(. Expreal and C. ,

,. .. ,

?. Enc,

,. .. (v1 and . Vt)-?-c,

.. .. Return-(v1, (. Expsim, S. , and C. ). ,

,. .. ,

M. Aagaard, R. Altawy, G. Gong, K. Mandal, and R. Rohit, Ace: An Authenticated Encryption and Hash Algorithm, 2019.

J. Balasch, B. Gierlichs, V. Grosso, O. Reparaz, and F. Standaert, On the cost of lazy engineering for masked software implementations, vol.413, 2014.

S. Banik, A. Chakraborti, T. Iwata, K. Minematsu, M. Nandi et al., , 2019.

Z. Bao, A. Chakraborti, N. Datta, J. Guo, M. Nandi et al., Photon-Beetle Authenticated Encryption and Hash Family, 2019.

G. Barthe, S. Belaïd, F. Dupressoir, P. Fouque, B. Grégoire et al., Strong non-interference and type-directed higher-order masking, ACM CCS 2016: 23rd Conference on Computer and Communications Security, pp.116-129, 2016.
URL : https://hal.archives-ouvertes.fr/hal-01410216

A. Battistello, E. Jean-sébastien-coron, R. Prouff, and . Zeitoun, Horizontal sidechannel attacks and countermeasures on the ISW masking scheme, Cryptographic Hardware and Embedded Systems -CHES 2016, vol.9813, pp.23-39, 2016.
URL : https://hal.archives-ouvertes.fr/hal-01399577

C. Beierle, J. Jean, S. Klbl, G. Leander, A. Moradi et al., Skinny-AED and Skinny-Hash, 2019.

S. Belaïd, D. Goudarzi, and M. Rivain, Tight private circuits: Achieving probing security with the least refreshing, Advances in Cryptology -ASIACRYPT 2018, Part II, vol.11273, pp.343-372, 2018.

D. Bellizia, F. Berti, O. Bronchain, G. Cassiersand, S. Duvaland et al., Standaert, and Friedrich Wiemer. Spook: Sponge-Based Leakage-Resilient Authenti-catedEncryption with a Masked Tweakable Block Cipher, 2019.

D. J. Bernstein, S. Kölbl, S. Lucks, P. Massolino, F. Mendel et al., Gimli : A cross-platform permutation, Cryptographic Hardware and Embedded Systems -CHES 2017, vol.10529, pp.299-320, 2017.

D. J. Bernstein, S. Klbl, S. Lucks, P. Massolino, F. Mendel et al., , 2019.

E. Biham, A fast new DES implementation in software, FSE, 1997.

A. Bogdanov, M. Knezevic, G. Leander, and D. Toz, Kerem Varici, and Ingrid Verbauwhede. Spongent: A lightweight hash function, Cryptographic Hardware and Embedded Systems -CHES 2011 -13th International Workshop, pp.312-325, 2011.

T. Byene, Y. L. Chen, C. Dobraunig, and B. Mennink, , 2019.

C. Carlet, L. Goubin, E. Prouff, M. Quisquater, and M. Rivain, Higherorder masking schemes for S-boxes, Fast Software Encryption -FSE 2012, vol.7549, pp.366-384, 2012.

C. Carlet, E. Prouff, M. Rivain, and T. Roche, Algebraic decomposition for probing security, Advances in Cryptology -CRYPTO 2015, Part I, vol.9215, pp.742-763, 2015.

E. Jean-sébastien-coron, M. Prouff, and . Rivain, Side channel cryptanalysis of a higher order masking scheme, Cryptographic Hardware and Embedded Systems -CHES 2007, vol.4727, pp.28-44, 2007.

E. Jean-sébastien-coron, M. Prouff, T. Rivain, and . Roche, Higher-order side channel security and mask refreshing, Fast Software Encryption -FSE 2013, vol.8424, pp.410-424, 2014.

A. Jean-sébastien-coron, S. Roy, and . Vivek, Fast evaluation of polynomials over binary finite fields and application to side-channel countermeasures, Cryptographic Hardware and Embedded Systems -CHES 2014, vol.8731, pp.170-187, 2014.

J. Daemen, S. Hoffert, G. Van-assche, and R. V. Keer, Xoodoo cookbook. IACR Cryptology ePrint Archive, p.767, 2018.

J. Daemen, S. Hoffert, M. Peeters, G. Van-assche, and R. V. Keer, Xoodyak, a lightweight cryptographic scheme, 2019.

J. Daemen, P. Massolino, and Y. Rotella, The Subterranean 2.0 cipher suite, 2019.
URL : https://hal.archives-ouvertes.fr/hal-02889985

C. Dobraunig, M. Eichlseder, F. Mendal, M. Schffer, and . Ascon, , 2019.

D. Goudarzi, J. Jean, S. Klbl, T. Peyrin, M. Rivain et al., , 2019.

D. Goudarzi and M. Rivain, How fast can higher-order masking be in software?, Advances in Cryptology -EUROCRYPT 2017, Part I, vol.10210, pp.567-597, 2017.
URL : https://hal.archives-ouvertes.fr/hal-01494061

Y. Ishai, A. Sahai, and D. Wagner, Private circuits: Securing hardware against probing attacks, Advances in Cryptology -CRYPTO 2003, vol.2729, pp.463-481, 2003.

A. Journault and F. Standaert, Very high order masking: Efficient implementation and security evaluation, Cryptographic Hardware and Embedded Systems -CHES 2017, vol.10529, pp.623-643, 2017.

M. J. Kannwischer, J. Rijneveld, P. Schwabe, and K. Stoffelen, pqm4: Testing and benchmarking NIST PQC on ARM cortex-m4. IACR Cryptology ePrint Archive, p.844, 2019.

D. Mercadier and P. Dagand, Usuba: high-throughput and constant-time ciphers, by construction, PLDI, pp.157-173, 2019.
URL : https://hal.archives-ouvertes.fr/hal-02176603

D. Mercadier, P. Dagand, L. Lacassagne, and G. Muller, Usuba: Optimizing & trustworthy bitslicing compiler, Proceedings of the 4th Workshop on Programming Models for SIMD/Vector Processing, vol.4, pp.1-4, 2018.
URL : https://hal.archives-ouvertes.fr/hal-01657259

K. Papagiannopoulos and N. Veshchikov, Mind the gap: Towards secure 1st-order masking in software, 8th International Workshop on Constructive Side-Channel Analysis and Secure Design, vol.10348, pp.282-297, 2017.

M. Rivain and E. Prouff, Provably secure higher-order masking of AES, Cryptographic Hardware and Embedded Systems -CHES 2010, vol.6225, pp.413-427, 2010.

P. Schwabe and K. Stoffelen, All the AES you need on cortex-m3 and M4, Selected Areas in Cryptography -SAC 2016 -23rd International Conference, pp.180-194, 2016.

K. Stoffelen, Optimizing s-box implementations for several criteria using SAT solvers, Fast Software Encryption -23rd International Conference, vol.9783, pp.140-160, 2016.

K. Stoffelen, Efficient cryptography on the RISC-V architecture, Progress in Cryptology -LAT-INCRYPT 2019 -6th International Conference on Cryptology and Information Security in Latin America, pp.323-340, 2019.