{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,12,6]],"date-time":"2025-12-06T04:49:21Z","timestamp":1764996561000,"version":"3.41.2"},"reference-count":128,"publisher":"International Association for Cryptologic Research","license":[{"start":{"date-parts":[[2024,1,9]],"date-time":"2024-01-09T00:00:00Z","timestamp":1704758400000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0\/"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["IACR CiC"],"accepted":{"date-parts":[[2024,6,4]]},"abstract":"<jats:p>Masking is a prominent strategy to protect cryptographic implementations against side-channel analysis. Its popularity arises from the exponential security gains that can be achieved for (approximately) quadratic resource utilization. Many variants of the countermeasure tailored for different optimization goals have been proposed. The common denominator among all of them is the implicit demand for robust and high entropy randomness. Simply assuming that uniformly distributed random bits are available, without taking the cost of their generation into account, leads to a poor understanding of the efficiency vs. security tradeoff of masked implementations. This is especially relevant in case of hardware masking schemes which are known to consume large amounts of random bits per cycle due to parallelism. Currently, there seems to be no consensus on how to most efficiently derive many pseudo-random bits per clock cycle from an initial seed and with properties suitable for masked hardware implementations. In this work, we evaluate a number of building blocks for this purpose and find that hardware-oriented stream ciphers like Trivium and its reduced-security variant Bivium\u00a0B outperform most competitors when implemented in an unrolled fashion. Unrolled implementations of these primitives enable the flexible generation of many bits per cycle, which is crucial for satisfying the large randomness demands of state-of-the-art masking schemes. According to our analysis, only Linear Feedback Shift Registers\u00a0(LFSRs), when also unrolled, are capable of producing long non-repetitive sequences of random-looking bits at a higher rate per cycle for the same or lower cost as Trivium and Bivium B. Yet, these instances do not provide black-box security as they generate only linear outputs. We experimentally demonstrate that using multiple output bits from an LFSR in the same masked implementation can violate probing security and even lead to harmful randomness cancellations. Circumventing these problems, and enabling an independent analysis of randomness generation and masking, requires the use of cryptographically stronger primitives like stream ciphers. As a result of our studies, we provide an evidence-based estimate for the cost of securely generating <mml:math xmlns:mml=\"http:\/\/www.w3.org\/1998\/Math\/MathML\">\n              <mml:mrow>\n                <mml:mi>n<\/mml:mi>\n              <\/mml:mrow>\n            <\/mml:math> fresh random bits per cycle. Depending on the desired level of black-box security and operating frequency, this cost can be as low as <mml:math xmlns:mml=\"http:\/\/www.w3.org\/1998\/Math\/MathML\">\n              <mml:mrow>\n                <mml:mn>20<\/mml:mn>\n                <mml:mi>n<\/mml:mi>\n              <\/mml:mrow>\n            <\/mml:math> to <mml:math xmlns:mml=\"http:\/\/www.w3.org\/1998\/Math\/MathML\">\n              <mml:mrow>\n                <mml:mn>30<\/mml:mn>\n                <mml:mi>n<\/mml:mi>\n              <\/mml:mrow>\n            <\/mml:math> ASIC gate equivalents\u00a0(GE) or <mml:math xmlns:mml=\"http:\/\/www.w3.org\/1998\/Math\/MathML\">\n              <mml:mrow>\n                <mml:mn>3<\/mml:mn>\n                <mml:mi>n<\/mml:mi>\n              <\/mml:mrow>\n            <\/mml:math> to <mml:math xmlns:mml=\"http:\/\/www.w3.org\/1998\/Math\/MathML\">\n              <mml:mrow>\n                <mml:mn>4<\/mml:mn>\n                <mml:mi>n<\/mml:mi>\n              <\/mml:mrow>\n            <\/mml:math> FPGA look-up tables\u00a0(LUTs), where <mml:math xmlns:mml=\"http:\/\/www.w3.org\/1998\/Math\/MathML\">\n              <mml:mrow>\n                <mml:mi>n<\/mml:mi>\n              <\/mml:mrow>\n            <\/mml:math> is the number of random bits required. Our results demonstrate that the cost per bit is (sometimes significantly) lower than estimated in previous works, incentivizing parallelism whenever exploitable. This provides further motivation to potentially move low randomness usage from a primary to a secondary design goal in hardware masking research. <\/jats:p>","DOI":"10.62056\/akdkp2fgx","type":"journal-article","created":{"date-parts":[[2024,7,8]],"date-time":"2024-07-08T15:52:04Z","timestamp":1720453924000},"update-policy":"https:\/\/doi.org\/10.62056\/adfjwm02dj","source":"Crossref","is-referenced-by-count":8,"title":["Randomness Generation for Secure Hardware Masking \u2013 Unrolled Trivium to the Rescue"],"prefix":"10.62056","author":[{"ORCID":"https:\/\/orcid.org\/0000-0001-5426-9345","authenticated-orcid":false,"given":"Ga\u00ebtan","family":"Cassiers","sequence":"first","affiliation":[{"id":[{"id":"https:\/\/ror.org\/02495e989","id-type":"ROR","asserted-by":"publisher"}],"name":"Crypto Group, ICTEAM Institute, UCLouvain","place":["Louvain-la-Neuve, 1348, Belgium"]}]},{"ORCID":"https:\/\/orcid.org\/0000-0003-2978-4067","authenticated-orcid":false,"given":"Lo\u00efc","family":"Masure","sequence":"additional","affiliation":[{"id":[{"id":"https:\/\/ror.org\/013yean28","id-type":"ROR","asserted-by":"publisher"}],"name":"Universit\u00e9 de Montpellier, LIRMM, CNRS","place":["Montpellier, 34090, France"]}]},{"given":"Charles","family":"Momin","sequence":"additional","affiliation":[{"id":[{"id":"https:\/\/ror.org\/02495e989","id-type":"ROR","asserted-by":"publisher"}],"name":"Crypto Group, ICTEAM Institute, UCLouvain","place":["Louvain-la-Neuve, 1348, Belgium"]}]},{"ORCID":"https:\/\/orcid.org\/0000-0003-3809-9803","authenticated-orcid":false,"given":"Thorben","family":"Moos","sequence":"additional","affiliation":[{"id":[{"id":"https:\/\/ror.org\/02495e989","id-type":"ROR","asserted-by":"publisher"}],"name":"Crypto Group, ICTEAM Institute, UCLouvain","place":["Louvain-la-Neuve, 1348, Belgium"]}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-4032-7433","authenticated-orcid":false,"given":"Amir","family":"Moradi","sequence":"additional","affiliation":[{"id":[{"id":"https:\/\/ror.org\/05n911h24","id-type":"ROR","asserted-by":"publisher"}],"name":"TU Darmstadt","place":["Darmstadt, 