Cryptology ePrint Archive: Report 2015/724

A masked ring-LWE implementation

Oscar Reparaz and Sujoy Sinha Roy and Frederik Vercauteren and Ingrid Verbauwhede

Abstract: Lattice-based cryptography has been proposed as a postquantum public-key cryptosystem. In this paper, we present a masked ring-LWE decryption implementation resistant to first-order side-channel attacks. Our solution has the peculiarity that the entire computation is performed in the masked domain. This is achieved thanks to a new, bespoke masked decoder implementation. The output of the ring-LWE decryption are Boolean shares suitable for derivation of a symmetric key. We have implemented a hardware architecture of the masked ring-LWE processor on a Virtex-II FPGA, and have performed side channel analysis to confirm the soundness of our approach. The area of the protected architecture is around $2000$ LUTs, a $20\%$ increase with respect to the unprotected architecture. The protected implementation takes $7478$ cycles to compute, which is only a factor $\times2.6$ larger than the unprotected implementation.

Category / Keywords: implementation / post-quantum cryptography, lattice-based cryptography, ring-LWE, masking, side-channel analysis, DPA

Original Publication (with minor differences): IACR-CHES-2015

Date: received 20 Jul 2015

Contact author: oscar reparaz at esat kuleuven be

Available format(s): PDF | BibTeX Citation

Version: 20150721:065224 (All versions of this report)

Short URL:

Discussion forum: Show discussion | Start new discussion

[ Cryptology ePrint archive ]