{"id":"https://openalex.org/W4294326140","doi":"https://doi.org/10.46586/tches.v2022.i4.637-660","title":"Roulette: A Diverse Family of Feasible Fault Attacks on Masked Kyber","display_name":"Roulette: A Diverse Family of Feasible Fault Attacks on Masked Kyber","publication_year":2022,"publication_date":"2022-08-31","ids":{"openalex":"https://openalex.org/W4294326140","doi":"https://doi.org/10.46586/tches.v2022.i4.637-660"},"language":"en","primary_location":{"id":"doi:10.46586/tches.v2022.i4.637-660","is_oa":true,"landing_page_url":"https://doi.org/10.46586/tches.v2022.i4.637-660","pdf_url":"https://tches.iacr.org/index.php/TCHES/article/download/9835/9338","source":{"id":"https://openalex.org/S4210207404","display_name":"IACR Transactions on Cryptographic Hardware and Embedded Systems","issn_l":"2569-2925","issn":["2569-2925"],"is_oa":true,"is_in_doaj":true,"is_core":true,"host_organization":null,"host_organization_name":null,"host_organization_lineage":[],"host_organization_lineage_names":[],"type":"journal"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"IACR Transactions on Cryptographic Hardware and Embedded Systems","raw_type":"journal-article"},"type":"article","indexed_in":["crossref","doaj"],"open_access":{"is_oa":true,"oa_status":"diamond","oa_url":"https://tches.iacr.org/index.php/TCHES/article/download/9835/9338","any_repository_has_fulltext":true},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5009939445","display_name":"Jeroen Delvaux","orcid":"https://orcid.org/0000-0003-0684-8427"},"institutions":[{"id":"https://openalex.org/I4210087059","display_name":"Technology Innovation Institute","ror":"https://ror.org/001kv2y39","country_code":"AE","type":"facility","lineage":["https://openalex.org/I4210087059"]}],"countries":["AE"],"is_corresponding":true,"raw_author_name":"Jeroen Delvaux","raw_affiliation_strings":["Cryptography Research Centre, Technology Innovation Institute, Abu Dhabi, UAE"],"affiliations":[{"raw_affiliation_string":"Cryptography Research Centre, Technology Innovation Institute, Abu Dhabi, UAE","institution_ids":["https://openalex.org/I4210087059"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":1,"corresponding_author_ids":["https://openalex.org/A5009939445"],"corresponding_institution_ids":["https://openalex.org/I4210087059"],"apc_list":null,"apc_paid":null,"fwci":2.4996,"has_fulltext":true,"cited_by_count":19,"citation_normalized_percentile":{"value":0.90717186,"is_in_top_1_percent":false,"is_in_top_10_percent":true},"cited_by_percentile_year":{"min":96,"max":99},"biblio":{"volume":null,"issue":null,"first_page":"637","last_page":"660"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T10951","display_name":"Cryptographic Implementations and Security","score":0.9998999834060669,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T10951","display_name":"Cryptographic Implementations and Security","score":0.9998999834060669,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T12122","display_name":"Physical Unclonable Functions (PUFs) and Hardware Security","score":0.9976999759674072,"subfield":{"id":"https://openalex.org/subfields/1708","display_name":"Hardware and Architecture"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11017","display_name":"Chaos-based Image/Signal Encryption","score":0.9959999918937683,"subfield":{"id":"https://openalex.org/subfields/1707","display_name":"Computer Vision and Pattern Recognition"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.6610718965530396},{"id":"https://openalex.org/keywords/roulette","display_name":"Roulette","score":0.49718835949897766},{"id":"https://openalex.org/keywords/attack-surface","display_name":"Attack surface","score":0.48694074153900146},{"id":"https://openalex.org/keywords/advanced-encryption-standard","display_name":"Advanced