Differential power analysis (DPA) is a side-channel attack in which an adversary retrieves
cryptographic material by measuring and analyzing the power consumption of the device on …

Composability and robustness against physical defaults (eg, glitches) are two highly
desirable properties for secure implementations of masking schemes. While tools exist to …

The design of glitch-resistant higher-order masking schemes is an important challenge in
cryptographic engineering. A recent work by Moos et al.(CHES 2019) showed that most …

The performance of higher-order masked implementations of lattice-based based key
encapsulation mechanisms (KEM) is currently limited by the costly conversions between …

We revisit the analysis and design of masked cryptographic implementations to prevent side-
channel attacks. Our starting point is the (known) observation that proving the security of a …

Masking requires splitting sensitive variables into at least d+ 1 shares to provide security
against DPA attacks at order d. To this date, this minimal number has only been deployed in …

In this paper, we provide a necessary clarification of the good security properties that can be
obtained from parallel implementations of masking schemes. For this purpose, we first argue …

Masking provides a high level of resistance against side-channel analysis. However, in
practice there are many possible pitfalls when masking schemes are applied, and …

Implementing the masking countermeasure in hardware is a delicate task. Various solutions
have been proposed for this purpose over the last years: we focus on Threshold …

There exists many masking schemes to protect implementations of cryptographic operations
against side-channel attacks. It is common practice to analyze the security of these schemes …