{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,6,16]],"date-time":"2026-06-16T11:09:39Z","timestamp":1781608179486,"version":"3.54.5"},"reference-count":168,"publisher":"Association for Computing Machinery (ACM)","issue":"2","license":[{"start":{"date-parts":[[2024,3,27]],"date-time":"2024-03-27T00:00:00Z","timestamp":1711497600000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":["ACM Trans. Embed. Comput. Syst."],"published-print":{"date-parts":[[2024,3,31]]},"abstract":"<jats:p>Security mechanisms of Electronic Personal Documents (eCards) depend on (asymmetric) cryptography that is and always has been subject to the threat of compromise, be it from conventional attacks or quantum computers. With Post-Quantum Cryptography (PQC), we now have alternative building blocks at hand that can be leveraged to protect against both kind of attacks. Thus, PQC should be incorporated into eCard ecosystems, yet it is not clear how this is done best. In the work at hand, we review the state of currently used crypto-systems for eCard security, as well as their possible quantum-secure replacements. Further, we identify and categorize respective challenges that need to be addressed, present and assess existing approaches for their solution, and formulate research questions for open issues. By providing an overview of the situation, we help unraveling the issue and pave the way toward quantum-safe electronic Identity Documents and electronic Machine-Readable Travel Documents.<\/jats:p>","DOI":"10.1145\/3585517","type":"journal-article","created":{"date-parts":[[2023,3,1]],"date-time":"2023-03-01T09:49:26Z","timestamp":1677664166000},"page":"1-28","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":4,"title":["Toward Next Generation Quantum-Safe eIDs and eMRTDs: A Survey"],"prefix":"10.1145","volume":"23","author":[{"ORCID":"https:\/\/orcid.org\/0000-0002-4093-580X","authenticated-orcid":false,"given":"Nouri","family":"Alnahawi","sequence":"first","affiliation":[{"name":"Darmstadt University of Applied Sciences, Darmstadt, Germany"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-0151-8165","authenticated-orcid":false,"given":"Nicolai","family":"Schmitt","sequence":"additional","affiliation":[{"name":"Darmstadt University of Applied Sciences, Darmstadt, Germany"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-1144-549X","authenticated-orcid":false,"given":"Alexander","family":"Wiesmaier","sequence":"additional","affiliation":[{"name":"Darmstadt University of Applied Sciences, Darmstadt, Germany"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"ORCID":"https:\/\/orcid.org\/0009-0000-0763-9956","authenticated-orcid":false,"given":"Chiara-Marie","family":"Zok","sequence":"additional","affiliation":[{"name":"Darmstadt University of Applied Sciences, Darmstadt, Germany"}],"role":[{"vocabulary":"crossref","role":"author"}]}],"member":"320","published-online":{"date-parts":[[2024,3,27]]},"reference":[{"key":"e_1_3_3_2_2","unstructured":"2008. Technical Guideline TR-03105\u2013Part 1.2 Component Specification RFID Version 1.02.1. Retrieved from https:\/\/www.bsi.bund.de\/SharedDocs\/Downloads\/DE\/BSI\/Publikationen\/TechnischeRichtlinien\/TR03105\/TR-03105_Part1.2_V1.02.1.pdf."},{"key":"e_1_3_3_3_2","volume-title":"IACR Transactions on Cryptographic Hardware and Embedded Systems","author":"Albrecht Martin R.","year":"2019","unstructured":"Martin R. Albrecht, Christian Hanser, Andrea Hoeller, Thomas P\u00f6ppelmann, Fernando Virdia, and Andreas Wallner. 2019. Implementing RLWE-based schemes using an RSA co-processor. In IACR Transactions on Cryptographic Hardware and Embedded Systems."},{"key":"e_1_3_3_4_2","volume-title":"The Lattice-Based Digital Signature Scheme qTESLA","author":"Alkim Erdem","year":"2020","unstructured":"Erdem Alkim, Paulo S. L. M. Barreto, Nina Bindel, Juliane Kr\u00e4mer, Patrick Longa, and Jefferson E. Ricardini. 2020. The Lattice-Based Digital Signature Scheme qTESLA. Springer."},{"key":"e_1_3_3_5_2","volume-title":"Proceedings of the 25th USENIX Security Symposium (USENIX Security\u201916)","author":"Alkim Erdem","year":"2016","unstructured":"Erdem Alkim, L\u00e9o Ducas, Thomas P\u00f6ppelmann, and Peter Schwabe. 2016. Post-quantum key exchange\u2014A new hope. In Proceedings of the 25th USENIX Security Symposium (USENIX Security\u201916)."},{"key":"e_1_3_3_6_2","unstructured":"Erdem Alkim Joppe W. Bos L\u00e9o Ducas Patrick Longa Ilya Mironov Michael Naehrig Valeria Nikolaenko Chris Peikert Ananth Raghunathan and Douglas Stebila. 2021. FrodoKEM\u2014Learning With Errors Key Encapsulation. Retrieved from https:\/\/frodokem.org\/files\/FrodoKEM-specification-20210604.pdf."},{"key":"e_1_3_3_7_2","volume-title":"Tagungsband zum 18. Deutschen IT-Sicherheitskongress","author":"Alnahawi N.","year":"2022","unstructured":"N. Alnahawi, N. Schmitt, A. Wiesmaier, and A. Heinemann T. Gra\u00dfmeyer. 2022. On the state of crypto agility. In Tagungsband zum 18. Deutschen IT-Sicherheitskongress, Vol. 18. German Federal Office for Information Security (BSI), SecuMedia Verlags-GmbH."},{"key":"e_1_3_3_8_2","volume-title":"INFORMATIK\u201921\u2013PQKP-Workshop (GI-Edition: Lecture Notes in Informatics (LNI))","author":"Alnahawi N.","year":"2021","unstructured":"N. Alnahawi, A. Wiesmaier, T. Gra\u00dfmeyer, J. Gei\u00dfler, A. Zeier, P. Bauspie\u00df, and A. Heinemann. 2021. On the state of post-quantum cryptography migration. In INFORMATIK\u201921\u2013PQKP-Workshop (GI-Edition: Lecture Notes in Informatics (LNI)), Vol. 308."},{"key":"e_1_3_3_9_2","article-title":"Defeating NewHope with a single trace","author":"Amiet Dorian","year":"2020","unstructured":"Dorian Amiet, Andreas Curiger, Lukas Leuenberger, and Paul Zbinden. 2020. Defeating NewHope with a single trace. Cryptology ePrint Archive, Paper 2020\/368. (2020).","journal-title":"Cryptology ePrint Archive, Paper 2020\/368"},{"key":"e_1_3_3_10_2","article-title":"Fast strategies for the implementation of SIKE round 3 on ARM Cortex-M4","author":"Anastasova Mila","year":"2021","unstructured":"Mila Anastasova, Reza Azarderakhsh, and Mehran Mozaffari Kermani. 2021. Fast strategies for the implementation of SIKE round 3 on ARM Cortex-M4. IEEE Trans. Circ. Syst. I: Regul. Pap. 68 (2021), 4129\u20134141.","journal-title":"IEEE Trans. Circ. Syst. I: Regul. Pap."},{"key":"e_1_3_3_11_2","unstructured":"Nicolas Aragon. 2020. BIKE: Bit Flipping Dey Encapsulation Round 3 Submission. Retrieved from https:\/\/bikesuite.org\/files\/v4.1\/BIKE_Spec.2020.10.22.1.pdf."},{"key":"e_1_3_3_12_2","article-title":"A Side-Channel Assisted Attack on NTRU","author":"Askeland Amund","year":"2021","unstructured":"Amund Askeland and Sondre R\u00f8njom. 2021. A Side-Channel Assisted Attack on NTRU. Cryptology ePrint Archive, Report 2021\/790.","journal-title":"Cryptology ePrint Archive, Report 2021\/790"},{"key":"e_1_3_3_13_2","unstructured":"Jean-Philippe Aumasson. 2020. SPHINCS+ Submission to the NIST Post-quantum Project v.3. Retrieved from https:\/\/sphincs.org\/data\/sphincs+-round3-specification.pdf."},{"key":"e_1_3_3_14_2","unstructured":"Roberto Avanzi Joppe Bos L\u00e9o Ducas Eike Kiltz Tancr\u00e8de Lepoint Vadim Lyubashevsky John M. Schanck Peter Schwabe Gregor Seiler and Damien Stehl\u00e9. 2021. CRYSTALS-Kyber Algorithm Specifications and Supporting Documentation (version 3.01). Retrieved from https:\/\/pq-crystals.org\/kyber\/data\/kyber-specification-round3-20210131.pdf."},{"key":"e_1_3_3_15_2","doi-asserted-by":"publisher","DOI":"10.1109\/HST.2018.8383894"},{"key":"e_1_3_3_16_2","unstructured":"Reza Azarderakhsh Dieter Fishbein and David Jao. 2014. Efficient implementations of a quantum-resistant key-exchange protocol on embedded systems. (2014). Retrieved from https:\/\/cacr.uwaterloo.ca\/techreports\/2014\/cacr2014-20.pdf."