64293, Germany"]}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-7444-0285","authenticated-orcid":false,"given":"Fran\u00e7ois-Xavier","family":"Standaert","sequence":"additional","affiliation":[{"id":[{"id":"https:\/\/ror.org\/02495e989","id-type":"ROR","asserted-by":"publisher"}],"name":"Crypto Group, ICTEAM Institute, UCLouvain","place":["Louvain-la-Neuve, 1348, Belgium"]}]}],"member":"48349","published-online":{"date-parts":[[2024,7,8]]},"reference":[{"key":"ref1:DBLP:conf\/crypto\/KocherJJ99","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"388","DOI":"10.1007\/3-540-48405-1_25","article-title":"Differential Power Analysis","volume-title":"Advances in Cryptology - CRYPTO '99, 19th Annual\n  International Cryptology Conference, Santa Barbara, California, USA, August\n  15-19, 1999, Proceedings","volume":"1666","author":"Paul C. Kocher","year":"1999"},{"key":"ref2:DBLP:conf\/crypto\/ChariJRR99","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"398","DOI":"10.1007\/3-540-48405-1_26","article-title":"Towards Sound Approaches to Counteract Power-Analysis\n  Attacks","volume-title":"Advances in Cryptology - CRYPTO '99, 19th Annual\n  International Cryptology Conference, Santa Barbara, California, USA, August\n  15-19, 1999, Proceedings","volume":"1666","author":"Suresh Chari","year":"1999"},{"key":"ref3:DBLP:conf\/eurocrypt\/ProuffR13","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"142","DOI":"10.1007\/978-3-642-38348-9_9","article-title":"Masking against Side-Channel Attacks: A Formal Security\n  Proof","volume-title":"Advances in Cryptology - EUROCRYPT 2013, 32nd Annual\n  International Conference on the Theory and Applications of Cryptographic\n  Techniques, Athens, Greece, May 26-30, 2013. Proceedings","volume":"7881","author":"Emmanuel Prouff","year":"2013"},{"key":"ref4:DBLP:conf\/eurocrypt\/DucDF14","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"423","DOI":"10.1007\/978-3-642-55220-5_24","article-title":"Unifying Leakage Models: From Probing Attacks to Noisy\n  Leakage","volume-title":"Advances in Cryptology - EUROCRYPT 2014 - 33rd Annual\n  International Conference on the Theory and Applications of Cryptographic\n  Techniques, Copenhagen, Denmark, May 11-15, 2014. Proceedings","volume":"8441","author":"Alexandre Duc","year":"2014"},{"key":"ref5:DBLP:conf\/eurocrypt\/DucFS15","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"401","DOI":"10.1007\/978-3-662-46800-5_16","article-title":"Making Masking Security Proofs Concrete - Or How to Evaluate\n  the Security of Any Leaking Device","volume-title":"Advances in Cryptology - EUROCRYPT 2015 - 34th Annual\n  International Conference on the Theory and Applications of Cryptographic\n  Techniques, Sofia, Bulgaria, April 26-30, 2015, Proceedings, Part I","volume":"9056","author":"Alexandre Duc","year":"2015"},{"key":"ref6:DBLP:conf\/crypto\/IshaiSW03","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"463","DOI":"10.1007\/978-3-540-45146-4_27","article-title":"Private Circuits: Securing Hardware against Probing\n  Attacks","volume-title":"Advances in Cryptology - CRYPTO 2003, 23rd Annual\n  International Cryptology Conference, Santa Barbara, California, USA, August\n  17-21, 2003, Proceedings","volume":"2729","author":"Yuval Ishai","year":"2003"},{"key":"ref7:DBLP:conf\/ctrsa\/MangardPG05","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"351","DOI":"10.1007\/978-3-540-30574-3_24","article-title":"Side-Channel Leakage of Masked CMOS Gates","volume-title":"Topics in Cryptology - CT-RSA 2005, The Cryptographers'\n  Track at the RSA Conference 2005, San Francisco, CA, USA, February 14-18,\n  2005, Proceedings","volume":"3376","author":"Stefan Mangard","year":"2005"},{"key":"ref8:DBLP:conf\/cosade\/CoronGPRRV12","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"69","DOI":"10.1007\/978-3-642-29912-4_6","article-title":"Conversion of Security Proofs from One Leakage Model to\n  Another: A New Issue","volume-title":"Constructive Side-Channel Analysis and Secure Design - Third\n  International Workshop, COSADE 2012, Darmstadt, Germany, May 3-4, 2012.\n  Proceedings","volume":"7275","author":"Jean-S\u00e9bastien Coron","year":"2012"},{"key":"ref9:DBLP:conf\/cosade\/CnuddeBGNNR17","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1007\/978-3-319-64647-3_1","article-title":"Does Coupling Affect the Security of Masked\n  Implementations?","volume-title":"Constructive Side-Channel Analysis and Secure Design - 8th\n  International Workshop, COSADE 2017, Paris, France, April 13-14, 2017,\n  Revised Selected Papers","volume":"10348","author":"Thomas De Cnudde","year":"2017"},{"key":"ref10:DBLP:conf\/icics\/NikovaRR06","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"529","DOI":"10.1007\/11935308_38","article-title":"Threshold Implementations Against Side-Channel Attacks and\n  Glitches","volume-title":"Information and Communications Security, 8th International\n  Conference, ICICS 2006, Raleigh, NC, USA, December 4-7, 2006, Proceedings","volume":"4307","author":"Svetla Nikova","year":"2006"},{"key":"ref11:DBLP:conf\/icisc\/NikovaRS08","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"218","DOI":"10.1007\/978-3-642-00730-9_14","article-title":"Secure Hardware Implementation of Non-linear Functions in\n  the Presence of Glitches","volume-title":"Information Security and Cryptology - ICISC 2008, 11th\n  International Conference, Seoul, Korea, December 3-5, 2008, Revised Selected\n  Papers","volume":"5461","author":"Svetla Nikova","year":"2008"},{"key":"ref12:DBLP:conf\/crypto\/ReparazBNGV15","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"764","DOI":"10.1007\/978-3-662-47989-6_37","article-title":"Consolidating Masking Schemes","volume-title":"Advances in Cryptology - CRYPTO 2015 - 35th Annual\n  Cryptology Conference, Santa Barbara, CA, USA, August 16-20, 2015,\n  Proceedings, Part I","volume":"9215","author":"Oscar Reparaz","year":"2015"},{"key":"ref13:DBLP:conf\/ccs\/GrossMK16","doi-asserted-by":"publisher","first-page":"3","DOI":"10.1145\/2996366.2996426","article-title":"Domain-Oriented Masking: Compact Masked Hardware\n  Implementations with Arbitrary Protection Order","volume-title":"Proceedings of the ACM Workshop on Theory of\n  Implementation Security, TIS@CCS 2016 Vienna, Austria, October, 2016","author":"Hannes Gro\u00df","year":"2016"},{"key":"ref14:DBLP:conf\/ctrsa\/GrossMK17","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"95","DOI":"10.1007\/978-3-319-52153-4_6","article-title":"An Efficient Side-Channel Protected AES Implementation\n  with Arbitrary Protection Order","volume-title":"Topics in Cryptology - CT-RSA 2017 - The Cryptographers'\n  Track at the RSA Conference 2017, San Francisco, CA, USA, February 14-17,\n  