{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,2,21]],"date-time":"2025-02-21T23:46:31Z","timestamp":1740181591286,"version":"3.37.3"},"reference-count":40,"publisher":"Springer Science and Business Media LLC","issue":"5","license":[{"start":{"date-parts":[[2021,7,18]],"date-time":"2021-07-18T00:00:00Z","timestamp":1626566400000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.springer.com\/tdm"},{"start":{"date-parts":[[2021,7,18]],"date-time":"2021-07-18T00:00:00Z","timestamp":1626566400000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.springer.com\/tdm"}],"funder":[{"name":"French DGA"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":["SN COMPUT. SCI."],"published-print":{"date-parts":[[2021,9]]},"DOI":"10.1007\/s42979-021-00761-y","type":"journal-article","created":{"date-parts":[[2021,7,18]],"date-time":"2021-07-18T08:03:21Z","timestamp":1626595401000},"update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":3,"title":["Constant Time Algorithms for ROLLO-I-128"],"prefix":"10.1007","volume":"2","author":[{"given":"Carlos","family":"Aguilar-Melchor","sequence":"first","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Nicolas","family":"Aragon","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-2349-0247","authenticated-orcid":false,"given":"Emanuele","family":"Bellini","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Florian","family":"Caullery","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Rusydi H.","family":"Makarim","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Chiara","family":"Marcolla","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"297","published-online":{"date-parts":[[2021,7,18]]},"reference":[{"key":"761_CR1","doi-asserted-by":"crossref","unstructured":"Abdouli Aa, Bellini E, Caullery F, Manzano M, Mateu V. Rank-metric Encryption on Arm-Cortex M0: Porting code-based cryptography to lightweight devices. In: Proceedings of the 6th on ASIA Public-Key Cryptography Workshop, 2019; pp. 23\u201330.","DOI":"10.1145\/3327958.3329544"},{"key":"761_CR2","unstructured":"Aguilar-Melchor C, Aragon N, Bettaieb S, Bidoux L, Blazy O, Deneuville JC, Gaborit P, Hauteville A, Ruatta O, Tillich JP, et\u00a0al. ROLLO - Rank-Ouroboros, LAKE & LOCKER. 2018. Available at: https:\/\/pqc-rollo.org\/doc\/rollo-specification_2020-04-21.pdf."},{"key":"761_CR3","unstructured":"Aguilar-Melchor C, Aragon N, Bettaieb S, Bidoux L, Blazy O, Deneuville JC, Gaborit P, Z\u00e9mor G. Rank Quasi-Cyclic (RQC). 2017. https:\/\/pqc-rqc.org\/doc\/rqc-specification_2017-11-30.pdf."},{"key":"761_CR4","unstructured":"Aguilar-Melchor C, Bellini E, Caullery F, Makarim RH, Manzano M, Marcolla C, Mateu V. Constant-time algorithms for ROLLO. Available at: https:\/\/csrc.nist.gov\/CSRC\/media\/Events\/Second-PQC-Standardization-Conference\/documents\/accepted-papers\/caullery-constant-time-rollo.pdf."},{"key":"761_CR5","doi-asserted-by":"publisher","unstructured":"Al\u00a0Abdouli AS, Al\u00a0Ali M, Bellini E, Caullery F, Hasikos A, Manzano M, Mateu V. DRANKULA: A McEliece-like Rank Metric based Cryptosystem Implementation.In: Proceedings of the 15th international\njoint conference on e-business and telecommunications (ICETE 2018), 2018;vol. 2, pp. 230\u201341. https:\/\/doi.org\/10.5220\/0006838102300241.","DOI":"10.5220\/0006838102300241"},{"key":"761_CR6","doi-asserted-by":"crossref","unstructured":"Al\u00a0Shehhi H, Bellini E, Borba F, Caullery F, Manzano M, Mateu V. An IND-CCA-secure code-based encryption scheme using rank metric. In: Progress in cryptology\u2013AFRICACRYPT 2019: 11th international conference on cryptology in Africa, Rabat, Morocco, July 9\u201311, 2019, Proceedings, 2019; vol. 11627, p. 79. Springer.","DOI":"10.1007\/978-3-030-23696-0_5"},{"key":"761_CR7","doi-asserted-by":"crossref","unstructured":"Alagic