},{"key":"e_1_3_3_17_2","unstructured":"Shi Bai L\u00e9o Ducas Eike Kiltz Tancr\u00e8de Lepoint Vadim Lyubashevsky Peter Schwabe Gregor Seiler and Damien Stehl\u00e9. 2021. CRYSTALS-Dilithium\u2014Algorithm Specifications and Supporting Documentation. Retrieved from https:\/\/pq-crystals.org\/dilithium\/data\/dilithium-specification-round3-20210208.pdf."},{"key":"e_1_3_3_18_2","doi-asserted-by":"publisher","unstructured":"Elaine B. Barker Lidong Chen Andrew R. Regenscheid and Miles E. Smid. 2009. Recommendation for Pair-wise Key Establishment Schemes Using Integer Factorization Cryptography. NIST Special Publication 800-56B. Revision 2. National Institute of Standards and Technology. March 2019. Retrieved from 10.6028\/NIST.SP.800-56Br2.","DOI":"10.6028\/NIST.SP.800-56Br2"},{"key":"e_1_3_3_19_2","doi-asserted-by":"publisher","unstructured":"Elaine B. Barker Don Johnson and Miles E. Smid. 2007. Recommendation for Pair-wise Key Establishment Schemes Using Discrete Logarithm Cryptography (Revised). NIST SP 800-56A. Revision 3. National Institute of Standards and Technology. April 2018. Retrieved from 10.6028\/NIST.SP.800-56Ar3","DOI":"10.6028\/NIST.SP.800-56Ar3"},{"key":"e_1_3_3_20_2","volume-title":"Getting Ready for Post-Quantum Cryptography: Explore Challenges Associated with Adoption and Use of Post-Quantum Cryptographic Algorithms","author":"Barker William","year":"2020","unstructured":"William Barker, William Polk, and Murugiah Souppaya. 2020. Getting Ready for Post-Quantum Cryptography: Explore Challenges Associated with Adoption and Use of Post-Quantum Cryptographic Algorithms. Technical Report. NIST Publications."},{"key":"e_1_3_3_21_2","volume-title":"[Project Description]Migration to Post-Quantum Cryptography (Draft)","author":"Barker William","year":"2021","unstructured":"William Barker and Murugiah Souppaya. 2021. [Project Description]Migration to Post-Quantum Cryptography (Draft). Technical Report. National Institute of Standards and Technology."},{"key":"e_1_3_3_22_2","article-title":"NIST Post-Quantum Cryptography-A Hardware Evaluation Study","author":"Basu Kanad","year":"2019","unstructured":"Kanad Basu, Deepraj Soni, Mohammed Nabeel, and Ramesh Karri. 2019. NIST Post-Quantum Cryptography-A Hardware Evaluation Study. Cryptology ePrint Archive, Paper 2019\/047.","journal-title":"Cryptology ePrint Archive, Paper 2019\/047"},{"key":"e_1_3_3_23_2","article-title":"High-performance hardware Implementation of CRYSTALS-Dilithium","author":"Beckwith Luke","year":"2021","unstructured":"Luke Beckwith, Duc Tri Nguyen, and Kris Gaj. 2021. High-performance hardware Implementation of CRYSTALS-Dilithium. Cryptology ePrint Archive, Paper 2021\/1451. (2021).","journal-title":"Cryptology ePrint Archive, Paper 2021\/1451"},{"issue":"30","key":"e_1_3_3_24_2","article-title":"Introducing the PACE solution","author":"Bender Jens","year":"2009","unstructured":"Jens Bender and Dennis K\u00fcgler. 2009. Introducing the PACE solution. Keesing J. Doc. Identity30 (2009).","journal-title":"Keesing J. Doc. Identity"},{"key":"e_1_3_3_25_2","volume-title":"Information Security Conference (ISC\u201909)","author":"Bender J.","year":"2009","unstructured":"J. Bender, M. Fischlin, and D. K\u00fcgler. 2009. Security analysis of the PACE key-agreement protocol. In Information Security Conference (ISC\u201909). Springer."},{"key":"e_1_3_3_26_2","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-540-88702-7"},{"key":"e_1_3_3_27_2","unstructured":"Daniel J Bernstein. 2020. NTRU Prime: Round 3. Retrieved from https:\/\/ntruprime.cr.yp.to\/nist\/ntruprime-20201007.pdf."},{"key":"e_1_3_3_28_2","volume-title":"Cryptographic Hardware and Embedded Systems (CHES\u201913)","author":"Bernstein Daniel J.","year":"2013","unstructured":"Daniel J. Bernstein, Tung Chou, and Peter Schwabe. 2013. McBits: Fast constant-time code-based cryptography. In Cryptographic Hardware and Embedded Systems (CHES\u201913). Springer."},{"key":"e_1_3_3_29_2","doi-asserted-by":"publisher","DOI":"10.1038\/nature23461"},{"key":"e_1_3_3_30_2","article-title":"Breaking Rainbow Takes a Weekend on a Laptop","author":"Beullens W.","year":"2022","unstructured":"W. Beullens. 2022. Breaking Rainbow Takes a Weekend on a Laptop. Cryptology ePrint Archive, Report 2022\/214. (2022).","journal-title":"Cryptology ePrint Archive, Report 2022\/214"},{"key":"e_1_3_3_31_2","article-title":"Attacking and Defending Masked Polynomial Comparison for Lattice-based Cryptography","author":"Bhasin Shivam","year":"2021","unstructured":"Shivam Bhasin, Jan-Pieter D\u2019Anvers, Daniel Heinz, Thomas P\u00f6ppelmann, and Michiel Van Beirendonck. 2021. Attacking and Defending Masked Polynomial Comparison for Lattice-based Cryptography. Cryptology ePrint Archive, Paper 2021\/104. (2021).","journal-title":"Cryptology ePrint Archive, Paper 2021\/104"},{"key":"e_1_3_3_32_2","article-title":"Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile","author":"Boeyen Sharon","year":"2008","unstructured":"Sharon Boeyen, Stefan Santesson, Tim Polk, Russ Housley, Stephen Farrell, and David Cooper. 2008. Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile. RFC 5280.","journal-title":"RFC 5280"},{"key":"e_1_3_3_33_2","volume-title":"Proceedings of the ACM SIGSAC Conference on Computer and Communications Security","author":"Bos Joppe","year":"2016","unstructured":"Joppe Bos, Craig Costello, Leo Ducas, Ilya Mironov, Michael Naehrig, Valeria Nikolaenko, Ananth Raghunathan, and Douglas Stebila. 2016. Frodo: Take off the ring! Practical, quantum-secure key exchange from LWE. In Proceedings of the ACM SIGSAC Conference on Computer and Communications Security. ACM."},{"key":"e_1_3_3_34_2","volume-title":"Proceedings of the IEEE European Symposium on Security and Privacy (EuroS&P\u201918)","author":"Bos Joppe","year":"2018","unstructured":"Joppe Bos, Leo Ducas, Eike Kiltz, T Lepoint, Vadim Lyubashevsky, John M. Schanck, Peter Schwabe, Gregor Seiler, and Damien Stehle. 2018. CRYSTALS - Kyber: A CCA-secure module-lattice-based KEM. In Proceedings of the IEEE European Symposium on Security and Privacy (EuroS&P\u201918). IEEE."},{"key":"e_1_3_3_35_2","volume-title":"Laser-Based Fault Injection on Microcontrollers","author":"Breier Jakub","year":"2018","unstructured":"Jakub Breier, Dirmanto Jap, and Chien-Ning Chen. 2018. Laser-Based Fault Injection on Microcontrollers. Springer."},{"key":"e_1_3_3_36_2","article-title":"Towards Post-quantum Security for Signal\u2019s X3DH Handshake","author":"Brendel Jacqueline","year":"2019","unstructured":"Jacqueline Brendel, Marc Fischlin, Felix G\u00fcnther, Christian Janson, and D. Stebila. 2019. Towards Post-quantum Security for Signal\u2019s X3DH Handshake. Cryptology ePrint Archive, Report 2019\/1356 (2019).","journal-title":"Cryptology ePrint Archive, Report 2019\/1356"},{"key":"e_1_3_3_37_2","volume-title":"Strengthening Trust in the Identity Life Cycle","author":"Buchmann Nicolas","year":"2019","unstructured":"Nicolas Buchmann. 2019. Strengthening Trust in the Identity Life Cycle. Ph.D. Dissertation. Freie Universit\u00e4t Berlin."},{"key":"e_1_3_3_38_2","article-title":"GeMSS: A great multivariate short signature","author":"Casanova A","year":"2019","unstructured":"A Casanova. 2019. GeMSS: A great multivariate short signature. NIST Round 2 (2019).","journal-title":"NIST Round 2"},{"key":"e_1_3_3_39_2","article-title":"An Efficient Key Recovery Attack on SIDH (Preliminary Version)","author":"Castryck Wouter","year":"2022","unstructured":"Wouter Castryck and Thomas Decru. 2022. An Efficient Key Recovery Attack on SIDH (Preliminary Version). Cryptology ePrint Archive, Paper 2022\/975. (2022).","journal-title":"Cryptology ePrint Archive, Paper 2022\/975"},{"key":"e_1_3_3_40_2","unstructured":"Cong Chen Oussama Danba Jerey Hostein Andreas H\u00fclsing Joost Rijneveld John M. Schanck Peter Schwabe William Whyte and Zhenfei Zhang. 