Filters








109 Hits in 5.5 sec

Rounded Gaussians [chapter]

Andreas Hülsing, Tanja Lange, Kit Smeets
2018 Lecture Notes in Computer Science  
This paper suggests to use rounded Gaussians in place of discrete Gaussians in rejection-sampling-based lattice signature schemes like BLISS.  ...  We show that this distribution can efficiently be sampled from while additionally making it easy to sample in constant time, systematically avoiding recent timing-based side-channel attacks on lattice-based  ...  We present a constant-time implementation of rounded Gaussians suitable for the BLISS-I parameter set and show that it is more than twice as fast as a sampler based on cumulative distribution tables (CDT  ... 
doi:10.1007/978-3-319-76581-5_25 fatcat:pvokbzzg4vekrbrtdnnta6xgbm

Sapphire: A Configurable Crypto-Processor for Post-Quantum Lattice-based Protocols [article]

Utsav Banerjee and Tenzin S. Ukyab and Anantha P. Chandrakasan
2019 arXiv   pre-print
Sapphire can be programmed with custom instructions for polynomial arithmetic and sampling, and it is coupled with a low-power RISC-V micro-processor to demonstrate NIST Round 2 lattice-based CCA-secure  ...  All key building blocks of Sapphire are constant-time and secure against timing and simple power analysis side-channel attacks.  ...  Acknowledgements The authors would like to thank Texas Instruments for funding this work, the TSMC University Shuttle Program for chip fabrication support, and Bluespec, Xilinx, Cadence, Synopsys and Mentor  ... 
arXiv:1910.07557v1 fatcat:suymd56szfe5fas2vxncdbu5h4

Software Speed Records for Lattice-Based Signatures [chapter]

Tim Güneysu, Tobias Oder, Thomas Pöppelmann, Peter Schwabe
2013 Lecture Notes in Computer Science  
The most critical issue on the construction of such cryptosystems is to achieve security and practicability at the same time.  ...  Recently, lattice-based constructions were proposed that combine both properties, such as the lattice-based digital signature scheme presented at CHES 2012.  ...  Acknowledgments We would like to thank Michael Schneider, Vadim Lyubashevsky, and the anonymous reviewers for their helpful comments.  ... 
doi:10.1007/978-3-642-38616-9_5 fatcat:fzfoq3pvjrdlhcno2sx2nnxz4i

Fast Number Theoretic Transform for Ring-LWE on 8-bit AVR Embedded Processor

Hwajeong Seo, Hyeokdong Kwon, Yongbeen Kwon, Kyungho Kim, Seungju Choi, Hyunjun Kim, Kyoungbae Jang
2020 Sensors  
We focused on the optimized modular multiplication with secure countermeasure (i.e., constant timing), which ensures high performance and prevents timing attack and simple power analysis.  ...  For the encryption of 256-bit security level, 1,430,601 and 2,042,474 clock cycles are required for H/W and S/W AES-based implementations, respectively.  ...  Discrete Gaussian Sampling Discrete Gaussian sampling is an important part of Ring-LWE scheme. For the fast sampling method, we adopted the Knuth-Yao sampler method with byte-scanning [28, 35] .  ... 
doi:10.3390/s20072039 pmid:32260497 fatcat:lhyenpnuyre75jthlklvyumyr4

Fast Discretized Gaussian Sampling and Post-quantum TLS Ciphersuite [chapter]

Xinwei Gao, Lin Li, Jintai Ding, Jiqiang Liu, R. V. Saraswathy, Zhe Liu
2017 Lecture Notes in Computer Science  
LWE/RLWE-based cryptosystems require sampling error term from discrete Gaussian distribution.  ...  In this paper, we introduce a more efficient discretized Gaussian sampler based on ziggurat sampling algorithm.  ...  Our Fast Discretized Gaussian Sampling and Statistical Quality Analysis Our sampler is designed directly based on original ziggurat sampling algorithm, which is designed for continuous Gaussian distribution  ... 
doi:10.1007/978-3-319-72359-4_33 fatcat:ab6jit5mzfhoha6s4opyl37zgy

