.. Practical-case-study, Protecting an ECSM Implementation

P. Conclusion, P. Aumüller, W. Bier, P. Fischer, J. Hofreiter et al., 132 0xA Bibliography [ABF + 02 Fault Attacks on RSA with CRT: Concrete Results and Practical Countermeasures, CHES, volume 2523 of Lecture Notes in Computer Science, pp.260-275, 2002.

A. Berzati, C. Canovas-dumas, and L. Goubin, A Survey of Differential Fault Analysis Against Classical RSA Implementations, Fault Analysis in Cryptography, Information Security and Cryptography, pp.111-124, 2012.
DOI : 10.1007/978-3-642-29656-7_7

[. Brier, C. Clavier, and F. Olivier, Correlation Power Analysis with a Leakage Model, CHES, pp.16-29, 2004.
DOI : 10.1007/978-3-540-28632-5_2

E. Biham, Y. Carmeli, and A. Shamir, Bug attacks, CRYPTO, pp.221-240, 2008.

F. Gilles-barthe, P. Dupressoir, B. Fouque, M. Grégoire, J. Tibouchi et al., Making RSA-PSS Provably Secure Against Non-Random Faults, IACR Cryptology ePrint Archive, p.252, 2014.

F. Gilles-barthe, P. Dupressoir, B. Fouque, J. Grégoire, and . Zapalowicz, Synthesis of Fault Attacks on Cryptographic Implementations, Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security, pp.1016-1027, 2014.

S. Bhasin, J. Danger, S. Guilley, and Z. Najm, NICV: Normalized Inter-Class Variance for Detection of Side-Channel Leakage, International Symposium on Electromagnetic Compatibility (EMC '14 Session OS09: EM Information Leakage. Hitotsubashi Hall (National Center of Sciences), Chiyoda, 2014.

S. Bhasin, J. Danger, S. Guilley, and Z. Najm, Side-channel leakage and trace compression using normalized inter-class variance, Proceedings of the Third Workshop on Hardware and Architectural Support for Security and Privacy, HASP '14, pp.1-7, 2014.
DOI : 10.1145/2611765.2611772

[. Boneh, R. A. Demillo, and R. J. Lipton, On the Importance of Checking Cryptographic Protocols for Faults, Proceedings of Eurocrypt'97, pp.37-51, 1997.
DOI : 10.1007/3-540-69053-0_4

C. H. Bennett, Notes on Landauer's principle, Reversible Computation and Maxwell's Demon. Studies in History and Philosophy of Modern Physics, pp.501-510, 2003.

A. Battistello and C. Giraud, Fault Analysis of Infective AES Computations, 2013 Workshop on Fault Diagnosis and Tolerance in Cryptography, pp.101-107, 2013.
DOI : 10.1109/FDTC.2013.12

[. Blömer, R. G. , D. Silva, P. Gunther, J. Krämer et al., A Practical Second-Order Fault Attack against a Real-World Pairing Implementation, 2014 Workshop on Fault Diagnosis and Tolerance in Cryptography, pp.123-136, 2014.
DOI : 10.1109/FDTC.2014.22

[. Blömer, P. Günther, and G. Liske, Tampering Attacks in Pairing-Based Cryptography, 2014 Workshop on Fault Diagnosis and Tolerance in Cryptography, pp.1-7, 2014.
DOI : 10.1109/FDTC.2014.10

[. Barthe, B. Grégoire, and S. Zanella-béguelin, Formal certification of code-based cryptographic proofs, 36th ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages, pp.90-101, 2009.

E. Biham, A fast new DES implementation in software, Lecture Notes in Computer Science, vol.1267, pp.260-272, 1997.
DOI : 10.1007/BFb0052352

A. Bogdanov, L. R. Knudsen, G. Leander, C. Paar, A. Poschmann et al., PRESENT: An Ultra-Lightweight Block Cipher, CHES, pp.450-466, 2007.
DOI : 10.1007/978-3-540-74735-2_31

B. Blanchet, ProVerif: Cryptographic protocol verifier in the formal model

[. Boscher, R. Naciri, and E. Prouff, CRT RSA Algorithm Protected Against Fault Attacks, Lecture Notes in Computer Science, vol.49, issue.9, pp.229-243, 2007.
DOI : 10.1007/11554868_13

[. Blömer, M. Otto, and J. Seifert, A new CRT-RSA algorithm secure against bellcore attacks, ACM Conference on Computer and Communications Security, pp.311-320, 2003.