2019. NTRU\u2014Algorithm Specifications and Supporting Documentation. Retrieved from https:\/\/ntru.org\/f\/ntru-20190330.pdf."},{"key":"e_1_3_3_41_2","article-title":"Report on Post-Quantum Cryptography","author":"Chen Lily","year":"2016","unstructured":"Lily Chen, Stephen Jordan, Yi-Kai Liu, Dustin Moody, Rene Peralta, Ray Perlner, and Daniel Smith-Tone. 2016. Report on Post-Quantum Cryptography. U.S. Department of Commerce, National Institute of Standards and Technology.","journal-title":"U.S. Department of Commerce, National Institute of Standards and Technology"},{"key":"e_1_3_3_42_2","volume-title":"Smart Card Research and Advanced Applications","author":"Cheng Hao","year":"2021","unstructured":"Hao Cheng, Johann Gro\u00dfsch\u00e4dl, Peter B. R\u00f8nne, and Peter Y. A. Ryan. 2021. Lightweight post-quantum key encapsulation for 8-bit AVR microcontrollers. In Smart Card Research and Advanced Applications, Pierre-Yvan Liardet and Nele Mentens (Eds.). Springer."},{"key":"e_1_3_3_43_2","volume-title":"Proceedings of the Design, Automation & Test in Europe Conference Exhibition","author":"Cheng Hao","year":"2021","unstructured":"Hao Cheng, Johann Gro\u00dfsch\u00e4dl, Peter B. R\u00f8nne, and Peter Y. A. Ryan. 2021. AVRNTRU: Lightweight NTRU-based post-quantum cryptography for 8-bit AVR microcontrollers. In Proceedings of the Design, Automation & Test in Europe Conference Exhibition."},{"key":"e_1_3_3_44_2","unstructured":"Tung Chou Carlos Cid Simula UiB Jan Gilcher Tanja Lange Varun Maram Rafael Misoczki Ruben Niederhagen Kenneth G. Paterson Edoardo Persichetti et\u00a0al. 2020. Classic McEliece: Conservative Code-based Cryptography. Retrieved from https:\/\/classic.mceliece.org\/nist\/mceliece-20201010.pdf."},{"key":"e_1_3_3_45_2","article-title":"Physical security in the post-quantum era: A survey on side-channel analysis, random number generators, and physically unclonable functions","author":"Chowdhury Sreeja","year":"2021","unstructured":"Sreeja Chowdhury, Ana Covic, Rabin Yu Acharya, Spencer Dupee, Fatemeh Ganji, and Domenic Forte. 2021. Physical security in the post-quantum era: A survey on side-channel analysis, random number generators, and physically unclonable functions. J. Cryptogr. Eng. (2021).","journal-title":"J. Cryptogr. Eng."},{"key":"e_1_3_3_46_2","article-title":"The Case for SIKE: A Decade of the Supersingular Isogeny Problem","author":"Costello Craig","year":"2021","unstructured":"Craig Costello. 2021. The Case for SIKE: A Decade of the Supersingular Isogeny Problem. Cryptology ePrint Archive, Report 2021\/543.","journal-title":"Cryptology ePrint Archive, Report 2021\/543"},{"key":"e_1_3_3_47_2","unstructured":"Craig Costello Luca De Feo David Jao Patrick Longa Michael Naehrig and Joost Renes. 2020. Supersingular Isogeny Key Encapsulation. Retrieved from https:\/\/sike.org\/files\/SIDH-spec.pdf."},{"key":"e_1_3_3_48_2","volume-title":"Annual International Cryptology Conference","author":"Costello Craig","year":"2016","unstructured":"Craig Costello, Patrick Longa, and Michael Naehrig. 2016. Efficient algorithms for supersingular isogeny Diffie-Hellman. In Annual International Cryptology Conference. Springer."},{"key":"e_1_3_3_49_2","article-title":"Prototyping Post-quantum and Hybrid Key Exchange and Authentication in TLS and SSH","author":"Crockett Eric","year":"2019","unstructured":"Eric Crockett, Christian Paquin, and Douglas Stebila. 2019. Prototyping Post-quantum and Hybrid Key Exchange and Authentication in TLS and SSH. Cryptology ePrint Archive, Report 2019\/858. (2019).","journal-title":"Cryptology ePrint Archive, Report 2019\/858"},{"key":"e_1_3_3_50_2","unstructured":"cryptoeng group. 2020. A Comprehensive List of Post-quantum Crypto Schemes and Their Properties. Retrieved from https:\/\/cryptoeng.github.io\/pqdb\/."},{"key":"e_1_3_3_51_2","unstructured":"Joan Daemen and Vincent Rijmen. 1999. AES Proposal: Rijndael."},{"key":"e_1_3_3_52_2","article-title":"Implementation and Benchmarking of Round 2 Candidates in the NIST Post-Quantum Cryptography Standardization Process Using Hardware and Software\/Hardware Co-design Approaches","author":"Dang Viet Ba","year":"2020","unstructured":"Viet Ba Dang, Farnoud Farahmand, Michal Andrzejczak, Kamyar Mohajerani, Duc Tri Nguyen, and Kris Gaj. 2020. Implementation and Benchmarking of Round 2 Candidates in the NIST Post-Quantum Cryptography Standardization Process Using Hardware and Software\/Hardware Co-design Approaches. Cryptology ePrint Archive, Report 2020\/795. (2020).","journal-title":"Cryptology ePrint Archive, Report 2020\/795"},{"key":"e_1_3_3_53_2","unstructured":"Viet Ba Dang Kamyar Mohajerani and Kris Gaj. 2021. High-Speed Hardware Architectures and Fair FPGA Benchmarking of CRYSTALS-Kyber NTRU and Saber. Retrieved from https:\/\/csrc.nist.gov\/CSRC\/media\/Events\/third-pqc-standardization-conference\/documents\/accepted-papers\/gaj-high-speed-hardware-gmu-pqc2021.pdf."},{"key":"e_1_3_3_54_2","article-title":"Higher-order Masked Ciphertext Comparison for Lattice-based Cryptography","author":"D\u2019Anvers Jan-Pieter","year":"2021","unstructured":"Jan-Pieter D\u2019Anvers, Daniel Heinz, Peter Pessl, Michiel van Beirendonck, and Ingrid Verbauwhede. 2021. Higher-order Masked Ciphertext Comparison for Lattice-based Cryptography. Cryptology ePrint Archive, Paper 2021\/1422.","journal-title":"Cryptology ePrint Archive, Paper 2021\/1422"},{"key":"e_1_3_3_55_2","article-title":"Roulette: A Diverse Family of Feasible Fault Attacks on Masked Kyber","author":"Delvaux Jeroen","year":"2021","unstructured":"Jeroen Delvaux. 2021. Roulette: A Diverse Family of Feasible Fault Attacks on Masked Kyber. Cryptology ePrint Archive, Paper 2021\/1622.","journal-title":"Cryptology ePrint Archive, Paper 2021\/1622"},{"key":"e_1_3_3_56_2","unstructured":"Atkins Derek. 2021. Requirements for Post-Quantum Cryptography on Embedded Devices in the IoT. Retrieved from https:\/\/csrc.nist.gov\/CSRC\/media\/Events\/third-pqc-standardization-conference\/documents\/accepted-papers\/atkins-requirements-pqc-iot-pqc2021.pdf."},{"key":"e_1_3_3_57_2","doi-asserted-by":"publisher","DOI":"10.1109\/TIT.1976.1055638"},{"key":"e_1_3_3_58_2","volume-title":"Topics in Cryptology (CT-RSA\u201917)","author":"Ding Jintai","year":"2017","unstructured":"Jintai Ding, Saed Alsayigh, Jean Lancrenon, Saraswathy Rv, and Michael Snook. 2017. Provably secure password authenticated key exchange based on RLWE for the post-quantum world. In Topics in Cryptology (CT-RSA\u201917). Springer International Publishing."},{"key":"e_1_3_3_59_2","article-title":"Current state of multivariate cryptography","author":"Ding Jintai","year":"2017","unstructured":"Jintai Ding and Albrecht Petzoldt. 2017. Current state of multivariate cryptography. IEEE Secur. Priv. (2017).","journal-title":"IEEE Secur. Priv."},{"key":"e_1_3_3_60_2","volume-title":"Applied Cryptography and Network Security","author":"Ding Jintai","year":"2005","unstructured":"Jintai Ding and Dieter Schmidt. 2005. Rainbow, a new multivariable polynomial signature scheme. In Applied Cryptography and Network Security. Springer."},{"key":"e_1_3_3_61_2","article-title":"CRYSTALS-Dilithium: A lattice-based digital signature scheme","author":"Ducas L\u00e9o","year":"2018","unstructured":"L\u00e9o Ducas, Eike Kiltz, Tancr\u00e8de Lepoint, Vadim Lyubashevsky, Peter Schwabe, Gregor Seiler, and Damien Stehl\u00e9. 2018. CRYSTALS-Dilithium: A lattice-based digital signature scheme. IACR Trans. Cryptogr. Hardw. Embed. Syst. (2018).","journal-title":"IACR Trans. Cryptogr. Hardw. Embed. Syst."},{"key":"e_1_3_3_62_2","unstructured":"Jan-Pieter D\u2019Anvers. 