{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,4,5]],"date-time":"2026-04-05T20:32:51Z","timestamp":1775421171160,"version":"3.50.1"},"reference-count":76,"publisher":"Association for Computing Machinery (ACM)","issue":"2","license":[{"start":{"date-parts":[[2024,3,28]],"date-time":"2024-03-28T00:00:00Z","timestamp":1711584000000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"funder":[{"name":"CyberSecurity Research Flanders","award":["VR20192203"],"award-info":[{"award-number":["VR20192203"]}]},{"name":"Research Council KU Leuven","award":["C16\/15\/058"],"award-info":[{"award-number":["C16\/15\/058"]}]},{"name":"Horizon 2020 ERC Advanced Grant","award":["101020005 Belfort"],"award-info":[{"award-number":["101020005 Belfort"]}]},{"name":"FWO","award":["133185 \/ 1238822N LV"],"award-info":[{"award-number":["133185 \/ 1238822N LV"]}]}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":["ACM Trans. Embed. Comput. Syst."],"published-print":{"date-parts":[[2024,3,31]]},"abstract":"\n In this work, we present a systematic study of Side-Channel Attacks (SCA) and Fault Injection Attacks (FIA) on structured lattice-based schemes, with main focus on Kyber Key Encapsulation Mechanism (KEM) and Dilithium signature scheme, which are leading candidates in the NIST standardization process for Post-Quantum Cryptography (PQC). Through our study, we attempt to understand the underlying similarities and differences between the existing attacks while classifying them into different categories. Given the wide variety of reported attacks, simultaneous protection against all the attacks requires to implement customized protections\/countermeasures for both Kyber and Dilithium. We therefore present a range of customized countermeasures, capable of providing defenses\/mitigations against existing SCA\/FIA, and incorporate several SCA and FIA countermeasures within a single design of Kyber and Dilithium. Among the several countermeasures discussed in this work, we present novel countermeasures that offer simultaneous protection against several SCA- and FIA-based chosen-ciphertext attacks for Kyber KEM. We implement the presented countermeasures within two well-known public software libraries for PQC: (1)\n pqm4<\/jats:italic>\n library for the ARM Cortex-M4-based microcontroller and (2)\n liboqs<\/jats:italic>\n library for the Raspberry Pi 3 Model B Plus based on the ARM Cortex-A53 processor. Our performance evaluation reveals that the presented custom countermeasures incur reasonable performance overheads on both the evaluated embedded platforms. We therefore believe our work argues for usage of custom countermeasures within real-world implementations of lattice-based schemes, either in a standalone manner or as reinforcements to generic countermeasures such as masking.\n <\/jats:p>","DOI":"10.1145\/3603170","type":"journal-article","created":{"date-parts":[[2023,6,5]],"date-time":"2023-06-05T10:26:43Z","timestamp":1685960803000},"page":"1-54","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":60,"title":["Side-channel and Fault-injection attacks over Lattice-based Post-quantum Schemes (Kyber, Dilithium): Survey and New Results"],"prefix":"10.1145","volume":"23","author":[{"ORCID":"https:\/\/orcid.org\/0000-0003-0201-3705","authenticated-orcid":false,"given":"Prasanna","family":"Ravi","sequence":"first","affiliation":[{"name":"School of Computer Science and Engineering, Nanyang Technological University, Nanyang Drive, Singapore"}]},{"ORCID":"https:\/\/orcid.org\/0000-0003-4840-9350","authenticated-orcid":false,"given":"Anupam","family":"Chattopadhyay","sequence":"additional","affiliation":[{"name":"Temasek Labs, Nanyang Technological University, Nanyang