{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,4,9]],"date-time":"2026-04-09T00:00:50Z","timestamp":1775692850133,"version":"3.50.1"},"reference-count":103,"publisher":"Association for Computing Machinery (ACM)","issue":"1","license":[{"start":{"date-parts":[[2024,11,9]],"date-time":"2024-11-09T00:00:00Z","timestamp":1731110400000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"funder":[{"name":"Horizon 2020 ERC Advanced","award":["101020005 Belfort"],"award-info":[{"award-number":["101020005 Belfort"]}]},{"name":"CyberSecurity Research Flanders","award":["VR20192203"],"award-info":[{"award-number":["VR20192203"]}]},{"name":"BE QCI: Belgian-QCI","award":["3E230370"],"award-info":[{"award-number":["3E230370"]}]}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":["ACM Trans. Embed. Comput. Syst."],"published-print":{"date-parts":[[2025,1,31]]},"abstract":"<jats:p>Recently, the construction of cryptographic schemes based on hard lattice problems has gained immense popularity. Apart from being quantum resistant, lattice-based cryptography allows a wide range of variations in the underlying hard problem. As cryptographic schemes can work in different environments under different operational constraints such as memory footprint, silicon area, efficiency, power requirement, and so on, such variations in the underlying hard problem are very useful for designers to construct different cryptographic schemes. In this work, we explore various design choices of lattice-based cryptography and their impact on performance in the real world. In particular, we propose a suite of key-encapsulation mechanisms based on the learning with rounding problem with a focus on improving different performance aspects of lattice-based cryptography. Our suite consists of three schemes. Our first scheme is Florete, which is designed for efficiency. The second scheme is Espada, which is aimed at improving parallelization, flexibility, and memory footprint. The last scheme is Sable, which can be considered an improved version in terms of key sizes and parameters of the Saber key-encapsulation mechanism, one of the finalists in the National Institute of Standards and Technology\u2019s post-quantum standardization procedure. In this work, we have described our design rationale behind each scheme.<\/jats:p>\n          <jats:p>Furthermore, to demonstrate the justification of our design decisions, we have provided software and hardware implementations. Our results show Florete is faster than most state-of-the-art KEMs on software platforms. For example, the key-generation algorithm of high-security version Florete outperforms the National Institute of Standards and Technology\u2019s standard Kyber by 47%, the Federal Office for Information Security\u2019s standard Frodo by 99%, and Saber by 57% on the ARM Cortex-M4 platform. Similarly, in hardware, Florete outperforms Frodo and NTRU Prime for all KEM operations. The scheme Espada requires less memory and area than the implementation of most state-of-the-art schemes. For example, the encapsulation algorithm of high-security version Espada uses 30% less stack memory than Kyber, 57% less stack memory than Frodo, and 67% less stack memory than Saber on the ARM Cortex-M4 platform. The implementations of Sable maintain a tradeoff between Florete and Espada regarding software performance and memory requirements. Sable outperforms Saber at least by 6% and Frodo by 99%. Through an efficient polynomial multiplier design, which exploits the small secret size, Sable outperforms most state-of-the-art KEMs, including Saber, Frodo, and NTRU Prime. The implementations of Sable that use number theoretic transform-based polynomial multiplication (SableNTT) surpass all the state-of-the-art schemes in performance, which are optimized for speed on the Cortext M4 platform. The performance benefit of SableNTT against Kyber lies in between 7-29%, 2-13% for Saber, and around 99% for Frodo.<\/jats:p>","DOI":"10.1145\/3696208","type":"journal-article","created":{"date-parts":[[2024,9,20]],"date-time":"2024-09-20T09:36:02Z","timestamp":1726824962000},"page":"1-40","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":4,"title":["Scabbard: An Exploratory Study on Hardware Aware Design Choices of Learning with Rounding-based Key Encapsulation Mechanisms"],"prefix":"10.1145","volume":"24","author":[{"ORCID":"https:\/\/orcid.org\/0000-0003-4354-852X","authenticated-orcid":false,"given":"Suparna","family":"Kundu","sequence":"first","affiliation":[{"name":"COSIC, KU Leuven Faculty of Engineering Science, Leuven, Belgium"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0003-0983-5664","authenticated-orcid":false,"given":"Quinten","family":"Norga","sequence":"additional","affiliation":[{"name":"COSIC, KU Leuven Faculty of Engineering Science, Leuven, Belgium"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0003-2594-588X","authenticated-orcid":false,"given":"Angshuman","family":"Karmakar","sequence":"additional","affiliation":[{"name":"Computer Science and Engineering, Indian Institute of Technology Kanpur, Kanpur, India"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0009-0003-0718-8384","authenticated-orcid":false,"given":"Shreya","family":"Gangopadhyay","sequence":"additional","affiliation":[{"name":"IIT Kharagpur, Kharagpur, India"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0003-0457-5728","authenticated-orcid":false,"given":"Jose Maria","family":"Bermudo Mera","sequence":"additional","affiliation":[{"name":"PQShield, Oxford, United Kingdom"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-0879-076X","authenticated-orcid":false,"given":"Ingrid","family":"Verbauwhede","sequence":"additional","affiliation":[{"name":"COSIC, KU Leuven Faculty of Engineering Science, Leuven, Belgium"}],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"320","published-online":{"date-parts":[[2024,11,9]]},"reference":[{"key":"e_1_3_4_2_2","doi-asserted-by":"publisher","DOI":"10.46586\/TCHES.V2022.I1.127-151"},{"key":"e_1_3_4_3_2","doi-asserted-by":"publisher","DOI":"10.1109\/TCSI.2022.3219555"},{"key":"e_1_3_4_4_2","first-page":"99","volume-title":"Proceedings of the 28th Annual ACM Symposium on the Theory of Computing","author":"Ajtai M.","year":"1996","unstructured":"M. Ajtai. 