International Association for Cryptologic Research

International Association
for Cryptologic Research

CryptoDB

Efficiently Masking Binomial Sampling at Arbitrary Orders for Lattice-Based Crypto

Authors:
Tobias Schneider
Clara Paglialonga
Tobias Oder
Tim Güneysu
Download:
DOI: 10.1007/978-3-030-17259-6_18
Search ePrint
Search Google
Conference: PKC 2019
Abstract: With the rising popularity of lattice-based cryptography, the Learning with Errors (LWE) problem has emerged as a fundamental core of numerous encryption and key exchange schemes. Many LWE-based schemes have in common that they require sampling from a discrete Gaussian distribution which comes with a number of challenges for the practical instantiation of those schemes. One of these is the inclusion of countermeasures against a physical side-channel adversary. While several works discuss the protection of samplers against timing leaks, only few publications explore resistance against other side-channels, e.g., power. The most recent example of a protected binomial sampler (as used in key encapsulation mechanisms to sufficiently approximate Gaussian distributions) from CHES 2018 is restricted to a first-order adversary and cannot be easily extended to higher protection orders.In this work, we present the first protected binomial sampler which provides provable security against a side-channel adversary at arbitrary orders. Our construction relies on a new conversion between Boolean and arithmetic (B2A) masking schemes for prime moduli which outperforms previous algorithms significantly for the relevant parameters, and is paired with a new masked bitsliced sampler allowing secure and efficient sampling even at larger protection orders. Since our proposed solution supports arbitrary moduli, it can be utilized in a large variety of lattice-based constructions, like NewHope, LIMA, Saber, Kyber, HILA5, or Ding Key Exchange.
BibTeX
@inproceedings{pkc-2019-29312,
  title={Efficiently Masking Binomial Sampling at Arbitrary Orders for Lattice-Based Crypto},
  booktitle={Public-Key Cryptography – PKC 2019},
  series={Lecture Notes in Computer Science},
  publisher={Springer},
  volume={11443},
  pages={534-564},
  doi={10.1007/978-3-030-17259-6_18},
  author={Tobias Schneider and Clara Paglialonga and Tobias Oder and Tim Güneysu},
  year=2019
}