2017, Proceedings","volume":"10159","author":"Hannes Gro\u00df","year":"2017"},{"key":"ref15:DBLP:conf\/ches\/GrossM17","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"115","DOI":"10.1007\/978-3-319-66787-4_6","article-title":"Reconciling d+1 Masking in Hardware and Software","volume-title":"Cryptographic Hardware and Embedded Systems - CHES 2017 -\n  19th International Conference, Taipei, Taiwan, September 25-28, 2017,\n  Proceedings","volume":"10529","author":"Hannes Gro\u00df","year":"2017"},{"key":"ref16:DBLP:conf\/asiacrypt\/BilginGNNR14","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"326","DOI":"10.1007\/978-3-662-45608-8_18","article-title":"Higher-Order Threshold Implementations","volume-title":"Advances in Cryptology - ASIACRYPT 2014 - 20th\n  International Conference on the Theory and Application of Cryptology and\n  Information Security, Kaoshiung, Taiwan, R.O.C., December 7-11, 2014,\n  Proceedings, Part II","volume":"8874","author":"Beg\u00fcl Bilgin","year":"2014"},{"key":"ref17:DBLP:journals\/iacr\/Reparaz15","first-page":"1","article-title":"A note on the security of Higher-Order Threshold\n  Implementations","author":"Oscar Reparaz","year":"2015","journal-title":"IACR Cryptol. ePrint Arch."},{"key":"ref18:DBLP:conf\/ccs\/BartheBDFGSZ16","doi-asserted-by":"publisher","first-page":"116","DOI":"10.1145\/2976749.2978427","article-title":"Strong Non-Interference and Type-Directed Higher-Order\n  Masking","volume-title":"Proceedings of the 2016 ACM SIGSAC Conference on\n  Computer and Communications Security, Vienna, Austria, October 24-28, 2016","author":"Gilles Barthe","year":"2016"},{"key":"ref19:DBLP:journals\/tches\/FaustGPPS18","doi-asserted-by":"publisher","first-page":"89","DOI":"10.13154\/tches.v2018.i3.89-120","article-title":"Composable Masking Schemes in the Presence of Physical\n  Defaults & the Robust Probing Model","volume":"2018","author":"Sebastian Faust","year":"2018","journal-title":"IACR Trans. Cryptogr. Hardw. Embed. Syst."},{"key":"ref20:DBLP:journals\/tches\/MoosMSS19","doi-asserted-by":"publisher","first-page":"256","DOI":"10.13154\/tches.v2019.i2.256-292","article-title":"Glitch-Resistant Masking Revisited or Why Proofs in the\n  Robust Probing Model are Needed","volume":"2019","author":"Thorben Moos","year":"2019","journal-title":"IACR Trans. Cryptogr. Hardw. Embed. Syst."},{"key":"ref21:DBLP:journals\/tifs\/CassiersS20","doi-asserted-by":"publisher","first-page":"2542","DOI":"10.1109\/TIFS.2020.2971153","article-title":"Trivially and Efficiently Composing Masked Gadgets With\n  Probe Isolating Non-Interference","volume":"15","author":"Ga\u00ebtan Cassiers","year":"2020","journal-title":"IEEE Trans. Inf. Forensics Secur."},{"key":"ref22:DBLP:journals\/tc\/CassiersGLS21","doi-asserted-by":"publisher","first-page":"1677","DOI":"10.1109\/TC.2020.3022979","article-title":"Hardware Private Circuits: From Trivial Composition to Full\n  Verification","volume":"70","author":"Ga\u00ebtan Cassiers","year":"2021","journal-title":"IEEE Trans. Computers"},{"key":"ref23:DBLP:conf\/ccs\/Knichel022","doi-asserted-by":"publisher","first-page":"1799","DOI":"10.1145\/3548606.3559362","article-title":"Low-Latency Hardware Private Circuits","volume-title":"Proceedings of the 2022 ACM SIGSAC Conference on\n  Computer and Communications Security, CCS 2022, Los Angeles, CA, USA,\n  November 7-11, 2022","author":"David Knichel","year":"2022"},{"key":"ref24:DBLP:journals\/tches\/KnichelM22","doi-asserted-by":"publisher","first-page":"114","DOI":"10.46586\/tches.v2022.i3.114-140","article-title":"Composable Gadgets with Reused Fresh Masks First-Order\n  Probing-Secure Hardware Circuits with only 6 Fresh Masks","volume":"2022","author":"David Knichel","year":"2022","journal-title":"IACR Trans. Cryptogr. Hardw. Embed. Syst."},{"key":"ref25:DBLP:conf\/asiacrypt\/KnichelS020","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"787","DOI":"10.1007\/978-3-030-64837-4_26","article-title":"SILVER - Statistical Independence and Leakage\n  Verification","volume-title":"Advances in Cryptology - ASIACRYPT 2020 - 26th\n  International Conference on the Theory and Application of Cryptology and\n  Information Security, Daejeon, South Korea, December 7-11, 2020, Proceedings,\n  Part I","volume":"12491","author":"David Knichel","year":"2020"},{"key":"ref26:DBLP:journals\/tches\/KnichelMMS22","doi-asserted-by":"publisher","first-page":"589","DOI":"10.46586\/tches.v2022.i1.589-629","article-title":"Automated Generation of Masked Hardware","volume":"2022","author":"David Knichel","year":"2022","journal-title":"IACR Trans. Cryptogr. Hardw. Embed. Syst."},{"key":"ref27:DBLP:journals\/tches\/CassiersS21","doi-asserted-by":"publisher","first-page":"136","DOI":"10.46586\/TCHES.V2021.I2.136-158","article-title":"Provably Secure Hardware Masking in the Transition- and\n  Glitch-Robust Probing Model: Better Safe than Sorry","volume":"2021","author":"Ga\u00ebtan Cassiers","year":"2021","journal-title":"IACR Trans. Cryptogr. Hardw. Embed. Syst."},{"key":"ref28:DBLP:journals\/tches\/KnichelSM22","doi-asserted-by":"publisher","first-page":"323","DOI":"10.46586\/tches.v2022.i1.323-344","article-title":"Generic Hardware Private Circuits Towards Automated\n  Generation of Composable Secure Gadgets","volume":"2022","author":"David Knichel","year":"2022","journal-title":"IACR Trans. Cryptogr. Hardw. Embed. Syst."},{"key":"ref29:DBLP:conf\/cosade\/MominCS22","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"257","DOI":"10.1007\/978-3-030-99766-3_12","article-title":"Handcrafting: Improving Automated Masking in Hardware with\n  Manual Optimizations","volume-title":"Constructive Side-Channel Analysis and Secure Design - 13th\n  International Workshop, COSADE 2022, Leuven, Belgium, April 11-12, 2022,\n  Proceedings","volume":"13211","author":"Charles Momin","year":"2022"},{"key":"ref30:DBLP:conf\/eurocrypt\/BelaidBPPTV16","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"616","DOI":"10.1007\/978-3-662-49896-5_22","article-title":"Randomness Complexity of Private Circuits for\n  Multiplication","volume-title":"Advances in Cryptology - EUROCRYPT 2016 - 35th Annual\n  International Conference on the Theory and Applications of Cryptographic\n  Techniques, Vienna, Austria, May 8-12, 2016, Proceedings, Part II","volume":"9666","author":"Sonia Bela\u00efd","year":"2016"},{"key":"ref31:DBLP:conf\/indocrypt\/JouxD06","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"436","DOI":"10.1007\/11941378_31","article-title":"Galois LFSR, Embedded Devices and Side Channel Weaknesses","volume-title":"Progress in Cryptology - INDOCRYPT 2006, 7th International\n  Conference on Cryptology in India, Kolkata, India, December 11-13, 2006,\n  Proceedings","volume":"4329","author":"Antoine Joux","year":"2006"},{"key":"ref32:DBLP:conf\/indocrypt\/BurmanMV07","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"384","DOI":"10.1007\/978-3-540-77026-8_30","article-title":"LFSR Based Stream Ciphers Are Vulnerable to Power\n  Attacks","volume-title":"Progress in Cryptology - INDOCRYPT 2007, 8th International\n  Conference on Cryptology in India, Chennai, India, December 9-13, 2007,\n  Proceedings","volume":"4859","author":"Sanjay Burman","year":"2007"},{"key":"ref33:DBLP:conf\/space\/ChakrabortyMM14","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"14","DOI":"10.1007\/978-3-319-12060-7_2","article-title":"Fibonacci LFSR vs. Galois LFSR: Which is More Vulnerable\n  to Power Attacks?","volume-title":"Security, Privacy, and Applied Cryptography Engineering -\n  4th International Conference, SPACE 2014, Pune, India, October 18-22, 2014.