{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,5,9]],"date-time":"2026-05-09T01:55:24Z","timestamp":1778291724475,"version":"3.51.4"},"reference-count":73,"publisher":"International Association for Cryptologic Research","issue":"1","license":[{"start":{"date-parts":[[2024,10,8]],"date-time":"2024-10-08T00:00:00Z","timestamp":1728345600000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0\/"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["IACR CiC"],"accepted":{"date-parts":[[2025,3,11]]},"abstract":"<jats:p>A wide range of countermeasures have been proposed to defend against side-channel attacks, with masking being one of the most effective and commonly used techniques. While theoretical models provide formal security proofs, these often rely on assumptions\u2014sometimes implicit\u2014that can be difficult to assess in practice. As a result, the design of secure masked implementations frequently combines proven theoretical arguments with heuristic and empirical validation.<\/jats:p>\n          <jats:p>Despite the significant body of work, the literature still lacks a cohesive and well-defined framework for translating theoretical security guarantees into practical implementations on physical devices. Specifically, there remains a gap in connecting provable results from abstract models to quantitative security guarantees at the implementation level.<\/jats:p>\n          <jats:p>In this Systematization of Knowledge (SoK), we aim to provide a comprehensive methodology to transform abstract cryptographic algorithms into physically secure implementations against side-channel attacks on microcontrollers. We introduce new tools to adapt the ideal noisy leakage model to practical, real-world scenarios, and we integrate state-of-the-art techniques to build secure implementations based on this model.<\/jats:p>\n          <jats:p>Our work systematizes the design objectives necessary for achieving high security levels in embedded devices and identifies the remaining challenges in concretely applying security reductions. By bridging the gap between theory and practice, we seek to provide a foundation for future research that can develop implementations with proven security against side-channel attacks, based on well-understood leakage assumptions. <\/jats:p>","DOI":"10.62056\/aebngy4e-","type":"journal-article","created":{"date-parts":[[2025,4,8]],"date-time":"2025-04-08T21:23:17Z","timestamp":1744147397000},"update-policy":"https:\/\/doi.org\/10.62056\/adfjwm02dj","source":"Crossref","is-referenced-by-count":2,"title":["SoK: A Methodology to Achieve Provable Side-Channel Security in Real-World Implementations"],"prefix":"10.62056","volume":"2","author":[{"ORCID":"https:\/\/orcid.org\/0000-0002-9437-6425","authenticated-orcid":false,"given":"Sonia","family":"Bela\u00efd","sequence":"first","affiliation":[{"id":[{"id":"https:\/\/ror.org\/0030xrh72","id-type":"ROR","asserted-by":"publisher"}],"name":"CryptoExperts","place":["Paris, France"]}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-5426-9345","authenticated-orcid":false,"given":"Ga\u00ebtan","family":"Cassiers","sequence":"additional","affiliation":[{"id":[{"id":"https:\/\/ror.org\/0030xrh72","id-type":"ROR","asserted-by":"publisher"}],"name":"CryptoExperts","place":["Paris, France"]}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Camille","family":"Mutschler","sequence":"additional","affiliation":[{"name":"Idemia","place":["Courbevoie, France"]}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-9855-4161","authenticated-orcid":false,"given":"Matthieu","family":"Rivain","sequence":"additional","affiliation":[{"id":[{"id":"https:\/\/ror.org\/0030xrh72","id-type":"ROR","asserted-by":"publisher"}],"name":"CryptoExperts","place":["Paris, France"]}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