Paper 2015/724

A masked ring-LWE implementation

Oscar Reparaz, Sujoy Sinha Roy, Frederik Vercauteren, and Ingrid Verbauwhede

Abstract

Lattice-based cryptography has been proposed as a postquantum public-key cryptosystem. In this paper, we present a masked ring-LWE decryption implementation resistant to first-order side-channel attacks. Our solution has the peculiarity that the entire computation is performed in the masked domain. This is achieved thanks to a new, bespoke masked decoder implementation. The output of the ring-LWE decryption are Boolean shares suitable for derivation of a symmetric key. We have implemented a hardware architecture of the masked ring-LWE processor on a Virtex-II FPGA, and have performed side channel analysis to confirm the soundness of our approach. The area of the protected architecture is around $2000$ LUTs, a $20\%$ increase with respect to the unprotected architecture. The protected implementation takes $7478$ cycles to compute, which is only a factor $\times2.6$ larger than the unprotected implementation.

Metadata
Available format(s)
PDF
Category
Implementation
Publication info
A minor revision of an IACR publication in Ches 2015
Keywords
post-quantum cryptographylattice-based cryptographyring-LWEmaskingside-channel analysisDPA
Contact author(s)
oscar reparaz @ esat kuleuven be
History
2015-07-21: received
Short URL
https://ia.cr/2015/724
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2015/724,
      author = {Oscar Reparaz and Sujoy Sinha Roy and Frederik Vercauteren and Ingrid Verbauwhede},
      title = {A masked ring-LWE implementation},
      howpublished = {Cryptology ePrint Archive, Paper 2015/724},
      year = {2015},
      note = {\url{https://eprint.iacr.org/2015/724}},
      url = {https://eprint.iacr.org/2015/724}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.