Bibliography
All works cited from the rest of this document. Entries are keyed with an author-year-topic mnemonic (for example [CGerardL+24]) so that the key itself gives a reader a hint of the content.
The underlying BibTeX source is doc/sca/biblio.bib. Normative
specifications come first, followed by seminal side-channel papers,
then the per-algorithm literature used to justify the individual
countermeasures.
Amin Abdulrahman, Matthias J. Kannwischer, and Thing-Han Lim. Enabling Microarchitectural Agility: Taking ML-KEM & ML-DSA from Cortex-M4 to M7 with SLOTHY. IACR ePrint, 2025. doc/papers/eprint2025_cortexm4_m7_slothy.pdf. URL: https://eprint.iacr.org/2025/366.
Amin Abdulrahman, Felix Oberhansl, Hoang Nguyen Hien Pham, Jade Philipoom, Peter Schwabe, Tobias Stelzer, and Andreas Zankl. Towards ML-KEM & ML-DSA on OpenTitan. In IEEE Symposium on Security and Privacy (S&P). 2025. doc/papers/cryptojedi2024_mlkem_mldsa_opentitan.pdf — ePrint 2024/1192; OTBN ISA extensions, 6-9x speedup. URL: https://eprint.iacr.org/2024/1192.
Andrew Adiletta and others. SLasH-DSA: Breaking SLH-DSA Using an Extensible End-to-End Rowhammer Framework. arXiv:2509.13048, 2025. End-to-end software-only universal forgery against OpenSSL 3.5.1 SLH-DSA in 1-8h; weaponises Castelnovi 2018 in a software threat model. [TO CONFIRM] full author list not yet checked. URL: https://arxiv.org/abs/2509.13048.
Melissa Azouaoui. Recent Contributions to the Physical Security of ML-DSA. Presentation at the Sixth NIST PQC Standardization Conference, 2025. doc/papers/nist2025_physical_security_mldsa.pdf. URL: https://csrc.nist.gov/csrc/media/events/2025/sixth-pqc-standardization-conference/recent%20contributions%20to%20the%20physical%20security%20of%20mldsa.pdf.
Melissa Azouaoui, Joppe W. Bos, and Christine Cloostermans. Crypto Agility for Embedded Systems. NIST Crypto Agility Workshop, April 17-18, 2025, 2025. doc/papers/nist2025_crypto_agility_embedded.pdf. URL: https://csrc.nist.gov/events/2025/crypto-agility-workshop.
Sonia Belaïd, Ryad Benadjila, Julien Devevey, Morgane Guerreau, Paul Legavre, Ange Martinelli, Thomas Ricosset, Matthieu Rivain, and Mélissa Rossi. ML-DSA Masking Sweetened with SUCRE: Shuffle-and-Unmask Countermeasure for REjection sampling. In TCHES 2026(1). 2026. 4-6x speedup vs. Coron 2024/1149; candidate for T4-F migration evaluation. URL: https://tches.iacr.org/index.php/TCHES/article/view/12695.
Dan Boneh, Richard A. DeMillo, and Richard J. Lipton. On the Importance of Checking Cryptographic Protocols for Faults. In EUROCRYPT 1997, 37–51. Springer, 1997.
Joppe W. Bos, Joost Renes, and Amber Sprenkels. Dilithium for Memory Constrained Devices. In Progress in Cryptology — AFRICACRYPT 2022. 2022. doc/papers/bos2022_dilithium_memory_constrained.pdf — ePrint 2022/323; <7 KiB RAM Dilithium signing. URL: https://eprint.iacr.org/2022/323.
Eric Brier, Christophe Clavier, and Francis Olivier. Correlation Power Analysis with a Leakage Model. In CHES 2004, 16–29. Springer, 2004.
Laurent Castelnovi, Ange Martinelli, and Thomas Prest. Grafting Trees: a Fault Attack against the SPHINCS framework. In PQCrypto 2018. 2018. IACR ePrint 2018/102 — single-fault universal forgery; canonical fault-attack reference for SLH-DSA.
Suresh Chari, Josyula R. Rao, and Pankaj Rohatgi. Template Attacks. In CHES 2002, 13–28. Springer, 2002.
Rojin Chhetri. Benchmarking NIST-Standardised ML-KEM and ML-DSA on ARM Cortex-M0+: Performance, Memory, and Energy on the RP2040. arXiv, 2026. doc/papers/arxiv2025_mlkem_mldsa_cortexm0_rp2040.pdf. URL: https://arxiv.org/abs/2603.19340.
Daniel Commey, Benjamin Appiah, Griffith S. Klogo, Winful Bagyl-Bac, James D. Gadze, Yousef Alsenani, and Garth V. Crosby. Performance Analysis and Deployment Considerations of Post-Quantum Cryptography for Consumer Electronics. arXiv, 2025. doc/papers/arxiv2025_pqc_deployment_analysis.pdf. URL: https://arxiv.org/abs/2505.02239.