Thomas","family":"Roche","sequence":"additional","affiliation":[{"name":"NinjaLab","place":["Montpellier, France"]}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-7444-0285","authenticated-orcid":false,"given":"Fran\u00e7ois-Xavier","family":"Standaert","sequence":"additional","affiliation":[{"id":[{"id":"https:\/\/ror.org\/02495e989","id-type":"ROR","asserted-by":"publisher"}],"name":"UCLouvain","place":["Louvain-la-Neuve, Belgium"]}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0009-0007-5725-8474","authenticated-orcid":false,"given":"Abdul","family":"Taleb","sequence":"additional","affiliation":[{"id":[{"id":"https:\/\/ror.org\/0030xrh72","id-type":"ROR","asserted-by":"publisher"}],"name":"CryptoExperts","place":["Paris, France"]}],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"48349","published-online":{"date-parts":[[2025,4,8]]},"reference":[{"key":"ref1:C:Kocher96","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"104","DOI":"10.1007\/3-540-68697-5_9","article-title":"Timing Attacks on Implementations of Diffie-Hellman,\n  RSA, DSS, and Other Systems","volume":"1109","author":"Paul C. Kocher","year":"1996"},{"key":"ref2:DBLP:conf\/cardis\/HutterS13","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"219","DOI":"10.1007\/978-3-319-08302-5_15","article-title":"The Temperature Side Channel and Heating Fault Attacks","volume":"8419","author":"Michael Hutter","year":"2013"},{"key":"ref3:C:KocJafJun99","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"388","DOI":"10.1007\/3-540-48405-1_25","article-title":"Differential Power Analysis","volume":"1666","author":"Paul C. Kocher","year":"1999"},{"key":"ref4:DBLP:conf\/esmart\/QuisquaterS01","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"200","DOI":"10.1007\/3-540-45418-7_17","article-title":"ElectroMagnetic Analysis (EMA): Measures and\n  Counter-Measures for Smart Cards","volume":"2140","author":"Jean-Jacques Quisquater","year":"2001"},{"key":"ref5:C:CJRR99","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"398","DOI":"10.1007\/3-540-48405-1_26","article-title":"Towards Sound Approaches to Counteract Power-Analysis\n  Attacks","volume":"1666","author":"Suresh Chari","year":"1999"},{"key":"ref6:CHES:GouPat99","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"158","DOI":"10.1007\/3-540-48059-5_15","article-title":"DES and Differential Power Analysis (The \u201cDuplication\u201d\n  Method)","volume":"1717","author":"Louis Goubin","year":"1999"},{"key":"ref7:COSADE:BCGLMR23","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"86","DOI":"10.1007\/978-3-031-29497-6_5","article-title":"Removing the Field Size Loss from Duc et al.'s Conjectured\n  Bound for Masked Encodings","volume":"13979","author":"Julien B\u00e9guinot","year":"2023"},{"key":"ref8:TCHES:BroSta21","doi-asserted-by":"publisher","first-page":"202","DOI":"10.46586\/tches.v2021.i3.202-234","article-title":"Breaking Masked Implementations with Many Shares on 32-bit\n  Software Platforms","volume":"2021","author":"Olivier Bronchain","year":"2021","journal-title":"IACR Transactions on Cryptographic Hardware and Embedded\n  Systems","ISSN":"https:\/\/id.crossref.org\/issn\/2569-2925","issn-type":"electronic"},{"key":"ref9:EC:GroSta18","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"385","DOI":"10.1007\/978-3-319-78375-8_13","article-title":"Masking Proofs Are Tight and How to Exploit it in Security\n  Evaluations","volume":"10821","author":"Vincent Grosso","year":"2018"},{"key":"ref10:EC:DucFauSta15","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"401","DOI":"10.1007\/978-3-662-46800-5_16","article-title":"Making Masking Security Proofs Concrete - Or How to Evaluate\n  the Security of Any Leaking Device","volume":"9056","author":"Alexandre