{"id":"https://openalex.org/W4293077571","doi":"https://doi.org/10.46586/tches.v2022.i3.223-263","title":"Don\u2019t Reject This: Key-Recovery Timing Attacks Due to Rejection-Sampling in HQC and BIKE","display_name":"Don\u2019t Reject This: Key-Recovery Timing Attacks Due to Rejection-Sampling in HQC and BIKE","publication_year":2022,"publication_date":"2022-06-08","ids":{"openalex":"https://openalex.org/W4293077571","doi":"https://doi.org/10.46586/tches.v2022.i3.223-263"},"language":"en","primary_location":{"id":"doi:10.46586/tches.v2022.i3.223-263","is_oa":true,"landing_page_url":"https://doi.org/10.46586/tches.v2022.i3.223-263","pdf_url":"https://tches.iacr.org/index.php/TCHES/article/download/9700/9231","source":{"id":"https://openalex.org/S4210207404","display_name":"IACR Transactions on Cryptographic Hardware and Embedded Systems","issn_l":"2569-2925","issn":["2569-2925"],"is_oa":true,"is_in_doaj":true,"is_core":true,"host_organization":null,"host_organization_name":null,"host_organization_lineage":[],"host_organization_lineage_names":[],"type":"journal"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"IACR Transactions on Cryptographic Hardware and Embedded Systems","raw_type":"journal-article"},"type":"article","indexed_in":["crossref","doaj"],"open_access":{"is_oa":true,"oa_status":"diamond","oa_url":"https://tches.iacr.org/index.php/TCHES/article/download/9700/9231","any_repository_has_fulltext":true},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5011896992","display_name":"Qian Guo","orcid":"https://orcid.org/0000-0003-0930-3174"},"institutions":[{"id":"https://openalex.org/I187531555","display_name":"Lund University","ror":"https://ror.org/012a77v79","country_code":"SE","type":"education","lineage":["https://openalex.org/I187531555"]}],"countries":["SE"],"is_corresponding":true,"raw_author_name":"Qian Guo","raw_affiliation_strings":["Lund University, Lund, Sweden"],"affiliations":[{"raw_affiliation_string":"Lund University, Lund, Sweden","institution_ids":["https://openalex.org/I187531555"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5013513341","display_name":"Clemens Hlauschek","orcid":null},"institutions":[{"id":"https://openalex.org/I121760703","display_name":"University of Applied Sciences Technikum Wien","ror":"https://ror.org/04jsx0x49","country_code":"AT","type":"education","lineage":["https://openalex.org/I121760703"]},{"id":"https://openalex.org/I2800664555","display_name":"RISE Research Institutes of Sweden","ror":"https://ror.org/03nnxqz81","country_code":"SE","type":"other","lineage":["https://openalex.org/I2800664555"]},{"id":"https://openalex.org/I145847075","display_name":"TU Wien","ror":"https://ror.org/04d836q62","country_code":"AT","type":"education","lineage":["https://openalex.org/I145847075"]}],"countries":["AT","SE"],"is_corresponding":false,"raw_author_name":"Clemens Hlauschek","raw_affiliation_strings":["Technische Universit\u00e4t Wien; RISE GmbH, Wien","Technische Universit\u00e4t Wien","RISE GmbH, Wien"],"affiliations":[{"raw_affiliation_string":"Technische Universit\u00e4t Wien; RISE GmbH, Wien","institution_ids":["https://openalex.org/I121760703"]},{"raw_affiliation_string":"Technische Universit\u00e4t Wien","institution_ids":["https://openalex.org/I145847075"]},{"raw_affiliation_string":"RISE GmbH, Wien","institution_ids":["https://openalex.org/I2800664555"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5019956193","display_name":"Thomas Johansson","orcid":"https://orcid.org/0000-0003-1798-570X"},"institutions":[{"id":"https://openalex.org/I187531555","display_name":"Lund