2019. SABER: Mod-LWR Based KEM (Round 3 Submission). Retrieved from https:\/\/www.esat.kuleuven.be\/cosic\/pqcrypto\/saber\/files\/saberspecround3.pdf."},{"key":"e_1_3_3_63_2","volume-title":"Progress in Cryptology\u2013AFRICACRYPT 2018","author":"D\u2019Anvers Jan-Pieter","year":"2018","unstructured":"Jan-Pieter D\u2019Anvers, Angshuman Karmakar, Sujoy Sinha Roy, and Frederik Vercauteren. 2018. Saber: Module-LWR based key exchange, CPA-secure encryption and CCA-secure KEM. In Progress in Cryptology\u2013AFRICACRYPT 2018. Springer."},{"key":"e_1_3_3_64_2","article-title":"Internet Key Exchange Protocol Version 2 (IKEv2)","author":"Eronen Pasi","year":"2010","unstructured":"Pasi Eronen, Yoav Nir, Paul E. Hoffman, and Charlie Kaufman. 2010. Internet Key Exchange Protocol Version 2 (IKEv2). RFC 5996.","journal-title":"RFC 5996"},{"key":"e_1_3_3_65_2","article-title":"Migration Strategies and Recommendations to Qantum Safe Schemes","author":"(ETSI) European Telecommunications Standards Institute","year":"2020","unstructured":"European Telecommunications Standards Institute (ETSI). 2020. Migration Strategies and Recommendations to Qantum Safe Schemes. ETSI TR 103 619 V1.1.1.","journal-title":"ETSI TR 103 619 V1.1.1"},{"key":"e_1_3_3_66_2","volume-title":"Quantum Computers Will Compromise the Security of Identity Documents","year":"2019","unstructured":"Eurosmart. 2019. Quantum Computers Will Compromise the Security of Identity Documents. Technical Report. Eurosmart. Retrieved from https:\/\/www.eurosmart.com\/quantum-computers-will-compromise-the-security-of-identity-documents\/."},{"key":"e_1_3_3_67_2","article-title":"From pre-quantum to post-quantum IoT security: A survey on quantum-resistant cryptosystems for the internet of things","author":"Fern\u00e1ndez-Caram\u00e9s Tiago M.","year":"2020","unstructured":"Tiago M. Fern\u00e1ndez-Caram\u00e9s. 2020. From pre-quantum to post-quantum IoT security: A survey on quantum-resistant cryptosystems for the internet of things. IEEE IoT J. (2020).","journal-title":"IEEE IoT J."},{"key":"e_1_3_3_68_2","unstructured":"Pierre-Alain Fouque. 2020. Falcon: Fast-fourier Lattice-based Compact Signatures over NTRU Specification v1.2. Retrieved from https:\/\/falcon-sign.info\/falcon.pdf."},{"key":"e_1_3_3_69_2","volume-title":"Proceedings of the Great Lakes Symposium on VLSI (GLSVLSI\u201918)","author":"Gaj Kris","year":"2018","unstructured":"Kris Gaj. 2018. Challenges and rewards of implementing and benchmarking post-quantum cryptography in hardware. In Proceedings of the Great Lakes Symposium on VLSI (GLSVLSI\u201918). ACM."},{"key":"e_1_3_3_70_2","volume-title":"Certificate Policy f\u00fcr die ePass-Anwendung der hoheitlichen Dokumente","author":"(BSI) German Federal Office for Information Security","year":"2020","unstructured":"German Federal Office for Information Security (BSI). 2020. Certificate Policy f\u00fcr die ePass-Anwendung der hoheitlichen Dokumente. Technical Report. Federal Office for Information Security."},{"key":"e_1_3_3_71_2","unstructured":"German Federal Office for Information Security (BSI). 2020. Migration zu Post-Quanten-Kryptografie. Retrieved from https:\/\/www.bsi.bund.de\/SharedDocs\/Downloads\/DE\/BSI\/Krypto\/Post-Quanten-Kryptografie.pdf."},{"key":"e_1_3_3_72_2","unstructured":"German Federal Office for Information Security (BSI). 2021. Kryptographie quantensicher gestalten. Retrieved from https:\/\/www.bsi.bund.de\/SharedDocs\/Downloads\/DE\/BSI\/Publikationen\/Broschueren\/Kryptografie-quantensicher-gestalten.pdf."},{"key":"e_1_3_3_73_2","unstructured":"German Federal Office for Information Security (BSI). 2021. Security Mechanisms in Electronic ID Documents. Retrieved from https:\/\/www.bsi.bund.de\/EN\/Topics\/ElectrIDDocuments\/SecurityMechanisms\/securitymechanisms_node.html."},{"key":"e_1_3_3_74_2","unstructured":"German Federal Office for Information Security (BSI). 2021. Technical Guideline TR-02102\u2014Cryptographic Mechanisms: Recommendations and Key Lengths."},{"key":"e_1_3_3_75_2","volume-title":"Technische Richtlinie BSI TR-03116 Kryptographische Vorgaben f\u00fcr Projekte der Bundesregierung\u2013Teil 2: Hoheitliche und eID-Dokumente","author":"(BSI) German Federal Office for Information Security","year":"2021","unstructured":"German Federal Office for Information Security (BSI). 2021. Technische Richtlinie BSI TR-03116 Kryptographische Vorgaben f\u00fcr Projekte der Bundesregierung\u2013Teil 2: Hoheitliche und eID-Dokumente. Technical Report. Federal Office for Information Security."},{"key":"e_1_3_3_76_2","volume-title":"TR-03110 Technical Guideline\u2014Advanced Security Mechanisms for Machine Readable Travel Documents and eIDAS Token","author":"(BSI) German Federal Office for Information Security","year":"2021","unstructured":"German Federal Office for Information Security (BSI). 2021. TR-03110 Technical Guideline\u2014Advanced Security Mechanisms for Machine Readable Travel Documents and eIDAS Token. Technical Report. Federal Office for Information Security."},{"key":"e_1_3_3_77_2","doi-asserted-by":"publisher","DOI":"10.1145\/237814.237866"},{"key":"e_1_3_3_78_2","article-title":"A key-recovery timing attack on post-quantum primitives using the Fujisaki-Okamoto transformation and its application on FrodoKEM","author":"Guo Qian","year":"2020","unstructured":"Qian Guo, Thomas Johansson, and Alexander Nilsson. 2020. A key-recovery timing attack on post-quantum primitives using the Fujisaki-Okamoto transformation and its application on FrodoKEM. Cryptology ePrint Archive, Paper 2020\/743. (2020).","journal-title":"Cryptology ePrint Archive, Paper 2020\/743"},{"key":"e_1_3_3_79_2","doi-asserted-by":"crossref","unstructured":"Naina Gupta Arpan Jati Anupam Chattopadhyay and Gautam Jha. 2022. Lightweight hardware accelerator for post-quantum digital signature CRYSTALS-Dilithium.","DOI":"10.1109\/TCSI.2023.3274599"},{"key":"e_1_3_3_80_2","volume-title":"BSI: Deutschland, Digital. Sicher. 30 Jahre BSI\u2013Tagungsband zum 17, Deutschen IT-Sicherheitskongress\u201921","author":"Hagemeier Heike","year":"2021","unstructured":"Heike Hagemeier, Stavros Kousidis, and Thomas Wunderer. 2021. Standardisierung von Post-Quanten-Kryptografie und Empfehlungen des BSI. In BSI: Deutschland, Digital. Sicher. 30 Jahre BSI\u2013Tagungsband zum 17, Deutschen IT-Sicherheitskongress\u201921."},{"key":"e_1_3_3_81_2","article-title":"Chosen Ciphertext k-trace attacks on masked CCA2 secure Kyber","author":"Hamburg Mike","year":"2021","unstructured":"Mike Hamburg, Robert Primas, Simona Samardjiska, Thomas Schamberger, Silvan Streit, Emanuele Strieder, and Christine van Vredendaal. 2021. Chosen Ciphertext k-trace attacks on masked CCA2 secure Kyber. Cryptology ePrint Archive, Report 2021\/849. IACR Trans. Cryptogr. Hardw. Embed. Syst. (2021).","journal-title":"Cryptology ePrint Archive, Report 2021\/849"},{"key":"e_1_3_3_82_2","volume-title":"International Symposium on Mathematics, Quantum Theory, and Cryptography","author":"Hashimoto Yasufumi","year":"2021","unstructured":"Yasufumi Hashimoto. 2021. Recent developments in multivariate public key cryptosystems. In International Symposium on Mathematics, Quantum Theory, and Cryptography. Springer."},{"key":"e_1_3_3_83_2","article-title":"Fault-enabled chosen-ciphertext attacks on Kyber","author":"Hermelink Julius","year":"2021","unstructured":"Julius Hermelink, Peter Pessl, and Thomas P\u00f6ppelmann. 2021. Fault-enabled chosen-ciphertext attacks on Kyber. Cryptology ePrint Archive, Report 2021\/1222 (2021).","journal-title":"Cryptology ePrint Archive, Report 2021\/1222"},{"key":"e_1_3_3_84_2","volume-title":"International Algorithmic Number Theory Symposium","author":"Hoffstein Jeffrey","year":"1998","unstructured":"Jeffrey Hoffstein, Jill Pipher, and Joseph H. Silverman. 