Duc","year":"2015"},{"key":"ref11:CHES:JouSta17","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"623","DOI":"10.1007\/978-3-319-66787-4_30","article-title":"Very High Order Masking: Efficient Implementation and\n  Security Evaluation","volume":"10529","author":"Anthony Journault","year":"2017"},{"key":"ref12:COSADE:GPSS18","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"23","DOI":"10.1007\/978-3-319-89641-0_2","article-title":"Vectorizing Higher-Order Masking","volume":"10815","author":"Benjamin Gr\u00e9goire","year":"2018"},{"key":"ref13:ISO17825","volume-title":"Information technology \u2013 Security techniques \u2013 Testing\n  methods for the mitigation of non-invasive attack classes against\n  cryptographic modules","volume":"2016","author":"ISO\/IEC JTC 1\/SC 27","year":"2016"},{"key":"ref14:AC:WhiOsw19","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"256","DOI":"10.1007\/978-3-030-34618-8_9","article-title":"A Critical Analysis of ISO 17825 ('Testing Methods for the\n  Mitigation of Non-invasive Attack Classes Against Cryptographic Modules')","volume":"11923","author":"Carolyn Whitnall","year":"2019"},{"key":"ref15:gilbert2011testing","first-page":"115","article-title":"A testing methodology for side-channel resistance\n  validation","volume":"7","author":"Benjamin Jun Gilbert Goodwill","year":"2011"},{"key":"ref16:CHES:BGNT15","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"475","DOI":"10.1007\/978-3-662-48324-4_24","article-title":"Multi-variate High-Order Attacks of Shuffled Tables\n  Recomputation","volume":"9293","author":"Nicolas Bruneau","year":"2015"},{"key":"ref17:C:IshSahWag03","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"463","DOI":"10.1007\/978-3-540-45146-4_27","article-title":"Private Circuits: Securing Hardware against Probing\n  Attacks","volume":"2729","author":"Yuval Ishai","year":"2003"},{"key":"ref18:RSA:SchPaa06","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"208","DOI":"10.1007\/11605805_14","article-title":"Higher Order Masking of the AES","volume":"3860","author":"Kai Schramm","year":"2006"},{"key":"ref19:CHES:RivPro10","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"413","DOI":"10.1007\/978-3-642-15031-9_28","article-title":"Provably Secure Higher-Order Masking of AES","volume":"6225","author":"Matthieu Rivain","year":"2010"},{"key":"ref20:FSE:CPRR13","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"410","DOI":"10.1007\/978-3-662-43933-3_21","article-title":"Higher-Order Side Channel Security and Mask Refreshing","volume":"8424","author":"Jean-S\u00e9bastien Coron","year":"2014"},{"key":"ref21:EC:BBPPTV16","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"616","DOI":"10.1007\/978-3-662-49896-5_22","article-title":"Randomness Complexity of Private Circuits for\n  Multiplication","volume":"9666","author":"Sonia Bela\u00efd","year":"2016"},{"key":"ref22:TCHES:CorRonZei18","doi-asserted-by":"publisher","first-page":"40","DOI":"10.13154\/tches.v2018.i1.40-72","article-title":"High Order Masking of Look-up Tables with Common Shares","volume":"2018","author":"Jean-S\u00e9bastien Coron","year":"2018","journal-title":"IACR Transactions on Cryptographic Hardware and Embedded\n  Systems","ISSN":"https:\/\/id.crossref.org\/issn\/2569-2925","issn-type":"electronic"},{"key":"ref23:CHES:BCPZ16","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"23","DOI":"10.1007\/978-3-662-53140-2_2","article-title":"Horizontal Side-Channel Attacks and Countermeasures on the\n  ISW Masking Scheme","volume":"9813","author":"Alberto Battistello","year":"2016"},{"key":"ref24:EC:ProRiv13","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"142","DOI":"10.1007\/978-3-642-38348-9_9","article-title":"Masking against Side-Channel Attacks: A Formal Security\n  Proof","volume":"7881","author":"Emmanuel