University","ror":"https://ror.org/012a77v79","country_code":"SE","type":"education","lineage":["https://openalex.org/I187531555"]}],"countries":["SE"],"is_corresponding":false,"raw_author_name":"Thomas Johansson","raw_affiliation_strings":["Lund University, Lund, Sweden"],"affiliations":[{"raw_affiliation_string":"Lund University, Lund, Sweden","institution_ids":["https://openalex.org/I187531555"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5042665833","display_name":"Norman Lahr","orcid":"https://orcid.org/0000-0002-0739-9603"},"institutions":[{"id":"https://openalex.org/I4210133470","display_name":"Fraunhofer Institute for Secure Information Technology","ror":"https://ror.org/03qt2gs44","country_code":"DE","type":"facility","lineage":["https://openalex.org/I4210133470","https://openalex.org/I4923324"]}],"countries":["DE"],"is_corresponding":false,"raw_author_name":"Norman Lahr","raw_affiliation_strings":["Fraunhofer Institute SIT | ATHENE, Darmstadt, Germany"],"affiliations":[{"raw_affiliation_string":"Fraunhofer Institute SIT | ATHENE, Darmstadt, Germany","institution_ids":["https://openalex.org/I4210133470"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5074535221","display_name":"Alexander Nilsson","orcid":"https://orcid.org/0000-0002-5024-8296"},"institutions":[{"id":"https://openalex.org/I187531555","display_name":"Lund University","ror":"https://ror.org/012a77v79","country_code":"SE","type":"education","lineage":["https://openalex.org/I187531555"]}],"countries":["SE"],"is_corresponding":false,"raw_author_name":"Alexander Nilsson","raw_affiliation_strings":["Lund University, Lund, Sweden; Advenica AB, Malm\u00f6, Sweden","Lund University, Lund, Sweden","Advenica AB, Malm\u00f6, Sweden"],"affiliations":[{"raw_affiliation_string":"Lund University, Lund, Sweden; Advenica AB, Malm\u00f6, Sweden","institution_ids":["https://openalex.org/I187531555"]},{"raw_affiliation_string":"Lund University, Lund, Sweden","institution_ids":["https://openalex.org/I187531555"]},{"raw_affiliation_string":"Advenica AB, Malm\u00f6, Sweden","institution_ids":[]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5008254375","display_name":"Robin Leander Schr\u00f6der","orcid":null},"institutions":[{"id":"https://openalex.org/I145847075","display_name":"TU Wien","ror":"https://ror.org/04d836q62","country_code":"AT","type":"education","lineage":["https://openalex.org/I145847075"]}],"countries":["AT"],"is_corresponding":false,"raw_author_name":"Robin Leander Schr\u00f6der","raw_affiliation_strings":["Technische Universit\u00e4t Wien"],"affiliations":[{"raw_affiliation_string":"Technische Universit\u00e4t Wien","institution_ids":["https://openalex.org/I145847075"]}]}],"institutions":[],"countries_distinct_count":3,"institutions_distinct_count":6,"corresponding_author_ids":["https://openalex.org/A5011896992"],"corresponding_institution_ids":["https://openalex.org/I187531555"],"apc_list":null,"apc_paid":null,"fwci":5.2743,"has_fulltext":true,"cited_by_count":41,"citation_normalized_percentile":{"value":0.96080159,"is_in_top_1_percent":false,"is_in_top_10_percent":true},"cited_by_percentile_year":{"min":90,"max":99},"biblio":{"volume":null,"issue":null,"first_page":"223","last_page":"263"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T10951","display_name":"Cryptographic Implementations and Security","score":0.9994999766349792,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T10951","display_name":"Cryptographic Implementations and Security","score":0.9994999766349792,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11130","display_name":"Coding theory and cryptography","score":0.9994000196456909,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11017","display_name":"Chaos-based