Filters








57 Hits in 6.8 sec

Faster Gaussian Lattice Sampling Using Lazy Floating-Point Arithmetic [chapter]

Léo Ducas, Phong Q. Nguyen
2012 Lecture Notes in Computer Science  
We study how much lattice sampling can be sped up using floating-point arithmetic.  ...  Many lattice cryptographic primitives require an efficient algorithm to sample lattice points according to some Gaussian distribution.  ...  Stehlé for useful discussions. We also thanks anonymous reviewers for their comments.  ... 
doi:10.1007/978-3-642-34961-4_26 fatcat:t25kgluslbepng5md64cnw34vu

Generic, Efficient and Isochronous Gaussian Sampling over the Integers [article]

Shuo Sun, Yongbin Zhou, Yunfeng Ji, Rui Zhang, Yang Tao
2021 IACR Cryptology ePrint Archive  
Gaussian sampling over the integers is one of the fundamental building blocks of lattice-based cryptography. Among the extensively used trapdoor sampling algorithms, it's ineluctable until now.  ...  The new COSAC sampler is 1.46x-1.63x faster than the original and has the lowest expected number of trials among all Gaussian samplers based on rejection samplings.  ...  In our implementation of Algorithm 2, we use the double type meeting the IEEE-754 standard in the floating-point arithmetics and 64-bit integers to approximate the floating numbers u 2 , r 2 , r 3 , so  ... 
dblp:journals/iacr/SunZJZT21 fatcat:2vaie4drvvdjfly5ckfindlioi

On Rejection Sampling Algorithms for Centered Discrete Gaussian Distribution over Integers [article]

Yusong Du, Baodian Wei
2017 IACR Cryptology ePrint Archive  
The first algorithm is designed for the case where σ is an positive integer, and it requires neither pre-computation storage nor floating-point arithmetic.  ...  Discrete Gaussian sampling is one of fundamental operations in many lattice-based cryptosystems.  ...  All of them do not use floating-point arithmetic.  ... 
dblp:journals/iacr/DuW17 fatcat:jhij5dosejdu5jkgxueg6pqj5a

Gaussian Sampling over the Integers: Efficient, Generic, Constant-Time [chapter]

Daniele Micciancio, Michael Walter
2017 Lecture Notes in Computer Science  
As an additional contribution, we present new analytical techniques that can be used to simplify the precision/security evaluation of floating point cryptographic algorithms, and an experimental comparison  ...  Sampling integers with Gaussian distribution is a fundamental problem that arises in almost every application of lattice cryptography, and it can be both time consuming and challenging to implement.  ...  Acknowledgment We thank the authors of [10] for providing the source code of their implementation of different discrete Gaussian samplers.  ... 
doi:10.1007/978-3-319-63715-0_16 fatcat:z4d7lkqllnhnfeggaz5q4gu3gu

Towards Practical Lattice-Based Public-Key Encryption on Reconfigurable Hardware [chapter]

Thomas Pöppelmann, Tim Güneysu
2014 Lecture Notes in Computer Science  
sampling in a single unit.  ...  We hope that this contribution helps to pave the way for the deployment of ideal lattice-based encryption in future real-world systems.  ...  This method has been implemented in software in [22] but the success rate is only approximately 20 % and requires costly floating point arithmetic (cf. to the laziness approach in [16] ).  ... 
doi:10.1007/978-3-662-43414-7_4 fatcat:2zkqm5obynehvomvienyqizocm

High-Performance Ideal Lattice-Based Cryptography on 8-Bit ATxmega Microcontrollers [chapter]

Thomas Pöppelmann, Tobias Oder, Tim Güneysu
2015 Lecture Notes in Computer Science  
These results outperform implementations on similar platforms and underline the feasibility of lattice-based cryptography on constrained devices.  ...  Over the last years lattice-based cryptography has received much attention due to versatile average-case problems like Ring-LWE or Ring-SIS that appear to be intractable by quantum computers.  ...  For efficiency reasons we just work with the binary expansion of the fractional part instead of floating point arithmetic as all numbers used are smaller than 1.0.  ... 
doi:10.1007/978-3-319-22174-8_19 fatcat:tqcfnspcavcktf4m5ymte47zqm

Implementing BP-Obfuscation Using Graph-Induced Encoding

Shai Halevi, Tzipora Halevi, Victor Shoup, Noah Stephens-Davidowitz
2017 Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security - CCS '17  
We expect that these optimizations will find other uses in lattice-based cryptography beyond just obfuscation.  ...  These include new variants of discrete Gaussian sampler and lattice trapdoor sampler, efficient matrix-manipulation routines, and many tradeoffs.  ...  FLINT only uses scalar integer arithmetic -it does not use any floating point. For matrix multiplication, it uses Strassen's recursive algorithm.  ... 
doi:10.1145/3133956.3133976 dblp:conf/ccs/HaleviHSS17 fatcat:jity63zaj5hxzgiyecobtwze7u

Enhanced Lattice-Based Signatures on Reconfigurable Hardware [chapter]