Prouff","year":"2013"},{"key":"ref25:C:MasSta23","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"343","DOI":"10.1007\/978-3-031-38548-3_12","article-title":"Prouff and Rivain's Formal Security Proof of Masking,\n  Revisited - Tight Bounds in the Noisy Leakage Model","volume":"14083","author":"Lo\u00efc Masure","year":"2023"},{"key":"ref26:EC:DucDziFau14","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"423","DOI":"10.1007\/978-3-642-55220-5_24","article-title":"Unifying Leakage Models: From Probing Attacks to Noisy\n  Leakage","volume":"8441","author":"Alexandre Duc","year":"2014"},{"key":"ref27:JC:DucDziFau19","doi-asserted-by":"publisher","first-page":"151","DOI":"10.1007\/s00145-018-9284-1","article-title":"Unifying Leakage Models: From Probing Attacks to Noisy\n  Leakage","volume":"32","author":"Alexandre Duc","year":"2019","journal-title":"Journal of Cryptology"},{"key":"ref28:STOC:Ajtai11","doi-asserted-by":"publisher","first-page":"715","DOI":"10.1145\/1993636.1993731","article-title":"Secure computation with information leaking to an\n  adversary","author":"Mikl\u00f3s Ajtai","year":"2011"},{"key":"ref29:EC:AndDziFau16","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"586","DOI":"10.1007\/978-3-662-49896-5_21","article-title":"Circuit Compilers with $O(1\/\\log(n))$ Leakage Rate","volume":"9666","author":"Marcin Andrychowicz","year":"2016"},{"key":"ref30:C:AnaIshSah18","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"427","DOI":"10.1007\/978-3-319-96878-0_15","article-title":"Private Circuits: A Modular Approach","volume":"10993","author":"Prabhanjan Ananth","year":"2018"},{"key":"ref31:C:BCPRT20","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"339","DOI":"10.1007\/978-3-030-56784-2_12","article-title":"Random Probing Security: Verification, Composition,\n  Expansion and New Constructions","volume":"12170","author":"Sonia Bela\u00efd","year":"2020"},{"key":"ref32:EC:BelRivTal21","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"313","DOI":"10.1007\/978-3-030-77886-6_11","article-title":"On the Power of Expansion: More Efficient Constructions in\n  the Random Probing Model","volume":"12697","author":"Sonia Bela\u00efd","year":"2021"},{"key":"ref33:AC:BRTV21","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"157","DOI":"10.1007\/978-3-030-92075-3_6","article-title":"Dynamic Random Probing Expansion with Quasi Linear\n  Asymptotic Complexity","volume":"13091","author":"Sonia Bela\u00efd","year":"2021"},{"key":"ref34:C:CFOS21","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"185","DOI":"10.1007\/978-3-030-84252-9_7","article-title":"Towards Tight Random Probing Security","volume":"12827","author":"Ga\u00ebtan Cassiers","year":"2021"},{"key":"ref35:COSADE:CGPRRV12","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"69","DOI":"10.1007\/978-3-642-29912-4_6","article-title":"Conversion of Security Proofs from One Leakage Model to\n  Another: A New Issue","volume":"7275","author":"Jean-S\u00e9bastien Coron","year":"2012"},{"key":"ref36:DBLP:conf\/cardis\/BalaschGGRS14","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"64","DOI":"10.1007\/978-3-319-16763-3_5","article-title":"On the Cost of Lazy Engineering for Masked Software\n  Implementations","volume":"8968","author":"Josep Balasch","year":"2014"},{"key":"ref37:RSA:ManPopGam05","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"351","DOI":"10.1007\/978-3-540-30574-3_24","article-title":"Side-Channel Leakage of Masked CMOS Gates","volume":"3376","author":"Stefan Mangard","year":"2005"},{"key":"ref38:CHES:ManPraOsw05","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"157","DOI":"10.1007\/11545262_12","article-title":"Successfully Attacking Masked AES Hardware\n  Implementations","volume":"3659","author":"Stefan Mangard","year":"2005"},{"key":"ref39:TCHES:FGMPS18","doi-asserted-by":"publisher","first-page":"89","DOI":"10.13154\/tches.v2018.i3.89-120","article-title":"Composable