[AAB+ 20] Erdem Alkim, Roberto Avanzi, Joppe Bos, Léo Ducas, Antonio de la Piedra, Thomas Pöppelmann, Peter Schwavbe, Douglas Stebila, Martin R. Albrecht, Emmanuela Orsini, Valery Osheter, Kenneth G. Paterson, Guy Peer, and Nigel P. Smart. NewHope algorithm specifications and supporting documenta-tion. https://newhopecrypto.org/data/NewHope_2020_04_10.pdf, 2020. 2020-04-10.
[ABD+ 21a] Erdem Alkim, Joppe W. Bos, Léo Ducas, Patrick Longa, Ilya Mirono, Micheal Naehri, Valeria Nikolaenko, Chris Peikert, Ananth Raghunathan, and Douglas Stebila. FrodoKEM learning with errors key encapsula-tion. https://frodokem.org/files/FrodoKEM-specification-20210604. pdf, 2021. 2021-06-04.
[ABD+ 21b] Roberto Avanzi, Joppe Bos, Léo Ducas, Eike Kiltz, Tancrède Lep-oint, Vadim Lyubashevsky, John M. Schanck, Peter Schwabe, Gregor Seiler, and Damien Stehlé. CRYSTALS-Kyber algorithm specifications and supporting documentation. https://pq-crystals.org/kyber/data/kyber-specification-round3-20210804.pdf, 2021. 2021-08-04.
[AMS+ 11] Frederik Armknecht, Roel Maes, Ahmad-Reza Sadeghi, François-Xavier Stan-daert, and Christian Wachsmann. A formalization of the security features of physical functions. In 32nd IEEE Symposium on Security and Privacy, S&P 2011, 22-25 May 2011, Berkeley, California, USA, pages 397–412. IEEE Computer Society, 2011.
[APS15] Martin R. Albrecht, Rachel Player, and Sam Scott. On the concrete hardness of learning with errors. J. Math. Cryptol., 9(3):169–203, 2015.
[Bar86] Paul Barrett. Implementing the rivest shamir and adleman public key encryption algorithm on a standard digital signal processor. In Andrew M. Odlyzko, editor, Advances in Cryptology-CRYPTO ’86, Santa Barbara, California, USA, 1986, Proceedings, volume 263 of Lecture Notes in Computer Science, pages 311–323. Springer, 1986.
[BCNS15] Joppe W. Bos, Craig Costello, Michael Naehrig, and Douglas Stebila. Post-quantum key exchange for the TLS protocol from the ring learning with errors problem. In 2015 IEEE Symposium on Security and Privacy, SP 2015, San Jose, CA, USA, May 17-21, 2015, pages 553–570. IEEE Computer Society, 2015.
[BGR+ 21] Joppe W. Bos, Marc Gourjon, Joost Renes, Tobias Schneider, and Christine van Vredendaal. Masking kyber: First-and higher-order implementations. IACR Trans. Cryptogr. Hardw. Embed. Syst., 2021(4):173–214, 2021.
[BGV12] Zvika Brakerski, Craig Gentry, and Vinod Vaikuntanathan. (leveled) fully homomorphic encryption without bootstrapping. In ITCS, pages 309–325. ACM, 2012.
[BHK+ 21] Davide Bellizia, Clément Hoffmann, Dina Kamel, Hanlin Liu, Pierrick Méaux, François-Xavier Standaert, and Yu Yu. Learning parity with physical noise: Imperfections, reductions and FPGA prototype. IACR Trans. Cryptogr. Hardw. Embed. Syst., 2021(3):390–417, 2021.
[BHLY16] Leon Groot Bruinderink, Andreas Hülsing, Tanja Lange, and Yuval Yarom. Flush, gauss, and reload-A cache attack on the BLISS lattice-based signature scheme. In Benedikt Gierlichs and Axel Y. Poschmann, editors, Cryptographic Hardware and Embedded Systems-CHES 2016-18th International Confer-ence, Santa Barbara, CA, USA, August 17-19, 2016, Proceedings, volume 9813 of Lecture Notes in Computer Science, pages 323–345. Springer, 2016.
[BLP+ 13] Zvika Brakerski, Adeline Langlois, Chris Peikert, Oded Regev, and Damien Stehlé. Classical hardness of learning with errors. In Dan Boneh, Tim Rough-garden, and Joan Feigenbaum, editors, Symposium on Theory of Computing Conference, STOC’13, Palo Alto, CA, USA, June 1-4, 2013, pages 575–584. ACM, 2013.
[BV11] Zvika Brakerski and Vinod Vaikuntanathan. Efficient fully homomorphic encryption from (standard) LWE. In FOCS, pages 97–106. IEEE Computer Society, 2011.
