Cryptology ePrint Archive: Report 2017/438

GLITCH: A Discrete Gaussian Testing Suite For Lattice-Based Cryptography

James Howe and Máire O'Neill

Abstract: Lattice-based cryptography is one of the most promising areas within post-quantum cryptography, and offers versatile, efficient, and high performance security services. The aim of this paper is to verify the correctness of the discrete Gaussian sampling component, one of the most important modules within lattice-based cryptography. In this paper, the GLITCH software test suite is proposed, which performs statistical tests on discrete Gaussian sampler outputs. An incorrectly operating sampler, for example due to hardware or software errors, has the potential to leak secret-key information and could thus be a potential attack vector for an adversary. Moreover, statistical test suites are already common for use in pseudo-random number generators (PRNGs), and as lattice-based cryptography becomes more prevalent, it is important to develop a method to test the correctness and randomness for discrete Gaussian sampler designs. Additionally, due to the theoretical requirements for the discrete Gaussian distribution within lattice-based cryptography, certain statistical tests for distribution correctness become unsuitable, therefore a number of tests are surveyed. The final GLITCH test suite provides 11 adaptable statistical analysis tests that assess the exactness of a discrete Gaussian sampler, and which can be used to verify any software or hardware sampler design.

Category / Keywords: public-key cryptography / Post-quantum cryptography, lattice-based cryptography, discrete Gaussian samplers, discrete Gaussian distribution, random number generators, statistical analysis.

Original Publication (with major differences): SECRYPT 2017

Date: received 22 May 2017

Contact author: jhowe02 at qub ac uk

Available format(s): PDF | BibTeX Citation

Version: 20170522:220337 (All versions of this report)

Short URL: ia.cr/2017/438

Discussion forum: Show discussion | Start new discussion


[ Cryptology ePrint archive ]