Image/Signal Encryption","score":0.9944999814033508,"subfield":{"id":"https://openalex.org/subfields/1707","display_name":"Computer Vision and Pattern Recognition"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.7192873358726501},{"id":"https://openalex.org/keywords/timing-attack","display_name":"Timing attack","score":0.7138767242431641},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.569139301776886},{"id":"https://openalex.org/keywords/cryptosystem","display_name":"Cryptosystem","score":0.5227484703063965},{"id":"https://openalex.org/keywords/cryptography","display_name":"Cryptography","score":0.47333580255508423},{"id":"https://openalex.org/keywords/nist","display_name":"NIST","score":0.45849740505218506},{"id":"https://openalex.org/keywords/key-encapsulation","display_name":"Key encapsulation","score":0.4337879717350006},{"id":"https://openalex.org/keywords/key","display_name":"Key (lock)","score":0.4158763885498047},{"id":"https://openalex.org/keywords/side-channel-attack","display_name":"Side channel attack","score":0.3831232488155365},{"id":"https://openalex.org/keywords/public-key-cryptography","display_name":"Public-key cryptography","score":0.26666581630706787},{"id":"https://openalex.org/keywords/encryption","display_name":"Encryption","score":0.2344268560409546},{"id":"https://openalex.org/keywords/key-exchange","display_name":"Key exchange","score":0.1768048107624054}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.7192873358726501},{"id":"https://openalex.org/C28420585","wikidata":"https://www.wikidata.org/wiki/Q2665075","display_name":"Timing attack","level":4,"score":0.7138767242431641},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.569139301776886},{"id":"https://openalex.org/C6295992","wikidata":"https://www.wikidata.org/wiki/Q976521","display_name":"Cryptosystem","level":3,"score":0.5227484703063965},{"id":"https://openalex.org/C178489894","wikidata":"https://www.wikidata.org/wiki/Q8789","display_name":"Cryptography","level":2,"score":0.47333580255508423},{"id":"https://openalex.org/C111219384","wikidata":"https://www.wikidata.org/wiki/Q6954384","display_name":"NIST","level":2,"score":0.45849740505218506},{"id":"https://openalex.org/C35181327","wikidata":"https://www.wikidata.org/wiki/Q6398156","display_name":"Key encapsulation","level":5,"score":0.4337879717350006},{"id":"https://openalex.org/C26517878","wikidata":"https://www.wikidata.org/wiki/Q228039","display_name":"Key (lock)","level":2,"score":0.4158763885498047},{"id":"https://openalex.org/C49289754","wikidata":"https://www.wikidata.org/wiki/Q2267081","display_name":"Side channel attack","level":3,"score":0.3831232488155365},{"id":"https://openalex.org/C203062551","wikidata":"https://www.wikidata.org/wiki/Q201339","display_name":"Public-key cryptography","level":3,"score":0.26666581630706787},{"id":"https://openalex.org/C148730421","wikidata":"https://www.wikidata.org/wiki/Q141090","display_name":"Encryption","level":2,"score":0.2344268560409546},{"id":"https://openalex.org/C99674996","wikidata":"https://www.wikidata.org/wiki/Q1414155","display_name":"Key exchange","level":4,"score":0.1768048107624054},{"id":"https://openalex.org/C204321447","wikidata":"https://www.wikidata.org/wiki/Q30642","display_name":"Natural language processing","level":1,"score":0.0}],"mesh":[],"locations_count":4,"locations":[{"id":"doi:10.46586/tches.v2022.i3.223-263","is_oa":true,"landing_page_url":"https://doi.org/10.46586/tches.v2022.i3.223-263","pdf_url":"https://tches.iacr.org/index.php/TCHES/article/download/9700/9231","source":{"id":"https://openalex.org/S4210207404","display_name":"IACR