pith. sign in

arxiv: 2604.03813 · v2 · submitted 2026-04-04 · 💻 cs.CR

Partial Number Theoretic Transform Masking in Post-Quantum Cryptography (PQC) Hardware: A Security Margin Analysis

Ray Iskander , Khaled Kirah This is my paper

Pith reviewed 2026-05-13 17:11 UTC · model grok-4.3

classification 💻 cs.CR
keywords post-quantum cryptographyside-channel attacksnumber theoretic transformmaskingbelief propagationhardware security
0
0 comments X

The pith

Strategic masking of three consecutive mid-layers in the INTT creates an unrecoverable gap that defeats soft-analytical side-channel attacks at 43 percent overhead.

A machine-rendered reading of the paper's core claim, the machinery that carries it, and where it could break.

The paper audits the security claims of a hardware accelerator for ML-DSA and ML-KEM that masks only one inverse number theoretic transform layer while relying on shuffling for the rest. Register-transfer level inspection shows the shuffling supplies just 6 bits of entropy per layer, far below the hundreds of bits assumed in the original scaling. Soft-analytical attack modeling combined with full-scale belief propagation on the complete INTT factor graph demonstrates that four evenly spaced masked layers allow full coefficient recovery while four consecutive layers allow none. The analysis isolates the minimal set of four conditions that govern whether belief propagation converges, then shows that masking the three consecutive middle layers blocks recovery with only 43 percent of the area cost of full masking.

Core claim

Strategic masking of 3 consecutive mid-layers in the Inverse Number Theoretic Transform creates an unrecoverable gap that defeats soft-analytical attacks; layer-ablation experiments establish that observation topology, not the number of observations, determines whether belief propagation achieves 100 percent coefficient recovery on production-size NTT structures.

What carries the argument

Layer-ablation analysis performed on the complete INTT factor graph using belief propagation, which isolates the four necessary conditions for convergence and shows that consecutive mid-layer masking breaks the recovery chain.

Load-bearing premise

The soft-analytical attack pipeline and full-scale belief propagation accurately model realistic side-channel observations on production hardware without requiring physical traces.

What would settle it

A physical side-channel trace collected from the Adams Bridge hardware that recovers the full secret key after masking of exactly three consecutive mid-layers.

Figures

Figures reproduced from arXiv: 2604.03813 by Khaled Kirah, Ray Iskander.

Figure 2
Figure 2. Figure 2: Full-key recovery rate vs. SNR×N for the complete ML-KEM INTT factor graph (896 factors, 2,048 variables). Dots: empirical recovery rate; shaded region: Wilson 95% confidence intervals; dashed line: 100% recovery threshold at SNR×N = 3,000. The sigmoid shape reflects the transition from loopy BP convergence failures (low SNR) to posterior concentration (high SNR). At SNR×N = 103 , a striking phenomenon eme… view at source ↗
read the original abstract

Adams Bridge, a hardware accelerator for ML-DSA and ML-KEM designed for the Caliptra root of trust, masks 1 of its Inverse Number Theoretic Transform (INTT) layers and relies on shuffling for the remainder, claiming per-butterfly Correlation Power Analysis (CPA) complexities of 2^46 (ML-DSA) and 2^96 (ML-KEM). We evaluate these claims against published side-channel literature across seven analysis tracks with confidence-rated evidence. Register-Transfer Level (RTL) analysis confirms that the design's Random Start Index (RSI) shuffling provides 6 bits of entropy per layer (64 orderings) rather than the 296 bits of a full random permutation assumed in its scaling argument, with effective margins below the designers' estimates. A soft-analytical attack pipeline demonstrates a 37-bit enumeration reduction, independent of Belief Propagation (BP) gains, quantifying the attack-model gap without achieving key recovery. Full-scale BP on the complete INTT factor graph achieves 100% coefficient recovery over the single-layer baseline, resolving whether BP gains scale to production-size Number Theoretic Transform (NTT) structures. A genie-aided information-theoretic bound shows observations contain sufficient mutual information for full recovery at SNRxN as low as 15. Layer-ablation analysis identifies four necessary conditions governing BP convergence. Observation topology, not count, determines recovery: 4 evenly spread layers achieve 100% while 4 consecutive layers achieve 0%, yielding a practical countermeasure design tool. Strategic masking of 3 consecutive mid-layers (43% overhead vs. full masking) creates an unrecoverable gap that defeats soft-analytical attacks. We contribute a reusable security margin audit methodology combining RTL verification, epistemic confidence tagging, sensitivity-scenario analysis, and experimental validation applicable to any partially masked NTT accelerator.

