perron, L., Furnon, V.: OR-Tools. https:\/\/developers.google.com\/optimization\/ (2020)"},{"issue":"2","key":"276_CR40","doi-asserted-by":"publisher","first-page":"322","DOI":"10.1007\/s00145-010-9086-6","volume":"24","author":"A Poschmann","year":"2011","unstructured":"Poschmann, A., Moradi, A., Khoo, K., Lim, C.W., Wang, H., Ling, S.: Side-channel resistant crypto for less than 2,300 GE. J. Cryptol. 24(2), 322\u2013345 (2011)","journal-title":"J. Cryptol."},{"key":"276_CR41","doi-asserted-by":"crossref","unstructured":"Reparaz, O., Bilgin, B., Nikova, S., Gierlichs, B., Verbauwhede, I.: Consolidating masking schemes. In: CRYPTO 2015, LNCS, pp. 764\u2013783. Springer (2015)","DOI":"10.1007\/978-3-662-47989-6_37"},{"key":"276_CR42","volume-title":"Handbook of Constraint Programming (Foundations of Artificial Intelligence)","author":"F Rossi","year":"2006","unstructured":"Rossi, F., Van Beek, P., Walsh, T.: Handbook of Constraint Programming (Foundations of Artificial Intelligence). Elsevier, Amsterdam (2006)"},{"key":"276_CR43","doi-asserted-by":"crossref","unstructured":"Reparaz, O., Gierlichs, B., Verbauwhede, I.: Fast leakage assessment. In: Cryptographic Hardware and Embedded Systems\u2014CHES, vol. 2017, pp. 387\u2013399 (2017)","DOI":"10.1007\/978-3-319-66787-4_19"},{"issue":"2","key":"276_CR44","doi-asserted-by":"publisher","first-page":"300","DOI":"10.46586\/tches.v2020.i2.300-326","volume":"2020","author":"P Sasdrich","year":"2020","unstructured":"Sasdrich, P., Bilgin, B., Hutter, M., Marson, M.E.: Low-latency hardware masking with application to AES. IACR Trans. Cryptogr. Hardw. Embed. Syst. 2020(2), 300\u2013326 (2020)","journal-title":"IACR Trans. Cryptogr. Hardw. Embed. Syst."},{"key":"276_CR45","volume-title":"Theory of Linear and Integer Programming","author":"A Schrijver","year":"1986","unstructured":"Schrijver, A.: Theory of Linear and Integer Programming. Wiley, Hoboken (1986)"},{"key":"276_CR46","doi-asserted-by":"crossref","unstructured":"Ueno, R., Homma, N., Aoki, T.: A systematic design of tamper-resistant galois-field arithmetic circuits based on threshold implementation with (d+1) input shares. In: IEEE 47th International Symposium on Multiple-Valued Logic (ISMVL), pp. 136\u2013141 (2017)","DOI":"10.1109\/ISMVL.2017.35"},{"key":"276_CR47","doi-asserted-by":"crossref","unstructured":"Ueno, R., Homma, N., Aoki, T.: Toward more efficient DPA-resistant AES hardware architecture based on threshold implementation. In: Constructive Side-Channel Analysis and Secure Design\u2014COSADE, vol. 2017, pp. 50\u201364 (2017)","DOI":"10.1007\/978-3-319-64647-3_4"},{"key":"276_CR48","doi-asserted-by":"crossref","unstructured":"Wegener, F., De Meyer, L., Moradi, A.: Spin me right round rotational symmetry for FPGA-specific AES: extended version. J. Cryptol. 33:1114 (2020)","DOI":"10.1007\/s00145-019-09342-y"}],"container-title":["Journal of Cryptographic Engineering"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/s13389-021-00276-5.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/link.springer.com\/article\/10.1007\/s13389-021-00276-5\/fulltext.html","content-type":"text\/html","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/s13389-021-00276-5.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2022,3,15]],"date-time":"2022-03-15T13:41:59Z","timestamp":1647351719000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/s13389-021-00276-5"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2021,11,25]]},"references-count":48,"journal-issue":{"issue":"1","published-print":{"date-parts":[[2022,4]]}},"alternative-id":["276"],"URL":"https:\/\/doi.org\/10.1007\/s13389-021-00276-5","relation":{},"ISSN":["2190-8508","2190-8516"],"issn-type":[{"value":"2190-8508","type":"print"},{"value":"2190-8516","type":"electronic"}],"subject":[],"published":{"date-parts":[[2021,11,25]]},"assertion":[{"value":"2 July 2020","order":1,"name":"received","label":"Received","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"3 October 2021","order":2,"name":"accepted","label":"Accepted","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"25 November 2021","order":3,"name":"first_online","label":"First Online","group":{"name":"ArticleHistory","label":"Article History"}}]}}