[. Blömer, M. Otto, and J. Seifert, Sign Change Fault Attacks on Elliptic Curve Cryptosystems, Fault Diagnosis and Tolerance in Cryptography, pp.36-52, 2006.
DOI : 10.1007/11889700_4

E. Biham and A. Shamir, Differential fault analysis of secret key cryptosystems, CRYPTO, pp.513-525, 1997.
DOI : 10.1007/BFb0052259

[. Baek and I. Vasyltsov, How to Prevent DPA and Fault Attack in a Unified Way for ECC Scalar Multiplication ??? Ring Extension Method, Information Security Practice and Experience, pp.225-237, 2007.
DOI : 10.1007/978-3-540-72163-5_18

[. Christofi, B. Chetali, L. Goubin, and D. Vigilant, Formal verification of a CRT-RSA implementation against fault attacks, Journal of Cryptographic Engineering, vol.2009, issue.3, pp.157-167, 2013.
DOI : 10.1007/s13389-013-0049-3

[. Chen, T. Eisenbarth, A. Shahverdi, and X. Ye, Balanced Encoding to Mitigate Power Analysis: A Case Study, CARDIS, Lecture Notes in Computer Science, 2014.
DOI : 10.1007/978-3-319-16763-3_4

C. Carlet, J. Faugère, and C. Goyet, Analysis of the algebraic side channel attack, Journal of Cryptographic Engineering, vol.24, issue.1, pp.45-62, 2012.
DOI : 10.1007/s13389-012-0028-0

URL : https://hal.archives-ouvertes.fr/hal-00777829

C. Jean-sébastien-coron, N. Giraud, G. Morin, D. Piret, and . Vigilant, Fault Attacks and Countermeasures on Vigilant's RSA-CRT Algorithm, pp.89-96, 2010.

C. Carlet, L. Goubin, E. Prouff, M. Quisquater, and M. Rivain, Higher-Order Masking Schemes for S-Boxes, Fast Software Encryption -19th International Workshop, FSE 2012, pp.366-384, 2012.
DOI : 10.1007/978-3-642-34047-5_21

[. Courtois, D. Hulme, and T. Mourouzis, Solving Circuit Optimisation Problems in Cryptography and Cryptanalysis, IACR Cryptology ePrint Archive, issue.179, pp.475-492, 2011.

M. Ciet and M. Joye, Practical fault countermeasures for chinese remaindering based RSA, Fault Diagnosis and Tolerance in Cryptography, pp.124-131, 2005.

A. Jean-sébastien-coron and . Mandal, PSS Is Secure against Random Fault Attacks, ASIACRYPT, pp.653-666, 2009.

E. Jean-sébastien-coron, M. Prouff, and . Rivain, Side Channel Cryptanalysis of a Higher Order Masking Scheme, CHES, pp.28-44, 2007.

[. Chen, A. Sinha, and P. Schaumont, Using Virtual Secure Circuit to Protect Embedded Software from Side-Channel Attacks, IEEE Transactions on Computers, vol.62, issue.1, pp.124-136, 2013.
DOI : 10.1109/TC.2011.225

D. Dfk-+-13-]-goran-doychev, B. Feld, L. Köpf, J. Mauborgne, and . Reineke, CacheAudit: A Tool for the Static Analysis of Cache Side Channels, IACR Cryptology ePrint Archive, p.253, 2013.

[. Dottax, C. Giraud, M. Rivain, and Y. Sierra, On Second-Order Fault Analysis Resistance for CRT-RSA Implementations, Lecture Notes in Computer Science, vol.5746, pp.68-83, 2009.
DOI : 10.1007/978-3-642-03944-7_6

[. Diffie and M. E. Hellman, New directions in cryptography, IEEE Transactions on Information Theory, vol.22, issue.6, pp.644-654, 1976.
DOI : 10.1109/TIT.1976.1055638

N. Debande, Y. Souissi, M. Abdelaziz-elaabid, S. Guilley, and J. Danger, Wavelet transform based pre-processing for side channel analysis, 2012 45th Annual IEEE/ACM International Symposium on Microarchitecture Workshops, pp.32-38, 2012.
DOI : 10.1109/MICROW.2012.15

T. Eisenbarth, Z. Gong, T. Güneysu, S. Heyse, S. Indesteege et al., François-Xavier Standaert, and Loïc van Oldeneel tot Oldenzeel . Compact Implementation and Performance Evaluation of Block Ciphers in ATtiny Devices, Lecture Notes in Computer Science, vol.12, issue.7374, pp.172-187, 2012.

