A Masked Ring-LWE Implementation. - Internet Archive Scholar

In this paper, we present a masked ring-LWE decryption implementation resistant to first-order side-channel attacks. ... We have implemented a hardware architecture of the masked ring-LWE processor on a Virtex-II FPGA, and have performed side channel analysis to confirm the soundness of our approach. ... Oscar Reparaz is funded by a PhD fellowship of the Fund for Scientific Research -Flanders (FWO). Sujoy Sinha Roy was supported by Erasmus Mundus PhD Scholarship. ...

doi:10.1007/978-3-662-48324-4_34 fatcat:o3dq35tsb5hf3ibzarhva6zj2m

A first step in a masked ring-LWE implementation is the work [RRVV15] , hereafter refered to as the CHES 2015 approach. ... Our masking scheme is based on the additively homomorphic nature of the existing ring-LWE encryption. A mask is computed by encrypting a random message and then the mask is added to the ciphertext. ... A An attack on the multiplication An adversary could mount the following attack with a zero-value power model to recover only whether s[i] = 0 or not. ...

doi:10.1007/978-3-319-29360-8_15 fatcat:sqy3uce2f5ehfkycte7v425ulm

Oscar Reparaz is funded by a PhD fellowship of the Fund for Scientific Research -Flanders (FWO). Sujoy Sinha Roy was supported by Erasmus Mundus PhD Scholarship. ... In this paper we present a compact masked implementation of the ring-LWE decryption function. ... High-level overview In this section, we give a high-level view of the masked ring-LWE implementation. ...

doi:10.1007/s13389-016-0126-5 fatcat:se3otguhwjabbg5gzpqvmecs3i

During the last years public-key encryption schemes based on the hardness of ring-LWE have gained significant popularity. ... With parameters providing 233 bits of quantum security, our implementation requires 4,176,684 cycles for encryption and 25,640,380 cycles for decryption with masking and hiding countermeasures on a Cortex-M4F ... Thus, we draw two conclusions for the implementation of practically secured ring-LWE encryption: • Assuming a CPA-only attacker, the DPA attack on ring-LWE without masked decoding is impractical and thus ...

doi:10.13154/tches.v2018.i1.142-174 dblp:journals/tches/OderSPG18 fatcat:h4cn4y677bfwtbhqhxax7iy3ae

DOAJ OJS

Later for efficiency LWE was adapted for ring polynomials known as Ring-LWE. In this paper we discuss some of these ring-LWE based schemes that have been designed. ... We have also drawn comparisons of different implementations of those schemes to illustrate their evolution from theoretical proposals to practically feasible schemes. ... The secret in a ring-LWE based scheme is a polynomial and arithmetic operations involve masking data and the secret using discrete Gaussian noise. ...

doi:10.1007/978-3-319-49445-6_18 fatcat:7y34eqtumvhexap5rusvgjzppy

The impending realization of scalable quantum computers will have a significant impact on today's security infrastructure. ... ., addressing the physical security of lattice-based cryptographic implementations. ... Therefore it is more appropriate to apply masking to a R-LWE-based scheme that is also secure against chosen-ciphertext attackers. ...

doi:10.1145/3194554.3194616 dblp:conf/glvlsi/KhalidOVOGR18 fatcat:lfintj5vbbf5xllxwoxeer6hdu

Compact implementations of the ring variant of the Learning with Errors (Ring-LWE) on the embedded processors have been actively studied due to potential quantum threats. ... Various Ring-LWE implementation works mainly focused on optimization techniques to reduce the execution timing and memory consumptions for high availability. ... In Ring-LWE problem, elements a, s and t are polynomials in the ring R q . Ring-LWE encryption scheme proposed by Lyubashevshy et al. was later optimized in [20] . Roy et al.' ...

doi:10.1007/978-3-319-78556-1_10 fatcat:sqzb33a3grfmnf7mxt6zcyovfu

We also discuss how masking-based DPA countermeasures can be implemented on the Sapphire core without any changes to the hardware. ... However, high computational complexity of these algorithms makes it challenging to implement lattice-based protocols on low-power embedded devices. ... Masking-based countermeasures have been proposed in [67, 68, 46] for Ring-LWE encryption. ...

arXiv:1910.07557v1 fatcat:suymd56szfe5fas2vxncdbu5h4

Multiple Versions

Subsequently, we present a full-fledged implementation of Ring-LWE by taking advantage of proposed and previous optimization techniques. ... Ultimately, our ring-LWE implementation requires only 145k clock cycles for encryption and 32.8k cycles for decryption for n = 256. ... a high-speed ring-LWE encryption scheme. ...

doi:10.1007/978-3-319-62024-4_6 fatcat:racl6lzn6fg47kbaxqr7n7m2pq

In this paper, we propose an efficient parallel implementation of matrix multiplication and vector addition with matrix transpose using ARM NEON instructions on ARM Cortex-A platforms. ... A large-size matrix multiplication requires a long execution time for key generation, encryption, and decryption. ... [22] proposed practical CCA2secure and masking Ring-LWE implementation in an ARM Cortex-M4F environment. They implemented masked PRNG (SHAKE-128) for a countermeasure of a side-channel attack. ...