1998. NTRU: A ring-based public key cryptosystem. In International Algorithmic Number Theory Symposium. Springer."},{"key":"e_1_3_3_85_2","article-title":"SoK: How (not) to design and implement post-quantum cryptography","author":"Howe James","year":"2021","unstructured":"James Howe, Thomas Prest, and Daniel Apon. 2021. SoK: How (not) to design and implement post-quantum cryptography. Cryptology ePrint Archive, Report 2021\/462. (2021).","journal-title":"Cryptology ePrint Archive, Report 2021\/462"},{"key":"e_1_3_3_86_2","article-title":"XMSS: eXtended Merkle Signature Scheme","author":"Huelsing Andreas","year":"2018","unstructured":"Andreas Huelsing, Denis Butin, Stefan-Lukas Gazdag, Joost Rijneveld, and Aziz Mohaisen. 2018. XMSS: eXtended Merkle Signature Scheme. RFC 8391.","journal-title":"RFC 8391"},{"key":"e_1_3_3_87_2","volume-title":"Proceedings of the IEEE Symposium on Security and Privacy (SP\u201921)","author":"H\u00fclsing Andreas","year":"2021","unstructured":"Andreas H\u00fclsing, Kai-Chun Ning, Peter Schwabe, Florian Weber, and Philip R. Zimmermann. 2021. Post-quantum WireGuard. In Proceedings of the IEEE Symposium on Security and Privacy (SP\u201921)."},{"key":"e_1_3_3_88_2","volume-title":"Doc 9303, Machine Readable Travel Documents Part 10\u2014Logical Data Structure (LDS) for Storage of Biometrics and Other Data in the Contactless Integrated Circuit (IC)","year":"2021","unstructured":"ICAO. 2021. Doc 9303, Machine Readable Travel Documents Part 10\u2014Logical Data Structure (LDS) for Storage of Biometrics and Other Data in the Contactless Integrated Circuit (IC). Technical Report. International Civil Aviation Organization."},{"key":"e_1_3_3_89_2","volume-title":"Doc 9303, Machine Readable Travel Documents Part 11\u2014Security Mechanisms for MRTDs","year":"2021","unstructured":"ICAO. 2021. Doc 9303, Machine Readable Travel Documents Part 11\u2014Security Mechanisms for MRTDs. Technical Report. International Civil Aviation Organization."},{"key":"e_1_3_3_90_2","volume-title":"Doc 9303, Machine Readable Travel Documents Part 12\u2014Security Mechanisms for MRTDs","year":"2021","unstructured":"ICAO. 2021. Doc 9303, Machine Readable Travel Documents Part 12\u2014Security Mechanisms for MRTDs. Technical Report. International Civil Aviation Organization."},{"key":"e_1_3_3_91_2","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-540-45146-4_27"},{"key":"e_1_3_3_92_2","volume-title":"International Workshop on Post-Quantum Cryptography","author":"Jao David","year":"2011","unstructured":"David Jao and Luca De Feo. 2011. Towards quantum-resistant cryptosystems from supersingular elliptic curve isogenies. In International Workshop on Post-Quantum Cryptography. Springer."},{"key":"e_1_3_3_93_2","article-title":"PAKEs: New framework, new techniques and more efficient lattice-based constructions in the standard model","author":"Jiang Shaoquan","year":"2020","unstructured":"Shaoquan Jiang, Guang Gong, Jingnan He, Khoa Nguyen, and Huaxiong Wang. 2020. PAKEs: New framework, new techniques and more efficient lattice-based constructions in the standard model. Cryptology ePrint Archive, Report 2020\/140. (2020).","journal-title":"Cryptology ePrint Archive, Report 2020\/140"},{"key":"e_1_3_3_94_2","unstructured":"Matthias J. Kannwischer Joost Rijneveld Peter Schwabe and Ko Stoffelen. 2018. PQM4: Post-quantum crypto library for the Arm Cortex-M4. Retrieved from https:\/\/github.com\/mupq\/pqm4."},{"key":"e_1_3_3_95_2","article-title":"pqm4: Testing and benchmarking NIST PQC on ARM cortex-M4","author":"Kannwischer Matthias J.","year":"2019","unstructured":"Matthias J. Kannwischer, Joost Rijneveld, Peter Schwabe, and Ko Stoffelen. 2019. pqm4: Testing and benchmarking NIST PQC on ARM cortex-M4. Cryptology ePrint Archive, Report 2019\/844.","journal-title":"Cryptology ePrint Archive, Report 2019\/844"},{"key":"e_1_3_3_96_2","volume-title":"Proceedings of the IEEE International Symposium on Hardware Oriented Security and Trust (HOST\u201921)","author":"Karabulut Emre","year":"2021","unstructured":"Emre Karabulut, Erdem Alkim, and Aydin Aysu. 2021. Single-trace side-channel attacks on \\(\\omega {}\\) -small polynomial sampling: With applications to NTRU, NTRU Prime, and CRYSTALS-DILITHIUM. In Proceedings of the IEEE International Symposium on Hardware Oriented Security and Trust (HOST\u201921). IEEE."},{"key":"e_1_3_3_97_2","unstructured":"Cameron F. Kerry and Patrick D. Gallagher. 2013. Digital signature standard (DSS). FIPS PUB (2013) 186-4."},{"key":"e_1_3_3_98_2","article-title":"Eberbacher Gespr\u00e4ch: Next Generation Crypto","author":"Kreutzer Michael","year":"2018","unstructured":"Michael Kreutzer, Ruben Niederhagen, and Michael Waidner. 2018. Eberbacher Gespr\u00e4ch: Next Generation Crypto. Fraunhofer SIT.","journal-title":"Fraunhofer SIT"},{"key":"e_1_3_3_99_2","unstructured":"Leslie Lamport. 1979. Constructing digital signatures from a one way function."},{"key":"e_1_3_3_100_2","article-title":"Achieving one-round password-based authenticated key exchange over lattices","author":"Li Zengpeng","year":"2019","unstructured":"Zengpeng Li and Ding Wang. 2019. Achieving one-round password-based authenticated key exchange over lattices. IEEE Trans. Serv. Comput. (2019).","journal-title":"IEEE Trans. Serv. Comput."},{"key":"e_1_3_3_101_2","article-title":"The Secure Shell (SSH) Transport Layer Protocol","author":"Lonvick Chris M.","year":"2006","unstructured":"Chris M. Lonvick and Tatu Ylonen. 2006. The Secure Shell (SSH) Transport Layer Protocol. RFC 4253.","journal-title":"RFC 4253"},{"key":"e_1_3_3_102_2","unstructured":"Tyson Macaulay and Richard Henderson. 2019. Cryptographic Agility in Practice: Emerging Use-cases. Retrieved from https:\/\/assets.website-files.com\/5bd73d456f7b3f2db2bbbb95\/5c76a740dcc2cc4646a06805_ISG_AgilityUseCases_Whitepaper-FINAL.pdf."},{"key":"e_1_3_3_103_2","article-title":"An attack on SIDH with arbitrary starting curve","author":"Maino Luciano","year":"2022","unstructured":"Luciano Maino and Chloe Martindale. 2022. An attack on SIDH with arbitrary starting curve. Cryptology ePrint Archive, Paper 2022\/1026.","journal-title":"Cryptology ePrint Archive, Paper 2022\/1026"},{"key":"e_1_3_3_104_2","article-title":"On feasibility of post-quantum cryptography on small devices","author":"Malina Lukas","year":"2018","unstructured":"Lukas Malina, Lucie Popelova, Petr Dzurenda, Jan Hajny, and Zdenek Martinasek. 2018. On feasibility of post-quantum cryptography on small devices. IFAC-PapersOnLine (2018).","journal-title":"IFAC-PapersOnLine"},{"key":"e_1_3_3_105_2","volume-title":"International Conference on Information Technology and Communications Security","author":"Malina Lukas","year":"2019","unstructured":"Lukas Malina, Sara Ricci, Petr Dzurenda, David Smekal, Jan Hajny, and Tomas Gerlich. 2019. Towards practical deployment of post-quantum cryptography on constrained platforms and hardware-accelerated platforms. In International Conference on Information Technology and Communications Security. Springer."},{"key":"e_1_3_3_106_2","doi-asserted-by":"publisher","DOI":"10.1145\/3339252.3341475"},{"key":"e_1_3_3_107_2","doi-asserted-by":"crossref","DOI":"10.1145\/3466132.3466779","article-title":"The complex path to quantum resistance: Is your organization prepared?","author":"Mashatan Atefeh","year":"2021","unstructured":"Atefeh Mashatan and Douglas Heintzman. 2021. The complex path to quantum resistance: Is your organization prepared?Queue (2021).","journal-title":"Queue"},{"key":"e_1_3_3_108_2","unstructured":"Raynal Mathilde Genet Aymeric and Romailler Yolan. 2021. PQ-WireGuard: We did it again. Retrieved from https:\/\/csrc.nist.gov\/CSRC\/media\/Presentations\/pq-wireguard-we-did-it-again\/images-media\/session-5-raynal-pq-wireguard.pdf."