Gaussian Sampling over the Integers: Efficient, Generic, Constant-Time [chapter]

Daniele Micciancio, Michael Walter
2017 Lecture Notes in Computer Science  
We present new algorithms for discrete Gaussian sampling that are both generic (application independent), efficient, and more easily implemented in constant time without incurring a substantial slow-down  ...  Sampling integers with Gaussian distribution is a fundamental problem that arises in almost every application of lattice cryptography, and it can be both time consuming and challenging to implement.  ...  Acknowledgment We thank the authors of [10] for providing the source code of their implementation of different discrete Gaussian samplers.  ... 
doi:10.1007/978-3-319-63715-0_16 fatcat:z4d7lkqllnhnfeggaz5q4gu3gu

Fast and Power-Analysis Resistant Ring Lizard Crypto-processor based on the Sparse Ternary Property

Piljoo Choi, Ji-Hoon Kim, Dong Kyue Kim
2019 IEEE Access  
however, in this paper, we present the RLizard crypto-processor with the improved processing speed and security level against power analysis attacks.  ...  In addition, our idea can be applied to other ideal-lattice-based cryptosystems using a sparse binary or ternary polynomial, such as NTRU and Round5.  ...  ACKNOWLEDGMENT The authors would like to thank Jae Hong Seo at Hanyang University and Mun-Kyu Lee at Inha University, who gave us comments and reviewed this manuscript.  ... 
doi:10.1109/access.2019.2929299 fatcat:fv37mmw6pzfv7lqxd6jfs43hru

Faster Gaussian Sampling for Trapdoor Lattices with Arbitrary Modulus [chapter]

Nicholas Genise, Daniele Micciancio
2018 Lecture Notes in Computer Science  
We present improved algorithms for gaussian preimage sampling using the lattice trapdoors of (Micciancio and Peikert, CRYPTO 2012).  ...  As an additional contribution, we give a new, quasi-linear time algorithm for the off-line perturbation sampling phase of MP12 in the ring setting.  ...  Acknowledgment We thank Léo Ducas, Yuriy Polyakov, Kurt Rohloff, and Michael Walter for their helpful discussions as well as the anonymous reviewers for their helpful feedback and suggestions.  ... 
doi:10.1007/978-3-319-78381-9_7 fatcat:6gq4fd5tffc63bxtr6yo3xhsy4

Arithmetic coding and blinding countermeasures for lattice signatures

Markku-Juhani O. Saarinen
2017 Journal of Cryptographic Engineering  
We describe new arithmetic coding techniques and side-channel blinding countermeasures for lattice-based cryptography.  ...  Arithmetic Coding offers an information theoretically optimal compression for stationary and memoryless sources, such as the discrete Gaussian distributions often present in lattice-based cryptography.  ...  Cryptographically secure sampling is required by many Lattice-based cryptographic algorithms; see [9] for an overview.  ... 
doi:10.1007/s13389-017-0149-6 fatcat:3kksn6fy7ngcthlrlusgooubvi

Practical Signatures from the Partial Fourier Recovery Problem [chapter]

Jeff Hoffstein, Jill Pipher, John M. Schanck, Joseph H. Silverman, William Whyte
2014 Lecture Notes in Computer Science  
Although the scheme is not supported by a formal security reduction, we present extensive arguments for its security and derive concrete parameters based on the performance of state of the art lattice  ...  We present PASSSign, a variant of the prior PASS and PASS-2 proposals, as a candidate for a practical post-quantum signature scheme.  ...  Full decoupling of secret keys from transcripts was a difficult barrier for the construction of secure lattice based signature schemes, and more so for the construction of efficient schemes.  ... 
doi:10.1007/978-3-319-07536-5_28 fatcat:ubnquz6qcbd27ffc6pc44alxyi

Post-quantum Key Exchange for the Internet and the Open Quantum Safe Project [chapter]