Encryption Standard","score":0.45822250843048096},{"id":"https://openalex.org/keywords/set","display_name":"Set (abstract data type)","score":0.44641056656837463},{"id":"https://openalex.org/keywords/byte","display_name":"Byte","score":0.42446067929267883},{"id":"https://openalex.org/keywords/ciphertext","display_name":"Ciphertext","score":0.4204573631286621},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.3986873924732208},{"id":"https://openalex.org/keywords/algorithm","display_name":"Algorithm","score":0.37751448154449463},{"id":"https://openalex.org/keywords/encryption","display_name":"Encryption","score":0.32435786724090576},{"id":"https://openalex.org/keywords/mathematics","display_name":"Mathematics","score":0.2398873269557953},{"id":"https://openalex.org/keywords/computer-hardware","display_name":"Computer hardware","score":0.13162201642990112}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.6610718965530396},{"id":"https://openalex.org/C195502155","wikidata":"https://www.wikidata.org/wiki/Q2810237","display_name":"Roulette","level":2,"score":0.49718835949897766},{"id":"https://openalex.org/C2776576444","wikidata":"https://www.wikidata.org/wiki/Q303569","display_name":"Attack surface","level":2,"score":0.48694074153900146},{"id":"https://openalex.org/C94520183","wikidata":"https://www.wikidata.org/wiki/Q190746","display_name":"Advanced Encryption Standard","level":3,"score":0.45822250843048096},{"id":"https://openalex.org/C177264268","wikidata":"https://www.wikidata.org/wiki/Q1514741","display_name":"Set (abstract data type)","level":2,"score":0.44641056656837463},{"id":"https://openalex.org/C43364308","wikidata":"https://www.wikidata.org/wiki/Q8799","display_name":"Byte","level":2,"score":0.42446067929267883},{"id":"https://openalex.org/C93974786","wikidata":"https://www.wikidata.org/wiki/Q1589480","display_name":"Ciphertext","level":3,"score":0.4204573631286621},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.3986873924732208},{"id":"https://openalex.org/C11413529","wikidata":"https://www.wikidata.org/wiki/Q8366","display_name":"Algorithm","level":1,"score":0.37751448154449463},{"id":"https://openalex.org/C148730421","wikidata":"https://www.wikidata.org/wiki/Q141090","display_name":"Encryption","level":2,"score":0.32435786724090576},{"id":"https://openalex.org/C33923547","wikidata":"https://www.wikidata.org/wiki/Q395","display_name":"Mathematics","level":0,"score":0.2398873269557953},{"id":"https://openalex.org/C9390403","wikidata":"https://www.wikidata.org/wiki/Q3966","display_name":"Computer hardware","level":1,"score":0.13162201642990112},{"id":"https://openalex.org/C199360897","wikidata":"https://www.wikidata.org/wiki/Q9143","display_name":"Programming language","level":1,"score":0.0},{"id":"https://openalex.org/C2524010","wikidata":"https://www.wikidata.org/wiki/Q8087","display_name":"Geometry","level":1,"score":0.0}],"mesh":[],"locations_count":3,"locations":[{"id":"doi:10.46586/tches.v2022.i4.637-660","is_oa":true,"landing_page_url":"https://doi.org/10.46586/tches.v2022.i4.637-660","pdf_url":"https://tches.iacr.org/index.php/TCHES/article/download/9835/9338","source":{"id":"https://openalex.org/S4210207404","display_name":"IACR Transactions on Cryptographic Hardware and Embedded Systems","issn_l":"2569-2925","issn":["2569-2925"],"is_oa":true,"is_in_doaj":true,"is_core":true,"host_organization":null,"host_organization_name":null,"host_organization_lineage":[],"host_organization_lineage_names":[],"type":"journal"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"IACR Transactions on Cryptographic Hardware and Embedded Systems","raw_type":"journal-article"},{"id":"pmh:oai:doaj.org/article:08b3b785b715449e8bf624979d6cdaa0","is_oa":true,"landing_page_url":"https://doaj.org/article/08b3b785b715449e8bf624979d6cdaa0","pdf_url":null,"source":{"id":"https://openalex.org/S112646816","display_name":"SHILAP