1996. Generating hard instances of lattice problems (extended abstract). In Proceedings of the 28th Annual ACM Symposium on the Theory of Computing. ACM, 99\u2013108."},{"key":"e_1_3_4_5_2","doi-asserted-by":"crossref","unstructured":"Gorjan Alagic Daniel Apon David Cooper Quynh Dang Thinh Dang John Kelsey Jacob Lichtinger Yi-Kai Liu Carl Miller Dustin Moody Rene Peralta Ray Perlner Angela Robinson and Daniel Smith-Tone. 2022. Status Report on the Third Round of the NIST Post-Quantum Cryptography Standardization Process. Retrieved January 26 2024 from https:\/\/nvlpubs.nist.gov\/nistpubs\/ir\/2022\/NIST.IR.8413-upd1.pdf","DOI":"10.6028\/NIST.IR.8413"},{"key":"e_1_3_4_6_2","first-page":"351","volume-title":"Proceedings of the 11th International Conference on Security and Cryptography for Networks, SCN 2018","volume":"11035","author":"Albrecht Martin R.","year":"2018","unstructured":"Martin R. Albrecht, Benjamin R. Curtis, Amit Deo, Alex Davidson, Rachel Player, Eamonn W. Postlethwaite, Fernando Virdia, and Thomas Wunderer. 2018. Estimate all the {LWE, NTRU} schemes!. In Proceedings of the 11th International Conference on Security and Cryptography for Networks, SCN 2018 . Dario Catalano and Roberto De Prisco (Eds.), Lecture Notes in Computer Science, Vol. 11035, Springer, 351\u2013367. DOI:10.1007\/978-3-319-98113-0_19"},{"key":"e_1_3_4_7_2","article-title":"On the concrete hardness of Learning with Errors","author":"Albrecht Martin R.","year":"2015","unstructured":"Martin R. Albrecht, Rachel Player, and Sam Scott. 2015. On the concrete hardness of Learning with Errors. Cryptology ePrint Archive, Report 2015\/046. Retrieved from https:\/\/eprint.iacr.org\/2015\/046","journal-title":"Cryptology ePrint Archive, Report 2015\/046"},{"key":"e_1_3_4_8_2","first-page":"327","volume-title":"Proceedings of the 25th USENIX Security Symposium, USENIX Security 16","author":"Alkim Erdem","year":"2016","unstructured":"Erdem Alkim, L\u00e9o Ducas, Thomas P\u00f6ppelmann, and Peter Schwabe. 2016. Post-quantum key exchange - a new hope. In Proceedings of the 25th USENIX Security Symposium, USENIX Security 16. Thorsten Holz and Stefan Savage (Eds.), USENIX Association, 327\u2013343. Retrieved from https:\/\/www.usenix.org\/conference\/usenixsecurity16\/technical-sessions\/presentation\/alkim"},{"key":"e_1_3_4_9_2","first-page":"589","article-title":"Dimension-preserving reductions from LWE to LWR","author":"Alperin-Sheriff Jacob","year":"2016","unstructured":"Jacob Alperin-Sheriff and Daniel Apon. 2016. Dimension-preserving reductions from LWE to LWR. IACR Cryptology ePrint Archive (2016), 589. Retrieved from http:\/\/eprint.iacr.org\/2016\/589","journal-title":"IACR Cryptology ePrint Archive"},{"key":"e_1_3_4_10_2","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"crossref","first-page":"57","DOI":"10.1007\/978-3-642-40041-4_4","volume-title":"CRYPTO 2013 - Proceedings of the 33rd Annual Cryptology Conference on Advances in Cryptology, Part I","volume":"8042","author":"Alwen Jo\u00ebl","year":"2013","unstructured":"Jo\u00ebl Alwen, Stephan Krenn, Krzysztof Pietrzak, and Daniel Wichs. 2013. Learning with rounding, revisited - new reduction, properties and applications. In CRYPTO 2013 - Proceedings of the 33rd Annual Cryptology Conference on Advances in Cryptology, Part I. Ran Canetti and Juan A. Garay (Eds.), Lecture Notes in Computer Science, Vol. 8042, Springer, 57\u201374. DOI:10.1007\/978-3-642-40041-4_4"},{"key":"e_1_3_4_11_2","article-title":"Defeating NewHope with a Single Trace","author":"Amiet Dorian","year":"2020","unstructured":"Dorian Amiet, Andreas Curiger, Lukas Leuenberger, and Paul Zbinden. 2020. Defeating NewHope with a Single Trace. Cryptology ePrint Archive, Report 2020\/368. Retrieved from https:\/\/ia.cr\/2020\/368","journal-title":"Cryptology ePrint Archive, Report 2020\/368"},{"key":"e_1_3_4_12_2","unstructured":"Jean-Philippe Aumasson Daniel J. Bernstein Ward Beullens Christoph Dobraunig Maria Eichlseder Scott Fluhrer Stefan-Lukas Gazdag Andreas Hulsing Panos Kampanakis Stefan K\u00f6lbl Tanja Lange Florian Mendel Martin M. Lauridsen Ruben Niederhagen Christian Rechberger Joost Rijneveld Peter Schwabe and Bas Westerbaan. 2018. SPHINCS+ Submission to the NIST post-quantum project v.3.1. Retrieved March 14 2024 from https:\/\/sphincs.org\/data\/sphincs+-r3.1-specification.pdf"},{"key":"e_1_3_4_13_2","doi-asserted-by":"publisher","DOI":"10.1145\/3476799"},{"key":"e_1_3_4_14_2","doi-asserted-by":"crossref","first-page":"719","DOI":"10.1007\/978-3-642-29011-4_42","volume-title":"Advances in Cryptology - EUROCRYPT 2012-31st Annual International Conference on the Theory and Applications of Cryptographic Techniques","volume":"7237","author":"Banerjee Abhishek","year":"2012","unstructured":"Abhishek Banerjee, Chris Peikert, and Alon Rosen. 2012. Pseudorandom functions and lattices. In Advances in Cryptology - EUROCRYPT 2012-31st Annual International Conference on the Theory and Applications of Cryptographic Techniques. David Pointcheval and Thomas Johansson (Eds.), Lecture Notes in Computer Science, Vol. 7237, Springer, 719\u2013737. DOI:10.1007\/978-3-642-29011-4_42"},{"key":"e_1_3_4_15_2","article-title":"SABER: Mod-LWR based KEM (Round 3 Submission)","author":"Basso Andrea","year":"2020","unstructured":"Andrea Basso, Jose Maria Bermudo Mera, Jan-Pieter D\u2019Anvers, Angshuman Karmakar, Sujoy Sinha Roy, Michiel Van Beirendonck, and Frederik Vercauteren. 2020. SABER: Mod-LWR based KEM (Round 3 Submission). Retrieved July 3, 2021 from https:\/\/www.esat.kuleuven.be\/cosic\/pqcrypto\/saber\/files\/saberspecround3.pdf. https:\/\/www.esat.kuleuven.be\/cosic\/pqcrypto\/saber\/files\/saberspecround3.pdf","journal-title":"https:\/\/www.esat.kuleuven.be\/cosic\/pqcrypto\/saber\/files\/saberspecround3.pdf"},{"key":"e_1_3_4_16_2","first-page":"10","volume-title":"Proceedings of the 27th Annual ACM-SIAM Symposium on Discrete Algorithms, SODA 2016","author":"Becker Anja","year":"2016","unstructured":"Anja Becker, L\u00e9o Ducas, Nicolas Gama, and Thijs Laarhoven. 