International Association for Cryptologic Research

International Association
for Cryptologic Research

CryptoDB

Practical CCA2-Secure and Masked Ring-LWE Implementation

Authors:
Tobias Oder , Horst Görtz Institute for IT Security, Ruhr-Universität Bochum
Tobias Schneider , ICTEAM/ELEN/Crypto Group, Université Catholique de Louvain
Thomas Pöppelmann , Infineon Technologies AG
Tim Güneysu , Horst Görtz Institute for IT Security, Ruhr-Universität Bochum; DFKI
Download:
DOI: 10.13154/tches.v2018.i1.142-174
URL: https://tches.iacr.org/index.php/TCHES/article/view/836
Search ePrint
Search Google
Abstract: During the last years public-key encryption schemes based on the hardness of ring-LWE have gained significant popularity. For real-world security applications assuming strong adversary models, a number of practical issues still need to be addressed. In this work we thus present an instance of ring-LWE encryption that is protected against active attacks (i.e., adaptive chosen-ciphertext attacks) and equipped with countermeasures against side-channel analysis. Our solution is based on a postquantum variant of the Fujisaki-Okamoto (FO) transform combined with provably secure first-order masking. To protect the key and message during decryption, we developed a masked binomial sampler that secures the re-encryption process required by FO. Our work shows that CCA2-secured RLWE-based encryption can be achieved with reasonable performance on constrained devices but also stresses that the required transformation and handling of decryption errors implies a performance overhead that has been overlooked by the community so far. With parameters providing 233 bits of quantum security, our implementation requires 4,176,684 cycles for encryption and 25,640,380 cycles for decryption with masking and hiding countermeasures on a Cortex-M4F. The first-order security of our masked implementation is also practically verified using the non-specific t-test evaluation methodology.
Video from TCHES 2018
BibTeX
@article{tches-2018-28964,
  title={Practical CCA2-Secure and Masked Ring-LWE Implementation},
  journal={Transactions on Cryptographic Hardware and Embedded Systems},
  publisher={Ruhr-Universität Bochum},
  volume={2018, Issue 1},
  pages={142-174},
  url={https://tches.iacr.org/index.php/TCHES/article/view/836},
  doi={10.13154/tches.v2018.i1.142-174},
  author={Tobias Oder and Tobias Schneider and Thomas Pöppelmann and Tim Güneysu},
  year=2018
}