Filters








287 Hits in 2.8 sec

A Masked Ring-LWE Implementation [chapter]

Oscar Reparaz, Sujoy Sinha Roy, Frederik Vercauteren, Ingrid Verbauwhede
2015 Lecture Notes in Computer Science  
In this paper, we present a masked ring-LWE decryption implementation resistant to first-order side-channel attacks.  ...  We have implemented a hardware architecture of the masked ring-LWE processor on a Virtex-II FPGA, and have performed side channel analysis to confirm the soundness of our approach.  ...  Oscar Reparaz is funded by a PhD fellowship of the Fund for Scientific Research -Flanders (FWO). Sujoy Sinha Roy was supported by Erasmus Mundus PhD Scholarship.  ... 
doi:10.1007/978-3-662-48324-4_34 fatcat:o3dq35tsb5hf3ibzarhva6zj2m

Additively Homomorphic Ring-LWE Masking [chapter]

Oscar Reparaz, Ruan de Clercq, Sujoy Sinha Roy, Frederik Vercauteren, Ingrid Verbauwhede
2016 Lecture Notes in Computer Science  
A first step in a masked ring-LWE implementation is the work [RRVV15] , hereafter refered to as the CHES 2015 approach.  ...  Our masking scheme is based on the additively homomorphic nature of the existing ring-LWE encryption. A mask is computed by encrypting a random message and then the mask is added to the ciphertext.  ...  A An attack on the multiplication An adversary could mount the following attack with a zero-value power model to recover only whether s[i] = 0 or not.  ... 
doi:10.1007/978-3-319-29360-8_15 fatcat:sqy3uce2f5ehfkycte7v425ulm

Masking ring-LWE

Oscar Reparaz, Sujoy Sinha Roy, Ruan de Clercq, Frederik Vercauteren, Ingrid Verbauwhede
2016 Journal of Cryptographic Engineering  
Oscar Reparaz is funded by a PhD fellowship of the Fund for Scientific Research -Flanders (FWO). Sujoy Sinha Roy was supported by Erasmus Mundus PhD Scholarship.  ...  In this paper we present a compact masked implementation of the ring-LWE decryption function.  ...  High-level overview In this section, we give a high-level view of the masked ring-LWE implementation.  ... 
doi:10.1007/s13389-016-0126-5 fatcat:se3otguhwjabbg5gzpqvmecs3i

Practical CCA2-Secure and Masked Ring-LWE Implementation

Tobias Oder, Tobias Schneider, Thomas Pöppelmann, Tim Güneysu
2018 Transactions on Cryptographic Hardware and Embedded Systems  
During the last years public-key encryption schemes based on the hardness of ring-LWE have gained significant popularity.  ...  With parameters providing 233 bits of quantum security, our implementation requires 4,176,684 cycles for encryption and 25,640,380 cycles for decryption with masking and hiding countermeasures on a Cortex-M4F  ...  Thus, we draw two conclusions for the implementation of practically secured ring-LWE encryption: • Assuming a CPA-only attacker, the DPA attack on ring-LWE without masked decoding is impractical and thus  ... 
doi:10.13154/tches.v2018.i1.142-174 dblp:journals/tches/OderSPG18 fatcat:h4cn4y677bfwtbhqhxax7iy3ae

Ring-LWE: Applications to Cryptography and Their Efficient Realization [chapter]

Sujoy Sinha Roy, Angshuman Karmakar, Ingrid Verbauwhede
2016 Lecture Notes in Computer Science  
Later for efficiency LWE was adapted for ring polynomials known as Ring-LWE. In this paper we discuss some of these ring-LWE based schemes that have been designed.  ...  We have also drawn comparisons of different implementations of those schemes to illustrate their evolution from theoretical proposals to practically feasible schemes.  ...  The secret in a ring-LWE based scheme is a polynomial and arithmetic operations involve masking data and the secret using discrete Gaussian noise.  ... 
doi:10.1007/978-3-319-49445-6_18 fatcat:7y34eqtumvhexap5rusvgjzppy