2016. New directions in nearest neighbor searching with applications to lattice sieving. In Proceedings of the 27th Annual ACM-SIAM Symposium on Discrete Algorithms, SODA 2016. Robert Krauthgamer (Ed.), SIAM, 10\u201324. DOI:10.1137\/1.9781611974331.CH2"},{"key":"e_1_3_4_17_2","doi-asserted-by":"crossref","unstructured":"Hanno Becker Vincent Hwang Matthias J. Kannwischer Bo-Yin Yang and Shang-Yi Yang. 2021. Neon NTT: Faster Dilithium Kyber and Saber on Cortex-A72 and Apple M1. Cryptology ePrint Archive Paper 2021\/986. Retrieved from https:\/\/eprint.iacr.org\/2021\/986","DOI":"10.46586\/tches.v2022.i1.221-244"},{"key":"e_1_3_4_18_2","article-title":"A Side-Channel Resistant Implementation of SABER","author":"Beirendonck Michiel Van","year":"2020","unstructured":"Michiel Van Beirendonck, Jan-Pieter D\u2019Anvers, Angshuman Karmakar, Josep Balasch, and Ingrid Verbauwhede. 2020. A Side-Channel Resistant Implementation of SABER. Cryptology ePrint Archive, Report 2020\/733. Retrieved from https:\/\/ia.cr\/2020\/733","journal-title":"Cryptology ePrint Archive, Report 2020\/733"},{"key":"e_1_3_4_19_2","doi-asserted-by":"publisher","DOI":"10.46586\/tches.v2021.i4.474-509"},{"key":"e_1_3_4_20_2","first-page":"1049","article-title":"KyberSlash: Exploiting secret-dependent division timings in Kyber implementations","author":"Bernstein Daniel J.","year":"2024","unstructured":"Daniel J. Bernstein, Karthikeyan Bhargavan, Shivam Bhasin, Anupam Chattopadhyay, Tee Kiah Chia, Matthias J. Kannwischer, Franziskus Kiefer, Thales Paiva, Prasanna Ravi, and Goutam Tamvada. 2024. KyberSlash: Exploiting secret-dependent division timings in Kyber implementations. IACR Cryptology ePrint Archive (2024), 1049. Retrieved from https:\/\/eprint.iacr.org\/2024\/1049","journal-title":"IACR Cryptology ePrint Archive"},{"key":"e_1_3_4_21_2","article-title":"NTRU Prime: Reducing attack surface at low cost","author":"Bernstein Daniel J.","year":"2016","unstructured":"Daniel J. Bernstein, Chitchanok Chuengsatiansup, Tanja Lange, and Christine van Vredendaal. 2016. NTRU Prime: Reducing attack surface at low cost. Cryptology ePrint Archive, Report 2016\/461. Retrieved from https:\/\/eprint.iacr.org\/2016\/461","journal-title":"Cryptology ePrint Archive, Report 2016\/461"},{"key":"e_1_3_4_22_2","first-page":"1220","article-title":"Quasi-linear masking to protect Kyber against both SCA and FIA","author":"Berthet Pierre-Augustin","year":"2023","unstructured":"Pierre-Augustin Berthet, C\u00e9dric Tavernier, Jean-Luc Danger, and Laurent Sauvage. 2023. Quasi-linear masking to protect Kyber against both SCA and FIA. IACR Cryptology ePrint Archive (2023), 1220. Retrieved from https:\/\/eprint.iacr.org\/2023\/1220","journal-title":"IACR Cryptology ePrint Archive"},{"key":"e_1_3_4_23_2","doi-asserted-by":"crossref","first-page":"39","DOI":"10.1109\/FDTC53659.2021.00015","volume-title":"Proceedings of the 18th Workshop on Fault Detection and Tolerance in Cryptography, FDTC 2021","author":"Bettale Luk","year":"2021","unstructured":"Luk Bettale, Simon Montoya, and Gu\u00e9na\u00ebl Renault. 2021. Safe-error analysis of post-quantum cryptography mechanisms - short paper-. In Proceedings of the 18th Workshop on Fault Detection and Tolerance in Cryptography, FDTC 2021. IEEE, 39\u201344. DOI:10.1109\/FDTC53659.2021.00015"},{"key":"e_1_3_4_24_2","article-title":"Round5: KEM and PKE based on GLWR","author":"Bhattacharya Sauvik","year":"2018","unstructured":"Sauvik Bhattacharya, Oscar Garcia-Morchon, Thijs Laarhoven, Ronald Rietman, Markku-Juhani O. Saarinen, Ludo Tolhuizen, and Zhenfei Zhang. 2018. Round5: KEM and PKE based on GLWR. Cryptology ePrint Archive, Report 2018\/725. Retrieved from https:\/\/eprint.iacr.org\/2018\/725","journal-title":"Cryptology ePrint Archive, Report 2018\/725"},{"key":"e_1_3_4_25_2","article-title":"High-Speed NTT-based Polynomial Multiplication Accelerator for CRYSTALS-Kyber Post-Quantum Cryptography","author":"Bisheh-Niasar Mojtaba","year":"2021","unstructured":"Mojtaba Bisheh-Niasar, Reza Azarderakhsh, and Mehran Mozaffari-Kermani. 2021. High-Speed NTT-based Polynomial Multiplication Accelerator for CRYSTALS-Kyber Post-Quantum Cryptography. Cryptology ePrint Archive, Paper 2021\/563. Retrieved from https:\/\/eprint.iacr.org\/2021\/563","journal-title":"Cryptology ePrint Archive, Paper 2021\/563"},{"key":"e_1_3_4_26_2","first-page":"209","volume-title":"Proceedings of the 13th International Conference on Theory of Cryptography, TCC 2016-A,, Part I","volume":"9562","author":"Bogdanov Andrej","year":"2016","unstructured":"Andrej Bogdanov, Siyao Guo, Daniel Masny, Silas Richelson, and Alon Rosen. 2016. On the hardness of learning with rounding over small modulus. In Proceedings of the 13th International Conference on Theory of Cryptography, TCC 2016-A,, Part I. Eyal Kushilevitz and Tal Malkin (Eds.), Lecture Notes in Computer Science, Vol. 9562, Springer, 209\u2013224. DOI:10.1007\/978-3-662-49096-9_9"},{"key":"e_1_3_4_27_2","doi-asserted-by":"crossref","first-page":"37","DOI":"10.1007\/3-540-69053-0_4","volume-title":"Advances in Cryptology - EUROCRYPT \u201997, International Conference on the Theory and Application of Cryptographic Techniques","volume":"1233","author":"Boneh Dan","year":"1997","unstructured":"Dan Boneh, Richard A. DeMillo, and Richard J. Lipton. 1997. On the importance of checking cryptographic protocols for faults (extended abstract). In Advances in Cryptology - EUROCRYPT \u201997, International Conference on the Theory and Application of Cryptographic Techniques. Walter Fumy (Ed.), Lecture Notes in Computer Science, Vol. 1233, Springer, 37\u201351. DOI:10.1007\/3-540-69053-0_4"},{"key":"e_1_3_4_28_2","article-title":"CRYSTALS \u2013 Kyber: A CCA-secure module-lattice-based KEM","author":"Bos Joppe","year":"2017","unstructured":"Joppe Bos, L\u00e9o Ducas, Eike Kiltz, Tancr\u00e8de Lepoint, Vadim Lyubashevsky, John M. Schanck, Peter Schwabe, Gregor Seiler, and Damien Stehl\u00e9. 2017. CRYSTALS \u2013 Kyber: A CCA-secure module-lattice-based KEM. Cryptology ePrint Archive, Report 2017\/634. Retrieved from https:\/\/ia.cr\/2017\/634.","journal-title":"Cryptology ePrint Archive, Report 2017\/634"},{"key":"e_1_3_4_29_2","doi-asserted-by":"publisher","DOI":"10.46586\/TCHES.V2023.I3.74-96"},{"key":"e_1_3_4_30_2","first-page":"1006","volume-title":"Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security","author":"Bos Joppe W.","year":"2016","unstructured":"Joppe W. Bos, Craig Costello, L\u00e9o Ducas, Ilya Mironov, Michael Naehrig, Valeria Nikolaenko, Ananth Raghunathan, and Douglas Stebila. 