N. E. Mrabet, J. J. Fournier, L. Goubin, and R. Lashermes, A survey of fault attacks in pairing based cryptography, Cryptography and Communications, vol.56, issue.1, pp.1-21, 2014.
DOI : 10.1007/s12095-014-0114-5

URL : https://hal.archives-ouvertes.fr/hal-01197172

L. Harvey and . Garner, Number Systems and Arithmetic, Advances in Computers, vol.6, pp.131-194, 1965.

S. Sylvain-guilley, L. Chaudhuri, P. Sauvage, R. Hoogvorst, G. M. Pacalet et al., Security Evaluation of WDDL and SecLib Countermeasures against Power Attacks, IEEE Transactions on Computers, vol.57, issue.11, pp.1482-1497, 2008.
DOI : 10.1109/TC.2008.109

S. Guilley, P. Hoogvorst, Y. Mathieu, and R. Pacalet, The ???Backend Duplication??? Method, CHES, pp.383-397, 2005.
DOI : 10.1007/11545262_28

C. Giraud, An RSA Implementation Resistant to Fault Attacks and to Simple Power Analysis, IEEE Transactions on Computers, vol.55, issue.9, pp.1116-1120, 2006.
DOI : 10.1109/TC.2006.135

T. Güneysu and A. Moradi, Generic Side-Channel Countermeasures for Reconfigurable Devices, CHES, pp.33-48, 2011.
DOI : 10.1007/978-3-642-23951-9_3

X. Guo, D. Mukhopadhyay, and R. Karri, Provably secure concurrent error detection against differential fault analysis, Cryptology ePrint Archive, vol.552552, 2012.

A. Guillevic and D. Vergnaud, Genus 2 Hyperelliptic Curve Families with Explicit Jacobian Order Evaluation and Pairing-Friendly Constructions, Pairing-Based Cryptography ? Pairing 2012, pp.234-253, 2013.
DOI : 10.1007/978-3-642-36334-4_16

URL : https://hal.archives-ouvertes.fr/hal-00871327

[. Hoogvorst, J. Danger, and G. Duc, Software Implementation of Dual-Rail Representation, In COSADE, 2011.

K. Heydemann, N. Moro, E. Encrenaz, and B. Robisson, Formal Verification of a Software Countermeasure Against Instruction Skip Attacks, Cryptology ePrint Archive, vol.679679, 2013.
URL : https://hal.archives-ouvertes.fr/emse-00869509

. Inr and . Inria, OCaml, a variant of the Caml language

M. Ishai, A. Prabhakaran, D. Sahai, and . Wagner, Private Circuits II: Keeping Secrets in Tamperable Circuits, EUROCRYPT, pp.308-327, 2006.
DOI : 10.1007/11761679_19

A. Ishai, D. Sahai, and . Wagner, Private Circuits: Securing Hardware against Probing Attacks, CRYPTO, volume 2729 of Lecture Notes in Computer Science, pp.463-481, 2003.
DOI : 10.1007/978-3-540-45146-4_27

URL : http://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.115.9436

M. Joye, A. K. Lenstra, and J. Quisquater, Chinese Remaindering Based Cryptosystems in the Presence of Faults Alfred Menezes, and Scott Vanstone. The Elliptic Curve Digital Signature Algorithm (ECDSA), JMV01] Don Johnson, pp.241-24536, 1999.

M. Joye, Protecting RSA against Fault Attacks: The Embedding Method, 2009 Workshop on Fault Diagnosis and Tolerance in Cryptography (FDTC), pp.41-45, 2009.
DOI : 10.1109/FDTC.2009.32

M. Joye and P. Paillier, GCD-Free Algorithms for Computing Modular Inverses, CHES, pp.243-253, 2003.
DOI : 10.1007/978-3-540-45238-6_20

M. Joye, P. Paillier, and S. Yen, Secure evaluation of modular functions, 2001.

M. Joye and M. Tunstall, Fault Analysis in Cryptography, 2011.
DOI : 10.1007/978-3-642-29656-7

[. Köpf and D. A. Basin, An information-theoretic model for adaptive sidechannel attacks, ACM Conference on Computer and Communications Security, pp.286-296, 2007.