Drive, Singapore"}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-9675-7988","authenticated-orcid":false,"given":"Jan Pieter","family":"D\u2019Anvers","sequence":"additional","affiliation":[{"name":"imec-COSIC, KU Leuven, Heverlee, Belgium"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-5639-7372","authenticated-orcid":false,"given":"Anubhab","family":"Baksi","sequence":"additional","affiliation":[{"name":"Temasek Labs, Nanyang Technological University, Nanyang Drive, Singapore"}]}],"member":"320","published-online":{"date-parts":[[2024,3,28]]},"reference":[{"key":"e_1_3_3_2_2","article-title":"Status report on the second round of the NIST post-quantum cryptography standardization process","author":"Alagic Gorjan","year":"2020","unstructured":"Gorjan Alagic, Jacob Alperin-Sheriff, Daniel Apon, David Cooper, Quynh Dang, John Kelsey, Yi-Kai Liu, Carl Miller, Dustin Moody, Rene Peralta et\u00a0al. 2020. Status report on the second round of the NIST post-quantum cryptography standardization process. US Department of Commerce, NIST (2020). https:\/\/www.nist.gov\/publications\/status-report-second-round-nist-post-quantum-cryptography-standardization-process","journal-title":"US Department of Commerce, NIST"},{"key":"e_1_3_3_3_2","article-title":"Status report on the third round of the NIST post-quantum cryptography standardization process","author":"Alagic Gorjan","year":"2022","unstructured":"Gorjan Alagic, Daniel Apon, David Cooper, Quynh Dang, Thinh Dang, John Kelsey, Jacob Lichtinger, Carl Miller, Dustin Moody, Rene Peralta et\u00a0al. 2022. Status report on the third round of the NIST post-quantum cryptography standardization process. National Institute of Standards and Technology (2022).","journal-title":"National Institute of Standards and Technology"},{"key":"e_1_3_3_4_2","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-030-44223-1_11"},{"key":"e_1_3_3_5_2","unstructured":"Daniel Apon and James Howe. 2021. Attacks on NIST PQC 3rd round candidates. Invited talk at Real World Crypto 2021 Retrieved from https:\/\/iacr.org\/submit\/files\/slides\/2021\/rwc\/rwc2021\/22\/slides.pdf."},{"key":"e_1_3_3_6_2","unstructured":"Roberto Avanzi Joppe W. Bos Leo Ducas Eike Kiltz Tancrede Lepoint Vadim Lyubashevsky John Schanck Peter Schwabe Gregor Seiler and Damien Stehl\u00e9. 2021. CRYSTALS-Kyber (version 3.02): Algorithm specifications and supporting documentation. Retrieved from https:\/\/pq-crystals.org\/kyber\/data\/kyber-specification-round3.pdf."},{"key":"e_1_3_3_7_2","article-title":"Leveling Dilithium against Leakage: Revisited Sensitivity Analysis and Improved Implementations","author":"Azouaoui Melissa","year":"2022","unstructured":"Melissa Azouaoui, Olivier Bronchain, Ga\u00ebtan Cassiers, Cl\u00e9ment Hoffmann, Yulia Kuzovkova, Joost Renes, Markus Sch\u00f6nauer, Tobias Schneider, Fran\u00e7ois-Xavier Standaert, and Christine van Vredendaal. 2022. Leveling Dilithium against Leakage: Revisited Sensitivity Analysis and Improved Implementations. Cryptology ePrint Archive (2022). https:\/\/csrc.nist.gov\/csrc\/media\/Events\/2022\/fourth-pqc-standardization-conference\/documents\/papers\/leveling-dilithium-against-leakage-pqc2022.pdf","journal-title":"Cryptology ePrint Archive"},{"key":"e_1_3_3_8_2","doi-asserted-by":"publisher","DOI":"10.13154\/tches.v2020.i3.483-507"},{"key":"e_1_3_3_9_2","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-030-17656-3_26"},{"key":"e_1_3_3_10_2","first-page":"221","article-title":"Neon NTT: Faster Dilithium, Kyber, and Saber on Cortex-A72 and Apple M1","author":"Becker Hanno","year":"2022","unstructured":"Hanno Becker, Vincent Hwang, Matthias J. Kannwischer, Bo-Yin Yang, and Shang-Yi Yang. 2022. Neon NTT: Faster Dilithium, Kyber, and Saber on Cortex-A72 and Apple M1. IACR Trans. Cryptogr. Hardw. Embed. Syst. 2022, 1 (2022), 221\u2013244. https:\/\/eprint.iacr.org\/2021\/986","journal-title":"IACR Trans. Cryptogr. Hardw. Embed. Syst."