\n  Proceedings","volume":"8804","author":"Abhishek Chakraborty","year":"2014"},{"key":"ref34:DBLP:conf\/secrypt\/MeranehCBM022","doi-asserted-by":"publisher","first-page":"25","DOI":"10.5220\/0011135300003283","article-title":"Blind Side Channel on the Elephant LFSR","volume-title":"Proceedings of the 19th International Conference on Security\n  and Cryptography, SECRYPT 2022, Lisbon, Portugal, July 11-13, 2022","author":"Awaleh Houssein Meraneh","year":"2022"},{"key":"ref35:NIST_Statistical_Test_Suite","article-title":"A Statistical Test Suite for Random and Pseudorandom Number\n  Generators for Cryptographic Applications - Rev. 1a","author":"Lawrence E. Bassham","year":"2010","journal-title":"NIST Special Publication (SP) 800-22"},{"key":"ref36:DBLP:conf\/ches\/GrossoSF13","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"400","DOI":"10.1007\/978-3-642-40349-1_23","article-title":"Masking vs. Multiparty Computation: How Large Is the Gap for\n  AES?","volume-title":"Cryptographic Hardware and Embedded Systems - CHES 2013 -\n  15th International Workshop, Santa Barbara, CA, USA, August 20-23, 2013.\n  Proceedings","volume":"8086","author":"Vincent Grosso","year":"2013"},{"key":"ref37:DBLP:conf\/cardis\/GrossoSP13","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"33","DOI":"10.1007\/978-3-319-08302-5_3","article-title":"Low Entropy Masking Schemes, Revisited","volume-title":"Smart Card Research and Advanced Applications - 12th\n  International Conference, CARDIS 2013, Berlin, Germany, November 27-29,\n  2013. Revised Selected Papers","volume":"8419","author":"Vincent Grosso","year":"2013"},{"key":"ref38:DBLP:conf\/cardis\/YeE13","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"44","DOI":"10.1007\/978-3-319-08302-5_4","article-title":"On the Vulnerability of Low Entropy Masking Schemes","volume-title":"Smart Card Research and Advanced Applications - 12th\n  International Conference, CARDIS 2013, Berlin, Germany, November 27-29,\n  2013. Revised Selected Papers","volume":"8419","author":"Xin Ye","year":"2013"},{"key":"ref39:DBLP:books\/daglib\/0023872","isbn-type":"print","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-04101-3","article-title":"Understanding Cryptography - A Textbook for Students and\n  Practitioners","author":"Christof Paar","year":"2010","ISBN":"https:\/\/id.crossref.org\/isbn\/9783642041006"},{"key":"ref40:DBLP:conf\/africacrypt\/BilginGNNR14","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"267","DOI":"10.1007\/978-3-319-06734-6_17","article-title":"A More Efficient AES Threshold Implementation","volume-title":"Progress in Cryptology - AFRICACRYPT 2014 - 7th\n  International Conference on Cryptology in Africa, Marrakesh, Morocco, May\n  28-30, 2014. Proceedings","volume":"8469","author":"Beg\u00fcl Bilgin","year":"2014"},{"key":"ref41:DBLP:journals\/tc\/UenoHMMMNBMGD20","doi-asserted-by":"publisher","first-page":"534","DOI":"10.1109\/TC.2019.2957355","article-title":"High Throughput\/Gate AES Hardware Architectures Based on\n  Datapath Compression","volume":"69","author":"Rei Ueno","year":"2020","journal-title":"IEEE Trans. Computers"},{"key":"ref42:DBLP:conf\/ches\/CnuddeRBNNR16","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"194","DOI":"10.1007\/978-3-662-53140-2_10","article-title":"Masking AES with d+1 Shares in Hardware","volume-title":"Cryptographic Hardware and Embedded Systems - CHES 2016 -\n  18th International Conference, Santa Barbara, CA, USA, August 17-19, 2016,\n  Proceedings","volume":"9813","author":"Thomas De Cnudde","year":"2016"},{"key":"ref43:DBLP:conf\/asiacrypt\/BorghoffCGKKKLNPRRTY12","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"208","DOI":"10.1007\/978-3-642-34961-4_14","article-title":"PRINCE - A Low-Latency Block Cipher for Pervasive\n  Computing Applications - Extended Abstract","volume-title":"Advances in Cryptology - ASIACRYPT 2012 - 18th\n  International Conference on the Theory and Application of Cryptology and\n  Information Security, Beijing, China, December 2-6, 2012. Proceedings","volume":"7658","author":"Julia Borghoff","year":"2012"},{"key":"ref44:DBLP:journals\/tches\/SasdrichBHM20","doi-asserted-by":"publisher","first-page":"300","DOI":"10.13154\/tches.v2020.i2.300-326","article-title":"Low-Latency Hardware Masking with Application to AES","volume":"2020","author":"Pascal Sasdrich","year":"2020","journal-title":"IACR Trans. Cryptogr. Hardw. Embed. Syst."},{"key":"ref45:DBLP:conf\/ches\/BertoniDPA10","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"33","DOI":"10.1007\/978-3-642-15031-9_3","article-title":"Sponge-Based Pseudo-Random Number Generators","volume-title":"Cryptographic Hardware and Embedded Systems, CHES 2010,\n  12th International Workshop, Santa Barbara, CA, USA, August 17-20, 2010.\n  Proceedings","volume":"6225","author":"Guido Bertoni","year":"2010"},{"key":"ref46:DBLP:conf\/eurocrypt\/BertoniDPA13","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"313","DOI":"10.1007\/978-3-642-38348-9_19","article-title":"Keccak","volume-title":"Advances in Cryptology - EUROCRYPT 2013, 32nd Annual\n  International Conference on the Theory and Applications of Cryptographic\n  Techniques, Athens, Greece, May 26-30, 2013. Proceedings","volume":"7881","author":"Guido Bertoni","year":"2013"},{"key":"ref47:DBLP:conf\/rfidsec\/KavunY10","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"258","DOI":"10.1007\/978-3-642-16822-2_20","article-title":"A Lightweight Implementation of Keccak Hash Function for\n  Radio-Frequency Identification Applications","volume-title":"Radio Frequency Identification: Security and Privacy Issues\n  - 6th International Workshop, RFIDSec 2010, Istanbul, Turkey, June 8-9, 2010,\n  Revised Selected Papers","volume":"6370","author":"Elif Bilge Kavun","year":"2010"},{"key":"ref48:DBLP:journals\/tches\/Meyer0W18","doi-asserted-by":"publisher","first-page":"596","DOI":"10.13154\/tches.v2018.i3.596-626","article-title":"Spin Me Right Round Rotational Symmetry for FPGA-Specific\n  AES","volume":"2018","author":"Lauren De Meyer","year":"2018","journal-title":"IACR Trans. Cryptogr. Hardw. Embed. Syst."