Jean-Sébastien Coron, François Gérard, Tancrède Lepoint, Matthias Trannoy, Rina Zeitoun, and Lilian Zimmermann. Improved High-Order Masked Generation of Masking Vector and Rejection Sampling in Dilithium. In CHES 2024 / TCHES 2024(4), 335–354. 2024. IACR ePrint 2024/1149 — canonical construction for masked-y sampling + masked rejection gadget. URL: https://eprint.iacr.org/2024/1149.
Niklas Damm, Thorsten Fischer, Alexander May, Sarah Marzougui, Max Schwarz, Sebastian Seidler, Jean-Pierre Seifert, Daniel Thietke, and Vincent Ulitzsch. Solving Concealed ILWE and its Application for Breaking Masked Dilithium. In ASIACRYPT 2025. 2025. IACR ePrint 2025/1629 — breaks weakly-masked Dilithium at up to 90% concealment. URL: https://eprint.iacr.org/2025/1629.
Rodrigo Duarte de Meneses, Caio Teixeira, and Marco Aurélio Amaral Henriques. Compact Memory Implementations of the ML-DSA Post-Quantum Digital Signature Algorithm. In 24th Brazilian Symposium on Cybersecurity (SBSeg) — Extended Proceedings. 2024. doc/papers/sbseg2024_compact_mldsa.pdf. URL: https://sol.sbc.org.br/index.php/sbseg_estendido/article/view/30141.
Sanjay Deshpande, Yongseok Lee, Cansu Karakuzu, Jakub Szefer, and Yunheung Paek. SPHINCSLET: An Area-Efficient Accelerator for the Full SPHINCS+ Digital Signature Algorithm. IACR ePrint, 2025. doc/papers/eprint2025_sphincslet.pdf. URL: https://eprint.iacr.org/2025/621.
Patrik Dobias, Azade Rezaeezade, Łukasz Chmielewski, Lukas Malina, and Lejla Batina. SoK: Reassessing Side-Channel Vulnerabilities and Countermeasures in PQC Implementations. IACR ePrint, 2025. Confirms no new FORS primitive-level attack since 2018. URL: https://eprint.iacr.org/2025/1222.
Christoph Dobraunig, Maria Eichlseder, Hannes Gross, Stefan Mangard, Florian Mendel, and Robert Primas. SIFA: Exploiting Ineffective Fault Inductions on Symmetric Cryptography. In CHES 2018. 2018.
Scott Fluhrer. Side Channel Resistant SPHINCS+. IACR ePrint 2024/500, 2024. doc/papers/fluhrer2024_sca_resistant_sphincs.pdf — 3-share masked SHAKE proposal, 1.7x overhead. URL: https://eprint.iacr.org/2024/500.
Aymeric Genêt. On Protecting SPHINCS+ Against Fault Attacks. In TCHES 2023(3). 2023. IACR ePrint 2023/042 — recommends recompute-and-compare redundancy at signing time. URL: https://eprint.iacr.org/2023/042.
Aymeric Genêt, Matthias J. Kannwischer, Hervé Pelletier, and Andrew McLauchlan. Practical Fault Injection Attacks on SPHINCS. IACR ePrint, 2018. Arduino Due / Cortex-M3 realization of Castelnovi 2018/102 — seconds to forge.
Ruben Gonzalez. Stateless Hash-Based Signatures for Post-Quantum Security Keys. IACR ePrint, 2025. doc/papers/eprint2025_slhdsa_security_keys.pdf. URL: https://eprint.iacr.org/2025/298.
Julius Hermelink, Kai-Chun Ning, and Richard Petri. Finding and Protecting the Weakest Link: On Side-Channel Attacks on masked ML-DSA. In CRYPTO 2025. 2025. IACR ePrint 2025/276 — information-theoretic leakage map of masked-y implementations; audit reference. URL: https://eprint.iacr.org/2025/276.
Julius Hermelink, Kai-Chun Ning, Richard Petri, and Emanuele Strieder. The Insecurity of Masked Comparisons: SCAs on ML-KEM's FO-Transform. IACR ePrint, 2024. doc/papers/eprint2024_template_fo_comparison.pdf — basis for the planned K-SCA1 countermeasure (T4-E). URL: https://eprint.iacr.org/2024/060.
H. Jayalaxmi, H. M. Brunda, Sumith Subraya Nayak, M. Sathya, and Anirudh S. Hegde. Benchmarking SLH-DSA: A Comparative Hardware Analysis Against Classical Digital Signatures for Post-Quantum Security. IACR ePrint, 2025. doc/papers/eprint2025_benchmarking_slhdsa_hw.pdf. URL: https://eprint.iacr.org/2025/2273.
Matthias J. Kannwischer, Aymeric Genêt, Denis Butin, Johannes Buchmann, and Ivan Vasyltsov. Differential Power Analysis of XMSS and SPHINCS. In COSADE 2018. 2018. IACR ePrint 2018/673 — reduces signature DPA to PRF DPA on reused SK.seed.