G, Alperin-Sheriff J, Apon D, Cooper D, Dang Q, Kelsey J, Liu YK, Miller C, Moody D, Peralta R, et al. Status report on the second round of the NIST post-quantum cryptography standardization process. National Institute of Standards and Technology: Tech. rep; 2020.","DOI":"10.6028\/NIST.IR.8240"},{"key":"761_CR8","doi-asserted-by":"crossref","unstructured":"Aragon N, Gaborit P, Hauteville A, Ruatta O, Z\u00e9mor G. Low rank parity check codes: New decoding algorithms and applications to cryptography. arXiv:1904.00357 [Preprint]. 2019.","DOI":"10.1109\/TIT.2019.2933535"},{"key":"761_CR9","doi-asserted-by":"crossref","unstructured":"Aranha DF, L\u00f3pez J, Hankerson D. Efficient software implementation of binary field arithmetic using vector instruction sets. In: International conference on cryptology and information security in Latin America, 2010;pp. 144\u201361. Springer.","DOI":"10.1007\/978-3-642-14712-8_9"},{"key":"761_CR10","doi-asserted-by":"crossref","unstructured":"Bardet M, Bros M, Cabarcas D, Gaborit P, Perlner R, Smith-Tone D, Tillich JP, Verbel J. Algebraic attacks for solving the Rank Decoding and MinRank problems without Gr\u00f6bner obner basis. arXiv:2002.08322 [Preprint]. 2020.","DOI":"10.1007\/978-3-030-64837-4_17"},{"key":"761_CR11","doi-asserted-by":"publisher","unstructured":"Bellini E, Caullery F, Gaborit P, Manzano M, Mateu V. Improved veron identification and signature schemes in the rank metric. In: Information theory (ISIT), 2019 IEEE international symposium on. IEEE 2019. https:\/\/doi.org\/10.1109\/ISIT.2019.8849585.","DOI":"10.1109\/ISIT.2019.8849585"},{"key":"761_CR12","doi-asserted-by":"crossref","unstructured":"Bellini E, Caullery F, Hasikos A, Manzano M, Mateu V. Code-based signature schemes from identification protocols in the rank metric. In: International conference on cryptology and network security, 2018;pp. 277\u201398. Springer.","DOI":"10.1007\/978-3-030-00434-7_14"},{"key":"761_CR13","doi-asserted-by":"crossref","unstructured":"Bellini E, Caullery F, Makarim R, Manzano M, Marcolla C, Mateu V. Advances and challenges of rank metric cryptography implementations. In: 2019 IEEE 37th international conference on computer design (ICCD), 2019;pp. 325\u20138. IEEE.","DOI":"10.1109\/ICCD46524.2019.00051"},{"key":"761_CR14","doi-asserted-by":"crossref","unstructured":"Bernstein DJ, Chou T, Schwabe P. McBits: fast constant-time code-based cryptography. In: International workshop on cryptographic hardware and embedded systems, 2013;pp. 250\u201372. Springer.","DOI":"10.1007\/978-3-642-40349-1_15"},{"key":"761_CR15","unstructured":"Bernstein DJ, Lange T. eBACS: ECRYPT Benchmarking of Cryptographic Systems: SUPERCOP (2010). https:\/\/bench.cr.yp.to\/supercop.html. Accessed 15 July 2020."},{"key":"761_CR16","doi-asserted-by":"crossref","unstructured":"Bernstein DJ, Yang BY. Fast constant-time gcd computation and modular inversion. In: IACR transactions on cryptographic hardware and embedded systems 2019;pp. 340\u201398.","DOI":"10.46586\/tches.v2019.i3.340-398"},{"key":"761_CR17","doi-asserted-by":"crossref","unstructured":"Bos JW, Kleinjung T, Niederhagen R, Schwabe P. Ecc2k-130 on cell cpus. In: International conference on cryptology in Africa, 2010;pp. 225\u2013242. Springer.","DOI":"10.1007\/978-3-642-12678-9_14"},{"issue":"3\u20134","key":"761_CR18","doi-asserted-by":"publisher","first-page":"235","DOI":"10.1006\/jsco.1996.0125","volume":"24","author":"W Bosma","year":"1997","unstructured":"Bosma W, Cannon J, Playoust C. The Magma algebra system. I. The user language. J Symbolic Comput. 1997;24(3\u20134):235\u201365. https:\/\/doi.org\/10.1006\/jsco.1996.0125.","journal-title":"J Symbolic Comput."