Editorial analysis

A structured set of objections, weighed in public.

Desk editor's note, referee report, simulated authors' rebuttal, and a circularity audit. Tearing a paper down is the easy half of reading it; the pith above is the substance, this is the friction.

Referee Report

3 major / 2 minor

Summary. The manuscript evaluates the security of the Adams Bridge PQC hardware accelerator for ML-DSA and ML-KEM. RTL analysis shows the RSI shuffling provides only 6 bits of entropy per INTT layer rather than the assumed 296 bits. Soft-analytical attacks and full-scale BP on the complete INTT factor graph demonstrate 100% coefficient recovery from single-layer observations, a 37-bit enumeration reduction, and a genie-aided MI bound sufficient for recovery at SNRxN as low as 15. Layer-ablation experiments establish that observation topology governs BP convergence, with 4 spread layers yielding 100% recovery versus 0% for 4 consecutive layers, leading to the claim that masking 3 consecutive mid-layers (43% overhead vs. full masking) creates an unrecoverable gap against soft-analytical attacks.

Significance. If the BP simulation results accurately reflect hardware behavior, the work supplies a practical, low-overhead countermeasure guideline for NTT accelerators based on layer topology rather than masking count, plus a reusable audit methodology that combines RTL verification, epistemic tagging, sensitivity analysis, and experimental validation. The full-scale BP scaling result and identification of four necessary conditions for convergence are technical strengths that advance side-channel analysis of partially masked PQC implementations.

major comments (3)
  1. [layer-ablation analysis] § on layer-ablation analysis: the central claim that strategic masking of 3 consecutive mid-layers creates an unrecoverable gap (0% BP recovery) rests on simulated factor-graph experiments assuming per-coefficient Gaussian leakage and independent observations; without physical traces from the Adams Bridge RTL or Caliptra platform, mismatches in correlation structure or effective SNR could allow recovery and undermine the security-margin conclusion.
  2. [RTL entropy calculation] RTL entropy calculation: the downgrade to 6 bits (64 orderings) is internally consistent, but the manuscript does not quantitatively recompute the designers' claimed CPA complexities of 2^46 (ML-DSA) and 2^96 (ML-KEM) under the corrected entropy, leaving the effective security margin gap unmeasured.
  3. [Genie-aided information-theoretic bound] Genie-aided information-theoretic bound: the result that observations contain sufficient mutual information for full recovery at SNRxN=15 is load-bearing for the attack feasibility argument; the exact MI formula, noise model, and definition of SNRxN must be stated explicitly (including any independence assumptions) to permit verification.
minor comments (2)
  1. [Abstract] The abstract states 'seven analysis tracks' without enumeration; a short list or reference to the corresponding sections would improve readability.
  2. [BP recovery experiments] In the BP recovery experiments, report the exact NTT size, number of Monte Carlo trials, and convergence threshold used for the 100% recovery result to support reproducibility.

Simulated Author's Rebuttal

3 responses · 0 unresolved

We appreciate the referee's thorough review and constructive feedback on our manuscript. We address each of the major comments below, indicating the revisions we plan to make to strengthen the paper.

read point-by-point responses

  1. Referee: the central claim that strategic masking of 3 consecutive mid-layers creates an unrecoverable gap (0% BP recovery) rests on simulated factor-graph experiments assuming per-coefficient Gaussian leakage and independent observations; without physical traces from the Adams Bridge RTL or Caliptra platform, mismatches in correlation structure or effective SNR could allow recovery and undermine the security-margin conclusion.