[. Köpf and M. Dürmuth, A Provably Secure and Efficient Countermeasure against Timing Attacks, 2009 22nd IEEE Computer Security Foundations Symposium, pp.324-335, 2009.
DOI : 10.1109/CSF.2009.21

[. Karaklajic, J. Fan, J. Schmidt, and I. Verbauwhede, Lowcost fault detection method for ECC using montgomery powering ladder, Design, Automation and Test in Europe, DATE 2011, pp.1016-1021, 2011.

C. Paul, J. Kocher, and B. Jaffe, Differential Power Analysis, Proceedings of CRYPTO'99, pp.388-397, 1999.

[. Kim, T. H. Kim, D. Han, and S. Hong, An efficient CRT-RSA algorithm secure against power and fault attacks, Journal of Systems and Software, vol.84, issue.10, pp.1660-1669, 2011.
DOI : 10.1016/j.jss.2011.04.026

[. Koç, High-Speed RSA Implementation, 1994.

C. Paul and . Kocher, Timing Attacks on Implementations of Diffie-Hellman, RSA, DSS, and Other Systems, Proceedings of CRYPTO'96, pp.104-113, 1996.

]. V. Leo06 and . Leont-'ev, Roots of random polynomials over a finite field, Mathematical Notes, vol.80, issue.12, pp.300-304, 2006.

[. Liu, B. King, and W. Wang, A CRT-RSA Algorithm Secure against Hardware Fault Attacks, 2006 2nd IEEE International Symposium on Dependable, Autonomic and Secure Computing, pp.51-60, 2006.
DOI : 10.1109/DASC.2006.5

H. [. Lenstra, J. Lenstra, and L. Lovász, Factoring polynomials with rational coefficients, Mathematische Annalen, vol.32, issue.4, pp.515-534, 1982.
DOI : 10.1007/BF01457454

M. Lpem-+-14-]-ronan-lashermes, N. E. Paindavoine, J. J. Mrabet, L. Fournier, and . Goubin, Practical Validation of Several Fault Attacks against the Miller Algorithm, Fault Diagnosis and Tolerance in Cryptography (FDTC), 2014 Workshop on, pp.115-122, 2014.

[. Le, M. Rivain, and C. Tan, On Double Exponentiation for Securing RSA against Fault Analysis, Lecture Notes in Computer Science, vol.8366, pp.152-168, 2014.
DOI : 10.1007/978-3-319-04852-9_8

R. Mam-+-03-]-simon-moore, R. Anderson, G. Mullins, J. J. Taylor, and . Fournier, Balanced self-checking asynchronous logic for smart card applications, Microprocessors and Microsystems, vol.27, issue.9, pp.421-430, 2003.
DOI : 10.1016/S0141-9331(03)00092-9

M. Mcloone, C. Mcivor, and J. V. Mccanny, Coarsely integrated operand scanning (CIOS) architecture for high-speed Montgomery modular multiplication, Proceedings. 2004 IEEE International Conference on Field- Programmable Technology (IEEE Cat. No.04EX921), pp.185-191, 2004.
DOI : 10.1109/FPT.2004.1393267

L. Mather and E. Oswald, Pinpointing side-channel information leaks in web applications, Journal of Cryptographic Engineering, vol.15, issue.6, pp.161-177, 2012.
DOI : 10.1007/s13389-012-0036-0

[. Mangard, E. Oswald, and T. Popp, Power Analysis Attacks: Revealing the Secrets of Smart Cards, 2006.

[. Moss, E. Oswald, D. Page, and M. Tunstall, Compiler Assisted Masking, CHES, pp.58-75, 2012.
DOI : 10.1007/978-3-642-33027-8_4

URL : http://urn.kb.se/resolve?urn=urn:nbn:se:bth-7057

[. Mangard, E. Oswald, and F. Standaert, One for all ??? all for one: unifying standard differential power analysis attacks, IET Information Security, vol.5, issue.2, pp.100-111, 2011.
DOI : 10.1049/iet-ifs.2010.0096

S. Mangard and K. Schramm, Pinpointing the Side-Channel Leakage of Masked AES Hardware Implementations, CHES, pp.76-90, 2006.
DOI : 10.1007/11894063_7

M. Medwed, F. Standaert, J. Großschädl, and F. Regazzoni, Fresh Re-keying: Security against Side-Channel and Fault Attacks for Low-Cost Devices, AFRICACRYPT, pp.279-296
DOI : 10.1007/978-3-642-12678-9_17

A. J. Menezes, P. C. Van-oorschot, and S. A. Vanstone, Handbook of Applied Cryptography, 1996.
DOI : 10.1201/9781439821916

M. Nassar, S. Bhasin, J. Danger, G. Duc, and S. Guilley, BCDL: A high performance balanced DPL with global precharge and without early-evaluation, DATE'10, pp.849-854, 2010.