Physical Protection of Lattice-Based Cryptography

Ayesha Khalid, Tobias Oder, Felipe Valencia, Maire O' Neill, Tim Güneysu, Francesco Regazzoni
2018 Proceedings of the 2018 on Great Lakes Symposium on VLSI - GLSVLSI '18  
The impending realization of scalable quantum computers will have a significant impact on today's security infrastructure.  ...  ., addressing the physical security of lattice-based cryptographic implementations.  ...  Therefore it is more appropriate to apply masking to a R-LWE-based scheme that is also secure against chosen-ciphertext attackers.  ... 
doi:10.1145/3194554.3194616 dblp:conf/glvlsi/KhalidOVOGR18 fatcat:lfintj5vbbf5xllxwoxeer6hdu

Secure Number Theoretic Transform and Speed Record for Ring-LWE Encryption on Embedded Processors [chapter]

Hwajeong Seo, Zhe Liu, Taehwan Park, Hyeokchan Kwon, Sokjoon Lee, Howon Kim
2018 Lecture Notes in Computer Science  
Compact implementations of the ring variant of the Learning with Errors (Ring-LWE) on the embedded processors have been actively studied due to potential quantum threats.  ...  Various Ring-LWE implementation works mainly focused on optimization techniques to reduce the execution timing and memory consumptions for high availability.  ...  In Ring-LWE problem, elements a, s and t are polynomials in the ring R q . Ring-LWE encryption scheme proposed by Lyubashevshy et al. was later optimized in [20] . Roy et al.'  ... 
doi:10.1007/978-3-319-78556-1_10 fatcat:sqzb33a3grfmnf7mxt6zcyovfu

Sapphire: A Configurable Crypto-Processor for Post-Quantum Lattice-based Protocols [article]

Utsav Banerjee and Tenzin S. Ukyab and Anantha P. Chandrakasan
2019 arXiv   pre-print
We also discuss how masking-based DPA countermeasures can be implemented on the Sapphire core without any changes to the hardware.  ...  However, high computational complexity of these algorithms makes it challenging to implement lattice-based protocols on low-power embedded devices.  ...  Masking-based countermeasures have been proposed in [67, 68, 46] for Ring-LWE encryption.  ... 
arXiv:1910.07557v1 fatcat:suymd56szfe5fas2vxncdbu5h4

Efficient Implementation of Ring-LWE Encryption on High-End IoT Platform [chapter]

Zhe Liu, Reza Azarderakhsh, Howon Kim, Hwajeong Seo
2017 Lecture Notes in Computer Science  
Subsequently, we present a full-fledged implementation of Ring-LWE by taking advantage of proposed and previous optimization techniques.  ...  Ultimately, our ring-LWE implementation requires only 145k clock cycles for encryption and 32.8k cycles for decryption for n = 256.  ...  a high-speed ring-LWE encryption scheme.  ... 
doi:10.1007/978-3-319-62024-4_6 fatcat:racl6lzn6fg47kbaxqr7n7m2pq

Efficient Parallel Implementation of Matrix Multiplication for Lattice-Based Cryptography on Modern ARM Processor

Taehwan Park, Hwajeong Seo, Junsub Kim, Haeryong Park, Howon Kim
2018 Security and Communication Networks  
In this paper, we propose an efficient parallel implementation of matrix multiplication and vector addition with matrix transpose using ARM NEON instructions on ARM Cortex-A platforms.  ...  A large-size matrix multiplication requires a long execution time for key generation, encryption, and decryption.  ...  [22] proposed practical CCA2secure and masking Ring-LWE implementation in an ARM Cortex-M4F environment. They implemented masked PRNG (SHAKE-128) for a countermeasure of a side-channel attack.  ... 
doi:10.1155/2018/7012056 fatcat:a5aapx5yvjh5tl6f6vrnrn4iem

Post-quantum Key Exchange for the Internet and the Open Quantum Safe Project [chapter]