    Authors: We acknowledge that our layer-ablation analysis is based on simulated factor graphs with Gaussian leakage models and independent observations, which is a common approach in side-channel security evaluations when physical traces are not available. The key insight—that observation topology (consecutive versus spread layers) determines BP convergence—is a structural property of the factor graph that we expect to be robust to moderate variations in correlation structure. To address the concern, we will add a new subsection performing sensitivity analysis by varying the noise variance and introducing limited coefficient correlations, demonstrating that the 0% recovery for consecutive layers persists under these conditions. While physical validation on the specific hardware would be ideal, it is outside the current scope; our simulation provides a conservative estimate of the security margin. revision: partial

  2. Referee: the downgrade to 6 bits (64 orderings) is internally consistent, but the manuscript does not quantitatively recompute the designers' claimed CPA complexities of 2^46 (ML-DSA) and 2^96 (ML-KEM) under the corrected entropy, leaving the effective security margin gap unmeasured.

    Authors: We agree that explicitly recomputing the CPA attack complexities using the corrected 6-bit entropy per layer is important for quantifying the security margin. In the revised manuscript, we will include calculations showing the adjusted complexities for both ML-DSA and ML-KEM, highlighting the reduction in the claimed margins and the implications for the design. revision: yes

  3. Referee: the result that observations contain sufficient mutual information for full recovery at SNRxN=15 is load-bearing for the attack feasibility argument; the exact MI formula, noise model, and definition of SNRxN must be stated explicitly (including any independence assumptions) to permit verification.

    Authors: We will revise the section on the genie-aided information-theoretic bound to explicitly provide the mutual information formula, which follows the standard Gaussian channel model I(X;Y) = (1/2) log_2 (1 + SNR), where SNRxN is defined as the product of the per-coefficient signal-to-noise ratio and the number of observations N. The noise model assumes additive white Gaussian noise that is independent across coefficients, consistent with the assumptions in our BP simulations. This clarification will allow readers to verify the bound. revision: yes

Circularity Check

0 steps flagged

Minor self-citation in design reference; analysis is self-contained via explicit simulations and standard information theory

full rationale

The paper's central results derive from RTL structure analysis for entropy, explicit construction of the factor graph for BP simulations, and standard mutual-information calculations for the genie-aided bound. These do not reduce to fitted parameters or self-defined quantities from the design claims. The reference to Adams Bridge is descriptive of the system under analysis rather than a load-bearing justification for the new findings on masking strategies. No self-definitional loops, fitted inputs called predictions, or ansatz smuggling are present in the derivation chain.

Axiom & Free-Parameter Ledger

1 free parameters · 1 axioms · 0 invented entities

The analysis rests on standard information-theoretic and graph-modeling assumptions plus one threshold chosen for the genie-aided bound; no new entities are postulated.

free parameters (1)
  • SNRxN recovery threshold
    The bound states full recovery is possible at SNRxN as low as 15; this value is selected to demonstrate sufficiency rather than derived from first principles.
axioms (1)
  • domain assumption Observations contain sufficient mutual information for coefficient recovery when topology permits
    Invoked in the genie-aided bound section to translate trace quality into recovery probability.

pith-pipeline@v0.9.0 · 5645 in / 1255 out tokens · 50365 ms · 2026-05-13T17:11:08.944656+00:00 · methodology

discussion (0)

Sign in with ORCID, Apple, or X to comment. Anyone can read and Pith papers without signing in.

Lean theorems connected to this paper

Citations machine-checked in the Pith Canon. Every link opens the source theorem in the public Lean library.

What do these tags mean?
matches
The paper's claim is directly supported by a theorem in the formal canon.
supports
The theorem supports part of the paper's argument, but the paper may add assumptions or extra steps.
extends
The paper goes beyond the formal theorem; the theorem is a base layer rather than the whole result.
uses
The paper appears to rely on the theorem as machinery.
contradicts
The paper's claim conflicts with a theorem or certificate in the canon.
unclear
Pith found a possible connection, but the passage is too broad, indirect, or ambiguous to say the theorem truly supports the claim.

Forward citations

Cited by 7 Pith papers

Reviewed papers in the Pith corpus that reference this work. Sorted by Pith novelty score.

