J. Balasch, B. Gierlichs, O. Reparaz, I. Verbauwhede, and . Dpa, Bitslicing and Masking at 1 GHz, Cryptographic Hardware and Embedded Systems -CHES 2015 -17th International Workshop, vol.9293, pp.599-619, 2015.

G. Barthe, S. Belaïd, F. Dupressoir, P. Fouque, B. Grégoire et al., Verified Proofs of Higher-Order Masking, Advances in Cryptology -EUROCRYPT 2015 -34th Annual International Conference on the Theory and Applications of Cryptographic Techniques, vol.9056, pp.457-485, 2015.
URL : https://hal.archives-ouvertes.fr/hal-01216699

G. Barthe, F. Dupressoir, S. Faust, B. Grégoire, F. Standaert et al., Parallel Implementations of Masking Schemes and the Bounded Moment Leakage Model, Advances in Cryptology -EUROCRYPT 2017, pp.535-566, 2017.
URL : https://hal.archives-ouvertes.fr/hal-01414009

A. Battistello, E. Jean-sébastien-coron, R. Prouff, and . Zeitoun, Horizontal Side-Channel Attacks and Countermeasures on the ISW Masking Scheme, Cryptographic Hardware and Embedded Systems -CHES 2016 -18th International Conference, vol.9813, pp.23-39, 2016.
URL : https://hal.archives-ouvertes.fr/hal-01399577

A. Galip-bayrak, F. Regazzoni, D. Novo, P. Brisk, F. Standaert et al., Automatic Application of Power Analysis Countermeasures, IEEE Trans. Computers, vol.64, issue.2, pp.329-341, 2015.

A. Galip-bayrak, F. Regazzoni, D. Novo, and P. Ienne, Sleuth: Automated Verification of Software Power Analysis Countermeasures, Cryptographic Hardware and Embedded Systems -CHES 2013 -15th International Workshop, vol.8086, pp.293-310, 2013.

P. Belgarric, S. Bhasin, N. Bruneau, J. Danger, N. Debande et al., Time-Frequency Analysis for Second-Order Attacks, LNCS, vol.8419, pp.108-122, 2013.
URL : https://hal.archives-ouvertes.fr/hal-02299996

Q. Inès-ben-el-ouahma, K. Meunier, E. Heydemann, and . Encrenaz, Side-Channel Robustness Analysis of Masked Assembly Codes using a Symbolic Approach, Journal of Cryptographic Engineering, pp.1-12, 2019.

S. Bhasin, J. Danger, S. Guilley, and Z. Najm, A lowentropy first-degree secure provable masking scheme for resource-constrained devices, Proceedings of the Workshop on Embedded Systems Security, WESS 2013, vol.7, pp.1-7, 2013.
URL : https://hal.archives-ouvertes.fr/hal-02412039

O. Billet, H. Gilbert, and C. Ech-chatbi, Cryptanalysis of a White Box AES Implementation, Selected Areas in Cryptography, pp.227-240, 2004.

J. Blömer, J. Guajardo, and V. Krummel, Provably Secure Masking of AES, Selected Areas in Cryptography, vol.3357, pp.69-83, 2004.

A. Bogdanov, L. R. Knudsen, G. Leander, C. Paar, A. Poschmann et al., PRESENT: An Ultra-Lightweight Block Cipher, CHES, vol.4727, pp.450-466, 2007.

N. Bruneau, J. Danger, S. Guilley, A. Heuser, and Y. Teglia, Boosting Higher-Order Correlation Attacks by Dimensionality Reduction, Security, Privacy, and Applied Cryptography Engineering -4th International Conference, vol.8804, pp.183-200, 2014.