},{"key":"e_1_3_3_109_2","doi-asserted-by":"publisher","unstructured":"Matzov. 2022. Report on the security of LWE: Improved dual lattice attack. Zenodo. 10.5281\/zenodo.6412487","DOI":"10.5281\/zenodo.6412487"},{"key":"e_1_3_3_110_2","article-title":"Towards Low-level Cryptographic Primitives for JavaCards","author":"Mavroudis Vasilios","year":"2018","unstructured":"Vasilios Mavroudis and Petr Svenda. 2018. Towards Low-level Cryptographic Primitives for JavaCards. arXiv:1810.01662. Retrieved from https:\/\/arxiv.org\/abs\/1810.01662.","journal-title":"arXiv:1810.01662"},{"key":"e_1_3_3_111_2","unstructured":"Robert J. McEliece. 1978. A public-key cryptosystem based on algebraic. Coding Thv 4244 (1978) 114\u2013116."},{"key":"e_1_3_3_112_2","article-title":"Leighton-Micali Hash-Based Signatures","author":"McGrew David","year":"2019","unstructured":"David McGrew, Michael Curcio, and Scott Fluhrer. 2019. Leighton-Micali Hash-Based Signatures. RFC 8554. (2019).","journal-title":"RFC 8554"},{"key":"e_1_3_3_113_2","unstructured":"Carlos Melchor. 2021. Hamming quasi-cyclic (HQC). Retrieved from https:\/\/www.pqc-hqc.org\/download.php?file=hqc-specification_2021-06-06.pdf."},{"key":"e_1_3_3_114_2","volume-title":"Conference on the Theory and Application of Cryptology","author":"Merkle Ralph C.","year":"1989","unstructured":"Ralph C. Merkle. 1989. A certified digital signature. In Conference on the Theory and Application of Cryptology. Springer."},{"key":"e_1_3_3_115_2","volume-title":"Conference on the Theory and Application of Cryptographic Techniques","author":"Miller Victor S.","year":"1985","unstructured":"Victor S. Miller. 1985. Use of elliptic curves in cryptography. In Conference on the Theory and Application of Cryptographic Techniques. Springer."},{"key":"e_1_3_3_116_2","volume-title":"Open Identity Summit 2021","author":"Morgner Frank","year":"2021","unstructured":"Frank Morgner and Jonas von der Heyden. 2021. Analyzing requirements for post quantum secure machine readable travel documents. In Open Identity Summit 2021. Gesellschaft f\u00fcr Informatik e.V."},{"key":"e_1_3_3_117_2","article-title":"Cybersecurity in an era with quantum computers: Will we be ready?","author":"Mosca Michele","year":"2015","unstructured":"Michele Mosca. 2015. Cybersecurity in an era with quantum computers: Will we be ready?Cryptology ePrint Archive, Report 2015\/1075.","journal-title":"Cryptology ePrint Archive, Report 2015\/1075"},{"key":"e_1_3_3_118_2","article-title":"Crypto Agility is a Must-have for Data Encryption Standards","author":"Moustafa Nagy","year":"2018","unstructured":"Nagy Moustafa and Vladimir Soukharev. 2018. Crypto Agility is a Must-have for Data Encryption Standards. Centre for International Governance Innovation.","journal-title":"Centre for International Governance Innovation."},{"key":"e_1_3_3_119_2","article-title":"Side-channel analysis of lattice-based post-quantum cryptography: Exploiting polynomial multiplication","author":"Mujdei Catinca","year":"2022","unstructured":"Catinca Mujdei, Arthur Beckers, Jose Maria Bermudo Mera, Angshuman Karmakar, Lennert Wouters, and Ingrid Verbauwhede. 2022. Side-channel analysis of lattice-based post-quantum cryptography: Exploiting polynomial multiplication. Cryptology ePrint Archive, Paper 2022\/474.","journal-title":"Cryptology ePrint Archive, Paper 2022\/474"},{"key":"e_1_3_3_120_2","volume-title":"Cryptographic Agility and Interoperability: Proceedings of a Workshop","author":"Sciences Engineering National Academies of","year":"2017","unstructured":"Engineering National Academies of Sciences and Medicine. 2017. Cryptographic Agility and Interoperability: Proceedings of a Workshop. The National Academies Press."},{"key":"e_1_3_3_121_2","article-title":"A side-channel attack on a masked IND-CCA secure Saber KEM","author":"Ngo Kalle","year":"2021","unstructured":"Kalle Ngo, Elena Dubrova, Qian Guo, and Thomas Johansson. 2021. A side-channel attack on a masked IND-CCA secure Saber KEM. Cryptology ePrint Archive, Paper 2021\/079.","journal-title":"Cryptology ePrint Archive, Paper 2021\/079"},{"key":"e_1_3_3_122_2","article-title":"Knapsack type cryptosystems and algebraic coding theory","volume":"15","author":"Niederreiter H.","year":"1986","unstructured":"H. Niederreiter. 1986. Knapsack type cryptosystems and algebraic coding theory. Probl. Contr. Inf. Theory 15 (1986).","journal-title":"Probl. Contr. Inf. Theory"},{"key":"e_1_3_3_123_2","volume-title":"International Conference on Post-Quantum Cryptography","author":"Oder Tobias","year":"2019","unstructured":"Tobias Oder, Julian Speith, Kira H\u00f6ltgen, and Tim G\u00fcneysu. 2019. Towards practical microcontroller implementation of the signature scheme Falcon. In International Conference on Post-Quantum Cryptography."},{"key":"e_1_3_3_124_2","article-title":"Identifying research challenges in post quantum dryptography migration and cryptographic agility","author":"Ott David","year":"2019","unstructured":"David Ott, Christopher Peikert, and other workshop participants. 2019. Identifying research challenges in post quantum dryptography migration and cryptographic agility. arXiv:1909.07353. Retrieved from https:\/\/arxiv.org\/abs\/1909.07353.","journal-title":"arXiv:1909.07353"},{"key":"e_1_3_3_125_2","volume-title":"Proceedings of the IEEE Asian Hardware-Oriented Security and Trust (AsianHOST\u201916)","author":"Park Aesun","year":"2016","unstructured":"Aesun Park and Dong-Guk Han. 2016. Chosen ciphertext simple power analysis on software 8-bit implementation of ring-LWE encryption. In Proceedings of the IEEE Asian Hardware-Oriented Security and Trust (AsianHOST\u201916). IEEE."},{"key":"e_1_3_3_126_2","article-title":"A survey of polynomial multiplication with RSA-ECC coprocessors and implementations of NIST PQC Round3 KEM algorithms in Exynos2100","author":"Park Jong-Yeon","year":"2022","unstructured":"Jong-Yeon Park, Yong-Hyuk Moon, Wonil Lee, Sung-Hyun Kim, and Kouichi Sakurai. 2022. A survey of polynomial multiplication with RSA-ECC coprocessors and implementations of NIST PQC Round3 KEM algorithms in Exynos2100. IEEE Access (2022).","journal-title":"IEEE Access"},{"key":"e_1_3_3_127_2","volume-title":"Advances in Cryptology\u2014EUROCRYPT\u201996","author":"Patarin Jacques","year":"1996","unstructured":"Jacques Patarin. 1996. Hidden fields equations (HFE) and isomorphisms of polynomials (IP): Two new families of asymmetric algorithms. In Advances in Cryptology\u2014EUROCRYPT\u201996."},{"key":"e_1_3_3_128_2","article-title":"Breaking category five SPHINCS+ with SHA-256","author":"Perlner Ray","year":"2022","unstructured":"Ray Perlner, John Kelsey, and David Cooper. 2022. Breaking category five SPHINCS+ with SHA-256. Cryptology ePrint Archive, Paper 2022\/1061.","journal-title":"Cryptology ePrint Archive, Paper 2022\/1061"},{"key":"e_1_3_3_129_2","article-title":"More practical single-trace attacks on the number theoretic transform","author":"Pessl Peter","year":"2019","unstructured":"Peter Pessl and Robert Primas. 2019. More practical single-trace attacks on the number theoretic transform. Cryptology ePrint Archive, Paper 2019\/795.","journal-title":"Cryptology ePrint Archive, Paper 2019\/795"},{"key":"e_1_3_3_130_2","article-title":"Fault attacks on CCA-secure Lattice KEMs","author":"Pessl Peter","year":"2021","unstructured":"Peter Pessl and Lukas Prokop. 2021. Fault attacks on CCA-secure Lattice KEMs. Cryptology ePrint Archive, Report 2021\/064.","journal-title":"Cryptology ePrint Archive, Report 2021\/064."},{"key":"e_1_3_3_131_2","volume-title":"Computer Security","author":"Pradel Ga\u00ebtan","year":"2020","unstructured":"Ga\u00ebtan Pradel and Chris J. Mitchell. 2020. Post-quantum certificates for electronic travel documents. In Computer Security."