[. Naehrig, R. Niederhagen, and P. Schwabe, New Software Speed Records for Cryptographic Pairings, Progress in Cryptology ? LATINCRYPT 2010, pp.109-123, 2010.
DOI : 10.1007/978-3-642-14712-8_7

P. Paillier, Public-Key Cryptosystems Based on Composite Degree Residuosity Classes, EUROCRYPT, pp.223-238, 1999.
DOI : 10.1007/3-540-48910-X_16

[. Popp and S. Mangard, Masked Dual-Rail Pre-charge Logic: DPA-Resistance Without Routing Constraints, Cryptographic Hardware and Embedded Systems ? CHES 2005, pp.172-186, 2005.
DOI : 10.1007/11545262_13

P. Rauzy and S. Guilley, A formal proof of countermeasures against fault injection attacks on CRT-RSA, Journal of Cryptographic Engineering, vol.21, issue.2, pp.173-185, 2014.
DOI : 10.1007/s13389-013-0065-3

URL : https://hal.archives-ouvertes.fr/hal-00863914

P. Rauzy and S. Guilley, Formal Analysis of CRT-RSA Vigilant's Countermeasure Against the BellCoRe Attack, Proceedings of ACM SIGPLAN on Program Protection and Reverse Engineering Workshop 2014, PPREW'14, pp.978-979, 2014.
DOI : 10.1145/2556464.2556466

P. Rauzy and S. Guilley, Countermeasures against High-Order Fault-Injection Attacks on CRT-RSA, 2014 Workshop on Fault Diagnosis and Tolerance in Cryptography, pp.68-82, 2014.
DOI : 10.1109/FDTC.2014.17

URL : https://hal.archives-ouvertes.fr/hal-01071425

[. Rivain, Securing RSA against Fault Analysis by Double Addition Chain Exponentiation, Cryptology ePrint Archive Report, vol.52, issue.4, 2009.
DOI : 10.1109/TC.2003.1190587

M. Rivain and E. Prouff, Provably Secure Higher-Order Masking of AES, CHES, pp.413-427, 2010.
DOI : 10.1007/978-3-642-15031-9_28

M. Renauld and F. Standaert, Algebraic Side-Channel Attacks, Lecture Notes in Computer Science, vol.6151, pp.393-410, 2009.
DOI : 10.1007/978-3-642-16342-5_29

URL : http://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.215.8043

R. L. Rivest, A. Shamir, and L. M. Adleman, A method for obtaining digital signatures and public-key cryptosystems, Communications of the ACM, vol.21, issue.2, pp.120-126, 1978.
DOI : 10.1145/359340.359342

[. Renauld, F. Standaert, and N. Veyrat-charvillon, Algebraic Side-Channel Attacks on the AES: Why Time also Matters in DPA, CHES, pp.97-111, 2009.
DOI : 10.1007/978-3-642-04138-9_8

S. Selmane, S. Bhasin, T. Guilley, J. Graba, and . Danger, WDDL is Protected against Setup Time Violation Attacks, 2009 Workshop on Fault Diagnosis and Tolerance in Cryptography (FDTC), pp.73-83, 2009.
DOI : 10.1109/FDTC.2009.40

URL : https://hal.archives-ouvertes.fr/hal-00410135

N. Victor-servant, H. Debande, J. Maghrebi, and . Bringer, Study of a Novel Software Constant Weight Implementation, CARDIS, Lecture Notes in Computer Science, 2014.

M. Souissi, J. Aziz-elaabid, S. Danger, N. Guilley, and . Debande, Novel Applications of Wavelet Transforms based Side-Channel Analysis, Non-Invasive Attack Testing Workshop coorganized by NIST & AIST. Todai-ji Cultural Center, 2011.