Masking Schemes in the Presence of Physical\n  Defaults & the Robust Probing Model","volume":"2018","author":"Sebastian Faust","year":"2018","journal-title":"IACR Transactions on Cryptographic Hardware and Embedded\n  Systems","ISSN":"https:\/\/id.crossref.org\/issn\/2569-2925","issn-type":"electronic"},{"key":"ref40:TCHES:CasSta21","doi-asserted-by":"publisher","first-page":"136","DOI":"10.46586\/tches.v2021.i2.136-158","article-title":"Provably Secure Hardware Masking in the Transition- and\n  Glitch-Robust Probing Model: Better Safe than Sorry","volume":"2021","author":"Ga\u00ebtan Cassiers","year":"2021","journal-title":"IACR Transactions on Cryptographic Hardware and Embedded\n  Systems","ISSN":"https:\/\/id.crossref.org\/issn\/2569-2925","issn-type":"electronic"},{"key":"ref41:TCHES:GMPO19","doi-asserted-by":"publisher","first-page":"152","DOI":"10.13154\/tches.v2020.i1.152-174","article-title":"Share-slicing: Friend or Foe?","volume":"2020","author":"Si Gao","year":"2019","journal-title":"IACR Transactions on Cryptographic Hardware and Embedded\n  Systems","ISSN":"https:\/\/id.crossref.org\/issn\/2569-2925","issn-type":"electronic"},{"key":"ref42:TCHES:BroCas22","doi-asserted-by":"publisher","first-page":"553","DOI":"10.46586\/tches.v2022.i4.553-588","article-title":"Bitslicing Arithmetic\/Boolean Masking Conversions for Fun\n  and Profit with Application to Lattice-Based KEMs","volume":"2022","author":"Olivier Bronchain","year":"2022","journal-title":"IACR Transactions on Cryptographic Hardware and Embedded\n  Systems"},{"key":"ref43:CCS:BGGHMP22","doi-asserted-by":"publisher","first-page":"381","DOI":"10.1145\/3548606.3560600","article-title":"Power Contracts: Provably Complete Power Leakage Models for\n  Processors","author":"Roderick Bloem","year":"2022"},{"key":"ref44:EC:BDFGSS17","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"535","DOI":"10.1007\/978-3-319-56620-7_19","article-title":"Parallel Implementations of Masking Schemes and the Bounded\n  Moment Leakage Model","volume":"10210","author":"Gilles Barthe","year":"2017"},{"key":"ref45:CHES:SchMor15","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"495","DOI":"10.1007\/978-3-662-48324-4_25","article-title":"Leakage Assessment Methodology - A Clear Roadmap for\n  Side-Channel Evaluations","volume":"9293","author":"Tobias Schneider","year":"2015"},{"key":"ref46:choudary2015efficient","volume-title":"Efficient multivariate statistical techniques for extracting\n  secrets from electronic devices","author":"Marios O Choudary","year":"2015"},{"key":"ref47:C:PGMP19","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"683","DOI":"10.1007\/978-3-030-26948-7_24","article-title":"Unifying Leakage Models on a R\u00e9nyi Day","volume":"11692","author":"Thomas Prest","year":"2019"},{"key":"ref48:ICITS:Dodis12","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"100","DOI":"10.1007\/978-3-642-32284-6_6","article-title":"Shannon Impossibility, Revisited","volume":"7412","author":"Yevgeniy Dodis","year":"2012"},{"key":"ref49:RSA:Mangard04","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"222","DOI":"10.1007\/978-3-540-24660-2_18","article-title":"Hardware Countermeasures against DPA \u2013 A Statistical\n  Analysis of Their Effectiveness","volume":"2964","author":"Stefan Mangard","year":"2004"},{"key":"ref50:CHES:BriClaOli04","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"16","DOI":"10.1007\/978-3-540-28632-5_2","article-title":"Correlation Power Analysis with a Leakage Model","volume":"3156","author":"Eric Brier","year":"2004"},{"key":"ref51:DBLP:journals\/iet-ifs\/MangardOS11","doi-asserted-by":"publisher","first-page":"100","DOI":"10.1049\/iet-ifs.2010.0096","article-title":"One for all - all for one: unifying standard differential\n  power analysis attacks","volume":"5","author":"Stefan Mangard","year":"2011","journal-title":"IET Inf. Secur."