},{"key":"e_1_3_3_132_2","article-title":"On generic side-channel assisted chosen ciphertext attacks on lattice-based PKE\/KEMs","author":"Prasanna Ravi","year":"2021","unstructured":"Ravi Prasanna, Ezerman Martianus Frederic, Bhasin Shivam, Chattopadhyay Anupam, and Roy Sujoy Sinha. 2021. On generic side-channel assisted chosen ciphertext attacks on lattice-based PKE\/KEMs. In Proceedings of the3rd PQC Standardization Conference.","journal-title":"3rd PQC Standardization Conference"},{"key":"e_1_3_3_133_2","article-title":"Single-trace side-channel attacks on masked lattice-based encryption","author":"Primas Robert","year":"2017","unstructured":"Robert Primas, Peter Pessl, and Stefan Mangard. 2017. Single-trace side-channel attacks on masked lattice-based encryption. Cryptology ePrint Archive, Paper 2017\/594.","journal-title":"Cryptology ePrint Archive, Paper 2017\/594"},{"key":"e_1_3_3_134_2","unstructured":"QuantiCor. 2021. Sicherheitsrisiko Quantencomputer. Retrieved from https:\/\/quanticor-security.de\/whitepaper\/."},{"key":"e_1_3_3_135_2","article-title":"On exploiting message leakage in (few) NIST PQC candidates for practical message recovery and key recovery attacks","author":"Ravi Prasanna","year":"2020","unstructured":"Prasanna Ravi, Shivam Bhasin, Sujoy Sinha Roy, and Anupam Chattopadhyay. 2020. On exploiting message leakage in (few) NIST PQC candidates for practical message recovery and key recovery attacks. Cryptology ePrint Archive, Paper 2020\/1559.","journal-title":"Cryptology ePrint Archive, Paper 2020\/1559"},{"key":"e_1_3_3_136_2","article-title":"Side-channel and fault-injection attacks over lattice-based post-quantum schemes (Kyber, Dilithium): Survey and new results","author":"Ravi Prasanna","year":"2022","unstructured":"Prasanna Ravi, Anupam Chattopadhyay, and Anubhab Baksi. 2022. Side-channel and fault-injection attacks over lattice-based post-quantum schemes (Kyber, Dilithium): Survey and new results. Cryptology ePrint Archive, Paper 2022\/737.","journal-title":"Cryptology ePrint Archive, Paper 2022\/737"},{"key":"e_1_3_3_137_2","article-title":"Will you cross the threshold for me? Generic side-channel assisted chosen-ciphertext attacks on NTRU-based KEMs","author":"Ravi Prasanna","year":"2021","unstructured":"Prasanna Ravi, Martianus Frederic Ezerman, Shivam Bhasin, Anupam Chattopadhyay, and Sujoy Sinha Roy. 2021. Will you cross the threshold for me? Generic side-channel assisted chosen-ciphertext attacks on NTRU-based KEMs. Cryptology ePrint Archive, Paper 2021\/718.","journal-title":"Cryptology ePrint Archive, Paper 2021\/718"},{"key":"e_1_3_3_138_2","article-title":"Number \u201cnot used\u201d once. Practical fault attack on pqm4 implementations of NIST candidates","author":"Ravi Prasanna","year":"2018","unstructured":"Prasanna Ravi, Debapriya Basu Roy, Shivam Bhasin, Anupam Chattopadhyay, and Debdeep Mukhopadhyay. 2018. Number \u201cnot used\u201d once. Practical fault attack on pqm4 implementations of NIST candidates. Cryptology ePrint Archive, Paper 2018\/211.","journal-title":"Cryptology ePrint Archive, Paper 2018\/211"},{"key":"e_1_3_3_139_2","article-title":"Generic side-channel attacks on CCA-secure lattice-based PKE and KEMs","author":"Ravi Prasanna","year":"2020","unstructured":"Prasanna Ravi, Sujoy Sinha Roy, Anupam Chattopadhyay, and Shivam Bhasin. 2020. Generic side-channel attacks on CCA-secure lattice-based PKE and KEMs. IACR Trans. Cryptogr. Hardw. Embed. Syst. (2020).","journal-title":"IACR Trans. Cryptogr. Hardw. Embed. Syst."},{"key":"e_1_3_3_140_2","article-title":"Fiddling the twiddle constants\u2014Fault injection analysis of the number theoretic transform","author":"Ravi Prasanna","year":"2022","unstructured":"Prasanna Ravi, Bolin Yang, Shivam Bhasin, Fan Zhang, and Anupam Chattopadhyay. 2022. Fiddling the twiddle constants\u2014Fault injection analysis of the number theoretic transform. Cryptology ePrint Archive, Paper 2022\/824. (2022).","journal-title":"Cryptology ePrint Archive, Paper 2022\/824"},{"key":"e_1_3_3_141_2","doi-asserted-by":"publisher","DOI":"10.17487\/RFC2631"},{"key":"e_1_3_3_142_2","article-title":"The Transport Layer Security (TLS) Protocol Version 1.3","author":"Rescorla Eric","year":"2018","unstructured":"Eric Rescorla. 2018. The Transport Layer Security (TLS) Protocol Version 1.3. RFC 8446. (2018).","journal-title":"RFC 8446"},{"key":"e_1_3_3_143_2","doi-asserted-by":"crossref","DOI":"10.1145\/359340.359342","article-title":"A method for obtaining digital signatures and public-key cryptosystems","author":"Rivest Ronald L.","year":"1978","unstructured":"Ronald L. Rivest, Adi Shamir, and Leonard Adleman. 1978. A method for obtaining digital signatures and public-key cryptosystems. Commun. ACM (1978).","journal-title":"Commun. ACM"},{"key":"e_1_3_3_144_2","article-title":"Breaking SIDH in polynomial time","author":"Robert Damien","year":"2022","unstructured":"Damien Robert. 2022. Breaking SIDH in polynomial time. Cryptology ePrint Archive, Paper 2022\/1038.","journal-title":"Cryptology ePrint Archive, Paper 2022\/1038"},{"key":"e_1_3_3_145_2","doi-asserted-by":"publisher","DOI":"10.1145\/3400302.3415728"},{"key":"e_1_3_3_146_2","article-title":"A survey on post-quantum cryptography for constrained devices","author":"Roy Kumar Sekhar","year":"2019","unstructured":"Kumar Sekhar Roy and Hemanta Kumar Kalita. 2019. A survey on post-quantum cryptography for constrained devices. Int. J. Appl. Eng. Res. (2019).","journal-title":"Int. J. Appl. Eng. Res."},{"key":"e_1_3_3_147_2","volume-title":"Research on Electronic Travel Document Protocols using Lattice-based Cryptography","author":"Shah Chinmay","year":"2015","unstructured":"Chinmay Shah. 2015. Research on Electronic Travel Document Protocols using Lattice-based Cryptography. Master\u2019s thesis. University of Wisconsin\u2014Platteville."},{"key":"e_1_3_3_148_2","article-title":"Find the bad apples: An efficient method for perfect key recovery under imperfect SCA oracles\u2014A case study of Kyber","author":"Shen Muyan","year":"2022","unstructured":"Muyan Shen, Chi Cheng, Xiaohan Zhang, Qian Guo, and Tao Jiang. 2022. Find the bad apples: An efficient method for perfect key recovery under imperfect SCA oracles\u2014A case study of Kyber. Cryptology ePrint Archive, Paper 2022\/563.","journal-title":"Cryptology ePrint Archive, Paper 2022\/563"},{"issue":"5","key":"e_1_3_3_149_2","article-title":"Polynomial-time algorithms for prime factorization and discrete logarithms on a quantum computer","volume":"26","author":"Shor Peter W.","year":"1997","unstructured":"Peter W. Shor. 1997. Polynomial-time algorithms for prime factorization and discrete logarithms on a quantum computer. SIAM J. Comput. 26, 5 (1997).","journal-title":"SIAM J. Comput."},{"key":"e_1_3_3_150_2","article-title":"Single-trace attacks on the message encoding of lattice-based KEMs","author":"Sim Bo-Yeon","year":"2020","unstructured":"Bo-Yeon Sim, Jihoon Kwon, Joohee Lee, Il-Ju Kim, Taeho Lee, Jaeseung Han, Hyojin Yoon, Jihoon Cho, and Dong-Guk Han. 2020. Single-trace attacks on the message encoding of lattice-based KEMs. Cryptology ePrint Archive, Paper 2020\/992. (2020).","journal-title":"Cryptology ePrint Archive, Paper 2020\/992"},{"key":"e_1_3_3_151_2","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-030-05153-2_1"},{"key":"e_1_3_3_152_2","article-title":"Intermediate Exchange in the IKEv2 Protocol","author":"Smyslov Valery","year":"2021","unstructured":"Valery Smyslov. 2021. Intermediate Exchange in the IKEv2 Protocol. IETF Internet draft.","journal-title":"IETF Internet draft"},{"key":"e_1_3_3_153_2","doi-asserted-by":"crossref","DOI":"10.1109\/COMST.2017.2779824","article-title":"Systematic classification of side-channel attacks: A case study for mobile devices","author":"Spreitzer Raphael","year":"2018","unstructured":"Raphael Spreitzer, Veelasha Moonsamy, Thomas Korak, and Stefan Mangard. 