{"id":"https://openalex.org/W7124466286","doi":"https://doi.org/10.46586/tches.v2026.i1.618-659","title":"ML-DSA masking sweetened with SUCRE: Shuffle-and-Unmask Countermeasure for REjection sampling","display_name":"ML-DSA masking sweetened with SUCRE: Shuffle-and-Unmask Countermeasure for REjection sampling","publication_year":2026,"publication_date":"2026-01-16","ids":{"openalex":"https://openalex.org/W7124466286","doi":"https://doi.org/10.46586/tches.v2026.i1.618-659"},"language":null,"primary_location":{"id":"doi:10.46586/tches.v2026.i1.618-659","is_oa":true,"landing_page_url":"https://doi.org/10.46586/tches.v2026.i1.618-659","pdf_url":"https://tches.iacr.org/index.php/TCHES/article/download/12695/12378","source":{"id":"https://openalex.org/S4210207404","display_name":"IACR Transactions on Cryptographic Hardware and Embedded Systems","issn_l":"2569-2925","issn":["2569-2925"],"is_oa":true,"is_in_doaj":true,"is_core":true,"host_organization":null,"host_organization_name":null,"host_organization_lineage":[],"host_organization_lineage_names":[],"type":"journal"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"IACR Transactions on Cryptographic Hardware and Embedded Systems","raw_type":"journal-article"},"type":"article","indexed_in":["crossref","doaj"],"open_access":{"is_oa":true,"oa_status":"diamond","oa_url":"https://tches.iacr.org/index.php/TCHES/article/download/12695/12378","any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5123182233","display_name":"Sonia Bela\u00efd","orcid":null},"institutions":[{"id":"https://openalex.org/I4210086502","display_name":"CryptoExperts (France)","ror":"https://ror.org/0030xrh72","country_code":"FR","type":"company","lineage":["https://openalex.org/I4210086502"]}],"countries":["FR"],"is_corresponding":true,"raw_author_name":"Sonia Bela\u00efd","raw_affiliation_strings":["CryptoExperts, Paris, France"],"affiliations":[{"raw_affiliation_string":"CryptoExperts, Paris, France","institution_ids":["https://openalex.org/I4210086502"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5044833739","display_name":"Ryad Benadjila","orcid":null},"institutions":[{"id":"https://openalex.org/I4210086502","display_name":"CryptoExperts (France)","ror":"https://ror.org/0030xrh72","country_code":"FR","type":"company","lineage":["https://openalex.org/I4210086502"]}],"countries":["FR"],"is_corresponding":false,"raw_author_name":"Ryad Benadjila","raw_affiliation_strings":["CryptoExperts, Paris, France"],"affiliations":[{"raw_affiliation_string":"CryptoExperts, Paris, France","institution_ids":["https://openalex.org/I4210086502"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5104801322","display_name":"Julien Devevey","orcid":null},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Julien Devevey","raw_affiliation_strings":["ANSSI"],"affiliations":[{"raw_affiliation_string":"ANSSI","institution_ids":[]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5016564798","display_name":"Morgane Guerreau","orcid":null},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Morgane Guerreau","raw_affiliation_strings":["PQShield"],"affiliations":[{"raw_affiliation_string":"PQShield","institution_ids":[]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5120067917","display_name":"Thomas Legavre","orcid":null},"institutions":[{"id":"https://openalex.org/I1294671590","display_name":"Centre National de la Recherche Scientifique","ror":"https://ror.org/02feahw73","country_code":"FR","type":"government","lineage":["https://openalex.org/I1294671590"]},{"id":"https://openalex.org/I2801356230","display_name":"Thales (Australia)","ror":"https://ror.org/00f7vya03","country_code":"AU","type":"company","lineage":["https://openalex.org/I2801356230","https://openalex.org/I4210140930"]},{"id":"https://openalex.org/I39804081","display_name":"Sorbonne Universit\u00e9","ror":"https://ror.org/02en5vm52","country_code":"FR","type":"education","lineage":["https://openalex.org/I39804081"]}],"countries":["AU","FR"],"is_corresponding":false,"raw_author_name":"Thomas Legavre","raw_affiliation_strings":["Thales; Sorbonne Universit\u00e9, CNRS, LIP6"],"affiliations":[{"raw_affiliation_string":"Thales; Sorbonne Universit\u00e9, CNRS, LIP6","institution_ids":["https://openalex.org/I39804081","https://openalex.org/I2801356230","https://openalex.org/I1294671590"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5123178415","display_name":"Ange