doi:10.1155/2018/7012056 fatcat:a5aapx5yvjh5tl6f6vrnrn4iem

DOAJ

We review two protocols for quantum-resistant key exchange based on lattice problems: BCNS15, based on the ring learning with errors problem, and Frodo, based on the learning with errors problem. ... We introduce the Open Quantum Safe project, an open-source software project for prototyping quantum-resistant cryptography, which includes liboqs, a C library of quantum-resistant algorithms, and our integrations ... Acknowledgements Research on LWE and ring-LWE based key exchange discussed in this paper includes joint work with Joppe W. ...

doi:10.1007/978-3-319-69453-5_2 fatcat:lhen3goh6rb4nft6ui6p4gjuoa

Our obfuscation approach satisfies distributional Virtual Black Box (VBB) security based on reasonable hardness assumptions, namely an entropic variant of the Ring Learning with Errors (Ring-LWE) assumption ... Our work is the first implementation of non-trivial program obfuscation based on polynomial rings. ... Note that our implementation is based on the entropic Ring-LWE problem with a small-secret (ternary) distribution, which is a stronger assumption than Ring-LWE. ...

doi:10.1109/sp.2018.00007 dblp:conf/sp/CousinsCGKPRRS18 fatcat:tokd33t7xnbbvp2jwooksxrqce

First, we present a method for crafting ring/module-LWE ciphertexts that result in sparse polynomials at the input of inverse NTT computations, independent of the used private key. ... Our k-trace attack on the long-term secret can handle noise up to a σ ≤ 1.2 in the noisy Hamming weight leakage model, also for masked implementations. ... Therefore, we consider a masked implementation that follows the generic ring-LWE masking strategy from [RRdC + 16, OSPG18], which is also summarized in Section 2.4. ...

doi:10.46586/tches.v2021.i4.88-113 fatcat:4iq6qpbalbbvbdtff47k3dv4sm

DOAJ OJS

We show that our technique is particularly efficient for masking structured LWE encryption schemes such as Kyber and Saber. ... In this paper we describe a new high-order conversion algorithm between Boolean and arithmetic masking, based on table recomputation, and provably secure in the ISW probing model. ... Application to ring-LWE IND-CPA decryption In this section we show how to efficiently mask the IND-CPA decryption of ring-LWE schemes. ...

doi:10.46586/tches.v2022.i2.1-40 fatcat:55fvr47bzvaitccbslepzgbodq

DOAJ OJS

The ring-LWE problem is a ring based version of the LWE problem and was introduced by Lyubashevsky, Peikert and Regev in [17] . ... The LWE and ring-LWE Problem The LWE problem was introduced by Regev [21] in 2005. ... APPENDIX Input: Polynomial a(x) ∈ Zq[x] of degree n − 1 and n-th primitive root ωn ∈ Zq of unity Output: Polynomial A(x) ∈ Zq[x] = NTT(a) begin 1 A ← BitReverse(a); /* Coefficients are stored in the memory ...

doi:10.1109/tc.2017.2686385 fatcat:mdx2gnojgjh4tp7s7mowlef2wy

A Masked Ring-LWE Implementation [chapter]

Preserved Fulltext

Additively Homomorphic Ring-LWE Masking [chapter]

Preserved Fulltext

Masking ring-LWE

Preserved Fulltext

Practical CCA2-Secure and Masked Ring-LWE Implementation

Preserved Fulltext

Ring-LWE: Applications to Cryptography and Their Efficient Realization [chapter]

Preserved Fulltext

Physical Protection of Lattice-Based Cryptography

Preserved Fulltext

Secure Number Theoretic Transform and Speed Record for Ring-LWE Encryption on Embedded Processors [chapter]

Preserved Fulltext

Sapphire: A Configurable Crypto-Processor for Post-Quantum Lattice-based Protocols [article]

Preserved Fulltext

Other Versions

Efficient Implementation of Ring-LWE Encryption on High-End IoT Platform [chapter]

Preserved Fulltext

Efficient Parallel Implementation of Matrix Multiplication for Lattice-Based Cryptography on Modern ARM Processor

Preserved Fulltext

Post-quantum Key Exchange for the Internet and the Open Quantum Safe Project [chapter]

Preserved Fulltext

Implementing Conjunction Obfuscation Under Entropic Ring LWE

Preserved Fulltext

Chosen Ciphertext k-Trace Attacks on Masked CCA2 Secure Kyber

Preserved Fulltext

High-order Table-based Conversion Algorithms and Masking Lattice-based Encryption

Preserved Fulltext

Hardware Assisted Fully Homomorphic Function Evaluation and Encrypted Search

Preserved Fulltext