2016. Frodo: Take off the ring! Practical, quantum-secure key exchange from LWE. In Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security. Edgar R. Weippl, Stefan Katzenbeisser, Christopher Kruegel, Andrew C. Myers, and Shai Halevi (Eds.), ACM, 1006\u20131018. DOI:10.1145\/2976749.2978425"},{"key":"e_1_3_4_31_2","article-title":"Bitslicing Arithmetic\/Boolean Masking Conversions for Fun and Profit with Application to Lattice-Based KEMs","author":"Bronchain Olivier","year":"2022","unstructured":"Olivier Bronchain and Ga\u00ebtan Cassiers. 2022. Bitslicing Arithmetic\/Boolean Masking Conversions for Fun and Profit with Application to Lattice-Based KEMs. Cryptology ePrint Archive, Report 2022\/158. Retrieved from https:\/\/ia.cr\/2022\/158.","journal-title":"Cryptology ePrint Archive, Report 2022\/158"},{"key":"e_1_3_4_32_2","series-title":"STOC 2021","doi-asserted-by":"crossref","first-page":"694","DOI":"10.1145\/3406325.3451000","volume-title":"Proceedings of the 53rd Annual ACM SIGACT Symposium on Theory of Computing","author":"Bruna Joan","year":"2021","unstructured":"Joan Bruna, Oded Regev, Min Jae Song, and Yi Tang. 2021. Continuous LWE. In Proceedings of the 53rd Annual ACM SIGACT Symposium on Theory of Computing (Virtual, Italy) (STOC 2021). ACM, New York, NY, USA, 694\u2013707. DOI:10.1145\/3406325.3451000"},{"key":"e_1_3_4_33_2","article-title":"Cryptographic Mechanisms: Recommendations and Key Lengths","year":"2023","unstructured":"BSI. 2023. Cryptographic Mechanisms: Recommendations and Key Lengths. Retrieved October 4, 2024 from https:\/\/www.bsi.bund.de\/SharedDocs\/Downloads\/EN\/BSI\/Publications\/TechGuidelines\/TG02102\/BSI-TR-02102-1.pdf?__blob=publicationFile&v=10","journal-title":"https:\/\/www.bsi.bund.de\/SharedDocs\/Downloads\/EN\/BSI\/Publications\/TechGuidelines\/TG02102\/BSI-TR-02102-1.pdf?__blob=publicationFile&v=10"},{"key":"e_1_3_4_34_2","doi-asserted-by":"crossref","first-page":"2","DOI":"10.1145\/2899007.2899011","volume-title":"Proceedings of the 2nd ACM International Workshop on IoT Privacy, Trust, and Security, IoTPTS@AsiaCCS","author":"Buchmann Johannes","year":"2016","unstructured":"Johannes Buchmann, Florian G\u00f6pfert, Tim G\u00fcneysu, Tobias Oder, and Thomas P\u00f6ppelmann. 2016. High-performance and lightweight lattice-based public-key encryption. In Proceedings of the 2nd ACM International Workshop on IoT Privacy, Trust, and Security, IoTPTS@AsiaCCS. Richard Chow and G\u00f6kay Saldamli (Eds.), ACM, 2\u20139. DOI:10.1145\/2899007.2899011"},{"key":"e_1_3_4_35_2","doi-asserted-by":"crossref","first-page":"398","DOI":"10.1007\/3-540-48405-1_26","volume-title":"Advances in Cryptology \u2014 CRYPTO\u2019 99","author":"Chari Suresh","year":"1999","unstructured":"Suresh Chari, Charanjit S. Jutla, Josyula R. Rao, and Pankaj Rohatgi. 1999. Towards sound approaches to counteract power-analysis attacks. In Advances in Cryptology \u2014 CRYPTO\u2019 99. Michael Wiener (Ed.), Springer Berlin Heidelberg, Berlin, 398\u2013412."},{"key":"e_1_3_4_36_2","first-page":"739","article-title":"SMAUG: Pushing lattice-based key encapsulation mechanisms to the limits","author":"Cheon Jung Hee","year":"2023","unstructured":"Jung Hee Cheon, Hyeongmin Choe, Dongyeon Hong, and MinJune Yi. 2023. SMAUG: Pushing lattice-based key encapsulation mechanisms to the limits. IACR Cryptology ePrint Archive (2023), 739. Retrieved from https:\/\/eprint.iacr.org\/2023\/739","journal-title":"IACR Cryptology ePrint Archive"},{"key":"e_1_3_4_37_2","article-title":"NTT Multiplication for NTT-unfriendly Rings","author":"Chung Chi-Ming Marvin","year":"2020","unstructured":"Chi-Ming Marvin Chung, Vincent Hwang, Matthias J. Kannwischer, Gregor Seiler, Cheng-Jhih Shih, and Bo-Yin Yang. 2020. NTT Multiplication for NTT-unfriendly Rings. Cryptology ePrint Archive, Report 2020\/1397. Retrieved from https:\/\/eprint.iacr.org\/2020\/1397.","journal-title":"Cryptology ePrint Archive, Report 2020\/1397"},{"issue":"2","key":"e_1_3_4_38_2","doi-asserted-by":"crossref","first-page":"159","DOI":"10.46586\/tches.v2021.i2.159-188","article-title":"NTT multiplication for NTT-unfriendly rings: New speed records for Saber and NTRU on Cortex-M4 and AVX2","volume":"2021","author":"Chung Chi-Ming Marvin","year":"2021","unstructured":"Chi-Ming Marvin Chung, Vincent Hwang, Matthias J. Kannwischer, Gregor Seiler, Cheng-Jhih Shih, and Bo-Yin Yang. 2021. NTT multiplication for NTT-unfriendly rings: New speed records for Saber and NTRU on Cortex-M4 and AVX2. IACR Transactions on Cryptographic Hardware and Embedded Systems 2021, 2 (Feb.2021), 159\u2013188.","journal-title":"IACR Transactions on Cryptographic Hardware and Embedded Systems"},{"key":"e_1_3_4_39_2","article-title":"LWE with Side Information: Attacks and Concrete Security Estimation","author":"Dachman-Soled Dana","year":"2020","unstructured":"Dana Dachman-Soled, L\u00e9o Ducas, Huijing Gong, and M\u00e9lissa Rossi. 2020. LWE with Side Information: Attacks and Concrete Security Estimation. Cryptology ePrint Archive, Report 2020\/292. Retrieved from https:\/\/eprint.iacr.org\/2020\/292.","journal-title":"Cryptology ePrint Archive, Report 2020\/292"},{"key":"e_1_3_4_40_2","doi-asserted-by":"crossref","first-page":"206","DOI":"10.1109\/ICFPT47387.2019.00032","volume-title":"Proceedings of the 2019 International Conference on Field-Programmable Technology (ICFPT)","author":"Dang Viet B.","year":"2019","unstructured":"Viet B. Dang, Farnoud Farahmand, Michal Andrzejczak, and Kris Gaj. 2019. Implementing and benchmarking three lattice-based post-quantum cryptography algorithms using software\/hardware codesign. In Proceedings of the 2019 International Conference on Field-Programmable Technology (ICFPT). 206\u2013214. DOI:10.1109\/ICFPT47387.2019.00032"},{"key":"e_1_3_4_41_2","doi-asserted-by":"publisher","DOI":"10.1109\/TC.2022.3222954"},{"key":"e_1_3_4_42_2","article-title":"Timing attacks on Error Correcting Codes in Post-Quantum Schemes","author":"D\u2019Anvers Jan-Pieter","year":"2019","unstructured":"Jan-Pieter D\u2019Anvers, Marcel Tiepelt, Frederik Vercauteren, and Ingrid Verbauwhede. 