Thomas Pöppelmann, Léo Ducas, Tim Güneysu
2014 Lecture Notes in Computer Science  
However, due to the complex sampling of Gaussian noise with high precision, it is not clear whether this scheme can be mapped efficiently to embedded devices.  ...  Even though the authors of Bliss also proposed a new sampling algorithm using Bernoulli variables this approach is more complex than previous methods using large precomputed tables.  ...  operations and its costly requirement on high precision floating point arithmetic.  ... 
doi:10.1007/978-3-662-44709-3_20 fatcat:w77dq4yzeje65prje64pgrmkqa

Post-quantum Key Exchange - A New Hope

Erdem Alkim, Léo Ducas, Thomas Pöppelmann, Peter Schwabe
2016 USENIX Security Symposium  
By these measures and for the same lattice dimension, we more than double the security parameter, halve the communication overhead, and speed up computation by more than a factor of 8 in a portable C implementation  ...  We are thankful to Mike Hamburg and to Paul Crowley for pointing out mistakes in a previous version of this paper, and we are thankful to Isis Lovecruft for thoroughly proofreading the paper and for suggesting  ...  It does not use any floating-point arithmetic and outside the Keccak (SHA3-256 and SHAKE-128) implementation only needs 16-bit and 32-bit integer arithmetic.  ... 
dblp:conf/uss/AlkimDPS16 fatcat:sm6jbq2bmjca7naxguje35mhqm

Public Key Cryptography on Hardware Platforms: Design and Analysis of Elliptic Curve and Lattice-based Cryptoprocessors

Sujoy Sinha Roy
2017 Zenodo  
These cryptographic schemes perform arithmetic operations in a polynomial ring and require sampling from a discrete Gaussian distribution.  ...  We optimize the scalar conversion which is an important part of point multiplication, and we introduce lightweight countermeasures against timing and power side-channel attacks.  ...  A.2 Hardware architecture We use these optimizations to design a high-speed and pipelined scalar conversion architecture. The architecture is described in details our publication  ... 
doi:10.5281/zenodo.2643389 fatcat:sozmpjtc3jbddpgdqa7cic24k4

Efficient implementation of ideal lattice-based cryptography

Thomas Pöppelmann
2017 it - Information Technology  
While quantum computers powerful enough to break currently used parameter sets are not available yet, they are heavily researched and expected to reach maturity in 15 to 20 years.  ...  One alternative is lattice-based cryptography which allows the construction of asymmetric public-key encryption and signature schemes that offer a good balance between security, performance, and key as  ...  Simple rejection sampling using floating-point arithmetic is definitely too costly, especially on an FPGA without hardware supported floating point operations.  ... 
doi:10.1515/itit-2017-0030 fatcat:mpmamskk25h3lbyshy4rfd4y4y

Efficient Software Implementation of Ring-LWE Encryption on IoT Processors

Zhe Liu, Reza Azarderakhsh, Howon Kim, Hwajeong Seo
2017 IEEE transactions on computers  
Regarding of the sampling from the discrete Gaussian distribution, we adopt Knuth-Yao sampler, accompanied with optimized methods such as Look-Up Table ( LUT) and byte-scanning.  ...  These results are at least 7 times faster than the fastest ECC implementation on desired platforms with same security level.  ...  The ARM Cortex A9 provides highly configurable L1 caches, and optional NEON and Floating-point extensions.  ... 
doi:10.1109/tc.2017.2750146 fatcat:i27eye5lprcolcnnlyim5n5thm

Software Speed Records for Lattice-Based Signatures [chapter]

Tim Güneysu, Tobias Oder, Thomas Pöppelmann, Peter Schwabe
2013 Lecture Notes in Computer Science  
Recently, lattice-based constructions were proposed that combine both properties, such as the lattice-based digital signature scheme presented at CHES 2012.  ...  Lazy reduction. The prime p has 23 bits. A double-precision floating-point value has a 53-bit mantissa and one sign bit.  ...  We represent each 512-coefficient polynomial as an array of 512 double-precision floating-point values.  ... 
doi:10.1007/978-3-642-38616-9_5 fatcat:fzfoq3pvjrdlhcno2sx2nnxz4i

LLL on the Average [chapter]

Phong Q. Nguyen, Damien Stehlé
2006 Lecture Notes in Computer Science  
A lattice has infinitely many bases (except in trivial dimension ≤ 1), but some are more useful than others.  ...  The subject had a revival with Lenstra's celebrated work on integer programming [19, 20] , which used an approximate ⋆  ...  Currently, the most efficient provable variant of L 3 known in case of large entries, called L 2 , is due to Nguyen and Stehlé [23] , and is based on floating-point arithmetic.  ... 
doi:10.1007/11792086_18 fatcat:3dadjzy36vfnpfu5lddnqp7uii

High Precision Discrete Gaussian Sampling on FPGAs [chapter]

Sujoy Sinha Roy, Frederik Vercauteren, Ingrid Verbauwhede
2014 Lecture Notes in Computer Science  
Lattice-based public key cryptography often requires sampling from discrete Gaussian distributions.  ...  Furthermore, we propose optimization techniques to store the probabilities of the sample points in near-optimal space.  ...  Sampling with negligible statistical distance however either requires high precision floating arithmetic or large precomputed tables.  ... 
doi:10.1007/978-3-662-43414-7_19 fatcat:gzi4snfttjab5djnoe52o52bvu
« Previous Showing results 1 — 15 out of 57 results