On Practical Discrete Gaussian Samplers for Lattice-Based Cryptography

Howe, James; Khalid, Ayesha; Rafferty, Ciara; Regazzoni, Francesco; O’Neill, Máire

doi:10.1109/tc.2016.2642962

Cited by 68 publications

(31 citation statements)

References 26 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…There are several possible algorithms that utilise uniform numbers to return Gaussian distributed numbers and they differ from each other in terms of implementation speed, memory, and precision. Constant-time hardware architectures for a wide range of samplers have been proposed [15,21]. However, to date such proposals have been designed on a case-by-case basis and as yet there has been no proposal of a generic hardware design.…”

Section: Countermeasures Against Timing Attacksmentioning

confidence: 99%

Physical Protection of Lattice-Based Cryptography

Khalid

Oder

Valencia

et al. 2018

Proceedings of the 2018 Great Lakes Symposium on VLSI

Self Cite

View full text Add to dashboard Cite

The impending realization of scalable quantum computers will have a significant impact on today's security infrastructure. With the advent of powerful quantum computers public key cryptographic schemes will become vulnerable to Shor's quantum algorithm, undermining the security current communications systems. Post-quantum (or quantum-resistant) cryptography is an active research area, endeavoring to develop novel and quantum resistant public key cryptography. Amongst the various classes of quantum-resistant cryptography schemes, lattice-based cryptography is emerging as one of the most viable options. Its efficient implementation on software and on commodity hardware has already been shown to compete and even excel the performance of current classical security public-key schemes. This work discusses the next step in terms of their practical deployment, i.e., addressing the physical security of lattice-based cryptographic implementations. We survey the state-of-the-art in terms of side channel attacks (SCA), both invasive and passive attacks, and proposed countermeasures. Although the weaknesses exposed have led to countermeasures for these schemes, the cost, practicality and effectiveness of these on multiple implementation platforms, however, remains under-studied.

show abstract

Section: Countermeasures Against Timing Attacksmentioning

confidence: 99%

Physical Protection of Lattice-Based Cryptography

Khalid

Oder

Valencia

et al. 2018

Proceedings of the 2018 Great Lakes Symposium on VLSI

Self Cite

View full text Add to dashboard Cite

show abstract

“…• Knuth-Yao: The Knuth-Yao sampler is a tree-based algorithm for sampling from non-uniform distributions by using a minimal number of input uniform bits, close to the entropy of the probability distribution. The scheme has a very compact memory footprint, but needs additional data scrambling to make the generated Gaussian samples time-independent [7]- [10]. [11], [12].…”

Section: Error Samplers For Lattice-based Cryptographymentioning

confidence: 99%

“…As seen in Table I, at least 9 candidates employ DGS, using a variety of aforementioned methods, with sigmas ranging from 1.2 to 107. Hardware designs of samplers have explored constant-time implementations [8], [10], [16]. For signature schemes, usually requiring large sigmas, hierarchical CDT sampling has been proposed for compact, efficient sampling in hardware [17].…”

Section: Error Samplers For Lattice-based Cryptographymentioning

confidence: 99%

“…Several algorithms utilise uniform random numbers to return Gaussian distributed numbers and differ from each other in terms of implementation speed, memory, and precision. Constant-time hardware architectures for a wide range of samplers have been proposed [10], [24]. The binomial sampler is inherently protected against timing attacks.…”

Section: A Sca Vulnerabilities and Countermeasures For Error Samplersmentioning

confidence: 99%

See 1 more Smart Citation

Error Samplers for Lattice-Based Cryptography -Challenges, Vulnerabilities and Solutions

Khalid

Rafferty

Howe

et al. 2018

2018 IEEE Asia Pacific Conference on Circuits and Systems (APCCAS)

Self Cite

View full text Add to dashboard Cite

Lattice based cryptography (LBC) stands out today as one of the most promising types of post-quantum cryptography, and a strong contender in the ongoing NIST post-quantum cryptography standardisation process. LBC algorithms are advantageous due to their efficiency, versatility and the hardness of their underlying lattice problems. In this work, the practicality of LBC is explored by surveying one of the critical components, the error samplers, and highlighting the challenges associated with their efficient, secure implementation. Side channel attack (SCA) vulnerabilities and associated countermeasures are considered, concluding with error sampler recommendations, to aid the practicality, security and future widespread deployment of LBC.

show abstract

“…Discrete Gaussian samplers are known to be susceptible to side-channel analysis [11], [12], hence avoiding this on-device is advantageous. Additionally, this also economises the overall hardware resources used, for example, the discrete Gaussian sampling module consumes ≈ 15% of the overall resources in for BLISS hardware design [5].…”

Section: Ideal Lattice-based Signaturesmentioning

confidence: 99%

Compact and provably secure lattice-based signatures in hardware

Howe¹,

Rafferty²,

Khalid³

et al. 2017

2017 IEEE International Symposium on Circuits and Systems (ISCAS)

Self Cite

View full text Add to dashboard Cite

Abstract-Lattice-based cryptography is a quantum-safe alternative to existing classical asymmetric cryptography, such as RSA and ECC, which may be vulnerable to future attacks in the event of the creation of a viable quantum computer. The efficiency of lattice-based cryptography has improved over recent years, but there has been relatively little investigation into hardware designs of digital signature schemes. In this paper, the first hardware design of the provably secure Ring-LWE digital signature scheme, Ring-TESLA, is presented, targeting a Xilinx Spartan-6 FPGA. The results better compactness of all previous lattice-based digital signature schemes in hardware, and can achieve between 104-785 signatures and 102-776 verifications per second.

show abstract

On Practical Discrete Gaussian Samplers for Lattice-Based Cryptography

Cited by 68 publications

References 26 publications

Physical Protection of Lattice-Based Cryptography

Physical Protection of Lattice-Based Cryptography

Error Samplers for Lattice-Based Cryptography -Challenges, Vulnerabilities and Solutions

Compact and provably secure lattice-based signatures in hardware

Contact Info

Product

Resources

About