Transactions on Cryptographic Hardware and Embedded Systems","issn_l":"2569-2925","issn":["2569-2925"],"is_oa":true,"is_in_doaj":true,"is_core":true,"host_organization":null,"host_organization_name":null,"host_organization_lineage":[],"host_organization_lineage_names":[],"type":"journal"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"IACR Transactions on Cryptographic Hardware and Embedded Systems","raw_type":"journal-article"},{"id":"pmh:oai:doaj.org/article:ba9ed2fab6934332817b7933c1416030","is_oa":true,"landing_page_url":"https://doaj.org/article/ba9ed2fab6934332817b7933c1416030","pdf_url":null,"source":{"id":"https://openalex.org/S112646816","display_name":"SHILAP Revista de lepidopterolog\u00eda","issn_l":"0300-5267","issn":["0300-5267","2340-4078"],"is_oa":true,"is_in_doaj":true,"is_core":false,"host_organization":null,"host_organization_name":null,"host_organization_lineage":[],"host_organization_lineage_names":[],"type":"journal"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":"Transactions on Cryptographic Hardware and Embedded Systems, Vol 2022, Iss 3 (2022)","raw_type":"article"},{"id":"pmh:oai:lup.lub.lu.se:c3a77d10-bdd6-4dac-a7a9-50a284b922e1","is_oa":false,"landing_page_url":"https://lup.lub.lu.se/record/c3a77d10-bdd6-4dac-a7a9-50a284b922e1","pdf_url":null,"source":{"id":"https://openalex.org/S4306400536","display_name":"Lund University Publications (Lund University)","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I187531555","host_organization_name":"Lund University","host_organization_lineage":["https://openalex.org/I187531555"],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":"ISSN: 2569-2925","raw_type":"text"},{"id":"pmh:oai:publica.fraunhofer.de:publica/442967","is_oa":false,"landing_page_url":"https://publica.fraunhofer.de/handle/publica/442967","pdf_url":null,"source":{"id":"https://openalex.org/S4306400318","display_name":"Fraunhofer-Publica (Fraunhofer-Gesellschaft)","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I4923324","host_organization_name":"Fraunhofer-Gesellschaft","host_organization_lineage":["https://openalex.org/I4923324"],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":null,"raw_type":"journal article"}],"best_oa_location":{"id":"doi:10.46586/tches.v2022.i3.223-263","is_oa":true,"landing_page_url":"https://doi.org/10.46586/tches.v2022.i3.223-263","pdf_url":"https://tches.iacr.org/index.php/TCHES/article/download/9700/9231","source":{"id":"https://openalex.org/S4210207404","display_name":"IACR Transactions on Cryptographic Hardware and Embedded Systems","issn_l":"2569-2925","issn":["2569-2925"],"is_oa":true,"is_in_doaj":true,"is_core":true,"host_organization":null,"host_organization_name":null,"host_organization_lineage":[],"host_organization_lineage_names":[],"type":"journal"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"IACR Transactions on Cryptographic Hardware and Embedded Systems","raw_type":"journal-article"},"sustainable_development_goals":[{"display_name":"Peace, Justice and strong institutions","score":0.5799999833106995,"id":"https://metadata.un.org/sdg/16"}],"awards":[{"id":"https://openalex.org/G1174531324","display_name":null,"funder_award_id":"Grant","funder_id":"https://openalex.org/F4320322327","funder_display_name":"Knut och Alice Wallenbergs Stiftelse"},{"id":"https://openalex.org/G3103515943","display_name":null,"funder_award_id":"2019-04166","funder_id":"https://openalex.org/F4320322581","funder_display_name":"Vetenskapsr\u00e5det"},{"id":"https://openalex.org/G352791218","display_name":null,"funder_award_id":"(BMBF)","funder_id":"https://openalex.org/F4320321114","funder_display_name":"Bundesministerium