{"id":"https://openalex.org/W7124420041","doi":"https://doi.org/10.46586/tches.v2026.i1.472-499","title":"Keep it Simple: Refreshing the NTT of Kyber\u2019s Decapsulation to Prevent Plaintext-Checking Side-Channel Attacks","display_name":"Keep it Simple: Refreshing the NTT of Kyber\u2019s Decapsulation to Prevent Plaintext-Checking Side-Channel Attacks","publication_year":2026,"publication_date":"2026-01-16","ids":{"openalex":"https://openalex.org/W7124420041","doi":"https://doi.org/10.46586/tches.v2026.i1.472-499"},"language":null,"primary_location":{"id":"doi:10.46586/tches.v2026.i1.472-499","is_oa":true,"landing_page_url":"https://doi.org/10.46586/tches.v2026.i1.472-499","pdf_url":"https://tches.iacr.org/index.php/TCHES/article/download/12690/12372","source":{"id":"https://openalex.org/S4210207404","display_name":"IACR Transactions on Cryptographic Hardware and Embedded Systems","issn_l":"2569-2925","issn":["2569-2925"],"is_oa":true,"is_in_doaj":true,"is_core":true,"host_organization":null,"host_organization_name":null,"host_organization_lineage":[],"host_organization_lineage_names":[],"type":"journal"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"IACR Transactions on Cryptographic Hardware and Embedded Systems","raw_type":"journal-article"},"type":"article","indexed_in":["crossref","doaj"],"open_access":{"is_oa":true,"oa_status":"diamond","oa_url":"https://tches.iacr.org/index.php/TCHES/article/download/12690/12372","any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5099839627","display_name":"Duy\u00ean Pay","orcid":null},"institutions":[{"id":"https://openalex.org/I95674353","display_name":"UCLouvain","ror":"https://ror.org/02495e989","country_code":"BE","type":"education","lineage":["https://openalex.org/I95674353"]}],"countries":["BE"],"is_corresponding":true,"raw_author_name":"Duy\u00ean Pay","raw_affiliation_strings":["Crypto Group, ICTEAM Institute, UCLouvain, Louvain-la-Neuve, Belgium"],"affiliations":[{"raw_affiliation_string":"Crypto Group, ICTEAM Institute, UCLouvain, Louvain-la-Neuve, Belgium","institution_ids":["https://openalex.org/I95674353"]}]},{"author_position":"last","author":{"id":null,"display_name":"Fran\u00e7ois-Xavier Standaert","orcid":null},"institutions":[{"id":"https://openalex.org/I95674353","display_name":"UCLouvain","ror":"https://ror.org/02495e989","country_code":"BE","type":"education","lineage":["https://openalex.org/I95674353"]}],"countries":["BE"],"is_corresponding":false,"raw_author_name":"Fran\u00e7ois-Xavier Standaert","raw_affiliation_strings":["Crypto Group, ICTEAM Institute, UCLouvain, Louvain-la-Neuve, Belgium"],"affiliations":[{"raw_affiliation_string":"Crypto Group, ICTEAM Institute, UCLouvain, Louvain-la-Neuve, Belgium","institution_ids":["https://openalex.org/I95674353"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":2,"corresponding_author_ids":["https://openalex.org/A5099839627"],"corresponding_institution_ids":["https://openalex.org/I95674353"],"apc_list":null,"apc_paid":null,"fwci":0.0,"has_fulltext":true,"cited_by_count":0,"citation_normalized_percentile":{"value":0.14710921,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":null,"biblio":{"volume":"2026","issue":"1","first_page":"472","last_page":"499"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T10951","display_name":"Cryptographic Implementations and Security","score":0.5752000212669373,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T10951","display_name":"Cryptographic Implementations and Security","score":0.5752000212669373,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11424","display_name":"Security and Verification in Computing","score":0.32820001244544983,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T12122","display_name":"Physical Unclonable Functions (PUFs) and Hardware Security","score":0.052299998700618744,"subfield":{"id":"https://openalex.org/subfields/1708","display_name":"Hardware and