Martinelli","orcid":null},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Ange Martinelli","raw_affiliation_strings":["ANSSI"],"affiliations":[{"raw_affiliation_string":"ANSSI","institution_ids":[]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5028929789","display_name":"Thomas Ricosset","orcid":"https://orcid.org/0000-0002-8841-1087"},"institutions":[{"id":"https://openalex.org/I1283236314","display_name":"Thales (Portugal)","ror":"https://ror.org/051w1mx35","country_code":"PT","type":"company","lineage":["https://openalex.org/I1283236314","https://openalex.org/I4210140930"]}],"countries":["PT"],"is_corresponding":false,"raw_author_name":"Thomas Ricosset","raw_affiliation_strings":["Thales"],"affiliations":[{"raw_affiliation_string":"Thales","institution_ids":["https://openalex.org/I1283236314"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5075769848","display_name":"Matthieu Rivain","orcid":"https://orcid.org/0000-0002-9855-4161"},"institutions":[{"id":"https://openalex.org/I4210086502","display_name":"CryptoExperts (France)","ror":"https://ror.org/0030xrh72","country_code":"FR","type":"company","lineage":["https://openalex.org/I4210086502"]}],"countries":["FR"],"is_corresponding":false,"raw_author_name":"Matthieu Rivain","raw_affiliation_strings":["CryptoExperts, Paris, France"],"affiliations":[{"raw_affiliation_string":"CryptoExperts, Paris, France","institution_ids":["https://openalex.org/I4210086502"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5074823804","display_name":"M\u00e9lissa Rossi","orcid":"https://orcid.org/0000-0002-9268-3034"},"institutions":[{"id":"https://openalex.org/I4210086502","display_name":"CryptoExperts (France)","ror":"https://ror.org/0030xrh72","country_code":"FR","type":"company","lineage":["https://openalex.org/I4210086502"]}],"countries":["FR"],"is_corresponding":false,"raw_author_name":"M\u00e9lissa Rossi","raw_affiliation_strings":["CryptoExperts, Paris, France"],"affiliations":[{"raw_affiliation_string":"CryptoExperts, Paris, France","institution_ids":["https://openalex.org/I4210086502"]}]}],"institutions":[],"countries_distinct_count":3,"institutions_distinct_count":9,"corresponding_author_ids":["https://openalex.org/A5123182233"],"corresponding_institution_ids":["https://openalex.org/I4210086502"],"apc_list":null,"apc_paid":null,"fwci":0.0,"has_fulltext":true,"cited_by_count":0,"citation_normalized_percentile":{"value":0.1225447,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":null,"biblio":{"volume":"2026","issue":"1","first_page":"618","last_page":"659"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T10237","display_name":"Cryptography and Data Security","score":0.40860000252723694,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T10237","display_name":"Cryptography and Data Security","score":0.40860000252723694,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10951","display_name":"Cryptographic Implementations and Security","score":0.39629998803138733,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T12122","display_name":"Physical Unclonable Functions (PUFs) and Hardware Security","score":0.09200000017881393,"subfield":{"id":"https://openalex.org/subfields/1708","display_name":"Hardware and Architecture"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/gadget","display_name":"Gadget","score":0.7401999831199646},{"id":"https://openalex.org/keywords/countermeasure","display_name":"Countermeasure","score":0.6305000185966492},{"id":"https://openalex.org/keywords/rounding","display_name":"Rounding","score":0.5436000227928162},{"id":"https://openalex.org/keywords/masking","display_name":"Masking (illustration)","score":0.5339000225067139},{"id":"https://openalex.org/keywords/sampling","display_name":"Sampling (signal processing)","score":0.4839000105857849},{"id":"https://openalex.org/keywords/permutation","display_name":"Permutation (music)","score":0.41600000858306885},{"id":"https://openalex.org/keywords/cryptography","display_name":"Cryptography","score":0.41260001063346863},{"id":"https://openalex.org/keywords/random-permutation","display_name":"Random permutation","score":0.4104999899864197},{"id":"https://openalex.org/keywords/scheme","display_name":"Scheme (mathematics)","score":0.36410000920295715}],"concepts":[{"id":"https://openalex.org/C119770614","wikidata":"https://www.wikidata.org/wiki/Q5516347","display_name":"Gadget","level":2,"score":0.7401999831199646},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.6937000155448914},{"id":"https://openalex.org/C21593369","wikidata":"https://www.wikidata.org/wiki/Q1032176","display_name":"Countermeasure","level":2,"score":0.6305000185966492},{"id":"https://openalex.org/C136625980","wikidata":"https://www.wikidata.org/wiki/Q663208","display_name":"Rounding","level":2,"score":0.5436000227928162},{"id":"https://openalex.org/C2777402240","wikidata":"https://www.wikidata.org/wiki/Q6783436","display_name":"Masking (illustration)","level":2,"score":0.5339000225067139},{"id":"https://openalex.org/C140779682","wikidata":"https://www.wikidata.org/wiki/Q210868","display_name":"Sampling (signal processing)","level":3,"score":0.4839000105857849},{"id":"https://openalex.org/C94375191","wikidata":"https://www.wikidata.org/wiki/Q11205","display_name":"Arithmetic","level":1,"score":0.421099990606308},{"id":"https://openalex.org/C21308566","wikidata":"https://www.wikidata.org/wiki/Q7169365","display_name":"Permutation (music)","level":2,"score":0.41600000858306885},{"id":"https://openalex.org/C178489894","wikidata":"https://www.wikidata.org/wiki/Q8789","display_name":"Cryptography","level":2,"score":0.41260001063346863},{"id":"https://openalex.org/C200985842","wikidata":"https://www.wikidata.org/wiki/Q3375503","display_name":"Random permutation","level":3,"score":0.4104999899864197},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.3813000023365021},{"id":"https://openalex.org/C77618280","wikidata":"https://www.wikidata.org/wiki/Q1155772","display_name":"Scheme (mathematics)","level":2,"score":0.36410000920295715},{"id":"https://openalex.org/C2779696439","wikidata":"https://www.wikidata.org/wiki/Q7512811","display_name":"Signature (topology)","level":2,"score":0.3393000066280365},{"id":"https://openalex.org/C11413529","wikidata":"https://www.wikidata.org/wiki/Q8366","display_name":"Algorithm","level":1,"score":0.3142000138759613},{"id":"https://openalex.org/C68339613","wikidata":"https://www.wikidata.org/wiki/Q1549489","display_name":"Speedup","level":2,"score":0.31349998712539673},{"id":"https://openalex.org/C41065033","wikidata":"https://www.wikidata.org/wiki/Q2825412","display_name":"Adversary","level":2,"score":0.31310001015663147},{"id":"https://openalex.org/C71901391","wikidata":"https://www.wikidata.org/wiki/Q7126699","display_name":"Upload","level":2,"score":0.31139999628067017},{"id":"https://openalex.org/C127162648","wikidata":"https://www.wikidata.org/wiki/Q16858953","display_name":"Channel (broadcasting)","level":2,"score":0.3041999936103821},{"id":"https://openalex.org/C2779014939","wikidata":"https://www.wikidata.org/wiki/Q6510239","display_name":"Learning with errors","level":3,"score":0.3027999997138977},{"id":"https://openalex.org/C38369872","wikidata":"https://www.wikidata.org/wiki/Q7445009","display_name":"Security analysis","level":2,"score":0.296999990940094},{"id":"https://openalex.org/C197323446","wikidata":"https://www.wikidata.org/wiki/Q331222","display_name":"Oversampling","level":3,"score":0.29330000281333923},{"id":"https://openalex.org/C80444323","wikidata":"https://www.wikidata.org/wiki/Q2878974","display_name":"Theoretical computer science","level":1,"score":0.2842000126838684},{"id":"https://openalex.org/C2779960059","wikidata":"https://www.wikidata.org/wiki/Q7113681","display_name":"Overhead (engineering)","level":2,"score":0.28369998931884766},{"id":"https://openalex.org/C26713055","wikidata":"https://www.wikidata.org/wiki/Q245962","display_name":"Implementation","level":2,"score":0.28139999508857727},{"id":"https://openalex.org/C113775141","wikidata":"https://www.wikidata.org/wiki/Q428691","display_name":"Computer engineering","level":1,"score":0.27639999985694885},{"id":"https://openalex.org/C109275537","wikidata":"https://www.wikidata.org/wiki/Q1154420","display_name":"Subset sum problem","level":3,"score":0.26600000262260437},{"id":"https://openalex.org/C2777256151","wikidata":"https://www.wikidata.org/wiki/Q7897273","display_name":"Unpacking","level":2,"score":0.26170000433921814}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.46586/tches.v2026.i1.618-659","is_oa":true,"landing_page_url":"https://doi.org/10.46586/tches.v2026.i1.618-659","pdf_url":"https://tches.iacr.org/index.php/TCHES/article/download/12695/12378","source":{"id":"https://openalex.org/S4210207404","display_name":"IACR Transactions on Cryptographic Hardware and Embedded