},{"key":"ref49:DBLP:journals\/tches\/Moos19","doi-asserted-by":"publisher","first-page":"202","DOI":"10.13154\/tches.v2019.i3.202-232","article-title":"Static Power SCA of Sub-100 nm CMOS ASICs and the\n  Insecurity of Masking Schemes in Low-Noise Environments","volume":"2019","author":"Thorben Moos","year":"2019","journal-title":"IACR Trans. Cryptogr. Hardw. Embed. Syst."},{"key":"ref50:DBLP:journals\/tches\/ShahmirzadiM21a","doi-asserted-by":"publisher","first-page":"708","DOI":"10.46586\/tches.v2021.i3.708-755","article-title":"Second-Order SCA Security with almost no Fresh\n  Randomness","volume":"2021","author":"Aein Rezaei Shahmirzadi","year":"2021","journal-title":"IACR Trans. Cryptogr. Hardw. Embed. Syst."},{"key":"ref51:DBLP:conf\/cardis\/Picek0RVWCM16","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"209","DOI":"10.1007\/978-3-319-54669-8_13","article-title":"PRNGs for Masking Applications and Their Mapping to\n  Evolvable Hardware","volume-title":"Smart Card Research and Advanced Applications - 15th\n  International Conference, CARDIS 2016, Cannes, France, November 7-9, 2016,\n  Revised Selected Papers","volume":"10146","author":"Stjepan Picek","year":"2016"},{"key":"ref52:DBLP:journals\/tches\/MeyerRB18","doi-asserted-by":"publisher","first-page":"431","DOI":"10.13154\/tches.v2018.i3.431-468","article-title":"Multiplicative Masking for AES in Hardware","volume":"2018","author":"Lauren De Meyer","year":"2018","journal-title":"IACR Trans. Cryptogr. Hardw. Embed. Syst."},{"key":"ref53:DBLP:journals\/tches\/0001RGMV18","doi-asserted-by":"publisher","first-page":"267","DOI":"10.13154\/tches.v2018.i3.267-292","article-title":"ES-TRNG: A High-throughput, Low-area True Random Number\n  Generator based on Edge Sampling","volume":"2018","author":"Bohan Yang","year":"2018","journal-title":"IACR Trans. Cryptogr. Hardw. Embed. Syst."},{"article-title":"Lightweight Cryptography","year":"2017","author":"National Institute of Standards","key":"ref54:NISTLWC"},{"article-title":"eSTREAM: the ECRYPT Stream Cipher Project","year":"2004","author":"European Network of Excellence in Cryptology (ECRYPT)","key":"ref55:ESTREAM"},{"key":"ref56:DBLP:journals\/tosc\/DaemenMMR20","doi-asserted-by":"publisher","first-page":"262","DOI":"10.13154\/tosc.v2020.iS1.262-294","article-title":"The Subterranean 2.0 Cipher Suite","volume":"2020","author":"Joan Daemen","year":"2020","journal-title":"IACR Trans. Symmetric Cryptol."},{"key":"ref57:DBLP:journals\/iacr\/AagaardZ21","first-page":"49","article-title":"ASIC Benchmarking of Round 2 Candidates in the NIST\n  Lightweight Cryptography Standardization Process: (Preliminary Results)","author":"Mark D. Aagaard","year":"2021","journal-title":"IACR Cryptol. ePrint Arch."},{"key":"ref58:DBLP:conf\/ches\/BernsteinKLMMN017","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"299","DOI":"10.1007\/978-3-319-66787-4_15","article-title":"Gimli : A Cross-Platform Permutation","volume-title":"Cryptographic Hardware and Embedded Systems - CHES 2017 -\n  19th International Conference, Taipei, Taiwan, September 25-28, 2017,\n  Proceedings","volume":"10529","author":"Daniel J. Bernstein","year":"2017"},{"key":"ref59:DBLP:journals\/tches\/LeanderMMR21","doi-asserted-by":"publisher","first-page":"510","DOI":"10.46586\/tches.v2021.i4.510-545","article-title":"The SPEEDY Family of Block Ciphers Engineering an Ultra\n  Low-Latency Cipher from Gate Level for Secure Processor Architectures","volume":"2021","author":"Gregor Leander","year":"2021","journal-title":"IACR Trans. Cryptogr. Hardw. Embed. Syst."},{"key":"ref60:DBLP:conf\/isw\/Canniere06","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"171","DOI":"10.1007\/11836810_13","article-title":"Trivium: A Stream Cipher Construction Inspired by Block\n  Cipher Design Principles","volume-title":"Information Security, 9th International Conference, ISC\n  2006, Samos Island, Greece, August 30 - September 2, 2006, Proceedings","volume":"4176","author":"Christophe De Canni\u00e8re","year":"2006"},{"key":"ref61:DBLP:series\/lncs\/CanniereP08","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"244","DOI":"10.1007\/978-3-540-68351-3_18","article-title":"Trivium","volume-title":"New Stream Cipher Designs - The eSTREAM Finalists","volume":"4986","author":"Christophe De Canni\u00e8re","year":"2008"},{"key":"ref62:raddum2006cryptanalytic","article-title":"Cryptanalytic results on Trivium","author":"Havard Raddum","year":"2006","journal-title":"eSTREAM, ECRYPT Stream Cipher Project, Report 2006\/039"},{"key":"ref63:DBLP:conf\/fse\/CanteautCFLNPS16","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"313","DOI":"10.1007\/978-3-662-52993-5_16","article-title":"Stream Ciphers: A Practical Solution for Efficient\n  Homomorphic-Ciphertext Compression","volume-title":"Fast Software Encryption - 23rd International Conference,\n  FSE 2016, Bochum, Germany, March 20-23, 2016, Revised Selected Papers","volume":"9783","author":"Anne Canteaut","year":"2016"},{"key":"ref64:DBLP:journals\/ijwmc\/HellJM07","doi-asserted-by":"publisher","first-page":"86","DOI":"10.1504\/IJWMC.2007.013798","article-title":"Grain: a stream cipher for constrained environments","volume":"2","author":"Martin Hell","year":"2007","journal-title":"Int. J. Wirel. Mob. Comput."