Cryptology ePrint Archive: Report 2018/1234

FACCT: FAst, Compact, and Constant-Time Discrete Gaussian Sampler over Integers

Raymond K. Zhao and Ron Steinfeld and Amin Sakzad

Abstract: The discrete Gaussian sampler is one of the fundamental tools in implementing lattice-based cryptosystems. However, a naive discrete Gaussian sampling implementation suffers from side-channel vulnerabilities, and the existing countermeasures usually introduce significant overhead in either the running speed or the memory consumption.

In this paper, we propose a fast, compact, and constant-time implementation of the binary sampling algorithm, originally introduced in the BLISS signature scheme. Our implementation adapts the Rényi divergence and the transcendental function polynomial approximation techniques. The efficiency of our scheme is independent of the standard deviation, and we show evidence that our implementations are either faster or more compact than several existing constant-time samplers. In addition, we show the performance of our implementation techniques applied to and integrated with two existing signature schemes: qTesla and Falcon. On the other hand, the convolution theorems are typically adapted to sample from larger standard deviations, by combining samples with much smaller standard deviations. As an additional contribution, we show better parameters for the convolution theorems.

Category / Keywords: implementation / Lattice-based crypto, discrete Gaussian sampling, constant-time, implementation, efficiency

Original Publication (with minor differences): IEEE Transactions on Computers
DOI:
10.1109/TC.2019.2940949

Date: received 24 Dec 2018, last revised 24 Sep 2020

Contact author: raymond zhao at monash edu

Available format(s): PDF | BibTeX Citation

Note: Update the link to the source code.

Version: 20200925:051918 (All versions of this report)

Short URL: ia.cr/2018/1234


[ Cryptology ePrint archive ]