f\u00fcr Bildung und Forschung"},{"id":"https://openalex.org/G6088888744","display_name":null,"funder_award_id":"RIT17-0005","funder_id":"https://openalex.org/F4320320940","funder_display_name":"Stiftelsen f\u00f6r\u00a0Strategisk Forskning"}],"funders":[{"id":"https://openalex.org/F4320320940","display_name":"Stiftelsen f\u00f6r\u00a0Strategisk Forskning","ror":"https://ror.org/044wr7g58"},{"id":"https://openalex.org/F4320321114","display_name":"Bundesministerium f\u00fcr Bildung und Forschung","ror":"https://ror.org/04pz7b180"},{"id":"https://openalex.org/F4320322327","display_name":"Knut och Alice Wallenbergs Stiftelse","ror":"https://ror.org/004hzzk67"},{"id":"https://openalex.org/F4320322581","display_name":"Vetenskapsr\u00e5det","ror":"https://ror.org/03zttf063"}],"has_content":{"pdf":true,"grobid_xml":true},"content_urls":{"pdf":"https://content.openalex.org/works/W4293077571.pdf","grobid_xml":"https://content.openalex.org/works/W4293077571.grobid-xml"},"referenced_works_count":40,"referenced_works":["https://openalex.org/W50107694","https://openalex.org/W131640530","https://openalex.org/W1560720671","https://openalex.org/W1613874182","https://openalex.org/W1965275036","https://openalex.org/W2001162307","https://openalex.org/W2066425771","https://openalex.org/W2107691219","https://openalex.org/W2149209089","https://openalex.org/W2154909745","https://openalex.org/W2163005041","https://openalex.org/W2181078401","https://openalex.org/W2412886904","https://openalex.org/W2520683369","https://openalex.org/W2544328905","https://openalex.org/W2566390621","https://openalex.org/W2740966734","https://openalex.org/W2767399671","https://openalex.org/W2795080420","https://openalex.org/W2897128759","https://openalex.org/W2902198978","https://openalex.org/W2946106366","https://openalex.org/W2970422613","https://openalex.org/W2985947210","https://openalex.org/W3000724687","https://openalex.org/W3037033594","https://openalex.org/W3048586153","https://openalex.org/W3049709743","https://openalex.org/W3089782889","https://openalex.org/W3112652840","https://openalex.org/W3158370798","https://openalex.org/W3159391650","https://openalex.org/W3184403650","https://openalex.org/W3211883801","https://openalex.org/W4232078629","https://openalex.org/W4254706618","https://openalex.org/W4281676495","https://openalex.org/W4289127653","https://openalex.org/W4300188436","https://openalex.org/W6946223313"],"related_works":["https://openalex.org/W2004522261","https://openalex.org/W1971956962","https://openalex.org/W4387031668","https://openalex.org/W2188560665","https://openalex.org/W2887442533","https://openalex.org/W4297042454","https://openalex.org/W2389993577","https://openalex.org/W3028997697","https://openalex.org/W1533979697","https://openalex.org/W2117623867"],"abstract_inverted_index":{"Well":[0],"before":[1],"large-scale":[2],"quantum":[3],"computers":[4],"will":[5],"be":[6,11,268],"available,":[7],"traditional":[8],"cryptosystems":[9],"must":[10],"transitioned":[12],"to":[13,23,48,64,83,162,271,315,339],"post-quantum":[14],"(PQ)":[15],"secure":[16],"schemes.":[17,27],"The":[18],"NIST":[19,139],"PQC":[20],"competition":[21],"aims":[22],"standardize":[24],"suitable":[25],"cryptographic":[26],"Candidates":[28],"are":[29,39,100],"evaluated":[30],"not":[31],"only":[32],"on":[33,43,79,144,184,207,371],"their":[34,375],"formal":[35],"security":[36,45,197],"strengths,":[37],"but":[38],"also":[40],"judged":[41],"based":[42],"the":[44,116,134,138,151,195,208,218,228,235,239,247,250,256,260,273,281,290,294,299,303,309,318,333,336,341,345,362],"with":[46,62