Douglas Stebila, Michele Mosca
2017 Lecture Notes in Computer Science  
We review two protocols for quantum-resistant key exchange based on lattice problems: BCNS15, based on the ring learning with errors problem, and Frodo, based on the learning with errors problem.  ...  We introduce the Open Quantum Safe project, an open-source software project for prototyping quantum-resistant cryptography, which includes liboqs, a C library of quantum-resistant algorithms, and our integrations  ...  Acknowledgements Research on LWE and ring-LWE based key exchange discussed in this paper includes joint work with Joppe W.  ... 
doi:10.1007/978-3-319-69453-5_2 fatcat:lhen3goh6rb4nft6ui6p4gjuoa

Implementing Conjunction Obfuscation Under Entropic Ring LWE

David Bruce Cousins, Giovanni Di Crescenzo, Kamil Doruk Gur, Kevin King, Yuriy Polyakov, Kurt Rohloff, Gerard W. Ryan, Erkay Savas
2018 2018 IEEE Symposium on Security and Privacy (SP)  
Our obfuscation approach satisfies distributional Virtual Black Box (VBB) security based on reasonable hardness assumptions, namely an entropic variant of the Ring Learning with Errors (Ring-LWE) assumption  ...  Our work is the first implementation of non-trivial program obfuscation based on polynomial rings.  ...  Note that our implementation is based on the entropic Ring-LWE problem with a small-secret (ternary) distribution, which is a stronger assumption than Ring-LWE.  ... 
doi:10.1109/sp.2018.00007 dblp:conf/sp/CousinsCGKPRRS18 fatcat:tokd33t7xnbbvp2jwooksxrqce

Chosen Ciphertext k-Trace Attacks on Masked CCA2 Secure Kyber

Mike Hamburg, Julius Hermelink, Robert Primas, Simona Samardjiska, Thomas Schamberger, Silvan Streit, Emanuele Strieder, Christine Van Vredendaal
2021 Transactions on Cryptographic Hardware and Embedded Systems  
First, we present a method for crafting ring/module-LWE ciphertexts that result in sparse polynomials at the input of inverse NTT computations, independent of the used private key.  ...  Our k-trace attack on the long-term secret can handle noise up to a σ ≤ 1.2 in the noisy Hamming weight leakage model, also for masked implementations.  ...  Therefore, we consider a masked implementation that follows the generic ring-LWE masking strategy from [RRdC + 16, OSPG18], which is also summarized in Section 2.4.  ... 
doi:10.46586/tches.v2021.i4.88-113 fatcat:4iq6qpbalbbvbdtff47k3dv4sm

High-order Table-based Conversion Algorithms and Masking Lattice-based Encryption

Jean-Sébastien Coron, François Gérard, Simon Montoya, Rina Zeitoun
2022 Transactions on Cryptographic Hardware and Embedded Systems  
We show that our technique is particularly efficient for masking structured LWE encryption schemes such as Kyber and Saber.  ...  In this paper we describe a new high-order conversion algorithm between Boolean and arithmetic masking, based on table recomputation, and provably secure in the ISW probing model.  ...  Application to ring-LWE IND-CPA decryption In this section we show how to efficiently mask the IND-CPA decryption of ring-LWE schemes.  ... 
doi:10.46586/tches.v2022.i2.1-40 fatcat:55fvr47bzvaitccbslepzgbodq

Hardware Assisted Fully Homomorphic Function Evaluation and Encrypted Search

Sujoy Sinha Roy, Frederik Vercauteren, Jo Vliegen, Ingrid Verbauwhede
2017 IEEE transactions on computers  
The ring-LWE problem is a ring based version of the LWE problem and was introduced by Lyubashevsky, Peikert and Regev in [17] .  ...  The LWE and ring-LWE Problem The LWE problem was introduced by Regev [21] in 2005.  ...  APPENDIX Input: Polynomial a(x) ∈ Zq[x] of degree n − 1 and n-th primitive root ωn ∈ Zq of unity Output: Polynomial A(x) ∈ Zq[x] = NTT(a) begin 1 A ← BitReverse(a); /* Coefficients are stored in the memory  ... 
doi:10.1109/tc.2017.2686385 fatcat:mdx2gnojgjh4tp7s7mowlef2wy
« Previous Showing results 1 — 15 out of 287 results