Algorithm 6 Our Message Recovery Attack

1 Preprocessing Stage 2  for j = 0 to 7 do //collect traces for template construction 3   for k = 0 to j + 1 do 4    $T_{\left(0,j\right)}^k$= IND-CCA KEM Decapsulation($C{T}_{\left(0,j\right)}^k$) 5   end for //leakage detection 6   Wj = TVLA($T_{\left(0,1\right)}^0$,$T_{\left(0,1\right)}^1$) //choose PoIs 7   p(0, j) = NICV(Wj, $T_{\left(0,j\right)}^0$,…, $T_{\left(0,j\right)}^{j+1}$) //template construction 8   for k = 0 to j + 1 do 9    $T_{\left(0,j\right)}^k{}^{\prime }$=$T_{\left(0,j\right)}^k$(p(0, j)) 10    $r_P^k$= mean($T_{\left(0,j\right)}^k{}^{\prime }$) 11   end for 12 end for 13 Template Matching Stage 14 for i = 0 to n -1 do //construct special ciphertexts 15  cti = Construct(ct, i) //collect traces for attack 16  tri = IND-CCA KEM Decapsulation(cti) 17  for j = 0 to 7 do //reduced traces 18   tr(i, j)′ = tri(p(0, j)) 19   for k = 0 to j + 1 do 20    ${\Gamma }_{(i,j)}^k$= SOSD(tr(i, j)′, $r_P^k$) 21   end for //calculate the HW of intermediate value 22   HW(m[i, j]) = min(${\Gamma }_{(i,j)}^k$) //recover the message byte 23   m[i]j = F(HW(m[i, j]), HW(m[i, j] − 1)) 24  end for 25 end for