},{"key":"761_CR19","unstructured":"Drucker N, Gueron S, Kostic D. Constant-time implementations in some proposed KEMs: the case of Rollo and RQC. http:\/\/math.haifa.ac.il\/shay\/Side_Channels_2020_06_23_V01.pdf. 2020."},{"key":"761_CR20","unstructured":"Enhancing Code Based Zero-Knowledge Proofs Using Rank Metric."},{"key":"761_CR21","unstructured":"Eron\u00a0Anderson S. Bit twiddling hacks. https:\/\/graphics.stanford.edu\/~seander\/bithacks.html. Accessed 03 May 2019."},{"key":"761_CR22","doi-asserted-by":"publisher","unstructured":"Faure C, Loidreau P. A new public-key cryptosystem based on the problem of reconstructing $$p$$\u2013polynomials. In: International workshop on coding and cryptography, 2005;vol. 3969, pp. 304\u201315. Springer. https:\/\/doi.org\/10.1007\/11779360_24.","DOI":"10.1007\/11779360_24"},{"key":"761_CR23","doi-asserted-by":"crossref","unstructured":"Gabidulin EM, Paramonov A, Tretjakov O. Ideals over a non-commutative ring and their application in cryptology. In: Workshop on the theory and application of of cryptographic techniques, 1991;pp. 482\u20139. Springer.","DOI":"10.1007\/3-540-46416-6_41"},{"key":"761_CR24","unstructured":"Gaborit P, Murat G, Ruatta O, Z\u00e9mor G. Low rank parity check codes and their application to cryptography. In: Proceedings of the workshop on coding and cryptography WCC-2013, Bergen. 2013."},{"issue":"7","key":"761_CR25","doi-asserted-by":"publisher","first-page":"1391","DOI":"10.1007\/s10623-017-0402-0","volume":"86","author":"P Gaborit","year":"2018","unstructured":"Gaborit P, Otmani A, Kalachi HT. Polynomial-time key recovery attack on the Faure-Loidreau scheme based on Gabidulin codes. Des Codes Crypt. 2018;86(7):1391\u2013403.","journal-title":"Des Codes Crypt"},{"key":"761_CR26","unstructured":"Guajardo J, Paar C. Fast inversion in composite galois fields GF $$((2^n)^{M})$$. In: IEEE international symposium on information theory, 1998;pp. 295\u20135. Citeseer."},{"key":"761_CR27","unstructured":"Gueron S, Kounavis ME. Intel\u00ae carry-less multiplication instruction and its usage for computing the GCM mode. White Paper. 2010."},{"key":"761_CR28","doi-asserted-by":"crossref","unstructured":"Hoffstein J, Pipher J, Silverman JH. NTRU: A ring-based public key cryptosystem. In: Lecture notes in computer science, 1998;pp. 267\u201388. Springer-Verlag.","DOI":"10.1007\/BFb0054868"},{"key":"761_CR29","unstructured":"Intel\u00ae C++ Compiler 19.1 Developer guide and Reference. https:\/\/software.intel.com\/en-us\/cpp-compiler-developer-guide-and-reference-overview-intrinsics-for-intel-advanced-vector-extensions-2-intel-avx2-instructions. Accessed 01 Jan 2020."},{"key":"761_CR30","doi-asserted-by":"crossref","unstructured":"Itoh T, Tsujii S. A fast algorithm for computing multiplicative inverses in GF($$2^m$$) using normal bases. Inf Comput. 1988;78(3):171\u20137.","DOI":"10.1016\/0890-5401(88)90024-7"},{"key":"761_CR31","unstructured":"Karatsuba A, Ofman Y. Multiplication of many-digital numbers by automatic computers. Doklady Akademii Nauk SSSR, Translation in Physics-Doklady 7, 595-596, 1963. 1962;145(2), 293\u201394."},{"key":"761_CR32","first-page":"787","volume":"2019","author":"J Lablanche","year":"2019","unstructured":"Lablanche J, Mortajine L, Benchaalal O, Cayrel PL, El Mrabet N. Optimized implementation of the NIST PQC submission ROLLO on microcontroller. IACR Cryptol ePrint Arch. 2019;2019:787.","journal-title":"IACR Cryptol ePrint Arch"},{"key":"761_CR33","doi-asserted-by":"crossref","unstructured":"Loidreau P. A new rank metric codes based encryption scheme. In: International Workshop on Post-Quantum Cryptography, 2017; pp. 3\u201317. Springer.","DOI":"10.1007\/978-3-319-59879-6_1"},{"key":"761_CR34","unstructured":"NIST: Post-Quantum Cryptography Call for Proposals. 