  1. Prime-Field PINI: Machine-Checked Composition Theorems for Post-Quantum NTT Masking

    cs.CR 2026-04 accept novelty 8.0 partial

    Machine-checked Lean proofs show that fresh inter-stage masking in prime-field PINI gadgets erases prior multiplicity, satisfying only the second gadget's security parameter.

  2. Prime-Field PINI: Machine-Checked Composition Theorems for Post-Quantum NTT Masking

    cs.CR 2026-04 unverdicted novelty 8.0

    Machine-checked Lean 4 proofs establish PF-PINI composition theorems for prime-field arithmetic masking, showing fresh inter-stage masks erase prior security parameters and diagnosing non-uniformity in Microsoft's Ada...

  3. Fresh Masking Makes NTT Pipelines Composable: Machine-Checked Proofs for Arithmetic Masking in PQC Hardware

    cs.CR 2026-04 accept novelty 8.0 full

    Machine-checked proofs establish that fresh per-stage masking in Cooley-Tukey NTT pipelines over Z/qZ yields per-context uniformity at every stage under the ISW first-order probing model.

  4. From Finite Enumeration to Universal Proof: Ring-Theoretic Foundations for PQC Hardware Masking Verification

    cs.CR 2026-04 accept novelty 8.0 full

    A Lean 4 formalization proves that value-independence implies identical marginal distributions for masking verification across all positive integers q.

  5. The 1-Bit Barrier is Universal: k-Stage Pipeline Composition and Unified Leakage Bounds for Standard Modular Reductions in PQC Hardware

    cs.CR 2026-05 conditional novelty 7.0 full

    Arbitrary-depth k-stage masked NTT pipelines with fresh inter-stage masking and PF-PINI(≤2) gadgets satisfy a universal 2/q per-observation leakage bound, machine-checked in Lean 4.

  6. Structural Dependency Analysis for Masked NTT Hardware: Scalable Pre-Silicon Verification of Post-Quantum Cryptographic Accelerators

    cs.CR 2026-04 conditional novelty 7.0

    A four-stage hierarchy (D0/D1 structural analysis, mask refinement, Boolean and arithmetic SADC) machine-verifies 198 of 363 flagged wires as first-order secure on a 5543-cell ML-KEM module with zero indeterminates an...

  7. Machine-Checked Cardinality Bounds for Masked Barrett Reduction: A 1-Bit Side-Channel Leakage Barrier in Post-Quantum Cryptographic Hardware

    cs.CR 2026-04 unverdicted novelty 6.0 partial

    Barrett reduction's masked internal map has preimage sizes in {0,1,2}, establishing a universal 1-bit leakage barrier, with the trichotomy and PF-PINI properties machine-checked in Lean 4.

Reference graph

Works this paper leans on

35 extracted references · 35 canonical work pages · cited by 6 Pith papers · 1 internal anchor

  1. [1]

    title Post-quantum cryptography standards: FIPS 203, 204, 205

    The National Institute of Standards and Technology, U.S. Department of Commerce, "Module -Lattice-Based Key- Encapsulation Mechanism Standard," NIST Federal Information Processing Standards (FIPS) 203, doi: 10.6028/NIST.FIPS.203, 2024

    work page doi:10.6028/nist.fips.203 2024

  2. [2]

    Module-Lattice-Based Digital Signature Standard (ML-DSA),

    The National Institute of Standards and Technology, Standard U.S. Department of Commerce,, "Module -Lattice- Based Digital Signature Mechanism," NIST Federal Information Processing Standards (FIPS) 204, doi: org/10.6028/NIST.FIPS.204, 2024

    work page doi:10.6028/nist.fips.204 2024

  3. [3]

    Adams Bridge Accelerator: Bridging the Post-Quantum Transition,

    M. Bisheh-Niasar, E. Karabulut, B. Upadhyayula, A. Norris, and L. Pillilli, "Adams Bridge Accelerator: Bridging the Post-Quantum Transition," Cryptology ePrint Archive, Report 2026/256, 2026

    work page 2026

  4. [4]