[CBG+ 17] Thomas De Cnudde, Begül Bilgin, Benedikt Gierlichs, Ventzislav Nikov, Svetla Nikova, and Vincent Rijmen. Does coupling affect the security of masked implementations? In COSADE, volume 10348 of Lecture Notes in Computer Science, pages 1–18. Springer, 2017.
[DKL+ 18] Léo Ducas, Eike Kiltz, Tancrède Lepoint, Vadim Lyubashevsky, Peter Schwabe, Gregor Seiler, and Damien Stehlé. Crystals-dilithium: A lattice-based digital signature scheme. IACR Trans. Cryptogr. Hardw. Embed. Syst., 2018(1):238– 268, 2018.
[DKRV18] Jan-Pieter D’Anvers, Angshuman Karmakar, Sujoy Sinha Roy, and Frederik Vercauteren. Saber: Module-lwr based key exchange, cpa-secure encryption and cca-secure KEM. In AFRICACRYPT, volume 10831 of Lecture Notes in Computer Science, pages 282–305. Springer, 2018.
[DLL+ 21] Léo Ducas, Tancrede Lepoint, Vadim Lyubashevsky, Peter Schwabe, Gregor Seiler, and Damien Stehlé. CRYSTALS-Dilithium algorithm specifications and supporting documentation. 2021. 2021-02-08.
[DMG21] BaKhacTrieu Dang, Kamyar Mohajerani, and Kris Gaj. High-speed hardware architectures and fair fpga benchmarking. In Third PQC Standardization Conference, June 7-9, 2021, 2021.
[DT14] Constantin Catalin Dragan and Ferucio Laurentiu Tiplea. Efficient key-policy attribute-based encryption for general boolean circuits from multilinear maps. IACR Cryptol. ePrint Arch., page 462, 2014.
[EFGT17] Thomas Espitau, Pierre-Alain Fouque, Benoît Gérard, and Mehdi Tibouchi. Side-channel attacks on BLISS lattice-based signatures: Exploiting branch tracing against strongswan and electromagnetic emanations in microcontrollers. In Bhavani M. Thuraisingham, David Evans, Tal Malkin, and Dongyan Xu, editors, Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security, CCS 2017, Dal las, TX, USA, October 30-November 03, 2017, pages 1857–1874. ACM, 2017.
[FO99] Eiichiro Fujisaki and Tatsuaki Okamoto. Secure integration of asymmetric and symmetric encryption schemes. In CRYPTO, volume 1666 of Lecture Notes in Computer Science, pages 537–554. Springer, 1999.
[GMK17] Hannes Groß, Stefan Mangard, and Thomas Korak. An efficient side-channel protected AES implementation with arbitrary protection order. In CT-RSA, volume 10159 of Lecture Notes in Computer Science, pages 95–112. Springer, 2017.
[GSW13] Craig Gentry, Amit Sahai, and Brent Waters. Homomorphic encryption from learning with errors: Conceptually-simpler, asymptotically-faster, attribute-based. In CRYPTO (1), volume 8042 of Lecture Notes in Computer Science, pages 75–92. Springer, 2013.
[Har09] David Harvey. Faster polynomial multiplication via multipoint kronecker substitution. J. Symb. Comput., 44(10):1502–1510, 2009.
[KBBS20] Dina Kamel, Davide Bellizia, Olivier Bronchain, and François-Xavier Stan-daert. Side-channel analysis of a learning parity with physical noise processor. J. Cryptogr. Eng., pages 1–9, 2020.
[KBS+ 18] Dina Kamel, Davide Bellizia, François-Xavier Standaert, Denis Flandre, and David Bol. Demonstrating an LPPN processor. In ASHESCCS, pages 18–23. ACM, 2018.
[KKB+ 22] Dur-e-Shahwar Kundi, Ayesha Khalid, Song Bian, Chenghua Wang, Máire O’Neill, and Weiqiang Liu. Axrlwe: A multilevel approximate ring-lwe co-processor for lightweight iot applications. IEEE Internet Things J., 9(13):10492–10501, 2022.
[KO63] Anatoly A. Karatsuba and Y. Ofman. Multiplication of multidigit numbers on automata. Soviet Physics Doklady, 7:595–596, 1963. URL: http://cr.yp.to/bib/entries.html#1963/karatsuba.
[KSD+ 20] Dina Kamel, François-Xavier Standaert, Alexandre Duc, Denis Flandre, and Francesco Berti. Learning with physical noise or errors. IEEE Trans. Dependable Secur. Comput., 17(5):957–971, 2020.
[KW52] William H. Kruskal and W. Allen Wallis. Use of ranks in one-criterion variance analysis. Journal of the American Statistical Association, 47(260):583–621, 1952.