2019. Timing attacks on Error Correcting Codes in Post-Quantum Schemes. Cryptology ePrint Archive, Report 2019\/292. Retrieved from https:\/\/eprint.iacr.org\/2019\/292.","journal-title":"Cryptology ePrint Archive, Report 2019\/292"},{"key":"e_1_3_4_43_2","doi-asserted-by":"publisher","DOI":"10.46586\/tches.v2022.i4.637-660"},{"key":"e_1_3_4_44_2","doi-asserted-by":"publisher","DOI":"10.13154\/tches.v2018.i1.238-268"},{"key":"e_1_3_4_45_2","doi-asserted-by":"publisher","unstructured":"Morris Dworkin. 2015. SHA-3 Standard: Permutation-Based Hash and Extendable-Output Functions. Federal Information Processing Standards Publication 202. DOI:10.6028\/NIST.FIPS.202","DOI":"10.6028\/NIST.FIPS.202"},{"key":"e_1_3_4_46_2","doi-asserted-by":"publisher","DOI":"10.1109\/JIOT.2020.2979318"},{"key":"e_1_3_4_47_2","unstructured":"Pierre-Alain Fouque Jeffrey Hoffstein Paul Kirchner Vadim Lyubashevsky Thomas Pornin Thomas Prest Thomas Ricosset Gregor Seiler William Whyte and Zhenfei Zhang. 2018. Falcon: Fast-Fourier Lattice-based Compact Signatures over NTRU. Retrieved March 14 2024 from https:\/\/falcon-sign.info\/"},{"key":"e_1_3_4_48_2","doi-asserted-by":"publisher","DOI":"10.1007\/s00145-011-9114-1"},{"key":"e_1_3_4_49_2","first-page":"1","volume-title":"Proceedings of the IEEE Custom Integrated Circuits Conference, CICC 2022","author":"Ghosh Archisman","year":"2022","unstructured":"Archisman Ghosh, Jose Maria Bermudo Mera, Angshuman Karmakar, Debayan Das, Santosh Ghosh, Ingrid Verbauwhede, and Shreyas Sen. 2022. A 334uW 0.158mm2 Saber learning with rounding based post-quantum crypto accelerator. In Proceedings of the IEEE Custom Integrated Circuits Conference, CICC 2022. IEEE, 1\u20132. DOI:10.1109\/CICC53496.2022.9772859"},{"key":"e_1_3_4_50_2","doi-asserted-by":"publisher","DOI":"10.1109\/JSSC.2023.3253425"},{"key":"e_1_3_4_51_2","doi-asserted-by":"publisher","DOI":"10.1109\/JSSC.2023.3253425"},{"key":"e_1_3_4_52_2","article-title":"Attack on LAC Key Exchange in Misuse Situation","author":"Greuet Aurelien","year":"2020","unstructured":"Aurelien Greuet, Simon Montoya, and Guenael Renault. 2020. Attack on LAC Key Exchange in Misuse Situation. Cryptology ePrint Archive, Report 2020\/063. Retrieved from https:\/\/eprint.iacr.org\/2020\/063.","journal-title":"Cryptology ePrint Archive, Report 2020\/063"},{"key":"e_1_3_4_53_2","first-page":"212","volume-title":"Proceedings of the 28th Annual ACM Symposium on the Theory of Computing","author":"Grover Lov K.","year":"1996","unstructured":"Lov K. Grover. 1996. A fast quantum mechanical algorithm for database search. In Proceedings of the 28th Annual ACM Symposium on the Theory of Computing. Gary L. Miller (Ed.), ACM, 212\u2013219. DOI:10.1145\/237814.237866"},{"key":"e_1_3_4_54_2","article-title":"Post Quantum Cryptography \u2013 Guidelines for Telecom Use Cases","year":"2024","unstructured":"GSMA. 2024. Post Quantum Cryptography \u2013 Guidelines for Telecom Use Cases. Retrieved October 4, 2024 from https:\/\/www.gsma.com\/newsroom\/wp-content\/uploads\/\/PQ.03-Post-Quantum-Cryptography-Guidelines-for- Telecom-Use-v1.0.pdf. https:\/\/www.gsma.com\/newsroom\/wp-content\/uploads\/\/PQ.03-Post-Quantum-Cryptogra-phy-Guidelines-for-Telecom-Use-v1.0.pdf","journal-title":"https:\/\/www.gsma.com\/newsroom\/wp-content\/uploads\/\/PQ.03-Post-Quantum-Cryptography-Guidelines-for- Telecom-Use-v1.0.pdf"},{"key":"e_1_3_4_55_2","article-title":"A key-recovery timing attack on post-quantum primitives using the Fujisaki-Okamoto transformation and its application on FrodoKEM","author":"Guo Qian","year":"2020","unstructured":"Qian Guo, Thomas Johansson, and Alexander Nilsson. 2020. A key-recovery timing attack on post-quantum primitives using the Fujisaki-Okamoto transformation and its application on FrodoKEM. Cryptology ePrint Archive, Report 2020\/743. Retrieved from https:\/\/ia.cr\/2020\/743.","journal-title":"Cryptology ePrint Archive, Report 2020\/743"},{"key":"e_1_3_4_56_2","article-title":"A Novel CCA Attack using Decryption Errors against LAC","author":"Guo Qian","year":"2019","unstructured":"Qian Guo, Thomas Johansson, and Jing Yang. 2019. A Novel CCA Attack using Decryption Errors against LAC. Cryptology ePrint Archive, Report 2019\/1308. Retrieved from https:\/\/eprint.iacr.org\/2019\/1308.","journal-title":"Cryptology ePrint Archive, Report 2019\/1308"},{"key":"e_1_3_4_57_2","first-page":"58","article-title":"First-order masked Kyber on ARM Cortex-M4","author":"Heinz Daniel","year":"2022","unstructured":"Daniel Heinz, Matthias J. Kannwischer, Georg Land, Thomas P\u00f6ppelmann, Peter Schwabe, and Daan Sprenkels. 2022. First-order masked Kyber on ARM Cortex-M4. IACR Cryptology ePrint Archive (2022), 58. Retrieved from https:\/\/eprint.iacr.org\/2022\/058","journal-title":"IACR Cryptology ePrint Archive"},{"key":"e_1_3_4_58_2","first-page":"239","volume-title":"Proceedings of the 4th International Conference on Applied Cryptography and Network Security, ACNS 2006","volume":"3989","author":"Herbst Christoph","year":"2006","unstructured":"Christoph Herbst, Elisabeth Oswald, and Stefan Mangard. 2006. An AES smart card implementation resistant to power analysis attacks. In Proceedings of the 4th International Conference on Applied Cryptography and Network Security, ACNS 2006. Jianying Zhou, Moti Yung, and Feng Bao (Eds.), Lecture Notes in Computer Science, Vol. 3989, Springer, 239\u2013252. DOI:10.1007\/11767480_16"},{"key":"e_1_3_4_59_2","first-page":"311","volume-title":"Progress in Cryptology - INDOCRYPT 2021-22nd International Conference on Cryptology in India","volume":"13143","author":"Hermelink Julius","year":"2021","unstructured":"Julius Hermelink, Peter Pessl, and Thomas P\u00f6ppelmann. 2021. Fault-enabled chosen-ciphertext attacks on Kyber. In Progress in Cryptology - INDOCRYPT 2021-22nd International Conference on Cryptology in India. Avishek Adhikari, Ralf K\u00fcsters, and Bart Preneel (Eds.), Lecture Notes in Computer Science, Vol. 13143. Springer, 311\u2013334. DOI:10.1007\/978-3-030-92518-5_15"},{"key":"e_1_3_4_60_2","doi-asserted-by":"crossref","first-page":"267","DOI":"10.1007\/BFb0054868","volume-title":"Proceedings of the 3rd International Symposium on Algorithmic Number Theory, ANTS-III","volume":"1423","author":"Hoffstein Jeffrey","year":"1998","unstructured":"Jeffrey Hoffstein, Jill Pipher, and Joseph H. Silverman. 