    Side -Channel Attack on Adams Bridge,

    E. Karabulut and R. Azarderakhsh, "Side -Channel Attack on Adams Bridge," in Cryptology ePrint Archive, Report 2025/009. In Proc. IEEE International Symposium on Hardware Oriented Security and Trust (HOST), 2025

    work page 2025

  5. [5]

    Adams Bridge TVLA Analysis,

    M.-J. O. Saarinen, "Adams Bridge TVLA Analysis," in Presentation at Hardwear.io USA, 2025

    work page 2025

  6. [6]

    Structural Dependency Analysis for Masked NTT Hardware: Scalable Pre-Silicon Verification of Post-Quantum Cryptographic Accelerators

    R. Iskander and K. Kirah, "Structural Dependency Analysis for Masked NTT Hardware: Scalable Pre -Silicon Verification of Post-Quantum Cryptographic Accelerators," arXiv preprint arXiv:2604.15249, 2026. Partial NTT Masking: Security Margin Analysis 38 38

    work page internal anchor Pith review Pith/arXiv arXiv 2026

  7. [7]

    CHIPS Alliance. Adams Bridge RTL Source. https://github.com/chipsalliance/adams -bridge. Apache 2.0 License,

    "CHIPS Alliance. Adams Bridge RTL Source. https://github.com/chipsalliance/adams -bridge. Apache 2.0 License," [Online]

    work page

  8. [8]

    Adapting Belief Propagation to Counter Shuffling of NTTs,

    J. Hermelink, J. Streit, B. Strieder, and F. Thieme, "Adapting Belief Propagation to Counter Shuffling of NTTs," in In IACR Transactions on Cryptographic Hardware and Embedded Systems (TCHES), 2023

    work page 2023

  9. [9]

    More Practical Single -Trace Attacks on the Number Theoretic Transform,

    P. Pessl and R. Primas, "More Practical Single -Trace Attacks on the Number Theoretic Transform," in In Proc. LATINCRYPT, LNCS, Springer, 2019

    work page 2019

  10. [10]

    SASCA on Locally Masked NTT for ML -KEM,

    D. Carrera Rodriguez, P. Music, and L. De Meyer, "SASCA on Locally Masked NTT for ML -KEM," In IACR Communications in Cryptology (CiC), 2025

    work page 2025

  11. [11]

    Accelerating CRYSTALS -Kyber: High -Speed NTT Design with Optimized Pipelining and Modular Reduction,

    O. S. Sonbul, M. Rashid, , & A. Y. Jaffar, "Accelerating CRYSTALS -Kyber: High -Speed NTT Design with Optimized Pipelining and Modular Reduction," Electronics, vol. 14, no. 11, 2026

    work page 2026

  12. [12]

    Conceptual Review on Number Theoretic Transform and Comprehensive Review on Its Implementations,

    ARDIANTO SATRIAWAN, INFALL SYAFALNI, RELLA MARETA, ISA ANSHORI, WERVYAN SHALANNANDA and ALEAMS BARRA, "Conceptual Review on Number Theoretic Transform and Comprehensive Review on Its Implementations," IEEE Access, vol. 11, pp. 70288 - 70316, 2023, DOI: 10.1109/ACCESS.2023.3294446

    work page doi:10.1109/access.2023.3294446 2023

  13. [13]

    Private Circuits: Securing Hardware against Probing Attacks,

    Y. Ishai, A. Sahai, and D. Wagner, "Private Circuits: Securing Hardware against Probing Attacks," In Proc. CRYPTO, LNCS, Springer, 2003

    work page 2003

  14. [14]

    Domain -Oriented Masking: Compact Masked Hardware Implementations with Arbitrary Protection Order,

    H. Gross, S. Mangard, and T. Korak, "Domain -Oriented Masking: Compact Masked Hardware Implementations with Arbitrary Protection Order," In Proc. ACM Workshop on Theory of Implementation Security (TIS @ CCS), 2016

    work page 2016

  15. [15]

    Shuffling against side- channel attacks: a comprehensive study with cautionary note,