},{"key":"ref65:DBLP:conf\/isit\/Hell0MM06","doi-asserted-by":"publisher","first-page":"1614","DOI":"10.1109\/ISIT.2006.261549","article-title":"A Stream Cipher Proposal: Grain-128","volume-title":"Proceedings 2006 IEEE International Symposium on\n  Information Theory, ISIT 2006, The Westin Seattle, Seattle, Washington,\n  USA, July 9-14, 2006","author":"Martin Hell","year":"2006"},{"key":"ref66:DBLP:series\/lncs\/BabbageD08","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"191","DOI":"10.1007\/978-3-540-68351-3_15","article-title":"The MICKEY Stream Ciphers","volume-title":"New Stream Cipher Designs - The eSTREAM Finalists","volume":"4986","author":"Steve Babbage","year":"2008"},{"key":"ref67:DBLP:series\/lncs\/GoodB08","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"267","DOI":"10.1007\/978-3-540-68351-3_19","article-title":"ASIC Hardware Performance","volume-title":"New Stream Cipher Designs - The eSTREAM Finalists","volume":"4986","author":"Tim Good","year":"2008"},{"article-title":"Hardware Evaluation of Estream Candidates","year":"2006","author":"Frank K. G\u00fcrkaynak","key":"ref68:Grkaynak2006HardwareEO"},{"article-title":"FPGA Implementations of eSTREAM Phase-2 Focus Candidates\n  with Hardware Profile","year":"2007","author":"Philippe Bulens","key":"ref69:Bulens2007FPGAIO"},{"article-title":"Comparison of hardware performance of selected Phase II\n  eSTREAM candidates","year":"2007","author":"Kris Gaj","key":"ref70:Gaj2007ComparisonOH"},{"article-title":"Hardware evaluation of eSTREAM Candidates: Grain, Lex,\n  Mickey128, Salsa20 and Trivium","year":"2007","author":"Marcin Rogawski","key":"ref71:Rogawski2007HardwareEO"},{"article-title":"Comparison of FPGA-Targeted Hardware Implementations of\n  eSTREAM Stream Cipher Candidates","year":"2008","author":"David Hwang","key":"ref72:Hwang2008ComparisonOF"},{"key":"ref73:DBLP:journals\/mam\/KitsosSPS13","doi-asserted-by":"publisher","first-page":"235","DOI":"10.1016\/j.micpro.2012.09.007","article-title":"FPGA-based performance analysis of stream ciphers ZUC,\n  Snow3g, Grain V1, Mickey V2, Trivium and E0","volume":"37","author":"Paris Kitsos","year":"2013","journal-title":"Microprocess. Microsystems"},{"key":"ref74:DBLP:journals\/mam\/LiLL20","doi-asserted-by":"publisher","first-page":"103210","DOI":"10.1016\/j.micpro.2020.103210","article-title":"FPGA implementations of Grain v1, Mickey 2.0, Trivium,\n  Lizard and Plantlet","volume":"78","author":"Bohan Li","year":"2020","journal-title":"Microprocess. Microsystems"},{"key":"ref75:DBLP:conf\/crypto\/TodoIMAZ18","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"129","DOI":"10.1007\/978-3-319-96881-0_5","article-title":"Fast Correlation Attack Revisited - Cryptanalysis on Full\n  Grain-128a, Grain-128, and Grain-v1","volume-title":"Advances in Cryptology - CRYPTO 2018 - 38th Annual\n  International Cryptology Conference, Santa Barbara, CA, USA, August 19-23,\n  2018, Proceedings, Part II","volume":"10992","author":"Yosuke Todo","year":"2018"},{"key":"ref76:DBLP:journals\/jce\/MedwedS11","doi-asserted-by":"publisher","first-page":"231","DOI":"10.1007\/S13389-011-0014-Y","article-title":"Extractors against side-channel attacks: weak or strong?","volume":"1","author":"Marcel Medwed","year":"2011","journal-title":"J. Cryptogr. Eng."},{"key":"ref77:DBLP:reference\/crypt\/Canteaut11c","doi-asserted-by":"publisher","first-page":"261","DOI":"10.1007\/978-1-4419-5906-5_339","article-title":"Correlation Attack for Stream Ciphers","volume-title":"Encyclopedia of Cryptography and Security, 2nd Ed","author":"Anne Canteaut","year":"2011"},{"key":"ref78:DBLP:conf\/ches\/BattistelloCPZ16","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"23","DOI":"10.1007\/978-3-662-53140-2_2","article-title":"Horizontal Side-Channel Attacks and Countermeasures on the\n  ISW Masking Scheme","volume-title":"Cryptographic Hardware and Embedded Systems - CHES 2016 -\n  18th International Conference, Santa Barbara, CA, USA, August 17-19, 2016,\n  Proceedings","volume":"9813","author":"Alberto Battistello","year":"2016"},{"key":"ref79:DBLP:conf\/ches\/FischerD02","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"415","DOI":"10.1007\/3-540-36400-5_30","article-title":"True Random Number Generator Embedded in Reconfigurable\n  Hardware","volume-title":"Cryptographic Hardware and Embedded Systems - CHES 2002,\n  4th International Workshop, Redwood Shores, CA, USA, August 13-15, 2002,\n  Revised Papers","volume":"2523","author":"Viktor Fischer","year":"2002"},{"key":"ref80:DBLP:conf\/ches\/FischerL14","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"527","DOI":"10.1007\/978-3-662-44709-3_29","article-title":"Embedded Evaluation of Randomness in Oscillator Based\n  Elementary TRNG","volume-title":"Cryptographic Hardware and Embedded Systems - CHES 2014 -\n  16th International Workshop, Busan, South Korea, September 23-26, 2014.\n  Proceedings","volume":"8731","author":"Viktor Fischer","year":"2014"},{"key":"ref81:DBLP:conf\/fpl\/PeturaMBFB16","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1109\/FPL.2016.7577379","article-title":"A survey of AIS-20\/31 compliant TRNG cores suitable for\n  FPGA devices","volume-title":"26th International Conference on Field Programmable Logic\n  and Applications, FPL 2016, Lausanne, Switzerland, August 29 - September 2,\n  2016","author":"Oto Petura","year":"2016"},{"key":"ref82:DBLP:conf\/focs\/BlumM82","doi-asserted-by":"publisher","first-page":"112","DOI":"10.1109\/SFCS.1982.72","article-title":"How to Generate Cryptographically Strong Sequences of Pseudo\n  Random Bits","volume-title":"23rd Annual Symposium on Foundations of Computer Science,\n  Chicago, Illinois, USA, 3-5 November 1982","author":"Manuel Blum","year":"1982"},{"key":"ref83:DBLP:conf\/ccs\/YuSPY10","doi-asserted-by":"publisher","first-page":"141","DOI":"10.1145\/1866307.1866324","article-title":"Practical leakage-resilient pseudorandom generators","volume-title":"Proceedings of the 17th ACM Conference on Computer and\n  Communications Security, CCS 2010, Chicago, Illinois, USA, October 4-8,\n  2010","author":"Yu Yu","year":"2010"},{"key":"ref84:DBLP:series\/isc\/StandaertPYQYO10","series-title":"Information Security and Cryptography","doi-asserted-by":"publisher","first-page":"99","DOI":"10.1007\/978-3-642-14452-3_5","article-title":"Leakage Resilient Cryptography in Practice","volume-title":"Towards Hardware-Intrinsic Security - Foundations and\n  Practice","author":"Fran\u00e7ois-Xavier Standaert","year":"2010"},{"key":"ref85:DBLP:conf\/crypto\/BelliziaBCGGMPP20","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"369","DOI":"10.1007\/978-3-030-56784-2_13","article-title":"Mode-Level vs. Implementation-Level Physical Security in\n  Symmetric Cryptography - A Practical Guide Through the Leakage-Resistance\n  Jungle","volume-title":"Advances in Cryptology - CRYPTO 2020 - 40th Annual\n  International Cryptology Conference, CRYPTO 2020, Santa Barbara, CA, USA,\n  August 17-21, 2020, Proceedings, Part I","volume":"12170","author":"Davide Bellizia","year":"2020"},{"key":"ref86:DBLP:conf\/sacrypt\/MaximovB07","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"36","DOI":"10.1007\/978-3-540-77360-3_3","article-title":"Two Trivial Attacks on Trivium","volume-title":"Selected Areas in Cryptography, 14th International Workshop,\n  SAC 2007, Ottawa, Canada, August 16-17, 2007, Revised Selected Papers","volume":"4876","author":"Alexander Maximov","year":"2007"},{"key":"ref87:DBLP:conf\/africacrypt\/HuangL11","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"77","DOI":"10.1007\/978-3-642-21969-6_5","article-title":"Attacking