Architecture"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/shuffling","display_name":"Shuffling","score":0.7287999987602234},{"id":"https://openalex.org/keywords/masking","display_name":"Masking (illustration)","score":0.42750000953674316},{"id":"https://openalex.org/keywords/limit","display_name":"Limit (mathematics)","score":0.3928999900817871},{"id":"https://openalex.org/keywords/cryptography","display_name":"Cryptography","score":0.38769999146461487},{"id":"https://openalex.org/keywords/noise","display_name":"Noise (video)","score":0.29750001430511475},{"id":"https://openalex.org/keywords/profiling","display_name":"Profiling (computer programming)","score":0.273499995470047}],"concepts":[{"id":"https://openalex.org/C167927819","wikidata":"https://www.wikidata.org/wiki/Q1930567","display_name":"Shuffling","level":2,"score":0.7287999987602234},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.7024000287055969},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.6901000142097473},{"id":"https://openalex.org/C2777402240","wikidata":"https://www.wikidata.org/wiki/Q6783436","display_name":"Masking (illustration)","level":2,"score":0.42750000953674316},{"id":"https://openalex.org/C151201525","wikidata":"https://www.wikidata.org/wiki/Q177239","display_name":"Limit (mathematics)","level":2,"score":0.3928999900817871},{"id":"https://openalex.org/C178489894","wikidata":"https://www.wikidata.org/wiki/Q8789","display_name":"Cryptography","level":2,"score":0.38769999146461487},{"id":"https://openalex.org/C99498987","wikidata":"https://www.wikidata.org/wiki/Q2210247","display_name":"Noise (video)","level":3,"score":0.29750001430511475},{"id":"https://openalex.org/C187191949","wikidata":"https://www.wikidata.org/wiki/Q1138496","display_name":"Profiling (computer programming)","level":2,"score":0.273499995470047},{"id":"https://openalex.org/C111335779","wikidata":"https://www.wikidata.org/wiki/Q3454686","display_name":"Reduction (mathematics)","level":2,"score":0.2678999900817871},{"id":"https://openalex.org/C40305131","wikidata":"https://www.wikidata.org/wiki/Q2616305","display_name":"Obfuscation","level":2,"score":0.2639000117778778},{"id":"https://openalex.org/C71745522","wikidata":"https://www.wikidata.org/wiki/Q2476929","display_name":"Confidentiality","level":2,"score":0.26190000772476196},{"id":"https://openalex.org/C71901391","wikidata":"https://www.wikidata.org/wiki/Q7126699","display_name":"Upload","level":2,"score":0.26170000433921814},{"id":"https://openalex.org/C2780586882","wikidata":"https://www.wikidata.org/wiki/Q7520643","display_name":"Simple (philosophy)","level":2,"score":0.25459998846054077}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.46586/tches.v2026.i1.472-499","is_oa":true,"landing_page_url":"https://doi.org/10.46586/tches.v2026.i1.472-499","pdf_url":"https://tches.iacr.org/index.php/TCHES/article/download/12690/12372","source":{"id":"https://openalex.org/S4210207404","display_name":"IACR Transactions on Cryptographic Hardware and Embedded Systems","issn_l":"2569-2925","issn":["2569-2925"],"is_oa":true,"is_in_doaj":true,"is_core":true,"host_organization":null,"host_organization_name":null,"host_organization_lineage":[],"host_organization_lineage_names":[],"type":"journal"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"IACR Transactions on Cryptographic Hardware and Embedded Systems","raw_type":"journal-article"}],"best_oa_location":{"id":"doi:10.46586/tches.v2026.i1.472-499","is_oa":true,"landing_page_url":"https://doi.org/10.46586/tches.v2026.i1.472-499","pdf_url":"https://tches.iacr.org/index.php/TCHES/article/download/12690/12372","source":{"id":"https://openalex.org/S4210207404","display_name":"IACR Transactions on Cryptographic Hardware and Embedded Systems","issn_l":"2569-2925","issn":["2569-2925"],"is_oa":true,"is_in_doaj":true,"is_core":true,"host_organization":null,"host_organization_name":null,"host_organization_lineage":[],"host_organization_lineage_names":[],"type":"journal"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"IACR