    Nicolas Veyrat-Charvillon, Marcel Medwed, Stéphanie Kerckhof, François-Xavier Standaert, "Shuffling against side- channel attacks: a comprehensive study with cautionary note," in ASIACRYPT'12: Proceedings of the 18th international conference on The Theory and Application of Cryptology and Information Security, Pages 740 - 757, 2012

    work page 2012

  16. [16]

    Higher -Order Masking and Shuffling for Software Implementations of Block Ciphers,

    Matthieu Rivain, Emmanuel Prouff, Julien Doget, "Higher -Order Masking and Shuffling for Software Implementations of Block Ciphers," in Cryptographic Hardware and Embedded Systems - CHES 2009, 11th International Workshop, Lausanne, Switzerland, September 6-9, 2009

    work page 2009

  17. [17]

    Soft Analytical Side -Channel Attacks (SASCA),,

    N. Veyrat -Charvillon, B. Gérard, and F. -X. Standaert, "Soft Analytical Side -Channel Attacks (SASCA),," in Proceedings of ASIACRYPT 2014 (LNCS, Springer) and is available as Cryptology ePrint Archive Report 2014/410. , 2014

    work page 2014

  18. [18]

    Single -Trace Side -Channel Attacks on Masked Lattice -Based Encryption,

    R. Primas, P. Pessl, and S. Mangard, "Single -Trace Side -Channel Attacks on Masked Lattice -Based Encryption," Cryptology ePrint Archive, Paper 2017/594, 2017

    work page 2017

  19. [19]

    A testing methodology for side channel resistance validation,

    G. Goodwill, Benjamin Jun, J. Jaffe, P. Rohatgi, "A testing methodology for side channel resistance validation," https://api.semanticscholar.org/CorpusID:16852899, 2011

    work page 2011

  20. [20]

    Leakage Assessment Methodology -A Clear Roadmap for Side -Channel Evaluations.,

    T. Schneider, A. Moradi, " Leakage Assessment Methodology -A Clear Roadmap for Side -Channel Evaluations.," in CHES. In LectureNotes in Computer Science; Springer: Berlin/Heidelberg, Germany, Volume 9293, pp. 495 –513., 2015

    work page 2015

  21. [21]

    Side -Channel Countermeasures for Lattice -Based Post- Quantum Cryptography,

    P. Ravi, A. Chattopadhyay, S. Bhasin, and A. Mendelson, "Side -Channel Countermeasures for Lattice -Based Post- Quantum Cryptography," ACM Computing Surveys, vol. 56, no. 11, pp. 1-39, 2024, doi: 10.1145/3660634

    work page doi:10.1145/3660634 2024

  22. [22]

    maskVerif: Automated Verification of Higher -Order Masking in Presence of Physical Defaults,

    Gilles Barthe, Sonia Belaid, Gaetan Cassiers, Pierre -Alain Fouque, Benjamin Gregoire, Francois -Xavier Standaert, "maskVerif: Automated Verification of Higher -Order Masking in Presence of Physical Defaults," in European Symposium on Research in Computer Security (pp. 300-318) , Springer, Cham., Luxembourg,, 2019

    work page 2019

  23. [23]

    Formal Verification of Masked Hardware Implementations in the Presence of Glitches,

    R. Bloem, H. Groß, R. Iusupov, B. Könighofer, S. Mangard, and J. Winter, "Formal Verification of Masked Hardware Implementations in the Presence of Glitches," in Proc. EUROCRYPT, LNCS, Springer, 2018

    work page 2018

  24. [24]

    Coco: Co -Design and Co -Verification of Masked Software Implementations on CPUs,

    B. Gigerl, V. Hadzic, R. Primas, S. Mangard, and R. Bloem, "Coco: Co -Design and Co -Verification of Masked Software Implementations on CPUs," in Proc. USENIX Security, 2021

    work page 2021

  25. [25]

    SILVER – Statistical Independence and Leakage Verification,

    David Knichel, Pascal Sasdrich, Amir Moradi, "SILVER – Statistical Independence and Leakage Verification," in ASIACRYPT 2020 , Daejeon, South Korea (Virtual), 2020

    work page 2020

  26. [26]

    SoC Power Delivery Network Analysis,

    H. Wang and W. Yueh, "SoC Power Delivery Network Analysis," in Proc. ACM/IEEE Design Automation Conference (DAC), 2013

    work page 2013

  27. [27]