1998. NTRU: A ring-based public key cryptosystem. In Proceedings of the 3rd International Symposium on Algorithmic Number Theory, ANTS-III. Joe Buhler (Ed.), Lecture Notes in Computer Science, Vol. 1423, Springer, 267\u2013288. DOI:10.1007\/BFb0054868"},{"key":"e_1_3_4_61_2","first-page":"341","volume-title":"Proceedings of the 15th International Conference on Theory of Cryptography, TCC 2017, Part I","volume":"10677","author":"Hofheinz Dennis","year":"2017","unstructured":"Dennis Hofheinz, Kathrin H\u00f6velmanns, and Eike Kiltz. 2017. A modular analysis of the Fujisaki-Okamoto transformation. In Proceedings of the 15th International Conference on Theory of Cryptography, TCC 2017, Part I. Yael Kalai and Leonid Reyzin (Eds.), Lecture Notes in Computer Science, Vol. 10677, Springer, 341\u2013371. DOI:10.1007\/978-3-319-70500-2_12"},{"key":"e_1_3_4_62_2","doi-asserted-by":"publisher","DOI":"10.13154\/tches.v2018.i3.372-393"},{"key":"e_1_3_4_63_2","article-title":"Improved Plantard Arithmetic for Lattice-based Cryptography","author":"Huang Junhao","year":"2022","unstructured":"Junhao Huang, Jipeng Zhang, Haosong Zhao, Zhe Liu, Ray C. C. Cheung, \u00c7etin Kaya Ko\u00e7, and Donglong Chen. 2022. Improved Plantard Arithmetic for Lattice-based Cryptography. Cryptology ePrint Archive, Paper 2022\/956. Retrieved from https:\/\/eprint.iacr.org\/2022\/956","journal-title":"Cryptology ePrint Archive, Paper 2022\/956"},{"key":"e_1_3_4_64_2","article-title":"Power Analysis on NTRU Prime","author":"Huang Wei-Lun","year":"2019","unstructured":"Wei-Lun Huang, Jiun-Peng Chen, and Bo-Yin Yang. 2019. Power Analysis on NTRU Prime. Cryptology ePrint Archive, Report 2019\/100. Retrieved from https:\/\/ia.cr\/2019\/100.","journal-title":"Cryptology ePrint Archive, Report 2019\/100"},{"key":"e_1_3_4_65_2","first-page":"1096","article-title":"Post-quantum IND-CCA-secure KEM without additional hash","volume":"2017","author":"Jiang Haodong","year":"2017","unstructured":"Haodong Jiang, Zhenfeng Zhang, Long Chen, Hong Wang, and Zhi Ma. 2017. Post-quantum IND-CCA-secure KEM without additional hash. IACR Cryptology ePrint Archive 2017 (2017), 1096. Retrieved from http:\/\/eprint.iacr.org\/2017\/1096","journal-title":"IACR Cryptology ePrint Archive"},{"key":"e_1_3_4_66_2","article-title":"Faster multiplication in  \\(\\mathbb {Z}_{2^m}[x]\\)  on Cortex-M4 to speed up NIST PQC candidates","author":"Kannwischer Matthias J.","year":"2018","unstructured":"Matthias J. Kannwischer, Joost Rijneveld, and Peter Schwabe. 2018. Faster multiplication in \\(\\mathbb {Z}_{2^m}[x]\\) on Cortex-M4 to speed up NIST PQC candidates. Cryptology ePrint Archive, Report 2018\/1018. Retrieved from https:\/\/eprint.iacr.org\/2018\/1018,.","journal-title":"Cryptology ePrint Archive, Report 2018\/1018"},{"key":"e_1_3_4_67_2","article-title":"Faster multiplication in  \\(\\mathbb {Z}_{2^m}[x]\\)  on Cortex-M4 to speed up NIST PQC candidates","author":"Kannwischer Matthias J.","year":"2018","unstructured":"Matthias J. Kannwischer, Joost Rijneveld, and Peter Schwabe. 2018. Faster multiplication in \\(\\mathbb {Z}_{2^m}[x]\\) on Cortex-M4 to speed up NIST PQC candidates. Cryptology ePrint Archive, Report 2018\/1018. Retrieved from https:\/\/ia.cr\/2018\/1018.","journal-title":"Cryptology ePrint Archive, Report 2018\/1018"},{"key":"e_1_3_4_68_2","unstructured":"Matthias J. Kannwischer Joost Rijneveld Peter Schwabe and Ko Stoffelen. 2020. PQM4: Post-quantum crypto library for the ARM Cortex-M4. Retrieved from https:\/\/github.com\/mupq\/pqm4."},{"key":"e_1_3_4_69_2","doi-asserted-by":"publisher","DOI":"10.13154\/tches.v2018.i3.243-266"},{"key":"e_1_3_4_70_2","doi-asserted-by":"publisher","DOI":"10.1109\/TIFS.2023.3299172"},{"key":"e_1_3_4_71_2","doi-asserted-by":"crossref","first-page":"104","DOI":"10.1007\/3-540-68697-5_9","volume-title":"CRYPTO \u201996, Proceedings of the 16th Annual International Cryptology Conference on Advances in Cryptology","volume":"1109","author":"Kocher Paul C.","year":"1996","unstructured":"Paul C. Kocher. 1996. Timing attacks on implementations of Diffie-Hellman, RSA, DSS, and other systems. In CRYPTO \u201996, Proceedings of the 16th Annual International Cryptology Conference on Advances in Cryptology. Neal Koblitz (Ed.), Lecture Notes in Computer Science, Vol. 1109, Springer, 104\u2013113. DOI:10.1007\/3-540-68697-5_9"},{"key":"e_1_3_4_72_2","first-page":"388","volume-title":"CRYPTO \u201999, Proceedings of the 19th Annual International Cryptology Conference on Advances in Cryptology","volume":"1666","author":"Kocher Paul C.","year":"1999","unstructured":"Paul C. Kocher, Joshua Jaffe, and Benjamin Jun. 1999. Differential power analysis. In CRYPTO \u201999, Proceedings of the 19th Annual International Cryptology Conference on Advances in Cryptology. Michael J. Wiener (Ed.), Lecture Notes in Computer Science, Vol. 1666, Springer, 388\u2013397. DOI:10.1007\/3-540-48405-1_25"},{"key":"e_1_3_4_73_2","doi-asserted-by":"publisher","DOI":"10.1007\/11554578_3"},{"key":"e_1_3_4_74_2","article-title":"Korean PQC competition","year":"2021","unstructured":"KpqC. 2021. Korean PQC competition. Retrieved January 10, 2024 from https:\/\/www.kpqc.or.kr\/competition.html","journal-title":"https:\/\/www.kpqc.or.kr\/competition.html"},{"key":"e_1_3_4_75_2","doi-asserted-by":"publisher","DOI":"10.46586\/TCHES.V2024.I2.844-869"},{"key":"e_1_3_4_76_2","doi-asserted-by":"crossref","first-page":"93","DOI":"10.1007\/978-3-031-14791-3_5","volume-title":"Security and Cryptography for Networks","author":"Kundu Suparna","year":"2022","unstructured":"Suparna Kundu, Jan-Pieter D\u2019Anvers, Michiel Van Beirendonck, Angshuman Karmakar, and Ingrid Verbauwhede. 2022. Higher-order masked Saber. In Security and Cryptography for Networks. Clemente Galdi and Stanislaw Jarecki (Eds.), Springer International Publishing, Cham, 93\u2013116."