[. Shams, J. C. Ebergen, and M. I. Elmasry, Modeling and comparing CMOS implementations of the C-element, IEEE Transactions on Very Large Scale Integration (VLSI) Systems, vol.6, issue.4, pp.563-567, 1998.
DOI : 10.1109/92.736128

A. Shamir, Method and apparatus for protecting public key schemes from timing and fault attacks US Patent Number 5,991,415; also presented at the rump session of EUROCRYPT, 1997.

K. Schramm and C. Paar, Higher Order Masking of the AES, LNCS, vol.3860, pp.208-225, 2006.
DOI : 10.1007/11605805_14

. Tnk-+-14-]-v, Y. Tomashevich, R. Neumeier, O. Kumar, I. Keren et al., Protecting cryptographic hardware against malicious attacks by nonlinear robust codes, Defect and Fault Tolerance in VLSI and Nanotechnology Systems (DFT), 2014 IEEE International Symposium on, pp.40-45, 2014.

A. Thillard, E. Prouff, and T. Roche, Success through Confidence: Evaluating the Effectiveness of a Side-Channel Attack, CHES, pp.21-36, 2013.
DOI : 10.1007/978-3-642-40349-1_2

K. Tiri and I. Verbauwhede, A logic level design methodology for a secure DPA resistant ASIC or FPGA implementation, Proceedings Design, Automation and Test in Europe Conference and Exhibition, pp.246-251, 2004.
DOI : 10.1109/DATE.2004.1268856

K. Tiri and I. Verbauwhede, Place and Route for Secure Standard Cell Design, Proceedings of WCC / CARDIS, pp.143-158, 2004.
DOI : 10.1007/1-4020-8147-2_10

K. Tiri and I. Verbauwhede, A digital design flow for secure integrated circuits, IEEE Transactions on Computer-Aided Design of Integrated Circuits and Systems, vol.25, issue.7, pp.1197-1208, 2006.
DOI : 10.1109/TCAD.2005.855939

[. Vigilant, RSA with CRT: A New Cost-Effective Solution to Thwart Fault Attacks, CHES, pp.130-145, 2008.
DOI : 10.1007/978-3-540-85053-3_9

[. Vigilant, RSA with CRT: A New Cost-Effective Solution to Thwart Fault Attacks, CHES, 2008. Slides presented at CHES [Vig08a]
DOI : 10.1007/978-3-540-85053-3_9

[. Vigilant, Countermeasure securing exponentiation based cryptography

G. J. Jasper, M. F. Van-woudenberg, F. Witteman, and . Menarini, Practical Optical Fault Injection on Secure Microcontrollers, pp.91-99, 2011.

D. Wagner, Cryptanalysis of a provably secure CRT-RSA algorithm, Proceedings of the 11th ACM conference on Computer and communications security , CCS '04, pp.92-97, 2004.
DOI : 10.1145/1030083.1030097

Z. Wang and M. Karpovsky, Algebraic manipulation detection codes and their applications for design of secure cryptographic devices, 2011 IEEE 17th International On-Line Testing Symposium, pp.234-239, 2011.
DOI : 10.1109/IOLTS.2011.5994535

[. Yen and M. Joye, Checking Before Output May Not Be Enough Against Fault-Based Cryptanalysis, IEEE Trans. Computers, vol.49, issue.9, pp.967-970, 2000.

[. Zhang, A. Juels, M. K. Reiter, and T. Ristenpart, Cross-VM side channels and their use to extract private keys, Proceedings of the 2012 ACM conference on Computer and communications security, CCS '12, pp.305-316, 2012.
DOI : 10.1145/2382196.2382230

A. E. Figures, . Tables, and A. And, 3 Header of finja report for our fixed and simplified version of Vigilant's countermeasure, p.150

C. Vigilant-'s and . Coron, 78 7.1 CRT-RSA with a Giraud's family countermeasure 91 7.2 CRT-RSA with Joye et al.'s countermeasure 93 7.3 CRT-RSA with Ciet & Joye's countermeasure 96 7.5 CRT-RSA with Shamir's countermeasure, 97 7.6 CRT-RSA with Aumüller et al.'s countermeasure 1 . . . . . . . . . . . 98 7.7 CRT-RSA with Vigilant's countermeasure 4 with Coron et al.'s fixes and Rauzy & Guilley's simplifications, p.99

C. Aumüller, s countermeasure 4 , under its infective avatar (new algorithm contributed in this chapter