Douglas Stebila, Michele Mosca
2017 Lecture Notes in Computer Science  
We review two protocols for quantum-resistant key exchange based on lattice problems: BCNS15, based on the ring learning with errors problem, and Frodo, based on the learning with errors problem.  ...  We discuss their security and performance characteristics, both on their own and in the context of the Transport Layer Security (TLS) protocol.  ...  Acknowledgements Research on LWE and ring-LWE based key exchange discussed in this paper includes joint work with Joppe W.  ... 
doi:10.1007/978-3-319-69453-5_2 fatcat:lhen3goh6rb4nft6ui6p4gjuoa

Revisiting and Evaluating Software Side-channel Vulnerabilities and Countermeasures in Cryptographic Applications [article]

Tianwei Zhang and Jun Jiang and Yinqian Zhang
2019 arXiv   pre-print
Based on these characterizations and evaluations, we offer some insights for side-channel researchers, cryptographic software developers and users.  ...  We then evaluate popular libraries and applications, quantitatively measuring and comparing the vulnerability severity, response time and coverage.  ...  Different types of post-quantum algorithms were designed for public key infrastructure, e.g., hash-based, lattice-based and multivariate cryptography.  ... 
arXiv:1911.09312v2 fatcat:o4am4aurlfajjkj7nuz3kbso6y

Efficient Identity-Based Encryption over NTRU Lattices [chapter]

Léo Ducas, Vadim Lyubashevsky, Thomas Prest
2014 Lecture Notes in Computer Science  
In this work, we show that using a particular distribution over NTRU lattices can make GPV-based schemes suitable for practice.  ...  The main reason for this limitation is that at the core of many advanced lattice primitives is a trapdoor sampling algorithm (Gentry, Peikert, Vaikuntanathan, STOC 2008) that produced outputs that were  ...  Acknowledgments The authors wish to thank David Xiao and Aurore Guillevic for helpful conversations, as well as the anonymous Asiacrypt'14 reviewers.  ... 
doi:10.1007/978-3-662-45608-8_2 fatcat:rlfi7asddng2pho3o4s6le4azi

Post-Quantum Cryptography: Challenges and Opportunities for Robust and Secure HW Design

Davide Bellizia, Nadia El Mrabet, Apostolos P. Fournaris, Simon Pontie, Francesco Regazzoni, Francois-Xavier Standaert, Elise Tasso, Emanuele Valea
2021 2021 IEEE International Symposium on Defect and Fault Tolerance in VLSI and Nanotechnology Systems (DFT)  
In this paper, we introduce the fundamentals of PQC, with a focus on lattice-based cryptography and its hardware security issues, namely side-channel and fault-based attacks.  ...  The definition the PQC standards is an on going process proceeding at a fast pace, involving new and largely unexplored cryptographic primitives.  ...  Timing side channel have also been used to attack efficient implementations of discrete Gaussian samplers based on lookup tables.  ... 
doi:10.1109/dft52944.2021.9568301 fatcat:n5dg4bfffvhh7msczlqcel7wiq

Parameterized Hardware Accelerators for Lattice-Based Cryptography and Their Application to the HW/SW Co-Design of qTESLA

Wen Wang, Shanquan Tian, Bernhard Jungk, Nina Bindel, Patrick Longa, Jakub Szefer
2020 Transactions on Cryptographic Hardware and Embedded Systems  
Gaussian sampler, and a pipelined NTT-based polynomial multiplier, among others.  ...  Unlike much of prior work, the accelerators are fully open-sourced, are designed to be constant-time, and can be parameterized at compile-time to support different parameters without the need for re-writing  ...  Acknowledgments We would like to thank the reviewers and the shepherd for their useful feedback. Nina Bindel was supported by the NSERC Discovery Accelerator Supplement grant RGPIN-2016-05146.  ... 
doi:10.13154/tches.v2020.i3.269-306 dblp:journals/tches/WangTJBLS20 fatcat:ztxzwdv3jvenfa7p7mhkxolyye
« Previous Showing results 1 — 15 out of 109 results