},{"key":"e_1_3_4_77_2","article-title":"Rudraksh: A compact and lightweight post-quantum key-encapsulation mechanism","author":"Kundu Suparna","year":"2024","unstructured":"Suparna Kundu, Archisman Ghosh, Angshuman Karmakar, Shreyas Sen, and Ingrid Verbauwhede. 2024. Rudraksh: A compact and lightweight post-quantum key-encapsulation mechanism. Cryptology ePrint Archive, Paper 2024\/1170. Retrieved from https:\/\/eprint.iacr.org\/2024\/1170","journal-title":"Cryptology ePrint Archive, Paper 2024\/1170"},{"key":"e_1_3_4_78_2","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"crossref","first-page":"162","DOI":"10.1007\/978-3-031-51583-5_10","volume-title":"Proceedings of the 13th International Conference on Security, Privacy, and Applied Cryptography Engineering, SPACE 2023","volume":"14412","author":"Kundu Suparna","year":"2023","unstructured":"Suparna Kundu, Angshuman Karmakar, and Ingrid Verbauwhede. 2023. On the masking-friendly designs for post-quantum cryptography. In Proceedings of the 13th International Conference on Security, Privacy, and Applied Cryptography Engineering, SPACE 2023. Francesco Regazzoni, Bodhisatwa Mazumdar, and Sri Parameswaran (Eds.), Lecture Notes in Computer Science, Vol. 14412, Springer, 162\u2013184. DOI:10.1007\/978-3-031-51583-5_10"},{"key":"e_1_3_4_79_2","doi-asserted-by":"publisher","DOI":"10.1007\/s10623-014-9938-4"},{"key":"e_1_3_4_80_2","doi-asserted-by":"crossref","first-page":"124","DOI":"10.1007\/978-3-319-48965-0_8","volume-title":"Cryptology and Network Security","author":"Longa Patrick","year":"2016","unstructured":"Patrick Longa and Michael Naehrig. 2016. Speeding up the number theoretic transform for faster ideal lattice-based cryptography. In Cryptology and Network Security. Sara Foresti and Giuseppe Persiano (Eds.), Springer International Publishing, Cham, 124\u2013139."},{"key":"e_1_3_4_81_2","article-title":"LAC: Practical Ring-LWE Based Public-Key Encryption with Byte-Level Modulus","author":"Lu Xianhui","year":"2018","unstructured":"Xianhui Lu, Yamin Liu, Zhenfei Zhang, Dingding Jia, Haiyang Xue, Jingnan He, Bao Li, and Kunpeng Wang. 2018. LAC: Practical Ring-LWE Based Public-Key Encryption with Byte-Level Modulus. Cryptology ePrint Archive, Report 2018\/1009. Retrieved from https:\/\/eprint.iacr.org\/2018\/1009.","journal-title":"Cryptology ePrint Archive, Report 2018\/1009"},{"key":"e_1_3_4_82_2","first-page":"1","volume-title":"Advances in Cryptology \u2013 EUROCRYPT 2010: 29th Annual International Conference on the Theory and Applications of Cryptographic Techniques, French Riviera","author":"Lyubashevsky Vadim","year":"2010","unstructured":"Vadim Lyubashevsky, Chris Peikert, and Oded Regev. 2010. On ideal lattices and learning with errors over rings. In Advances in Cryptology \u2013 EUROCRYPT 2010: 29th Annual International Conference on the Theory and Applications of Cryptographic Techniques, French Riviera. Henri Gilbert (Ed.), Springer Berlin Heidelberg, Berlin, 1\u201323. DOI:10.1007\/978-3-642-13190-5_1"},{"key":"e_1_3_4_83_2","first-page":"268","article-title":"Time-memory trade-off in Toom-Cook multiplication: An application to module-lattice based cryptography","volume":"2020","author":"Mera Jose Maria Bermudo","year":"2020","unstructured":"Jose Maria Bermudo Mera, Angshuman Karmakar, and Ingrid Verbauwhede. 2020. Time-memory trade-off in Toom-Cook multiplication: An application to module-lattice based cryptography. IACR Cryptol. ePrint Arch. 2020 (2020), 268. Retrieved from https:\/\/eprint.iacr.org\/2020\/268","journal-title":"IACR Cryptol. ePrint Arch."},{"key":"e_1_3_4_84_2","first-page":"1","volume-title":"Proceedings of the 57th ACM\/IEEE Design Automation Conference, DAC 2020","author":"Mera Jose Maria Bermudo","year":"2020","unstructured":"Jose Maria Bermudo Mera, Furkan Turan, Angshuman Karmakar, Sujoy Sinha Roy, and Ingrid Verbauwhede. 2020. Compact domain-specific co-processor for accelerating module lattice-based KEM. In Proceedings of the 57th ACM\/IEEE Design Automation Conference, DAC 2020. IEEE, 1\u20136. DOI:10.1109\/DAC18072.2020.9218727"},{"key":"e_1_3_4_85_2","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"crossref","first-page":"271","DOI":"10.1007\/978-3-031-54776-8_11","volume-title":"Proceedings of the 22nd International Conference on Applied Cryptography and Network Security, ACNS 2024, Part III","volume":"14585","author":"Mondal Puja","year":"2024","unstructured":"Puja Mondal, Suparna Kundu, Sarani Bhattacharya, Angshuman Karmakar, and Ingrid Verbauwhede. 2024. A practical key-recovery attack on LWE-based key-encapsulation mechanism schemes using rowhammer. In Proceedings of the 22nd International Conference on Applied Cryptography and Network Security, ACNS 2024, Part III . Christina P\u00f6pper and Lejla Batina (Eds.), Lecture Notes in Computer Science, Vol. 14585, Springer, 271\u2013300. DOI:10.1007\/978-3-031-54776-8_11"},{"key":"e_1_3_4_86_2","doi-asserted-by":"publisher","DOI":"10.1145\/3569420"},{"key":"e_1_3_4_87_2","unstructured":"NIST. 2009. Digital Signature Standard (DSS). Retrieved October 4 2024 from https:\/\/csrc.nist.gov\/files\/pubs\/fips\/186-3\/final\/docs\/fips_186-3.pdf"},{"key":"e_1_3_4_88_2","unstructured":"NIST. 2013. Digital Signature Standard (DSS). Retrieved from https:\/\/nvlpubs.nist.gov\/nistpubs\/FIPS\/NIST.FIPS.186-4.pdf"},{"key":"e_1_3_4_89_2","article-title":"NIST Curves","year":"2013","unstructured":"NIST. 2013. NIST Curves. Online.. Retrieved March 15, 2024 from https:\/\/csrc.nist.gov\/csrc\/media\/events\/ispab-december-2013-meeting\/documents\/nist_elliptic-curves.pdf","journal-title":"Online."},{"key":"e_1_3_4_90_2","unstructured":"NIST. 2023. Digital Signature Standard (DSS). Retrieved October 4 2024 from https:\/\/nvlpubs.nist.gov\/nistpubs\/FIPS\/NIST.FIPS.186-5.pdf"},{"key":"e_1_3_4_91_2","first-page":"1651","article-title":"TiGER: Tiny bandwidth key encapsulation mechanism for easy miGration based on RLWE(R)","author":"Park Seunghwan","year":"2022","unstructured":"Seunghwan Park, Chi-Gon Jung, Aesun Park, Joongeun Choi, and Honggoo Kang. 2022. TiGER: Tiny bandwidth key encapsulation mechanism for easy miGration based on RLWE(R). IACR Cryptol. ePrint Arch. (2022), 1651. Retrieved from https:\/\/eprint.iacr.org\/2022\/1651","journal-title":"IACR Cryptol. ePrint Arch."