},{"key":"e_1_3_3_11_2","doi-asserted-by":"publisher","DOI":"10.1145\/3429983"},{"key":"e_1_3_3_12_2","doi-asserted-by":"publisher","unstructured":"Shivam Bhasin Jan-Pieter D\u2019Anvers Daniel Heinz Thomas P\u00f6ppelmann and Michiel van Beirendonck. 2021. Attacking and defending masked polynomial comparison for lattice-based cryptography. IACR Trans. Cryptogr. Hardw. Embed. Syst. 2021 3 (2021) 334\u2013359. DOI:10.46586\/tches.v2021.i3.334-359","DOI":"10.46586\/tches.v2021.i3.334-359"},{"key":"e_1_3_3_13_2","doi-asserted-by":"publisher","DOI":"10.1109\/FDTC.2016.11"},{"key":"e_1_3_3_14_2","doi-asserted-by":"publisher","DOI":"10.46586\/tches.v2021.i4.173-214"},{"key":"e_1_3_3_15_2","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-030-23696-0_11"},{"issue":"3","key":"e_1_3_3_16_2","article-title":"Differential fault attacks on deterministic lattice signatures","volume":"2018","author":"Bruinderink Leon Groot","year":"2018","unstructured":"Leon Groot Bruinderink and Peter Pessl. 2018. Differential fault attacks on deterministic lattice signatures. IACR Trans. Cryptogr. Hardw. Embed. Syst. 2018, 3 (2018). Retrieved from https:\/\/eprint.iacr.org\/2018\/355.pdf.","journal-title":"IACR Trans. Cryptogr. Hardw. Embed. Syst."},{"key":"e_1_3_3_17_2","doi-asserted-by":"publisher","DOI":"10.1109\/ICCD53106.2021.00094"},{"key":"e_1_3_3_18_2","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-030-56880-1_12"},{"key":"e_1_3_3_19_2","doi-asserted-by":"publisher","DOI":"10.46586\/tches.v2022.i2.115-139"},{"key":"e_1_3_3_20_2","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-030-17259-6_19"},{"key":"e_1_3_3_21_2","doi-asserted-by":"crossref","first-page":"3","DOI":"10.1007\/978-3-030-45727-3_1","volume-title":"Advances in Cryptology \u2013 EUROCRYPT 2020","author":"D\u2019Anvers Jan-Pieter","year":"2020","unstructured":"Jan-Pieter D\u2019Anvers, M\u00e9lissa Rossi, and Fernando Virdia. 2020. (One) failure is not an option: Bootstrapping the search for failures in lattice-based encryption schemes. In Advances in Cryptology \u2013 EUROCRYPT 2020, Anne Canteaut and Yuval Ishai (Eds.). Springer International Publishing, Cham, 3\u201333."},{"key":"e_1_3_3_22_2","first-page":"2","volume-title":"ACM Workshop on Theory of Implementation Security","author":"D\u2019Anvers Jan-Pieter","year":"2019","unstructured":"Jan-Pieter D\u2019Anvers, Marcel Tiepelt, Frederik Vercauteren, and Ingrid Verbauwhede. 2019. Timing attacks on error correcting codes in post-quantum schemes. In ACM Workshop on Theory of Implementation Security. 2\u20139."},{"key":"e_1_3_3_23_2","first-page":"1622","article-title":"Roulette: Breaking Kyber with diverse fault injection setups","author":"Delvaux Jeroen","year":"2021","unstructured":"Jeroen Delvaux. 2021. Roulette: Breaking Kyber with diverse fault injection setups. Cryptology ePrint Archive (2021), 1622.","journal-title":"Cryptology ePrint Archive"},{"key":"e_1_3_3_24_2","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-40041-4_3"},{"key":"e_1_3_3_25_2","unstructured":"L\u00e9o Ducas Tancrede Lepoint Vadim Lyubashevsky Peter Schwabe Gregor Seiler and Damien Stehl\u00e9. 2018. Crystals-Dilithium: Digital signatures from module lattices. Retrieved from https:\/\/pq-crystals.org\/dilithium\/data\/dilithium-specification-round3.pdf."},{"key":"e_1_3_3_26_2","first-page":"140","volume-title":"International Conference on Selected Areas in Cryptography","author":"Espitau Thomas","year":"2016","unstructured":"Thomas Espitau, Pierre-Alain Fouque, Beno\u00eet G\u00e9rard, and Mehdi Tibouchi. 