Revista de lepidopterolog\u00eda","issn_l":"0300-5267","issn":["0300-5267","2340-4078"],"is_oa":true,"is_in_doaj":true,"is_core":false,"host_organization":null,"host_organization_name":null,"host_organization_lineage":[],"host_organization_lineage_names":[],"type":"journal"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":"Transactions on Cryptographic Hardware and Embedded Systems, Vol 2022, Iss 4 (2022)","raw_type":"article"},{"id":"pmh:oai:doaj.org/article:9e4499adfc2744ef8d9a4e771487ab70","is_oa":true,"landing_page_url":"https://doaj.org/article/9e4499adfc2744ef8d9a4e771487ab70","pdf_url":null,"source":{"id":"https://openalex.org/S112646816","display_name":"SHILAP Revista de lepidopterolog\u00eda","issn_l":"0300-5267","issn":["0300-5267","2340-4078"],"is_oa":true,"is_in_doaj":true,"is_core":false,"host_organization":null,"host_organization_name":null,"host_organization_lineage":[],"host_organization_lineage_names":[],"type":"journal"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":"Transactions on Cryptographic Hardware and Embedded Systems, Vol 2022, Iss 4 (2022)","raw_type":"article"}],"best_oa_location":{"id":"doi:10.46586/tches.v2022.i4.637-660","is_oa":true,"landing_page_url":"https://doi.org/10.46586/tches.v2022.i4.637-660","pdf_url":"https://tches.iacr.org/index.php/TCHES/article/download/9835/9338","source":{"id":"https://openalex.org/S4210207404","display_name":"IACR Transactions on Cryptographic Hardware and Embedded Systems","issn_l":"2569-2925","issn":["2569-2925"],"is_oa":true,"is_in_doaj":true,"is_core":true,"host_organization":null,"host_organization_name":null,"host_organization_lineage":[],"host_organization_lineage_names":[],"type":"journal"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"IACR Transactions on Cryptographic Hardware and Embedded Systems","raw_type":"journal-article"},"sustainable_development_goals":[{"display_name":"Peace, Justice and strong institutions","score":0.550000011920929,"id":"https://metadata.un.org/sdg/16"}],"awards":[],"funders":[],"has_content":{"pdf":true,"grobid_xml":true},"content_urls":{"pdf":"https://content.openalex.org/works/W4294326140.pdf","grobid_xml":"https://content.openalex.org/works/W4294326140.grobid-xml"},"referenced_works_count":34,"referenced_works":["https://openalex.org/W1493213353","https://openalex.org/W1839956289","https://openalex.org/W2094021188","https://openalex.org/W2116497491","https://openalex.org/W2144952508","https://openalex.org/W2147694198","https://openalex.org/W2560082747","https://openalex.org/W2571657973","https://openalex.org/W2575714403","https://openalex.org/W2805111206","https://openalex.org/W2889402643","https://openalex.org/W2903538643","https://openalex.org/W2904830041","https://openalex.org/W2921053303","https://openalex.org/W2951416635","https://openalex.org/W2979160478","https://openalex.org/W2988496150","https://openalex.org/W3003271350","https://openalex.org/W3020852045","https://openalex.org/W3090401323","https://openalex.org/W3127016245","https://openalex.org/W3184403650","https://openalex.org/W3185408664","https://openalex.org/W3198350797","https://openalex.org/W3202360051","https://openalex.org/W3202691802","https://openalex.org/W4205974385","https://openalex.org/W4206155091","https://openalex.org/W4235846187","https://openalex.org/W4240774388","https://openalex.org/W4246927843","https://openalex.org/W4251236654","https://openalex.org/W4310480235","https://openalex.org/W4379384493"],"related_works":["https://openalex.org/W1968760107","https://openalex.org/W291693969","https://openalex.org/W3085294341","https://openalex.org/W2940359311","https://openalex.org/W2789284498","https://openalex.org/W3213872447","https