Paper 2017/1025

Rounded Gaussians -- Fast and Secure Constant-Time Sampling for Lattice-Based Crypto

Andreas Hülsing, Tanja Lange, and Kit Smeets

Abstract

This paper suggests to use rounded Gaussians in place of dis- crete Gaussians in rejection-sampling-based lattice signature schemes like BLISS. We show that this distribution can efficiently be sampled from while additionally making it easy to sample in constant time, systematically avoiding recent timing-based side-channel attacks on lattice-based signatures. We show the effectiveness of the new sampler by applying it to BLISS, prove analogues of the security proofs for BLISS, and present an implementation that runs in constant time. Our implementation needs no precomputed tables and is twice as fast as the variable-time CDT sampler posted by the BLISS authors with precomputed tables.

Metadata
Available format(s)
PDF
Category
Public-key cryptography
Publication info
Preprint. MINOR revision.
Keywords
Post-quantum cryptographylattice-based cryptographysig- naturesGaussian samplingBLISSconstant-time implementations.
Contact author(s)
c j c smeets @ xept nl
History
2017-10-25: received
Short URL
https://ia.cr/2017/1025
License
Creative Commons Attribution
CC BY

BibTeX 

@misc{cryptoeprint:2017/1025,
      author = {Andreas Hülsing and Tanja Lange and Kit Smeets},
      title = {Rounded Gaussians -- Fast and Secure Constant-Time Sampling for Lattice-Based Crypto},
      howpublished = {Cryptology {ePrint} Archive, Paper 2017/1025},
      year = {2017},
      url = {https://eprint.iacr.org/2017/1025}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.