    Exploring the Contribution of Hardware Shuffling in Securing Low-Cost Symmetric Encryption Devices against Power -Based Side -Channel Attacks,

    V. Lapôtre, C. Chavet, G. Harcha, and P. Coussy, "Exploring the Contribution of Hardware Shuffling in Securing Low-Cost Symmetric Encryption Devices against Power -Based Side -Channel Attacks," ACM Transactions on Reconfigurable Technology and Systems (TRETS), vol. 18, no. 4, 2025

    work page 2025

  28. [28]

    A Hardware -Friendly Shuffling Countermeasure Against Side -Channel Attacks for Kyber,

    D. Xu, K. Wang, and J. Tian., " A Hardware -Friendly Shuffling Countermeasure Against Side -Channel Attacks for Kyber," IEEE Transactions on Circuits and Systems II: Express Briefs, vol. 72, no. 3, p. 504–508, 2025. Partial NTT Masking: Security Margin Analysis 39 39

    work page 2025

  29. [29]

    Keep it Simple: Refreshing the NTT of Kyber’s Decapsulation to Prevent Plaintext - Checking Side-Channel Attacks,

    D. Pay and F. -X. Standaert, "Keep it Simple: Refreshing the NTT of Kyber’s Decapsulation to Prevent Plaintext - Checking Side-Channel Attacks," IACR Transactions on Cryptographic Hardware and Embedded Systems (TCHES), vol. 2026, no. 1, p. 472–499, 2026

    work page 2026

  30. [30]

    Improved Side -Channel Key Recovery for ML -DSA via SIS Lattice Reduction,

    Y. Qiao, M. Wang, Y. Yu, and W. Wang, "Improved Side -Channel Key Recovery for ML -DSA via SIS Lattice Reduction," Cryptology ePrint Archive, Report 2023/1866, 2023

    work page 2023

  31. [31]

    Breaking DPA-Protected Kyber via the Pair-Pointwise Multiplication,

    E. A. Bock, G. Banegas, C. Brzuska, Ł. Chmielewski, K. Puniamurthy, and M. Šorf, "Breaking DPA-Protected Kyber via the Pair-Pointwise Multiplication," in Cryptology ePrint Archive, Report 2023/551. In Proc. INDOCRYPT, LNCS, Springer, 2023

    work page 2023

  32. [32]

    Higher -Order CPA on Masked Dilithium Software Implementation,

    E. Tosun, K. Gaj, and P. Schaumont., " Higher -Order CPA on Masked Dilithium Software Implementation," IACR Communications in Cryptology (CiC), 2025

    work page 2025

  33. [33]

    Exploiting Small - Norm Polynomial Multiplication with Physical Attacks: Application to CRYSTALS -Dilithium,

    Olivier Bronchain, Melissa Azouaoui, Mohamed ElGhamrawy, Joost Renes, Tobias Schneider, "Exploiting Small - Norm Polynomial Multiplication with Physical Attacks: Application to CRYSTALS -Dilithium," IACR Transactions Cryptographic Hardware and Embedded Systems, vol. 2, pp. 359-383, 2024 DOI:10.46586/tches.v2024.i2.359-383

    work page doi:10.46586/tches.v2024.i2.359-383 2024

  34. [34]

    An Optimal Key Enumeration Algorithm and its Application to Side -Channel Attacks,

    N. Veyrat-Charvillon, B. Gérard, M. Renauld, and F. -X. Standaert, "An Optimal Key Enumeration Algorithm and its Application to Side -Channel Attacks," Proc. SAC, LNCS, Springer, 2012. Extended version in Journal of Cryptographic Engineering, 2013

    work page 2012

  35. [35]

    Side -Channel Analysis in Practice: Leakage Assessment and Exploitation under Noisy Conditions,

    A. Moradi and T. Schneider, "Side -Channel Analysis in Practice: Leakage Assessment and Exploitation under Noisy Conditions," IACR Transactions on Cryptographic Hardware and Embedded Systems (TCHES), 2018

    work page 2018