://openalex.org/W3123818835","https://openalex.org/W2350594703","https://openalex.org/W3091441131","https://openalex.org/W4294326140"],"abstract_inverted_index":{"At":[0],"Indocrypt":[1,114],"2021,":[2],"Hermelink,":[3],"Pessl,":[4],"and":[5,26,33,43,53,75,85,128,139,144,232,256],"P\u00f6ppelmann":[6],"presented":[7],"a":[8,15,31,186,200,204,213,221,276,283],"fault":[9,118,163,181],"attack":[10,29,46,60,158,208],"against":[11,171],"Kyber":[12,287],"in":[13,47,87,112,220],"which":[14,202],"system":[16,240],"of":[17,69,91,189,224,237,241,246,260,286],"linear":[18,242],"inequalities":[19],"over":[20],"the":[21,45,59,65,70,88,92,106,113,117,156,217,227,234,239,270],"private":[22],"key":[23],"is":[24,62,120,159,191,203,209],"generated":[25],"solved.":[27],"The":[28],"requires":[30],"laser":[32],"is,":[34],"understandably,":[35],"demonstrated":[36],"with":[37],"simulations\u2014not":[38],"actual":[39],"equipment.":[40],"We":[41],"facilitate":[42],"diversify":[44],"four":[48,271],"ways,":[49],"thereby":[50],"admitting":[51],"cheaper":[52],"more":[54],"forgiving":[55],"fault-injection":[56],"setups.":[57],"Firstly,":[58],"surface":[61,99],"enlarged:":[63],"originally,":[64,122],"two":[66],"input":[67],"operands":[68],"ciphertext":[71],"comparison":[72],"are":[73,126,197,250,263],"covered,":[74],"we":[76,129,179,230,274],"additionally":[77,130],"cover":[78],"re-encryption":[79],"modules":[80],"such":[81],"as":[82],"binomial":[83],"sampling":[84],"butterflies":[86],"last":[89],"layer":[90],"inverse":[93],"numbertheoretic":[94],"transform":[95],"(INTT).":[96],"This":[97],"extra":[98],"also":[100],"allows":[101],"an":[102,290],"attacker":[103],"to":[104,211,252,265,281],"bypass":[105],"custom":[107],"countermeasure":[108],"that":[109,147],"was":[110],"proposed":[111],"paper.":[115],"Secondly,":[116],"model":[119],"relaxed:":[121],"precise":[123],"bit":[124,137],"flips":[125],"required,":[127],"support":[131],"set-to-0":[132],"faults,":[133,135],"random":[134],"arbitrary":[136],"flips,":[138],"instruction":[140],"skips.":[141],"Thirdly,":[142],"masking":[143],"blinding":[145],"methods":[146],"randomize":[148],"intermediate":[149,182],"variables":[150],"kindly":[151],"help":[152],"our":[153,207],"attack,":[154],"whereas":[155],"IndoCrypt":[157],"like":[160],"most":[161],"other":[162],"attacks":[164],"either":[165],"hindered":[166],"or":[167],"unaltered":[168],"by":[169],"countermeasures":[170],"passive":[172],"side-channel":[173],"analysis":[174],"(SCA).":[175],"Randomization":[176],"helps":[177],"because":[178],"randomly":[180],"prime-field":[183,195],"elements":[184,196],"until":[185,216],"desired":[187,222],"set":[188,223],"values":[190],"hit.":[192],"If":[193],"these":[194],"represented":[198],"on":[199,289],"circle,":[201],"common":[205],"visualization,":[206],"analogous":[210],"spinning":[212],"roulette":[214],"wheel":[215],"ball":[218],"lands":[219],"pockets.":[225],"Hence,":[226],"nickname.":[228],"Fourthly,":[229],"accelerate":[231],"improve":[233],"error":[235,258],"tolerance":[236],"solving":[238],"inequalities:":[243],"run":[244],"times":[245],"roughly":[247,253,261,266],"100":[248],"minutes":[249],"reduced":[251],"one":[254],"minute,":[255],"inequality":[257],"rates":[259],"1%":[262],"relaxed":[264],"25%.":[267],"Benefiting":[268],"from":[269],"advances":[272],"above,":[273],"use":[275],"reasonably":[277],"priced":[278],"ChipWhisperer\u00ae":[279],"board":[280],"break":[282],"masked":[284],"implementation":[285],"running":[288],"ARM":[291],"Cortex-M4":[292],"through":[293],"clock":[294],"glitching.":[295]},"counts_by_year":[{"year":2026,"cited_by_count":1},{"year":2025,"cited_by_count":7},{"year":2024,"cited_by_count":5},{"year":2023,"cited_by_count":6}],"updated_date":"2026-04-04T16:13:02.066488","created_date":"2025-10-10T00:00:00"}