},{"key":"e_1_3_4_92_2","doi-asserted-by":"crossref","first-page":"167","DOI":"10.1007\/s13389-022-00303-z","article-title":"Streamlined NTRU prime on FPGA","volume":"13","author":"Peng Bo-Yuan","year":"2022","unstructured":"Bo-Yuan Peng, Adrian Marotzke, Ming-Han Tsai, Bo-Yin Yang, and Ho-Lin Chen. 2022. Streamlined NTRU prime on FPGA. Journal of Cryptographic Engineering 13 (2022), 167\u2013186. Retrieved from https:\/\/api.semanticscholar.org\/CorpusID:243990500","journal-title":"Journal of Cryptographic Engineering"},{"key":"e_1_3_4_93_2","doi-asserted-by":"publisher","DOI":"10.46586\/tches.v2021.i2.37-60"},{"key":"e_1_3_4_94_2","doi-asserted-by":"publisher","DOI":"10.26421\/QIC3.4-3"},{"key":"e_1_3_4_95_2","article-title":"Drop by Drop you break the rock - Exploiting generic vulnerabilities in Lattice-based PKE\/KEMs using EM-based Physical Attacks","author":"Ravi Prasanna","year":"2020","unstructured":"Prasanna Ravi, Shivam Bhasin, Sujoy Sinha Roy, and Anupam Chattopadhyay. 2020. Drop by Drop you break the rock - Exploiting generic vulnerabilities in Lattice-based PKE\/KEMs using EM-based Physical Attacks. Cryptology ePrint Archive, Report 2020\/549. Retrieved from https:\/\/ia.cr\/2020\/549.","journal-title":"Cryptology ePrint Archive, Report 2020\/549"},{"key":"e_1_3_4_96_2","doi-asserted-by":"publisher","DOI":"10.1145\/3603170"},{"key":"e_1_3_4_97_2","doi-asserted-by":"publisher","DOI":"10.46586\/TCHES.V2024.I2.795-818"},{"key":"e_1_3_4_98_2","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"crossref","first-page":"232","DOI":"10.1007\/978-3-030-16350-1_13","volume-title":"Proceedings of the 10th International Workshop on Constructive Side-Channel Analysis and Secure Design, COSADE 2019","volume":"11421","author":"Ravi Prasanna","year":"2019","unstructured":"Prasanna Ravi, Debapriya Basu Roy, Shivam Bhasin, Anupam Chattopadhyay, and Debdeep Mukhopadhyay. 2019. Number \u201dnot used\u201d once - practical fault attack on pqm4 implementations of NIST candidates. In Proceedings of the 10th International Workshop on Constructive Side-Channel Analysis and Secure Design, COSADE 2019 . Ilia Polian and Marc St\u00f6ttinger (Eds.), Lecture Notes in Computer Science, Vol. 11421, Springer, 232\u2013250. DOI:10.1007\/978-3-030-16350-1_13"},{"key":"e_1_3_4_99_2","doi-asserted-by":"publisher","DOI":"10.1145\/1039488.1039490"},{"key":"e_1_3_4_100_2","doi-asserted-by":"crossref","first-page":"146","DOI":"10.1007\/978-3-319-78381-9_6","volume-title":"Advances in Cryptology \u2013 EUROCRYPT 2018","author":"Rosca Miruna","year":"2018","unstructured":"Miruna Rosca, Damien Stehl\u00e9, and Alexandre Wallet. 2018. On the ring-LWE and polynomial-LWE problems. In Advances in Cryptology \u2013 EUROCRYPT 2018. Jesper Buus Nielsen and Vincent Rijmen (Eds.), Springer International Publishing, Cham, 146\u2013173."},{"key":"e_1_3_4_101_2","first-page":"434","article-title":"High-speed instruction-set coprocessor for lattice-based key encapsulation mechanism: Saber in hardware","volume":"2020","author":"Roy Sujoy Sinha","year":"2020","unstructured":"Sujoy Sinha Roy and Andrea Basso. 2020. High-speed instruction-set coprocessor for lattice-based key encapsulation mechanism: Saber in hardware. IACR Cryptol. ePrint Arch. 2020 (2020), 434. Retrieved from https:\/\/eprint.iacr.org\/2020\/434","journal-title":"IACR Cryptol. ePrint Arch."},{"key":"e_1_3_4_102_2","doi-asserted-by":"crossref","first-page":"124","DOI":"10.1109\/SFCS.1994.365700","volume-title":"Proceedings of the 35th Annual Symposium on Foundations of Computer Science","author":"Shor Peter W.","year":"1994","unstructured":"Peter W. Shor. 1994. Algorithms for quantum computation: Discrete logarithms and factoring. In Proceedings of the 35th Annual Symposium on Foundations of Computer Science. IEEE Computer Society, 124\u2013134. DOI:10.1109\/SFCS.1994.365700"},{"key":"e_1_3_4_103_2","article-title":"Keccak in VHDL: High-speed core","author":"Team Keccak","year":"2008","unstructured":"Keccak Team. 2008. Keccak in VHDL: High-speed core. Online. Retrieved February 29, 2024 fromhttps:\/\/keccak.team\/hardware.html","journal-title":"Online. Retrieved February 29, 2024 from"},{"key":"e_1_3_4_104_2","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"crossref","first-page":"33","DOI":"10.1007\/978-3-030-92075-3_2","volume-title":"Advances in Cryptology - ASIACRYPT 2021-27th International Conference on the Theory and Application of Cryptology and Information Security, Part II","volume":"13091","author":"Xagawa Keita","year":"2021","unstructured":"Keita Xagawa, Akira Ito, Rei Ueno, Junko Takahashi, and Naofumi Homma. 2021. Fault-injection attacks against NIST\u2019s post-quantum cryptography round 3 KEM candidates. In Advances in Cryptology - ASIACRYPT 2021-27th International Conference on the Theory and Application of Cryptology and Information Security, Part II . Mehdi Tibouchi and Huaxiong Wang (Eds.), Lecture Notes in Computer Science, Vol. 13091, Springer, 33\u201361. DOI:10.1007\/978-3-030-92075-3_2"}],"container-title":["ACM Transactions on Embedded Computing Systems"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3696208","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3696208","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,19]],"date-time":"2025-06-19T00:04:00Z","timestamp":1750291440000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3696208"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2024,11,9]]},"references-count":103,"journal-issue":{"issue":"1","published-print":{"date-parts":[[2025,1,31]]}},"alternative-id":["10.1145\/3696208"],"URL":"https:\/\/doi.org\/10.1145\/3696208","relation":{},"ISSN":["1539-9087","1558-3465"],"issn-type":[{"value":"1539-9087","type":"print"},{"value":"1558-3465","type":"electronic"}],"subject":[],"published":{"date-parts":[[2024,11,9]]},"assertion":[{"value":"2024-03-22","order":0,"name":"received","label":"Received","group":{"name":"publication_history","label":"Publication History"}},{"value":"2024-09-07","order":2,"name":"accepted","label":"Accepted","group":{"name":"publication_history","label":"Publication History"}},{"value":"2024-11-09","order":3,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}