},{"key":"ref52:CHES:ChaRaoRoh02","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"13","DOI":"10.1007\/3-540-36400-5_3","article-title":"Template Attacks","volume":"2523","author":"Suresh Chari","year":"2003"},{"key":"ref53:CHES:SchLemPaa05","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"30","DOI":"10.1007\/11545262_3","article-title":"A Stochastic Model for Differential Side Channel\n  Cryptanalysis","volume":"3659","author":"Werner Schindler","year":"2005"},{"key":"ref54:XUSENIX:McCOswWhi17","first-page":"199","article-title":"Towards Practical Tools for Side Channel Aware Software\n  Engineering: 'Grey Box' Modelling for Instruction Leakages","author":"David McCann","year":"2017"},{"key":"ref55:TCHES:MarPagWeb22","doi-asserted-by":"publisher","first-page":"175","DOI":"10.46586\/tches.v2022.i1.175-220","article-title":"MIRACLE: MIcRo-ArChitectural Leakage Evaluation A\n  study of micro-architectural power leakage across many devices","volume":"2022","author":"Ben Marshall","year":"2022","journal-title":"IACR Transactions on Cryptographic Hardware and Embedded\n  Systems"},{"key":"ref56:TCHES:MKSM22","doi-asserted-by":"publisher","first-page":"266","DOI":"10.46586\/tches.v2022.i2.266-288","article-title":"Transitional Leakage in Theory and Practice Unveiling\n  Security Flaws in Masked Circuits","volume":"2022","author":"Nicolai M\u00fcller","year":"2022","journal-title":"IACR Transactions on Cryptographic Hardware and Embedded\n  Systems"},{"key":"ref57:DBLP:conf\/cardis\/ChoudaryK13","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"253","DOI":"10.1007\/978-3-319-08302-5_17","article-title":"Efficient Template Attacks","volume":"8419","author":"Omar Choudary","year":"2013"},{"key":"ref58:CHES:StaArc08","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"411","DOI":"10.1007\/978-3-540-85053-3_26","article-title":"Using Subspace-Based Template Attacks to Compare and Combine\n  Power and Electromagnetic Information Leakages","volume":"5154","author":"Fran\u00e7ois-Xavier Standaert","year":"2008"},{"key":"ref59:TCHES:CDSU23","doi-asserted-by":"publisher","first-page":"270","DOI":"10.46586\/tches.v2023.i3.270-293","article-title":"Efficient Regression-Based Linear Discriminant Analysis for\n  Side-Channel Security Evaluations Towards Analytical Attacks against 32-bit\n  Implementations","volume":"2023","author":"Ga\u00ebtan Cassiers","year":"2023","journal-title":"IACR Transactions on Cryptographic Hardware and Embedded\n  Systems"},{"key":"ref60:TCHES:MasDumPro19","doi-asserted-by":"publisher","first-page":"348","DOI":"10.13154\/tches.v2020.i1.348-375","article-title":"A Comprehensive Study of Deep Learning for Side-Channel\n  Analysis","volume":"2020","author":"Lo\u00efc Masure","year":"2019","journal-title":"IACR Transactions on Cryptographic Hardware and Embedded\n  Systems","ISSN":"https:\/\/id.crossref.org\/issn\/2569-2925","issn-type":"electronic"},{"key":"ref61:DBLP:journals\/csur\/PicekPMWB23","doi-asserted-by":"publisher","DOI":"10.1145\/3569577","article-title":"SoK: Deep Learning-based Physical Side-channel Analysis","volume":"55","author":"Stjepan Picek","year":"2023","journal-title":"ACM Comput. Surv."