Paper 2016/1109
Practical CCA2-Secure and Masked Ring-LWE Implementation
Tobias Oder and Tobias Schneider and Thomas Pöppelmann and Tim Güneysu
Abstract
In this work we provide the first practical instantiation of ring-LWE-based public-key encryption that is protected against active attacks (i.e., adaptive chosen-ciphertext attacks) and equipped with countermeasures against side-channel attacks (masking and hiding). We propose a novel provably first-order secure masking scheme that outperforms previous work and we combine this masking approach with blinding and shuffing techniques to further thwart higher-order attacks. Our work shows that extremely fast and secured implementations of postquantum public-key encryption are possible on constrained devices and we give evidence that ring-LWE-based schemes are highly suitable for implementations on smart cards due to the large amount of linear operations. Even with conservative parameter choices (n = 1024; q = 12289) for ring-LWE encryption we obtain 243 bits of quantum security based on a recently established model. Our implementation requires 1,222,054 cycles for encryption and 2,372,242 cycles for decryption with masking and hiding countermeasures on a Cortex-M4F. Furthermore, the first-order security of our masked implementation is practically verified using the non-specific t-test evaluation methodology.
Metadata
- Available format(s)
- Category
- Public-key cryptography
- Publication info
- Preprint. MINOR revision.
- Keywords
- CCA2-securitylattice-based cryptographypost-qunatumimplementationARM Cortex-M4masking
- Contact author(s)
- tobias oder @ rub de
- History
- 2018-01-23: last of 3 revisions
- 2016-11-25: received
- See all versions
- Short URL
- https://ia.cr/2016/1109
- License
-
CC BY