345 Hits in 1.7 sec

Masking ring-LWE

Oscar Reparaz, Sujoy Sinha Roy, Ruan de Clercq, Frederik Vercauteren, Ingrid Verbauwhede
2016 Journal of Cryptographic Engineering  
In this paper we present a compact masked implementation of the ring-LWE decryption function.  ...  In the following, we are not analyzing the variant of [5] but only the half-masked ring-LWE.)  ... 
doi:10.1007/s13389-016-0126-5 fatcat:se3otguhwjabbg5gzpqvmecs3i

Additively Homomorphic Ring-LWE Masking [chapter]

Oscar Reparaz, Ruan de Clercq, Sujoy Sinha Roy, Frederik Vercauteren, Ingrid Verbauwhede
2016 Lecture Notes in Computer Science  
A first step in a masked ring-LWE implementation is the work [RRVV15] , hereafter refered to as the CHES 2015 approach.  ...  In this paper we propose a new masking scheme to protect the secret key during decryption operations in ring-LWE cryptosystems.  ... 
doi:10.1007/978-3-319-29360-8_15 fatcat:sqy3uce2f5ehfkycte7v425ulm

A Masked Ring-LWE Implementation [chapter]

Oscar Reparaz, Sujoy Sinha Roy, Frederik Vercauteren, Ingrid Verbauwhede
2015 Lecture Notes in Computer Science  
In this paper, we present a masked ring-LWE decryption implementation resistant to first-order side-channel attacks.  ...  We have implemented a hardware architecture of the masked ring-LWE processor on a Virtex-II FPGA, and have performed side channel analysis to confirm the soundness of our approach.  ...  Our implementation performs the entire ring-LWE decryption computation in the masked domain.  ... 
doi:10.1007/978-3-662-48324-4_34 fatcat:o3dq35tsb5hf3ibzarhva6zj2m

Practical CCA2-Secure and Masked Ring-LWE Implementation

Tobias Oder, Tobias Schneider, Thomas Pöppelmann, Tim Güneysu
2018 Transactions on Cryptographic Hardware and Embedded Systems  
During the last years public-key encryption schemes based on the hardness of ring-LWE have gained significant popularity.  ...  In this work we thus present an instance of ring-LWE encryption that is protected against active attacks (i.e., adaptive chosen-ciphertext attacks) and equipped with countermeasures against side-channel  ...  Figure 2 shows the basic structure of our masked ring-LWE decryption.  ... 
doi:10.13154/tches.v2018.i1.142-174 dblp:journals/tches/OderSPG18 fatcat:h4cn4y677bfwtbhqhxax7iy3ae

Ring-LWE: Applications to Cryptography and Their Efficient Realization [chapter]

Sujoy Sinha Roy, Angshuman Karmakar, Ingrid Verbauwhede
2016 Lecture Notes in Computer Science  
Later for efficiency LWE was adapted for ring polynomials known as Ring-LWE. In this paper we discuss some of these ring-LWE based schemes that have been designed.  ...  The secret in a ring-LWE based scheme is a polynomial and arithmetic operations involve masking data and the secret using discrete Gaussian noise.  ...  The search ring-LWE problem is to find the secret polynomial s(x) from a polynomial number of samples drawn from the ring-LWE distribution.  ... 
doi:10.1007/978-3-319-49445-6_18 fatcat:7y34eqtumvhexap5rusvgjzppy

Physical Protection of Lattice-Based Cryptography

Ayesha Khalid, Tobias Oder, Felipe Valencia, Maire O' Neill, Tim Güneysu, Francesco Regazzoni
2018 Proceedings of the 2018 on Great Lakes Symposium on VLSI - GLSVLSI '18  
In the case of ring lattices the security of the constructed schemes is based on ring variants of the original problems, hence, the Ring-Learning with Errors (R-LWE) or Ring-Short Integer Solution (R-SIS  ...  Masking has also been applied to R-LWE-based schemes in several works [26, 33, 34] .  ... 
doi:10.1145/3194554.3194616 dblp:conf/glvlsi/KhalidOVOGR18 fatcat:lfintj5vbbf5xllxwoxeer6hdu

Compact Lattice Signatures

Dipayan Das, Vishal Saraswat
2018 Proceedings of the 15th International Joint Conference on e-Business and Telecommunications  
This is an instance of Ring LWE.  ...  a generalized version of the Ring SIS (or ring LWE) problem.  ... 
doi:10.5220/0006861606560661 dblp:conf/icete/DasS18 fatcat:eawydz6lkzax3azbovor4p5ujm

Sapphire: A Configurable Crypto-Processor for Post-Quantum Lattice-based Protocols [article]

Utsav Banerjee and Tenzin S. Ukyab and Anantha P. Chandrakasan
2019 arXiv   pre-print
We also discuss how masking-based DPA countermeasures can be implemented on the Sapphire core without any changes to the hardware.  ...  Masking-based countermeasures have been proposed in [67, 68, 46] for Ring-LWE encryption.  ...  Examples of secure Ring-LWE parameters are (n, q) = (512, 12289) and (n, q) = (1024, 12289) for NewHope [24] . Module-LWE [6] provides a middle ground between LWE and Ring-LWE.  ... 
arXiv:1910.07557v1 fatcat:suymd56szfe5fas2vxncdbu5h4

High-order Table-based Conversion Algorithms and Masking Lattice-based Encryption