},{"key":"ref62:DBLP:conf\/cardis\/BelliziaUS21","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"64","DOI":"10.1007\/978-3-030-97348-3_4","article-title":"Towards a Better Understanding of Side-Channel Analysis\n  Measurements Setups","volume":"13173","author":"Davide Bellizia","year":"2021"},{"key":"ref63:smaeshdataset","volume-title":"The SMAesH dataset","author":"Ga\u00ebtan Cassiers","year":"2024"},{"key":"ref64:JCEng:SchMor16","doi-asserted-by":"publisher","first-page":"85","DOI":"10.1007\/s13389-016-0120-y","article-title":"Leakage assessment methodology - Extended version","volume":"6","author":"Tobias Schneider","year":"2016","journal-title":"Journal of Cryptographic Engineering"},{"key":"ref65:JC:DucFauSta19","doi-asserted-by":"publisher","first-page":"1263","DOI":"10.1007\/s00145-018-9277-0","article-title":"Making Masking Security Proofs Concrete (Or How to Evaluate\n  the Security of Any Leaking Device), Extended Version","volume":"32","author":"Alexandre Duc","year":"2019","journal-title":"Journal of Cryptology"},{"key":"ref66:DBLP:conf\/cardis\/DingZDSF17","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"105","DOI":"10.1007\/978-3-319-75208-2_7","article-title":"Towards Sound and Optimal Leakage Detection Procedure","volume":"10728","author":"A. Adam Ding","year":"2017"},{"key":"ref67:TCHES:GMPP20","doi-asserted-by":"publisher","first-page":"73","DOI":"10.13154\/tches.v2020.i2.73-98","article-title":"FENL: an ISE to mitigate analogue micro-architectural\n  leakage","volume":"2020","author":"Si Gao","year":"2020","journal-title":"IACR Transactions on Cryptographic Hardware and Embedded\n  Systems","ISSN":"https:\/\/id.crossref.org\/issn\/2569-2925","issn-type":"electronic"},{"key":"ref68:TCHES:ChePagWan24","doi-asserted-by":"publisher","first-page":"329","DOI":"10.46586\/tches.v2024.i2.329-358","article-title":"eLIMInate: a Leakage-focused ISE for Masked\n  Implementation","volume":"2024","author":"Hao Cheng","year":"2024","journal-title":"IACR Transactions on Cryptographic Hardware and Embedded\n  Systems"},{"key":"ref69:JC:BoyMatPer13","doi-asserted-by":"publisher","first-page":"280","DOI":"10.1007\/s00145-012-9124-7","article-title":"Logic Minimization Techniques with Applications to\n  Cryptology","volume":"26","author":"Joan Boyar","year":"2013","journal-title":"Journal of Cryptology"},{"key":"ref70:TCHES:AdoPey21","doi-asserted-by":"publisher","first-page":"402","DOI":"10.46586\/tches.v2021.i1.402-425","article-title":"Fixslicing AES-like Ciphers","volume":"2021","author":"Alexandre Adomnicai","year":"2021","journal-title":"IACR Transactions on Cryptographic Hardware and Embedded\n  Systems","ISSN":"https:\/\/id.crossref.org\/issn\/2569-2925","issn-type":"electronic"},{"key":"ref71:SP:BMRT22","doi-asserted-by":"publisher","first-page":"142","DOI":"10.1109\/SP46214.2022.9833600","article-title":"IronMask: Versatile Verification of Masking Security","author":"Sonia Bela\u00efd","year":"2022"},{"key":"ref72:EPRINT:BroCasSta21","volume-title":"Give Me 5 Minutes: Attacking ASCAD with a Single\n  Side-Channel Trace","author":"Olivier Bronchain","year":"2021"},{"key":"ref73:EC:DziFauSko15","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"159","DOI":"10.1007\/978-3-662-46803-6_6","article-title":"Noisy Leakage Revisited","volume":"9057","author":"Stefan Dziembowski","year":"2015"}],"container-title":["IACR Communications in Cryptology"],"original-title":[],"language":"en","deposited":{"date-parts":[[2025,4,8]],"date-time":"2025-04-08T21:23:28Z","timestamp":1744147408000},"score":1,"resource":{"primary":{"URL":"https:\/\/cic.iacr.org\/p\/2\/1\/4"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2025,4,8]]},"references-count":73,"journal-issue":{"issue":"1","published-online":{"date-parts":[[2025,4,8]]}},"URL":"https:\/\/doi.org\/10.62056\/aebngy4e-","archive":["Internet Archive","Internet Archive"],"relation":{},"ISSN":["3006-5496"],"issn-type":[{"value":"3006-5496","type":"electronic"}],"subject":[],"published":{"date-parts":[[2025,4,8]]},"assertion":[{"value":"2024-10-08","order":0,"name":"received","label":"Received","group":{"name":"publication_history","label":"Publication History"}},{"value":"2025-03-11","order":1,"name":"accepted","label":"Accepted","group":{"name":"publication_history","label":"Publication History"}}],"article-number":"cc1-4-47"}}