[LN16] Patrick Longa and Michael Naehrig. Speeding up the number theoretic trans-form for faster ideal lattice-based cryptography. In Sara Foresti and Giuseppe Persiano, editors, Cryptology and Network Security-15th International Con-ference, CANS 2016, Milan, Italy, November 14-16, 2016, Proceedings, volume 10052 of Lecture Notes in Computer Science, pages 124–139, 2016.
[LPR12] Vadim Lyubashevsky, Chris Peikert, and Oded Regev. On ideal lattices and learning with errors over rings. IACR Cryptol. ePrint Arch., page 230, 2012.
[LS12] Adeline Langlois and Damien Stehlé. Worst-case to average-case reductions for module lattices. IACR Cryptol. ePrint Arch., page 90, 2012.
[Lyu09] Vadim Lyubashevsky. Fiat-shamir with aborts: Applications to lattice and factoring-based signatures. In Mitsuru Matsui, editor, Advances in Cryptol-ogy-ASIACRYPT 2009, 15th International Conference on the Theory and Application of Cryptology and Information Security, Tokyo, Japan, December 6-10, 2009. Proceedings, volume 5912 of Lecture Notes in Computer Science, pages 598–616. Springer, 2009.
[MKV20] Jose Maria Bermudo Mera, Angshuman Karmakar, and Ingrid Verbauwhede. Time-memory trade-off in toom-cook multiplication: an application to module-lattice based cryptography. IACR Trans. Cryptogr. Hardw. Embed. Syst., 2020(2):222–244, 2020.
[MNS05] M. Maymandi-Nejad and M. Sachdev. A monotonic digitally controlled delay element. IEEE Journal of Solid-State Circuits, 40(11):2212–2219, 2005.
[Mon85] Peter L. Montgomery. Modular multiplication without trial division. Mathematics of Computation, 44:519–521, 1985.
[PBY17] Peter Pessl, Leon Groot Bruinderink, and Yuval Yarom. To BLISS-B or not to be: Attacking strongswan’s implementation of post-quantum signatures. In Bhavani M. Thuraisingham, David Evans, Tal Malkin, and Dongyan Xu, editors, Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security, CCS 2017, Dal las, TX, USA, October 30-November 03, 2017, pages 1843–1855. ACM, 2017.
[Pei09] Chris Peikert. Public-key cryptosystems from the worst-case shortest vector problem: extended abstract. In Michael Mitzenmacher, editor, Proceedings of the 41st Annual ACM Symposium on Theory of Computing, STOC 2009, Bethesda, MD, USA, May 31-June 2, 2009, pages 333–342. ACM, 2009.
[PMB+ 16] Oto Petura, Ugo Mureddu, Nathalie Bochard, Viktor Fischer, and Lilian Bossuet. A survey of AIS-20/31 compliant TRNG cores suitable for FPGA devices. In Paolo Ienne, Walid A. Najjar, Jason Helge Anderson, Philip Brisk, and Walter Stechele, editors, 26th International Conference on Field Programmable Logic and Applications, FPL 2016, Lausanne, Switzerland, August 29-September 2, 2016, pages 1–10. IEEE, 2016.
[Reg09] Oded Regev. On lattices, learning with errors, random linear codes, and cryptography. J. ACM, 56(6):34:1–34:40, 2009.
[SPOG19] Tobias Schneider, Clara Paglialonga, Tobias Oder, and Tim Güneysu. Effi-ciently masking binomial sampling at arbitrary orders for lattice-based crypto. In Public Key Cryptography (2), volume 11443 of Lecture Notes in Computer Science, pages 534–564. Springer, 2019.
[Too63] Andrei L. Toom. The complexity of a scheme of functional elements realizing the multiplication of integers. Soviet Mathematics Doklady, 3:714–716, 1963. http://www.de.ufpe.br/toom/my-articles/engmat/MULT-E.PDF.
[UXT+ 22] Rei Ueno, Keita Xagawa, Yutaro Tanaka, Akira Ito, Junko Takahashi, and Naofumi Homma. Curse of re-encryption: A generic power/em analysis on post-quantum kems. IACR Trans. Cryptogr. Hardw. Embed. Syst., 2022(1):296– 322, 2022.
[XL21] Yufei Xing and Shuguo Li. A compact hardware implementation of cca-secure key exchange mechanism CRYSTALS-KYBER on FPGA. IACR Trans. Cryptogr. Hardw. Embed. Syst., 2021(2):328–356, 2021.
[YSPY10] Yu Yu, François-Xavier Standaert, Olivier Pereira, and Moti Yung. Practical leakage-resilient pseudorandom generators. In CCS, pages 141–151. ACM, 2010.