Jean-Sébastien Coron, François Gérard, Simon Montoya, Rina Zeitoun
2022 Transactions on Cryptographic Hardware and Embedded Systems  
We show that our technique is particularly efficient for masking structured LWE encryption schemes such as Kyber and Saber.  ...  Masking is the main countermeasure against side-channel attacks on embedded devices.  ...  Application to ring-LWE IND-CPA decryption In this section we show how to efficiently mask the IND-CPA decryption of ring-LWE schemes.  ... 
doi:10.46586/tches.v2022.i2.1-40 fatcat:55fvr47bzvaitccbslepzgbodq

Secure Number Theoretic Transform and Speed Record for Ring-LWE Encryption on Embedded Processors [chapter]

Hwajeong Seo, Zhe Liu, Taehwan Park, Hyeokchan Kwon, Sokjoon Lee, Howon Kim
2018 Lecture Notes in Computer Science  
Compact implementations of the ring variant of the Learning with Errors (Ring-LWE) on the embedded processors have been actively studied due to potential quantum threats.  ...  Various Ring-LWE implementation works mainly focused on optimization techniques to reduce the execution timing and memory consumptions for high availability.  ...  In Ring-LWE problem, elements a, s and t are polynomials in the ring R q . Ring-LWE encryption scheme proposed by Lyubashevshy et al. was later optimized in [20] . Roy et al.'  ... 
doi:10.1007/978-3-319-78556-1_10 fatcat:sqzb33a3grfmnf7mxt6zcyovfu

On-sky verification of Fast and Furious focal-plane wavefront sensing: Moving forward toward controlling the island effect at Subaru/SCExAO [article]

Steven P. Bos, Sébastien Vievard, Michael J. Wilby, Frans Snik, Julien Lozi, Olivier Guyon, Barnaby R.M. Norris, Nemanja Jovanovic, Frantz Martinache, Jean-François Sauvage, Christoph U. Keller
2020 arXiv   pre-print
This is referred to as the low-wind effect (LWE). The LWE severely distorts the point spread function (PSF), significantly lowering the Strehl ratio and degrading the contrast.  ...  The performance of the algorithm was evaluated by two metrics based on the PSF quality: 1) the Strehl ratio approximation (SRA), and 2) variance of the normalized first Airy ring (VAR).  ...  The first Airy ring was broken up into three bright lobes, a typical signature of the LWE.  ... 
arXiv:2005.12097v1 fatcat:3vkwj2xm7ne5jm76wd4542epfi

Low Wind Effect on VLT/SPHERE : impact, mitigation strategy, and results

Julien Milli, Markus Kasper, Pierre Bourget, Cyril Pannetier, David Mouillet, Jean-Francois Sauvage, Claudia Reyes, Thierry Fusco, Faustine Cantalloube, Konrad Tristram, Zahed Wahhaj, Jean-Luc Beuzit (+4 others)
2018 arXiv   pre-print
Vievard for providing information on the LWE and spiders properties on Gemini South, Magellan, Keck and Subaru telescopes respectively. He thanks P.  ...  Figueira for interesting discussion on statistical estimators of the LWE occurence rate. Last but not least, he thanks J. Smoker for his careful english language editing.  ...  Figure 5 . 5 Top: Phase maps captured with the Zernike phase mask during the LWE night of October 8 2014 at three different telescope pointings.  ... 
arXiv:1806.05370v3 fatcat:pldinhnyzjci3kuk3kzctflq3m

Post-quantum Key Exchange for the Internet and the Open Quantum Safe Project [chapter]

Douglas Stebila, Michele Mosca
2017 Lecture Notes in Computer Science  
We review two protocols for quantum-resistant key exchange based on lattice problems: BCNS15, based on the ring learning with errors problem, and Frodo, based on the learning with errors problem.  ...  Acknowledgements Research on LWE and ring-LWE based key exchange discussed in this paper includes joint work with Joppe W.  ...  is the decision ring-LWE problem.  ... 
doi:10.1007/978-3-319-69453-5_2 fatcat:lhen3goh6rb4nft6ui6p4gjuoa

Chosen Ciphertext k-Trace Attacks on Masked CCA2 Secure Kyber

Mike Hamburg, Julius Hermelink, Robert Primas, Simona Samardjiska, Thomas Schamberger, Silvan Streit, Emanuele Strieder, Christine Van Vredendaal
2021 Transactions on Cryptographic Hardware and Embedded Systems  
First, we present a method for crafting ring/module-LWE ciphertexts that result in sparse polynomials at the input of inverse NTT computations, independent of the used private key.  ...  The effectiveness of our attack is shown on the use-case of CCA2 secure Kyber k-module-LWE, where k ∈ {2, 3, 4}.  ...  Therefore, we consider a masked implementation that follows the generic ring-LWE masking strategy from [RRdC + 16, OSPG18], which is also summarized in Section 2.4.  ... 
doi:10.46586/tches.v2021.i4.88-113 fatcat:4iq6qpbalbbvbdtff47k3dv4sm

Efficient Parallel Implementation of Matrix Multiplication for Lattice-Based Cryptography on Modern ARM Processor

Taehwan Park, Hwajeong Seo, Junsub Kim, Haeryong Park, Howon Kim
2018 Security and Communication Networks  
[22] proposed practical CCA2secure and masking Ring-LWE implementation in an ARM Cortex-M4F environment. They implemented masked PRNG (SHAKE-128) for a countermeasure of a side-channel attack.  ...  However, RLizard.CCA and RLizard.KEM have four types of parameter sets: RING CATEGORY1, RING CATEGORY3 N1024, RING CATEGORY3 N2048, and RING CATEGORY5.  ... 
doi:10.1155/2018/7012056 fatcat:a5aapx5yvjh5tl6f6vrnrn4iem
« Previous Showing results 1 — 15 out of 345 results