Bivium and Trivium with the Characteristic Set\n  Method","volume-title":"Progress in Cryptology - AFRICACRYPT 2011 - 4th\n  International Conference on Cryptology in Africa, Dakar, Senegal, July 5-7,\n  2011. Proceedings","volume":"6737","author":"Zhenyu Huang","year":"2011"},{"key":"ref88:DBLP:conf\/space\/ShahapureSD19","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"34","DOI":"10.1007\/978-3-030-35869-3_5","article-title":"Internal State Recovery Attack on Stream Ciphers: Breaking\n  BIVIUM","volume-title":"Security, Privacy, and Applied Cryptography Engineering -\n  9th International Conference, SPACE 2019, Gandhinagar, India, December 3-7,\n  2019, Proceedings","volume":"11947","author":"Shravani Shahapure","year":"2019"},{"key":"ref89:DBLP:journals\/tosc\/BanikMAIMBWR18","doi-asserted-by":"publisher","first-page":"1","DOI":"10.13154\/TOSC.V2018.I2.1-19","article-title":"Towards Low Energy Stream Ciphers","volume":"2018","author":"Subhadeep Banik","year":"2018","journal-title":"IACR Trans. Symmetric Cryptol."},{"key":"ref90:DBLP:journals\/sncs\/LeviBS22","doi-asserted-by":"publisher","first-page":"321","DOI":"10.1007\/s42979-022-01219-5","article-title":"Tight-ES-TRNG: Improved Construction and Robustness\n  Analysis","volume":"3","author":"Itamar Levi","year":"2022","journal-title":"SN Comput. Sci."},{"key":"ref91:DBLP:conf\/async\/CherkaouiFAF13","doi-asserted-by":"publisher","first-page":"99","DOI":"10.1109\/ASYNC.2013.15","article-title":"A Self-Timed Ring Based True Random Number Generator","volume-title":"19th IEEE International Symposium on Asynchronous Circuits\n  and Systems, ASYNC 2013, Santa Monica, CA, USA, May 19-22, 2013","author":"Abdelkarim Cherkaoui","year":"2013"},{"key":"ref92:DBLP:conf\/ches\/CherkaouiFFA13","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"179","DOI":"10.1007\/978-3-642-40349-1_11","article-title":"A Very High Speed True Random Number Generator with Entropy\n  Assessment","volume-title":"Cryptographic Hardware and Embedded Systems - CHES 2013 -\n  15th International Workshop, Santa Barbara, CA, USA, August 20-23, 2013.\n  Proceedings","volume":"8086","author":"Abdelkarim Cherkaoui","year":"2013"},{"key":"ref93:DBLP:conf\/crypto\/DziembowskiFHJM16","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"272","DOI":"10.1007\/978-3-662-53008-5_10","article-title":"Towards Sound Fresh Re-keying with Hard (Physical) Learning\n  Problems","volume-title":"Advances in Cryptology - CRYPTO 2016 - 36th Annual\n  International Cryptology Conference, Santa Barbara, CA, USA, August 14-18,\n  2016, Proceedings, Part II","volume":"9815","author":"Stefan Dziembowski","year":"2016"},{"article-title":"A pedagogical implementation of A5\/1","year":"1998","author":"Marc Briceno","key":"ref94:A511998"},{"key":"ref95:DBLP:books\/daglib\/0078909","isbn-type":"print","volume-title":"Applied cryptography - protocols, algorithms, and source\n  code in C, 2nd Edition","author":"Bruce Schneier","year":"1996","ISBN":"https:\/\/id.crossref.org\/isbn\/9780471117094"},{"key":"ref96:E02001","article-title":"Specification of the Bluetooth System - Version 1.1"},{"key":"ref97:DBLP:conf\/indocrypt\/BihamD00","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"43","DOI":"10.1007\/3-540-44495-5_5","article-title":"Cryptanalysis of the A5\/1 GSM Stream Cipher","volume-title":"Progress in Cryptology - INDOCRYPT 2000, First\n  International Conference in Cryptology in India, Calcutta, India, December\n  10-13, 2000, Proceedings","volume":"1977","author":"Eli Biham","year":"2000"},{"key":"ref98:SNOW3G2006","article-title":"Specification of the 3GPP Confidentiality and Integrity\n  Algorithms UEA2 & UIA2. Document 2: SNOW 3G Specification"},{"article-title":"Phelix: Fast Encryption and Authentication in a Single\n  Cryptographic Primitive","year":"2005","author":"Doug Whiting","key":"ref99:Phelix2005"},{"key":"ref100:DBLP:series\/lncs\/Biryukov08","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"48","DOI":"10.1007\/978-3-540-68351-3_5","article-title":"Design of a New Stream Cipher-LEX","volume-title":"New Stream Cipher Designs - The eSTREAM Finalists","volume":"4986","author":"Alex Biryukov","year":"2008"},{"article-title":"The Achterbahn Stream Cipher","year":"2005","author":"Berndt M. Gammel","key":"ref101:Achterbahn2005"},{"article-title":"The self-synchronizing stream cipher Mosquito: eSTREAM\n  documentation, version 2","year":"2005","author":"Joan Daemen","key":"ref102:MOSQUITO2005"},{"article-title":"SFINKS: A Synchronous Stream Cipher for Restricted Hardware\n  Environments","year":"2005","author":"An Braeken","key":"ref103:SFINKS2005"},{"article-title":"VEST - Hardware-Dedicated Stream Ciphers","year":"2005","author":"Sean O'Neil","key":"ref104:VEST2005"},{"article-title":"ZK-Crypt - a Compact Stream Cipher and more","year":"2005","author":"Carmi Gressel","key":"ref105:ZK-Crypt2005"},{"key":"ref106:DBLP:series\/lncs\/BerbainBCCDGGGGLMPS08","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"140","DOI":"10.1007\/978-3-540-68351-3_11","article-title":"Decimv2","volume-title":"New Stream Cipher Designs - The eSTREAM Finalists","volume":"4986","author":"C\u00f4me Berbain","year":"2008"},{"key":"ref107:DBLP:series\/lncs\/GligoroskiMK08","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"152","DOI":"10.1007\/978-3-540-68351-3_12","article-title":"The Stream Cipher Edon80","volume-title":"New Stream Cipher Designs - The eSTREAM Finalists","volume":"4986","author":"Danilo Gligoroski","year":"2008"},{"key":"ref108:DBLP:series\/lncs\/ArnaultBL08","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"170","DOI":"10.1007\/978-3-540-68351-3_13","article-title":"F-FCSR Stream Ciphers","volume-title":"New Stream Cipher Designs - The eSTREAM Finalists","volume":"4986","author":"Fran\u00e7ois Arnault","year":"2008"},{"key":"ref109:DBLP:series\/lncs\/DaemenK08","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"210","DOI":"10.1007\/978-3-540-68351-3_16","article-title":"The Self-synchronizing Stream Cipher Moustique","volume-title":"New Stream Cipher Designs - The eSTREAM Finalists","volume":"4986","author":"Joan Daemen","year":"2008"},{"key":"ref110:DBLP:series\/lncs\/JansenHK08","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"224","DOI":"10.1007\/978-3-540-68351-3_17","article-title":"Cascade Jump Controlled Sequence Generator and Pomaranch\n  Stream Cipher","volume-title":"New Stream Cipher Designs - The eSTREAM Finalists","volume":"4986","author":"Cees J. A. Jansen","year":"2008"},{"key":"ref111:DBLP:series\/lncs\/Bernstein08","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"84","DOI":"10.1007\/978-3-540-68351-3_8","article-title":"The Salsa20 Family of Stream Ciphers","volume-title":"New Stream Cipher Designs - The eSTREAM Finalists","volume":"4986","author":"Daniel J. Bernstein","year":"2008"},{"key":"ref112:ZUC2011","article-title":"Specification of the 3GPP Confidentiality and Integrity\n  Algorithms 128-EEA3 & 128-EIA3. Document 2: ZUC Specification"},{"key":"ref113:DBLP:journals\/tosc\/MikhalevAM16","doi-asserted-by":"publisher","first-page":"52","DOI":"10.13154\/tosc.v2016.i2.52-79","article-title":"On Ciphers that Continuously Access the Non-Volatile Key","volume":"2016","author":"Vasily Mikhalev","year":"2016","journal-title":"IACR Trans. Symmetric Cryptol."