Systems","issn_l":"2569-2925","issn":["2569-2925"],"is_oa":true,"is_in_doaj":true,"is_core":true,"host_organization":null,"host_organization_name":null,"host_organization_lineage":[],"host_organization_lineage_names":[],"type":"journal"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"IACR Transactions on Cryptographic Hardware and Embedded Systems","raw_type":"journal-article"}],"best_oa_location":{"id":"doi:10.46586/tches.v2026.i1.618-659","is_oa":true,"landing_page_url":"https://doi.org/10.46586/tches.v2026.i1.618-659","pdf_url":"https://tches.iacr.org/index.php/TCHES/article/download/12695/12378","source":{"id":"https://openalex.org/S4210207404","display_name":"IACR Transactions on Cryptographic Hardware and Embedded Systems","issn_l":"2569-2925","issn":["2569-2925"],"is_oa":true,"is_in_doaj":true,"is_core":true,"host_organization":null,"host_organization_name":null,"host_organization_lineage":[],"host_organization_lineage_names":[],"type":"journal"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"IACR Transactions on Cryptographic Hardware and Embedded Systems","raw_type":"journal-article"},"sustainable_development_goals":[],"awards":[{"id":"https://openalex.org/G7401677150","display_name":"Generation and Verification of Masking Countermeasures Against Side-Channel Attacks","funder_award_id":"101077506","funder_id":"https://openalex.org/F4320320300","funder_display_name":"European Commission"}],"funders":[{"id":"https://openalex.org/F4320320300","display_name":"European Commission","ror":"https://ror.org/00k4n6c32"}],"has_content":{"pdf":true,"grobid_xml":true},"content_urls":{"pdf":"https://content.openalex.org/works/W7124466286.pdf","grobid_xml":"https://content.openalex.org/works/W7124466286.grobid-xml"},"referenced_works_count":0,"referenced_works":[],"related_works":[],"abstract_inverted_index":{"We":[0],"present":[1],"SUCRE,":[2],"a":[3,31,37,42,72,102,117,136],"novel":[4],"countermeasure":[5],"designed":[6],"to":[7,59,89,122,127,149],"physically":[8],"protect":[9],"the":[10,18,26,52,91,94,106,128,161,168,176,185],"rejection":[11,57,146,169],"sampling":[12,58],"step":[13,170],"of":[14,17,28,45,93,105,133,145,163,175,188],"ML-DSA,":[15],"one":[16],"post-quantum":[19],"signature":[20,95],"schemes":[21],"standardized":[22],"by":[23],"NIST.":[24],"At":[25],"core":[27],"SUCRE":[29,134],"is":[30],"masking":[32],"gadget":[33],"that":[34,71],"securely":[35],"unmasks":[36],"vector":[38],"while":[39],"simultaneously":[40],"applying":[41],"random":[43],"permutation":[44],"its":[46,124],"coefficients.":[47],"This":[48,97],"lightweight":[49],"mechanism":[50],"preserves":[51],"vector\u2019s":[53],"infinity":[54],"norm,":[55],"enabling":[56],"proceed":[60],"as":[61],"usual":[62],"without":[63],"requiring":[64],"any":[65],"complex":[66],"mask":[67],"conversions.We":[68],"formally":[69],"prove":[70],"d-probing":[73],"adversary":[74],"can":[75],"learn":[76],"at":[77,160],"most":[78],"some":[79],"permuted":[80],"rejected":[81],"values\u2014information":[82],"which,":[83],"we":[84,115],"show,":[85],"should":[86],"remain":[87],"insufficient":[88],"endanger":[90],"security":[92,98,120],"scheme.":[96],"argument":[99],"relies":[100],"on":[101,190],"new":[103],"variant":[104],"Module":[107],"Learning":[108],"with":[109],"Rounding":[110],"(MLWR)":[111],"assumption,":[112],"for":[113,172],"which":[114],"provide":[116],"dedicated":[118],"concrete":[119],"analysis":[121],"assess":[123],"hardness":[125],"relative":[126],"standard":[129],"MLWR":[130],"assumption.Our":[131],"implementation":[132],"achieves":[135],"significant":[137],"performance":[138],"improvement":[139],"over":[140],"previous":[141],"masked":[142,180],"non-bitsliced":[143],"implementations":[144],"sampling\u2014delivering":[147],"four":[148],"six":[150],"times":[151],"faster":[152],"execution":[153],"than":[154],"Coron":[155],"et":[156],"al.":[157],"(TCHES":[158],"2024)\u2014albeit":[159],"cost":[162],"increased":[164],"memory":[165],"usage.":[166],"Since":[167],"accounts":[171],"approximately":[173],"25%":[174],"total":[177],"runtime":[178],"in":[179,199],"ML-DSA":[181,189],"implementations,":[182],"and":[183],"given":[184],"expected":[186],"adoption":[187],"embedded":[191],"platforms,":[192],"this":[193],"speedup":[194],"could":[195],"significantly":[196],"enhance":[197],"efficiency":[198],"real-world":[200],"applications.":[201]},"counts_by_year":[],"updated_date":"2026-04-10T15:06:20.359241","created_date":"2026-01-17T00:00:00"}