,102,159,280,289],"regard":[47,63],"resistance":[49],"against":[50],"side-channel":[51,164,212],"attacks.":[52,165],"Although":[53],"round":[54,136],"3":[55],"candidates":[56,132],"have":[57,127,154,214],"already":[58,155],"been":[59,73,128,156,215],"intensively":[60],"vetted":[61],"such":[65],"attacks,":[66,365],"one":[67],"important":[68],"attack":[69,183,245,338],"vector":[70],"has":[71],"hitherto":[72],"missed:":[74],"PQ":[75],"schemes":[76],"often":[77],"rely":[78],"rejection":[80,96,251],"sampling":[81,97,252],"techniques":[82],"obtain":[84],"pseudorandomness":[85],"from":[86,203],"a":[87,222,369],"specific":[88],"distribution.":[89],"In":[90,242],"this":[91,168,327],"paper,":[92,169],"we":[93,170,312],"reveal":[94],"that":[95,99,249],"routines":[98],"seeded":[101],"secretdependent":[103],"information":[104,108,301],"and":[105,122,125,325,359,374],"leak":[106],"timing":[107,173,191,264,300,353],"result":[109],"in":[110,115,133,167,175,194,217,227,234,308,332],"practical":[111],"key":[112,118,181,275],"recovery":[113,182],"attacks":[114,206],"code-based":[117],"encapsulation":[119],"mechanisms":[120],"HQC":[121,124,185,225,277],"BIKE.Both":[123],"BIKE":[126,310],"selected":[129],"as":[130,231,233,286,288,366,368],"alternate":[131],"third":[135],"of":[137,221,238,259,293,302,335,344,361],"competition,":[140],"which":[141,266],"puts":[142],"them":[143],"track":[145],"for":[146],"getting":[147],"standardized":[148],"separately":[149],"o":[150],"finalists.":[152],"They":[153],"specifically":[157],"hardened":[158],"constant-time":[160],"decoders":[161],"avoid":[163],"However,":[166],"show":[171],"novel":[172],"vulnerabilities":[174],"both":[176],"schemes:":[177],"(1)":[178],"Our":[179],"secret":[180,274,346],"requiresonly":[186],"approx.":[187],"866,000":[188],"idealized":[189,352],"decapsulation":[190,261],"oracle":[192,354],"queries":[193],"128-bit":[196],"setting.":[198],"It":[199],"is":[200,278,321,329],"structurally":[201],"different":[202],"previously":[204,223],"identified":[205,216],"scheme:":[209],"Previously,":[210],"exploitable":[211],"leakages":[213],"BCH":[219,284],"decoder":[220,292],"submitted":[224],"version,":[226],"ciphertext":[229],"check":[230],"well":[232,287,367],"pseudorandom":[236],"function":[237],"Fujisaki-Okamoto":[240],"transformation.":[241],"contrast,":[243],"our":[244],"uses":[246],"fact":[248],"routine":[253],"invoked":[254],"during":[255],"deterministic":[257],"re-encryption":[258],"leaks":[262],"secret-dependent":[263],"information,":[265],"can":[267],"efficiently":[269],"exploited":[270],"recover":[272],"when":[276],"instantiated":[279],"(now":[282],"constant-time)":[283],"decoder,":[285],"RMRS":[291],"current":[295],"submission.":[296],"(2)":[297],"From":[298],"constant":[304],"weight":[305],"word":[306],"sampler":[307],"decapsulation,":[311],"demonstrate":[313],"how":[314,326],"distinguish":[316],"whether":[317],"decoding":[319],"step":[320],"successful":[322],"or":[323],"not,":[324],"distinguisher":[328],"then":[330],"used":[331],"framework":[334],"GJS":[337],"derive":[340],"distance":[342],"spectrum":[343],"key,":[347],"using":[348],"5.8":[349],"x":[350],"107":[351],"queries.":[355],"We":[356],"provide":[357],"details":[358],"analyses":[360],"fully":[363],"implemented":[364],"discussion":[370],"possible":[372],"countermeasures":[373],"limits.":[376]},"counts_by_year":[{"year":2026,"cited_by_count":2},{"year":2025,"cited_by_count":12},{"year":2024,"cited_by_count":14},{"year":2023,"cited_by_count":7},{"year":2022,"cited_by_count":5},{"year":2012,"cited_by_count":1}],"updated_date":"2026-04-10T15:06:20.359241","created_date":"2025-10-10T00:00:00"}