N. Bruneau, S. Guilley, A. Heuser, O. Rioul, ;. Kaoshiung et al., Masks Will Fall Off -Higher-Order Optimal Distinguishers, Advances in Cryptology -ASIACRYPT 2014 -20th International Conference on the Theory and Application of Cryptology and Information Security, vol.8874, pp.344-365, 2014.
URL : https://hal.archives-ouvertes.fr/hal-02287072

N. Bruneau, S. Guilley, A. Heuser, O. Rioul, F. Standaert et al., Taylor Expansion of Maximum Likelihood Attacks for Masked and Shuffled Implementations, Advances in Cryptology -ASIACRYPT 2016 -22nd International Conference on the Theory and Application of Cryptology and Information Security, vol.10031, pp.573-601, 2016.
URL : https://hal.archives-ouvertes.fr/hal-02287426

N. Bruneau, S. Guilley, Z. Najm, and Y. Teglia, Multivariate High-Order Attacks of Shuffled Tables Recomputation, Journal of Cryptology, vol.31, issue.2, pp.351-393, 2018.

S. Carré, A. Facon, S. Guilley, S. Takarabt, A. Schaub et al., Cache-timing attack detection and prevention -application to crypto libs and PQC, Constructive Side-Channel Analysis and Secure Design -10th International Workshop, COSADE 2019, vol.11421, pp.13-21, 2019.

E. Jean-sébastien-coron, M. Prouff, and . Rivain, Side Channel Cryptanalysis of a Higher Order Masking Scheme, LNCS, vol.4727, pp.28-44, 2007.

J. Danger, Y. E. Housni, A. Facon, C. T. Gueye, S. Guilley et al., On the Performance and Security of Multiplication in GF (2 N ), Cryptography, vol.2, issue.3, p.25, 2018.
URL : https://hal.archives-ouvertes.fr/hal-02288010

H. Eldib, C. Wang, and P. Schaumont, Formal verification of software countermeasures against side-channel attacks, ACM Trans. Softw. Eng. Methodol, vol.24, issue.2, 2014.

. Etsi-/-tc-cyber, Security techniques for protecting software in a white box model, ETSI TR, vol.103, pp.642-643, 2018.

Y. Ishai, A. Sahai, and D. Wagner, Private Circuits: Securing Hardware against Probing Attacks, CRYPTO, vol.2729, pp.463-481, 2003.

, Information technology -Security techniques -Test tool requirements and test tool calibration methods for use in testing non-invasive attack mitigation techniques in cryptographic modules -Part 1: Test tools and techniques, ISO/IEC JTC 1/SC 27/WG 3. ISO/IEC CD 20085-1:2017 (E), 2017.

M. Nassar, Y. Souissi, S. Guilley, and J. Danger, RSM: a Small and Fast Countermeasure for AES, Secure against First-and Second-order Zero-Offset SCAs, DATE, pp.1173-1178, 2012.

Y. Oren, O. Weisse, and A. Wool, A new framework for constraint-based probabilistic template side channel attacks, Cryptographic Hardware and Embedded Systems -CHES 2014 -16th International Workshop, vol.8731, pp.17-34, 2014.

P. Rauzy, S. Guilley, and Z. Najm, Formally proved security of assembly code against power analysis -A case study on balanced logic, J. Cryptographic Engineering, vol.6, issue.3, pp.201-216, 2016.
URL : https://hal.archives-ouvertes.fr/hal-01164591

M. Rivain and E. Prouff, Provably Secure Higher-Order Masking of AES, LNCS, vol.6225, pp.413-427, 2010.

D. Basu-roy, S. Bhasin, S. Guilley, J. Danger, and D. Mukhopadhyay, From theory to practice of private circuit: A cautionary note, 33rd IEEE International Conference on Computer Design, pp.296-303, 2015.
URL : https://hal.archives-ouvertes.fr/hal-02412245

K. Schramm and C. Paar, Higher Order Masking of the AES, LNCS, vol.3860, pp.208-225, 2006.

M. Tunstall, C. Whitnall, and E. Oswald, Masking Tables -An Underestimated Security Risk, Lecture Notes in Computer Science, vol.8424, pp.425-444, 2013.

, Magma Computational Algebra System, pp.2014-2022

N. Veyrat-charvillon, B. Gérard, and F. Standaert, Soft analytical side-channel attacks, Advances in Cryptology -ASIACRYPT, 2014.
URL : https://hal.archives-ouvertes.fr/hal-01096218

T. Kaoshiung and R. O. , Proceedings, Part I, pp.282-296, 2014.

, c_2 = ((( a_1 b_1 + r ) + a_1 b_2 ) + a_2 b_1 ) + a_2 b_2