2018. https:\/\/csrc.nist.gov\/Projects\/Post-Quantum-Cryptography\/Post-Quantum-Cryptography-Standardization\/Call-for-Proposals.  Accessed 01 Jan 2020."},{"issue":"3","key":"761_CR35","doi-asserted-by":"publisher","first-page":"867","DOI":"10.1007\/s00145-018-9294-z","volume":"32","author":"T Oliveira","year":"2019","unstructured":"Oliveira T, L\u00f3pez J, Cervantes-V\u00e1zquez D, Rodr\u00edguez-Henr\u00edquez F. Koblitz curves over quadratic fields. J Cryptol. 2019;32(3):867\u201394.","journal-title":"J Cryptol"},{"key":"761_CR36","doi-asserted-by":"crossref","unstructured":"Overbeck R. A new structural attack for GPT and variants. In: International Conference on Cryptology in Malaysia, 2005;pp. 50\u201363. Springer.","DOI":"10.1007\/11554868_5"},{"issue":"2","key":"761_CR37","doi-asserted-by":"publisher","first-page":"280","DOI":"10.1007\/s00145-007-9003-9","volume":"21","author":"R Overbeck","year":"2008","unstructured":"Overbeck R. Structural attacks for public key cryptosystems based on Gabidulin codes. J Cryptol. 2008;21(2):280\u2013301.","journal-title":"J Cryptol"},{"issue":"3","key":"761_CR38","doi-asserted-by":"publisher","first-page":"457","DOI":"10.1007\/s10732-017-9340-2","volume":"24","author":"S Picek","year":"2018","unstructured":"Picek S, Coello CAC, Jakobovic D, Mentens N. Finding short and implementation-friendly addition chains with evolutionary algorithms. J Heuristics. 2018;24(3):457\u201381.","journal-title":"J Heuristics"},{"key":"761_CR39","unstructured":"Shoup, Victor: NTL: A Library for doing Number Theory. 2019. https:\/\/shoup.net\/ntl\/. Accessed 01 Jan 2020."},{"key":"761_CR40","unstructured":"Stein W, et\u00a0al. Sage mathematics software (Version 9.0). The sage development team. 2020. http:\/\/www.sagemath.org."}],"container-title":["SN Computer Science"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/s42979-021-00761-y.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/link.springer.com\/article\/10.1007\/s42979-021-00761-y\/fulltext.html","content-type":"text\/html","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/s42979-021-00761-y.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2021,8,30]],"date-time":"2021-08-30T18:04:52Z","timestamp":1630346692000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/s42979-021-00761-y"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2021,7,18]]},"references-count":40,"journal-issue":{"issue":"5","published-print":{"date-parts":[[2021,9]]}},"alternative-id":["761"],"URL":"https:\/\/doi.org\/10.1007\/s42979-021-00761-y","relation":{},"ISSN":["2662-995X","2661-8907"],"issn-type":[{"type":"print","value":"2662-995X"},{"type":"electronic","value":"2661-8907"}],"subject":[],"published":{"date-parts":[[2021,7,18]]},"assertion":[{"value":"26 February 2021","order":1,"name":"received","label":"Received","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"28 June 2021","order":2,"name":"accepted","label":"Accepted","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"18 July 2021","order":3,"name":"first_online","label":"First Online","group":{"name":"ArticleHistory","label":"Article History"}},{"order":1,"name":"Ethics","group":{"name":"EthicsHeading","label":"Declarations"}},{"value":"Nicolas Aragon has received research grants from French DGA, thus this work was partially funded by French DGA. The remaining authors declare that they have no conflict of interest.","order":2,"name":"Ethics","group":{"name":"EthicsHeading","label":"Conflict of interest"}},{"value":"This article does not contain any studies with human participants or animals, as ruled by the Directive 2010\/63\/EU, performed by any of the authors.","order":3,"name":"Ethics","group":{"name":"EthicsHeading","label":"Ethical standards"}}],"article-number":"382"}}