},{"key":"ref114:DBLP:journals\/tosc\/HamannKM17","doi-asserted-by":"publisher","first-page":"45","DOI":"10.13154\/tosc.v2017.i1.45-79","article-title":"LIZARD - A Lightweight Stream Cipher for\n  Power-constrained Devices","volume":"2017","author":"Matthias Hamann","year":"2017","journal-title":"IACR Trans. Symmetric Cryptol."},{"key":"ref115:DBLP:conf\/acns\/BanikCM23","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"178","DOI":"10.1007\/978-3-031-33488-7_7","article-title":"Near Collision Attack Against Grain V1","volume-title":"Applied Cryptography and Network Security - 21st\n  International Conference, ACNS 2023, Kyoto, Japan, June 19-22, 2023,\n  Proceedings, Part I","volume":"13905","author":"Subhadeep Banik","year":"2023"},{"article-title":"Susceptibility of eSTREAM Candidates towards Side Channel\n  Analysis","year":"2008","author":"Benedikt Gierlichs","key":"ref116:Gierlichs2008SusceptibilityOE"},{"key":"ref117:DBLP:reference\/crypt\/Canteaut11e","doi-asserted-by":"publisher","first-page":"458","DOI":"10.1007\/978-1-4419-5906-5_349","article-title":"Filter Generator","volume-title":"Encyclopedia of Cryptography and Security, 2nd Ed","author":"Anne Canteaut","year":"2011"},{"key":"ref118:DBLP:reference\/crypt\/Canteaut11b","doi-asserted-by":"publisher","first-page":"222","DOI":"10.1007\/978-1-4419-5906-5_338","article-title":"Combination Generator","volume-title":"Encyclopedia of Cryptography and Security, 2nd Ed","author":"Anne Canteaut","year":"2011"},{"key":"ref119:DBLP:reference\/crypt\/Fontaine11","doi-asserted-by":"publisher","first-page":"211","DOI":"10.1007\/978-1-4419-5906-5_337","article-title":"Clock-Controlled Generator","volume-title":"Encyclopedia of Cryptography and Security, 2nd Ed","author":"Caroline Fontaine","year":"2011"},{"key":"ref120:DBLP:reference\/crypt\/Fontaine11h","doi-asserted-by":"publisher","first-page":"1197","DOI":"10.1007\/978-1-4419-5906-5_373","article-title":"Shrinking Generator","volume-title":"Encyclopedia of Cryptography and Security, 2nd Ed","author":"Caroline Fontaine","year":"2011"},{"key":"ref121:ascon","article-title":"Status Update on Ascon v1. 2","author":"Christoph Dobraunig","year":"2020","journal-title":"Submission to the NIST LWC competition"},{"article-title":"Efficient Shift Registers, LFSR Counters, and\n  Long-Pseudo-Random Generators","year":"1996","author":"P Alfke","key":"ref122:lfsr"},{"key":"ref123:DBLP:journals\/tches\/MullerM22","doi-asserted-by":"publisher","first-page":"311","DOI":"10.46586\/tches.v2022.i4.311-348","article-title":"PROLEAD A Probing-Based Hardware Leakage Detection\n  Tool","volume":"2022","author":"Nicolai M\u00fcller","year":"2022","journal-title":"IACR Trans. Cryptogr. Hardw. Embed. Syst."},{"key":"ref124:DBLP:conf\/ches\/SchneiderM15","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"495","DOI":"10.1007\/978-3-662-48324-4_25","article-title":"Leakage Assessment Methodology - A Clear Roadmap for\n  Side-Channel Evaluations","volume-title":"Cryptographic Hardware and Embedded Systems - CHES 2015 -\n  17th International Workshop, Saint-Malo, France, September 13-16, 2015,\n  Proceedings","volume":"9293","author":"Tobias Schneider","year":"2015"},{"key":"ref125:DBLP:journals\/tches\/KumarDBSJBB22","doi-asserted-by":"publisher","first-page":"166","DOI":"10.46586\/tches.v2022.i2.166-191","article-title":"Side Channel Attack On Stream Ciphers: A Three-Step\n  Approach To State\/Key Recovery","volume":"2022","author":"Satyam Kumar","year":"2022","journal-title":"IACR Trans. Cryptogr. Hardw. Embed. Syst."},{"key":"ref126:DBLP:conf\/ches\/RenauldSV09","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"97","DOI":"10.1007\/978-3-642-04138-9_8","article-title":"Algebraic Side-Channel Attacks on the AES: Why Time also\n  Matters in DPA","volume-title":"Cryptographic Hardware and Embedded Systems - CHES 2009,\n  11th International Workshop, Lausanne, Switzerland, September 6-9, 2009,\n  Proceedings","volume":"5747","author":"Mathieu Renauld","year":"2009"},{"key":"ref127:DBLP:conf\/ches\/BelaidCFGKP15","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"395","DOI":"10.1007\/978-3-662-48324-4_20","article-title":"Improved Side-Channel Analysis of Finite-Field\n  Multiplication","volume-title":"Cryptographic Hardware and Embedded Systems - CHES 2015 -\n  17th International Workshop, Saint-Malo, France, September 13-16, 2015,\n  Proceedings","volume":"9293","author":"Sonia Bela\u00efd","year":"2015"},{"key":"ref128:DBLP:conf\/asiacrypt\/BelaidFG14","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"306","DOI":"10.1007\/978-3-662-45608-8_17","article-title":"Side-Channel Analysis of Multiplications in GF(2128) -\n  Application to AES-GCM","volume-title":"Advances in Cryptology - ASIACRYPT 2014 - 20th\n  International Conference on the Theory and Application of Cryptology and\n  Information Security, Kaoshiung, Taiwan, R.O.C., December 7-11, 2014,\n  Proceedings, Part II","volume":"8874","author":"Sonia Bela\u00efd","year":"2014"}],"container-title":["IACR Communications in Cryptology"],"original-title":[],"language":"en","deposited":{"date-parts":[[2024,12,10]],"date-time":"2024-12-10T21:26:52Z","timestamp":1733866012000},"score":1,"resource":{"primary":{"URL":"https:\/\/cic.iacr.org\/p\/1\/2\/4"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2024,7,8]]},"references-count":128,"URL":"https:\/\/doi.org\/10.62056\/akdkp2fgx","archive":["Internet Archive","Internet Archive"],"relation":{},"ISSN":["3006-5496"],"issn-type":[{"type":"electronic","value":"3006-5496"}],"subject":[],"published":{"date-parts":[[2024,7,8]]},"assertion":[{"value":"2024-01-09","order":0,"name":"received","label":"Received","group":{"name":"publication_history","label":"Publication History"}},{"value":"2024-06-04","order":1,"name":"accepted","label":"Accepted","group":{"name":"publication_history","label":"Publication History"}}],"article-number":"cc1-1-93"}}