Transactions on Cryptographic Hardware and Embedded Systems","raw_type":"journal-article"},"sustainable_development_goals":[{"display_name":"Peace, Justice and strong institutions","id":"https://metadata.un.org/sdg/16","score":0.697788655757904}],"awards":[{"id":"https://openalex.org/G1329855610","display_name":null,"funder_award_id":"project","funder_id":"https://openalex.org/F4320321390","funder_display_name":"Fonds De La Recherche Scientifique - FNRS"},{"id":"https://openalex.org/G5641042146","display_name":"Connecting Symmetric and Asymmetric  Cryptography for Leakage and Faults","funder_award_id":"101096871","funder_id":"https://openalex.org/F4320320300","funder_display_name":"European Commission"},{"id":"https://openalex.org/G8051717526","display_name":null,"funder_award_id":"Grant","funder_id":"https://openalex.org/F4320320300","funder_display_name":"European Commission"}],"funders":[{"id":"https://openalex.org/F4320320300","display_name":"European Commission","ror":"https://ror.org/00k4n6c32"},{"id":"https://openalex.org/F4320321390","display_name":"Fonds De La Recherche Scientifique - FNRS","ror":"https://ror.org/03q83t159"}],"has_content":{"pdf":true,"grobid_xml":true},"content_urls":{"pdf":"https://content.openalex.org/works/W7124420041.pdf","grobid_xml":"https://content.openalex.org/works/W7124420041.grobid-xml"},"referenced_works_count":0,"referenced_works":[],"related_works":[],"abstract_inverted_index":{"In":[0],"this":[1,28,99,156],"paper,":[2],"we":[3,30,129,184],"revisit":[4],"the":[5,17,71,85,110,113,137,142,160,172,186,190,206],"protection":[6],"of":[7,40,61,87,95,112,139,164,196],"Kyber\u2019s":[8,197],"NTT":[9,114,143,167,198],"implementation":[10,195],"against":[11,46],"plaintext-checking":[12],"side-channel":[13,161],"attacks,":[14,49],"for":[15,91,104],"which":[16],"current":[18],"mainstream":[19],"solution":[20],"is":[21,38,177],"to":[22,43,73,116,171],"combine":[23],"masking":[24,52],"and":[25,50,77,81,84,126,169,199],"shuffling.":[26],"For":[27],"purpose,":[29],"first":[31],"bring":[32],"consolidating":[33],"arguments":[34],"why":[35,51],"shuffling":[36],"alone":[37,53],"(theoretically)":[39],"limited":[41],"help":[42],"improve":[44],"security":[45,162,174],"such":[47,92,132],"distinguishing":[48],"may":[54],"be":[55],"(practically)":[56],"hindered":[57],"by":[58,210],"a":[59,93,102,105,165],"lack":[60,86],"physical":[62],"noise":[63],"in":[64,149],"low-cost":[65],"embedded":[66],"devices.":[67],"We":[68,97,152],"then":[69],"discuss":[70,185],"challenges":[72],"address":[74],"when":[75,179],"implementing":[76],"(mostly)":[78],"evaluating":[79],"masked":[80],"shuffled":[82],"implementations,":[83],"easy-to-extrapolate":[88],"scaling":[89],"trends":[90],"mix":[94],"countermeasures.":[96],"use":[98],"discussion":[100],"as":[101],"motivation":[103],"simpler":[106],"approach,":[107],"namely":[108],"refreshing":[109],"layers":[111,144],"thanks":[115],"simple":[117],"gadgets":[118],"with":[119,205],"linear":[120],"overheads.":[121],"Using":[122],"both":[123],"simulated":[124],"analyses":[125],"actual":[127],"experiments,":[128],"show":[130,154],"that":[131,155,176],"an":[133,200],"approach":[134],"can":[135,158],"limit":[136],"propagation":[138],"information":[140],"through":[141],"via":[145],"belief":[146],"propagation,":[147],"even":[148],"low-noise":[150],"contexts.":[151],"also":[153],"combination":[157],"simplify":[159],"evaluation":[163],"protected":[166],"implementation,":[168],"lead":[170],"exponential":[173],"amplification":[175],"expected":[178],"masking.":[180],"As":[181],"side":[182],"contributions,":[183],"significant":[187],"differences":[188],"between":[189],"(very":[191],"leaky)":[192],"reference":[193],"C":[194],"efficient":[201],"assembly":[202],"one,":[203],"together":[204],"profiling":[207],"difficulties":[208],"raised":[209],"lazy":[211],"reduction":[212],"techniques.":[213]},"counts_by_year":[],"updated_date":"2026-03-25T23:56:10.502304","created_date":"2026-01-17T00:00:00"}