2016. Loop-abort faults on lattice-based Fiat-Shamir and hash-and-sign signatures. In International Conference on Selected Areas in Cryptography. Springer, 140\u2013158."},{"key":"e_1_3_3_27_2","doi-asserted-by":"publisher","DOI":"10.1007\/3-540-48405-1_34"},{"key":"e_1_3_3_28_2","first-page":"1","article-title":"Compact Dilithium implementations on Cortex-M3 and Cortex-M4","author":"Greconici Denisa O. C.","year":"2021","unstructured":"Denisa O. C. Greconici, Matthias J. Kannwischer, and Daan Sprenkels. 2021. Compact Dilithium implementations on Cortex-M3 and Cortex-M4. IACR Trans. Cryptogr. Hardw. Embed. Syst. 2021, 1 (2021), 1\u201324.","journal-title":"IACR Trans. Cryptogr. Hardw. Embed. Syst."},{"key":"e_1_3_3_29_2","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-33027-8_31"},{"key":"e_1_3_3_30_2","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-030-56880-1_13"},{"key":"e_1_3_3_31_2","doi-asserted-by":"publisher","DOI":"10.46586\/tches.v2021.i4.88-113"},{"key":"e_1_3_3_32_2","doi-asserted-by":"publisher","DOI":"10.1109\/ACCESS.2021.3135600"},{"key":"e_1_3_3_33_2","first-page":"58","article-title":"First-order masked Kyber on ARM Cortex-M4","author":"Heinz Daniel","year":"2022","unstructured":"Daniel Heinz, Matthias J. Kannwischer, Georg Land, Thomas P\u00f6ppelmann, Peter Schwabe, and Daan Sprenkels. 2022. First-order masked Kyber on ARM Cortex-M4. IACR Cryptol. ePrint Arch. (2022), 58. Retrieved from https:\/\/eprint.iacr.org\/2022\/058.","journal-title":"IACR Cryptol. ePrint Arch."},{"key":"e_1_3_3_34_2","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-030-92518-5_15"},{"key":"e_1_3_3_35_2","first-page":"555","article-title":"Adapting belief propagation to counter shuffling of NTTs","author":"Hermelink Julius","year":"2022","unstructured":"Julius Hermelink, Silvan Streit, Emanuele Strieder, and Katharina Thieme. 2022. Adapting belief propagation to counter shuffling of NTTs. IACR Cryptol. ePrint Arch. (2022), 555. Retrieved from https:\/\/eprint.iacr.org\/2022\/555.","journal-title":"IACR Cryptol. ePrint Arch."},{"key":"e_1_3_3_36_2","doi-asserted-by":"publisher","DOI":"10.1109\/EuroSP53844.2022.00046"},{"key":"e_1_3_3_37_2","doi-asserted-by":"publisher","DOI":"10.13154\/tches.v2020.i3.243-268"},{"key":"e_1_3_3_38_2","unstructured":"Matthias J. Kannwischer Joost Rijneveld Peter Schwabe and Ko Stoffelen. 2019. PQM4: Post-quantum crypto library for the ARM Cortex-M4. Retrieved from https:\/\/github.com\/mupq\/pqm4."},{"key":"e_1_3_3_39_2","doi-asserted-by":"publisher","DOI":"10.46586\/tches.v2022.i4.285-310"},{"key":"e_1_3_3_40_2","first-page":"1009","article-title":"LAC: Practical ring-LWE based public-key encryption with byte-level modulus","author":"Lu Xianhui","year":"2018","unstructured":"Xianhui Lu, Yamin Liu, Zhenfei Zhang, Dingding Jia, Haiyang Xue, Jingnan He, and Bao Li. 2018. LAC: Practical ring-LWE based public-key encryption with byte-level modulus. IACR Cryptol. ePrint Arch. (2018), 1009. Retrieved from https:\/\/eprint.iacr.org\/2018\/1009.","journal-title":"IACR Cryptol. ePrint Arch."},{"key":"e_1_3_3_41_2","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-10366-7_35"},{"key":"e_1_3_3_42_2","doi-asserted-by":"publisher","DOI":"10.1145\/2535925"},{"key":"e_1_3_3_43_2","first-page":"106","article-title":"Profiling side-channel attacks on Dilithium: A small bit-fiddling leak breaks it all","author":"Marzougui Soundes","year":"2022","unstructured":"Soundes Marzougui, Vincent Ulitzsch, Mehdi Tibouchi, and Jean-Pierre Seifert. 2022. Profiling side-channel attacks on Dilithium: A small bit-fiddling leak breaks it all. IACR Cryptol. ePrint Arch. (2022), 106. Retrieved from https:\/\/eprint.iacr.org\/2022\/106.","journal-title":"IACR Cryptol. ePrint Arch."