2018. Systematic classification of side-channel attacks: A case study for mobile devices. IEEE Commun. Surv. Tutor. (2018).","journal-title":"IEEE Commun. Surv. Tutor."},{"key":"e_1_3_3_154_2","article-title":"Resistance of isogeny-based cryptographic implementations to a fault attack","author":"Tasso \u00c9lise","year":"2021","unstructured":"\u00c9lise Tasso, Luca De Feo, Nadia El Mrabet, and Simon Ponti\u00e9. 2021. Resistance of isogeny-based cryptographic implementations to a fault attack. Cryptology ePrint Archive, Paper 2021\/850.","journal-title":"Cryptology ePrint Archive, Paper 2021\/850"},{"key":"e_1_3_3_155_2","article-title":"Power-based side channel attack analysis on PQC algorithms","author":"Tendayi Kamucheka","year":"2021","unstructured":"Kamucheka Tendayi, Fahr Michael, Teague Tristen, Nelson Alexander, Andrews David, and Huang Miaoqing. 2021. Power-based side channel attack analysis on PQC algorithms. In Proceedings of the 3rd PQC Standardization Conference (2021).","journal-title":"Proceedings of the 3rd PQC Standardization Conference"},{"key":"e_1_3_3_156_2","article-title":"Curse of re-encryption: A generic power\/EM analysis on post-quantum KEMs","author":"Ueno Rei","year":"2021","unstructured":"Rei Ueno, Keita Xagawa, Yutaro Tanaka, Akira Ito, Junko Takahashi, and Naofumi Homma. 2021. Curse of re-encryption: A generic power\/EM analysis on post-quantum KEMs. Cryptology ePrint Archive, Report 2021\/849 (2021).","journal-title":"Cryptology ePrint Archive, Report 2021\/849"},{"key":"e_1_3_3_157_2","unstructured":"U.S. National Institute of Standards and Technology (NIST). 2016. Submission Requirements and Evaluation Criteria for the Post-Quantum Cryptography Standardization Process."},{"key":"e_1_3_3_158_2","unstructured":"U.S. National Institute of Standards and Technology (NIST). 2020. NISTIR 8309: Status Report on the Second Round of the NIST Post-Quantum Cryptography Standardization Process."},{"key":"e_1_3_3_159_2","unstructured":"U.S. National Institute of Standards and Technology (NIST). 2021. Status Update on the 3rd Round. Retrieved from https:\/\/csrc.nist.gov\/CSRC\/media\/Presentations\/status-update-on-the-3rd-round\/images-media\/session-1-moody-nist-round-3-update.pdf."},{"key":"e_1_3_3_160_2","doi-asserted-by":"crossref","DOI":"10.1145\/3178291.3178294","article-title":"Exploring the vulnerability of R-LWE encryption to fault attacks","author":"Valencia Felipe","year":"2018","unstructured":"Felipe Valencia, Tobias Oder, Tim G\u00fcneysu, and Francesco Regazzoni. 2018. Exploring the vulnerability of R-LWE encryption to fault attacks. In Proceedings of the 5th Workshop on Cryptography and Security in Computing Systems (CS2\u201918).","journal-title":"Proceedings of the 5th Workshop on Cryptography and Security in Computing Systems (CS2\u201918)"},{"key":"e_1_3_3_161_2","volume-title":"Open Identity Summit 2021","author":"Vogt Sebastian","year":"2021","unstructured":"Sebastian Vogt and Holger Funke. 2021. How quantum computers threat security of PKIs and thus eIDs. In Open Identity Summit 2021. Gesellschaft f\u00fcr Informatik e.V."},{"key":"e_1_3_3_162_2","article-title":"Fault-injection attacks against NIST\u2019s post-quantum cryptography round 3 KEM candidates","author":"Xagawa Keita","year":"2021","unstructured":"Keita Xagawa, Akira Ito, Rei Ueno, Junko Takahashi, and Naofumi Homma. 2021. Fault-injection attacks against NIST\u2019s post-quantum cryptography round 3 KEM candidates. Cryptology ePrint Archive, Report 2021\/840.","journal-title":"Cryptology ePrint Archive, Report 2021\/840"},{"key":"e_1_3_3_163_2","article-title":"A compact hardware implementation of CCA-secure key exchange mechanism CRYSTALS-KYBER on FPGA","author":"Xing Yufei","year":"2021","unstructured":"Yufei Xing and Shuguo Li. 2021. A compact hardware implementation of CCA-secure key exchange mechanism CRYSTALS-KYBER on FPGA. IACR Trans. Cryptogr. Hardw. Embed. Syst. (2021).","journal-title":"IACR Trans. Cryptogr. Hardw. Embed. Syst."},{"key":"e_1_3_3_164_2","article-title":"Side-channel attack on a protected RFID card","author":"Xu Rixin","year":"2018","unstructured":"Rixin Xu, Liehuang Zhu, An Wang, Xiaojiang Du, Kim-Kwang Raymond Choo, Guoshuang Zhang, and Keke Gai. 2018. Side-channel attack on a protected RFID card. IEEE Access (2018).","journal-title":"IEEE Access"},{"key":"e_1_3_3_165_2","article-title":"Magnifying side-channel leakage of lattice-based cryptosystems with chosen ciphertexts: The case study of Kyber","author":"Xu Zhuang","year":"2020","unstructured":"Zhuang Xu, Owen Pemberton, Sujoy Sinha Roy, David Oswald, Wang Yao, and Zhiming Zheng. 2020. Magnifying side-channel leakage of lattice-based cryptosystems with chosen ciphertexts: The case study of Kyber. Cryptology ePrint Archive, Paper 2020\/912.","journal-title":"Cryptology ePrint Archive, Paper 2020\/912"},{"key":"e_1_3_3_166_2","article-title":"A hardware accelerator for polynomial multiplication operation of CRYSTALS-KYBER PQC scheme","author":"Yaman Ferhat","year":"2021","unstructured":"Ferhat Yaman, Ahmet Can Mert, Erdinc Ozturk, and Erkay Savas. 2021. A hardware accelerator for polynomial multiplication operation of CRYSTALS-KYBER PQC scheme. Cryptology ePrint Archive, Paper 2021\/485.","journal-title":"Cryptology ePrint Archive, Paper 2021\/485"},{"key":"e_1_3_3_167_2","volume-title":"Hindawi 8893628Wireless Communications and Mobile Computing","author":"Yin Anqi","year":"2020","unstructured":"Anqi Yin, Yuanbo Guo, Yuanming Song, Tongzhou Qu, and Chen Fang. 2020. Two-round password-based authenticated key exchange from lattices. Hindawi 8893628. In Wireless Communications and Mobile Computing."},{"key":"e_1_3_3_168_2","article-title":"The Picnic Signature Algorithm Specification","author":"Zaverucha Greg","year":"2020","unstructured":"Greg Zaverucha. 2020. The Picnic Signature Algorithm Specification. NIST Round 3. Retrieved from https:\/\/github.com\/microsoft\/Picnic\/blob\/master\/spec\/spec-v3.0.pdf.","journal-title":"NIST Round 3"},{"key":"e_1_3_3_169_2","article-title":"Authenticated key exchange from ideal lattices","author":"Zhang Jiang","year":"2014","unstructured":"Jiang Zhang, Zhenfeng Zhang, Jintai Ding, Michael Snook, and \u00d6zg\u00fcr Dagdelen. 2014. Authenticated key exchange from ideal lattices. Cryptology ePrint Archive, Report 2014\/589.","journal-title":"Cryptology ePrint Archive, Report 2014\/589"}],"container-title":["ACM Transactions on Embedded Computing Systems"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3585517","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3585517","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,17]],"date-time":"2025-06-17T16:46:08Z","timestamp":1750178768000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3585517"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2024,3,27]]},"references-count":168,"journal-issue":{"issue":"2","published-print":{"date-parts":[[2024,3,31]]}},"alternative-id":["10.1145\/3585517"],"URL":"https:\/\/doi.org\/10.1145\/3585517","relation":{},"ISSN":["1539-9087","1558-3465"],"issn-type":[{"value":"1539-9087","type":"print"},{"value":"1558-3465","type":"electronic"}],"subject":[],"published":{"date-parts":[[2024,3,27]]},"assertion":[{"value":"2022-05-02","order":0,"name":"received","label":"Received","group":{"name":"publication_history","label":"Publication History"}},{"value":"2023-02-22","order":1,"name":"accepted","label":"Accepted","group":{"name":"publication_history","label":"Publication History"}},{"value":"2024-03-27","order":2,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}