Scabbard: a suite of efficient learning with rounding key-encapsulation mechanisms

Mera, Jose Maria Bermudo; Karmakar, Angshuman; Kundu, Suparna; Verbauwhede, Ingrid

doi:10.46586/tches.v2021.i4.474-509

Cited by 11 publications

(2 citation statements)

References 20 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…They can benefit from hybrid masking unless the scheme makes NTT representation an integral part of the scheme. Our contributions are therefore directly applicable to implementations of algorithms such as SABER [BMD + 20], Scabbard [MKKV21], NTRU [HPS06] or LAC [LLZ + 18]. In the long term, our results should aid future lattice-based scheme design choices (in particular the power-of-two versus NTT-friendly trade-off).…”

Section: Discussionmentioning

confidence: 97%

“…While the NIST standardization aimed at selecting a portfolio of post-quantum algorithms for general applications, there is a need for developing tailored post-quantum schemes that meet application-specific needs, for example, the constraints of the IoT and automotive applications. In recent years, several new post-quantum algorithms [DPPvW22,MKKV21] have emerged with better performance or security features (or both) than the candidate algorithms in the NIST standardization. Security against side-channel attacks [MOP07] has become an essential requirement in applications where an attacker can obtain side-channel information such as variations in the power consumption or electromagnetic emanation, or temperature of the cryptographic device.…”

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

Kavach: Lightweight masking techniques for polynomial arithmetic in lattice-based cryptography

Aikata

Basso

Cassiers

et al. 2023

TCHES

View full text Add to dashboard Cite

Lattice-based cryptography has laid the foundation of various modern-day cryptosystems that cater to several applications, including post-quantum cryptography. For structured lattice-based schemes, polynomial arithmetic is a fundamental part. In several instances, the performance optimizations come from implementing compact multipliers due to the small range of the secret polynomial coefficients. However, this optimization does not easily translate to side-channel protected implementations since masking requires secret polynomial coefficients to be distributed over a large range. In this work, we address this problem and propose two novel generalized techniques, one for the number theoretic transform (NTT) based and another for the non-NTT-based polynomial arithmetic. Both these proposals enable masked polynomial multiplication while utilizing and retaining the small secret property.For demonstration, we used the proposed technique and instantiated masked multipliers for schoolbook as well as NTT-based polynomial multiplication. Both of these can utilize the compact multipliers used in the unmasked implementations. The schoolbook multiplication requires an extra polynomial accumulation along with the two polynomial multiplications for a first-order protected implementation. However, this cost is nothing compared to the area saved by utilizing the existing cheap multiplication units. We also extensively test the side-channel resistance of the proposed design through TVLA to guarantee its first-order security.

show abstract

Section: Discussionmentioning

confidence: 97%

Section: Introductionmentioning

confidence: 99%