},{"key":"e_1_3_3_44_2","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-030-21568-2_17"},{"key":"e_1_3_3_45_2","first-page":"474","article-title":"Side-channel analysis of lattice-based post-quantum cryptography: Exploiting polynomial multiplication","author":"Mujdei Catinca","year":"2022","unstructured":"Catinca Mujdei, Arthur Beckers, Jose Bermundo, Angshuman Karmakar, Lennert Wouters, and Ingrid Verbauwhede. 2022. Side-channel analysis of lattice-based post-quantum cryptography: Exploiting polynomial multiplication. IACR Cryptol. ePrint Arch. (2022), 474. DOI:https:\/\/eprint.iacr.org\/2022\/474","journal-title":"IACR Cryptol. ePrint Arch."},{"key":"e_1_3_3_46_2","doi-asserted-by":"publisher","DOI":"10.1145\/3292548"},{"key":"e_1_3_3_47_2","doi-asserted-by":"publisher","DOI":"10.46586\/tches.v2021.i4.676-707"},{"key":"e_1_3_3_48_2","first-page":"51","volume-title":"5th Workshop on Attacks and Solutions in Hardware Security","author":"Ngo Kalle","year":"2021","unstructured":"Kalle Ngo, Elena Dubrova, and Thomas Johansson. 2021. Breaking masked and shuffled CCA secure Saber KEM by power analysis. In 5th Workshop on Attacks and Solutions in Hardware Security. 51\u201361."},{"key":"e_1_3_3_49_2","first-page":"919","article-title":"Side-channel attacks on lattice-based KEMs are not prevented by higher-order masking","author":"Ngo Kalle","year":"2022","unstructured":"Kalle Ngo, Ruize Wang, Elena Dubrova, and Nils Paulsrud. 2022. Side-channel attacks on lattice-based KEMs are not prevented by higher-order masking. IACR Cryptol. ePrint Arch. (2022), 919. Retrieved from https:\/\/eprint.iacr.org\/2022\/919.","journal-title":"IACR Cryptol. ePrint Arch."},{"key":"e_1_3_3_50_2","doi-asserted-by":"publisher","DOI":"10.46586\/tches.v2018.i1.142-174"},{"key":"e_1_3_3_51_2","doi-asserted-by":"publisher","DOI":"10.1016\/0004-3702(86)90072-X"},{"key":"e_1_3_3_52_2","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-030-30530-7_7"},{"key":"e_1_3_3_53_2","doi-asserted-by":"publisher","DOI":"10.46586\/tches.v2021.i2.37-60"},{"key":"e_1_3_3_54_2","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-319-66787-4_25"},{"key":"e_1_3_3_55_2","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-030-92068-5_4"},{"key":"e_1_3_3_56_2","first-page":"931","article-title":"Pushing the limits of generic side-channel attacks on LWE-based KEMs\u2014Parallel PC Oracle attacks on Kyber KEM and beyond","author":"Rajendran Gokulnath","year":"2022","unstructured":"Gokulnath Rajendran, Prasanna Ravi, Jan-Pieter D\u2019Anvers, Shivam Bhasin, and Anupam Chattopadhyay. 2022. Pushing the limits of generic side-channel attacks on LWE-based KEMs\u2014Parallel PC Oracle attacks on Kyber KEM and beyond. IACR Cryptol. ePrint Arch. (2022), 931. Retrieved from https:\/\/eprint.iacr.org\/2022\/931.","journal-title":"IACR Cryptol. ePrint Arch."},{"key":"e_1_3_3_57_2","doi-asserted-by":"publisher","unstructured":"P. Ravi S. Bhasin S. S. Roy and A. Chattopadhyay. 2022. On exploiting message leakage in (Few) NIST PQC candidates for practical message recovery attacks. In IEEE Transactions on Information Forensics and Security 17 (2022) 684\u2013699. DOI:10.1109\/TIFS.2021.3139268","DOI":"10.1109\/TIFS.2021.3139268"},{"key":"e_1_3_3_58_2","first-page":"57","volume-title":"International Conference on Smart Card Research and Advanced Applications","author":"Ravi Prasanna","year":"2019","unstructured":"Prasanna Ravi, Sourav Sen Gupta, Anupam Chattopadhyay, and Shivam Bhasin. 2019. Improving speed of Dilithium\u2019s signing procedure. In International Conference on Smart Card Research and Advanced Applications. Springer, 57\u201373."