Paul Kocher, Joshua Jaffe, and Benjamin Jun. Differential Power Analysis. In CRYPTO 1999, 388–397. Springer, 1999.
Paul C. Kocher. Timing attacks on implementations of Diffie-Hellman, RSA, DSS, and other systems. In CRYPTO 1996, 104–113. Springer, 1996.
Adam Langley. Checking that functions are constant time with Valgrind. https://www.imperialviolet.org/2010/04/01/ctgrind.html, 2010.
Zheng Liu, An Wang, Congming Wei, Yaoling Ding, Jingqi Zhang, Annyu Liu, and Liehuang Zhu. Release the Power of Rejected Signatures: An Efficient Side-Channel Attack on the ML-DSA Cryptosystem. IACR ePrint, 2025. doc/papers/eprint2025_rejected_signatures_sca.pdf — basis for the constant-time rejection countermeasure. URL: https://eprint.iacr.org/2025/582.
Sedric Nkotto. Template and CPA Side Channel Attacks on the Kyber/ML-KEM Pair-Pointwise Multiplication. IACR ePrint, 2025. doc/papers/eprint2025_sca_mlkem_pointwise.pdf. URL: https://eprint.iacr.org/2025/1577.
Kamal Raj, Prasanna Ravi, Tee Kiah Chia, and Anupam Chattopadhyay. Improved ML-DSA Hardware Implementation With First Order Masking Countermeasure. IACR ePrint, 2024. doc/papers/eprint2024_mldsa_hw_masking.pdf. URL: https://eprint.iacr.org/2024/1817.
Oscar Reparaz, Josep Balasch, and Ingrid Verbauwhede. “dude, is my code constant time?”. In DATE 2017. 2017.
Markku-Juhani O. Saarinen. Introduction to Side-Channel Security of NIST PQC Standards. NIST PQC Seminar Series, April 2023, 2023. doc/papers/nist2023_sca_saarinen.pdf — seminar slides covering DPA/DEMA on ML-KEM, ML-DSA, SLH-DSA. URL: https://csrc.nist.gov/csrc/media/Projects/post-quantum-cryptography/documents/pqc-seminars/presentations/2-side-channel-security-saarinen-04042023.pdf.
Markku-Juhani O. Saarinen. Accelerating SLH-DSA by Two Orders of Magnitude with a Single Hash Unit. In CRYPTO 2024. 2024. ePrint 2024/367 — threshold-implementation Keccak with 100k-trace leakage assessment. URL: https://eprint.iacr.org/2024/367.
Markku-Juhani O. Saarinen. Accelerating SLH-DSA by Two Orders of Magnitude with a Single Hash Unit. Fifth NIST PQC Standardization Conference, 2024. doc/papers/nist2024_sloth_slhdsa.pdf — NIST workshop submission of the SLotH paper; [CROSS-CHECK RECOMMENDED] likely redundant with saarinen2024_sloth_slhdsa. URL: https://csrc.nist.gov/csrc/media/Events/2024/fifth-pqc-standardization-conference/documents/papers/accelerating-slh-dsa.pdf.
Dejun Xu, Kai Wang, and Jing Tian. A Hardware-Friendly Shuffling Countermeasure Against Side-Channel Attacks for Kyber. IEEE Transactions on Circuits and Systems II: Express Briefs, 72(3):504–508, 2025. doc/papers/arxiv2024_mlkem_shuffling_hw.pdf — arXiv preprint of the IEEE TCAS-II 2025 paper. URL: https://arxiv.org/abs/2407.02452.
Yuhan Zhao, Wei Cheng, Zehua Qiao, Yuejun Liu, and Yongbin Zhou. Rejection Matters: Efficient Non-Profiling Side-Channel Attack on ML-DSA via Exploiting Public Templates. In DATE 2026. 2026. IACR ePrint 2026/056 — 96 traces recover c, 300 traces recover key on Cortex-M4 (unmasked/hedged); primary motivator for sca-ct-rejection. URL: https://eprint.iacr.org/2026/056.
National Institute of Standards and Technology. FIPS 203 — Module-Lattice-Based Key-Encapsulation Mechanism Standard. Technical Report FIPS 203, NIST, 2024. ML-KEM. URL: https://csrc.nist.gov/pubs/fips/203/final.
National Institute of Standards and Technology. FIPS 204 — Module-Lattice-Based Digital Signature Standard. Technical Report FIPS 204, NIST, 2024. ML-DSA. URL: https://csrc.nist.gov/pubs/fips/204/final.
National Institute of Standards and Technology. FIPS 205 — Stateless Hash-Based Digital Signature Standard. Technical Report FIPS 205, NIST, 2024. SLH-DSA. URL: https://csrc.nist.gov/pubs/fips/205/final.