An gadget is a randomized circuit whose inputs (resp., outputs) are either sharings or packed sharings. We say that a gadget G implements a function f:Fqℓ→Fqℓ′, if and only if for any x∈Fqℓ, where I∘ (resp., O∘) encodes (resp., decodes) each input (resp., ...
Packed Multiplication: How to Amortize the Cost of Side-Channel Masking? 853 on "local" optimizations, i.e., on reducing the complexity of individual elementary calculation such as an S-box or even a single AND gate. This "local" approach con- siderably simplifies the situation and enables ...