},{"key":"e_1_3_3_59_2","doi-asserted-by":"publisher","DOI":"10.1145\/3422178"},{"key":"e_1_3_3_60_2","article-title":"Side-channel assisted existential forgery attack on Dilithium-a NIST PQC candidate","author":"Ravi Prasanna","year":"2018","unstructured":"Prasanna Ravi, Mahabir Prasad Jhanwar, James Howe, Anupam Chattopadhyay, and Shivam Bhasin. 2018. Side-channel assisted existential forgery attack on Dilithium-a NIST PQC candidate. Cryptology ePrint Archive (2018).","journal-title":"Cryptology ePrint Archive"},{"key":"e_1_3_3_61_2","doi-asserted-by":"publisher","DOI":"10.1145\/3321705.3329821"},{"key":"e_1_3_3_62_2","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-030-66626-2_7"},{"key":"e_1_3_3_63_2","doi-asserted-by":"crossref","first-page":"232","DOI":"10.1007\/978-3-030-16350-1_13","volume-title":"International Workshop on Constructive Side-channel Analysis and Secure Design","author":"Ravi Prasanna","year":"2019","unstructured":"Prasanna Ravi, Debapriya Basu Roy, Shivam Bhasin, Anupam Chattopadhyay, and Debdeep Mukhopadhyay. 2019. Number \u201cnot used\u201d once-practical fault attack on pqm4 implementations of NIST candidates. In International Workshop on Constructive Side-channel Analysis and Secure Design. Springer, 232\u2013250."},{"key":"e_1_3_3_64_2","doi-asserted-by":"publisher","DOI":"10.46586\/tches.v2020.i3.307-335"},{"key":"e_1_3_3_65_2","first-page":"824","article-title":"Fiddling the twiddle constants\u2014Fault injection analysis of the number theoretic transform","author":"Ravi Prasanna","year":"2022","unstructured":"Prasanna Ravi, Bolin Yang, Shivam Bhasin, Fan Zhang, and Anupam Chattopadhyay. 2022. Fiddling the twiddle constants\u2014Fault injection analysis of the number theoretic transform. IACR Cryptol. ePrint Arch. (2022), 824. Retrieved from https:\/\/eprint.iacr.org\/2022\/824.","journal-title":"IACR Cryptol. ePrint Arch."},{"key":"e_1_3_3_66_2","doi-asserted-by":"publisher","DOI":"10.1145\/1568318.1568324"},{"key":"e_1_3_3_67_2","first-page":"563","article-title":"Find the bad apples: An efficient method for perfect key recovery under imperfect SCA oracles\u2014A case study of Kyber","author":"Shen Muyan","year":"2022","unstructured":"Muyan Shen, Chi Cheng, Xiaohan Zhang, Qian Guo, and Tao Jiang. 2022. Find the bad apples: An efficient method for perfect key recovery under imperfect SCA oracles\u2014A case study of Kyber. IACR Cryptol. ePrint Arch. (2022), 563. Retrieved from https:\/\/eprint.iacr.org\/2022\/563.","journal-title":"IACR Cryptol. ePrint Arch."},{"key":"e_1_3_3_68_2","doi-asserted-by":"crossref","unstructured":"Bo-Yeon Sim Jihoon Kwon Joohee Lee Il-Ju Kim Tae-Ho Lee Jaeseung Han Hyojin Yoon Jihoon Cho and Dong-Guk Han. 2020. Single-trace attacks on message encoding in lattice-based KEMs. 8 (2020) 183175\u2013183191.","DOI":"10.1109\/ACCESS.2020.3029521"},{"key":"e_1_3_3_69_2","first-page":"14","volume-title":"International Conference on Selected Areas in Cryptography","author":"Stebila Douglas","year":"2016","unstructured":"Douglas Stebila and Michele Mosca. 2016. Post-quantum key exchange for the internet and the open quantum safe project. In International Conference on Selected Areas in Cryptography. Springer, 14\u201337."},{"key":"e_1_3_3_70_2","article-title":"Breaking and protecting the crystal: Side-channel analysis of Dilithium in hardware","author":"Steffen Hauke","year":"2022","unstructured":"Hauke Steffen, Georg Land, Lucie Kogelheide, and Tim G\u00fcneysu. 2022. Breaking and protecting the crystal: Side-channel analysis of Dilithium in hardware. Cryptology ePrint Archive (2022).","journal-title":"Cryptology ePrint Archive"},{"key":"e_1_3_3_71_2","first-page":"940","article-title":"Multiple-valued plaintext-checking side-channel attacks on post-quantum KEMs","author":"Tanaka Yutaro","year":"2022","unstructured":"Yutaro Tanaka, Rei Ueno, Keita Xagawa, Akira Ito, Junko Takahashi, and Naofumi Homma. 2022. Multiple-valued plaintext-checking side-channel attacks on post-quantum KEMs. IACR Cryptol. ePrint Arch. (2022), 940. Retrieved from https:\/\/eprint.iacr.org\/2022\/940.","journal-title":"IACR Cryptol. ePrint Arch."},{"key":"e_1_3_3_72_2","doi-asserted-by":"publisher","DOI":"10.46586\/tches.v2022.i1.296-322"},{"key":"e_1_3_3_73_2","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-662-45611-8_15"},{"key":"e_1_3_3_74_2","first-page":"852","article-title":"Making biased DL models work: Message and key recovery attacks on saber using amplitude-modulated EM emanations","author":"Wang Ruize","year":"2022","unstructured":"Ruize Wang, Kalle Ngo, and Elena Dubrova. 2022. Making biased DL models work: Message and key recovery attacks on saber using amplitude-modulated EM emanations. IACR Cryptol. ePrint Arch. (2022), 852. https:\/\/eprint.iacr.org\/2022\/852.","journal-title":"IACR Cryptol. ePrint Arch."},{"key":"e_1_3_3_75_2","first-page":"807","article-title":"Side-channel analysis of Saber KEM using amplitude-modulated EM emanations","author":"Wang Ruize","year":"2022","unstructured":"Ruize Wang, Kalle Ngo, and Elena Dubrova. 2022. Side-channel analysis of Saber KEM using amplitude-modulated EM emanations. IACR Cryptol. ePrint Arch. (2022), 807. https:\/\/eprint.iacr.org\/2022\/807.","journal-title":"IACR Cryptol. ePrint Arch."},{"key":"e_1_3_3_76_2","first-page":"33","volume-title":"International Conference on the Theory and Application of Cryptology and Information Security","author":"Xagawa Keita","year":"2021","unstructured":"Keita Xagawa, Akira Ito, Rei Ueno, Junko Takahashi, and Naofumi Homma. 2021. Fault-injection attacks against NIST\u2019s post-quantum cryptography round 3 KEM candidates. In International Conference on the Theory and Application of Cryptology and Information Security. Springer, 33\u201361."},{"key":"e_1_3_3_77_2","article-title":"Magnifying side-channel leakage of lattice-based cryptosystems with chosen ciphertexts: The case study of Kyber","author":"Xu Zhuang","year":"2021","unstructured":"Zhuang Xu, Owen Michael Pemberton, Sujoy Sinha Roy, David Oswald, Wang Yao, and Zhiming Zheng. 2021. Magnifying side-channel leakage of lattice-based cryptosystems with chosen ciphertexts: The case study of Kyber. IEEE Trans. Comput. (2021).","journal-title":"IEEE Trans. Comput."}],"container-title":["ACM Transactions on Embedded Computing Systems"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3603170","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3603170","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,18]],"date-time":"2025-06-18T22:49:10Z","timestamp":1750286950000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3603170"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2024,3,28]]},"references-count":76,"journal-issue":{"issue":"2","published-print":{"date-parts":[[2024,3,31]]}},"alternative-id":["10.1145\/3603170"],"URL":"https:\/\/doi.org\/10.1145\/3603170","relation":{},"ISSN":["1539-9087","1558-3465"],"issn-type":[{"value":"1539-9087","type":"print"},{"value":"1558-3465","type":"electronic"}],"subject":[],"published":{"date-parts":[[2024,3,28]]},"assertion":[{"value":"2022-05-10","order":0,"name":"received","label":"Received","group":{"name":"publication_history","label":"Publication History"}},{"value":"2023-05-07","order":1,"name":"accepted","label":"Accepted","group":{"name":"publication_history","label":"Publication History"}},{"value":"2024-03-28","order":2,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}