You are looking at a specific version 20181017:145402 of this paper. See the latest version.

Paper 2018/381

Masking the GLP Lattice-Based Signature Scheme at Any Order

Gilles Barthe and Sonia Belaïd and Thomas Espitau and Pierre-Alain Fouque and Benjamin Grégoire and Mélissa Rossi and Mehdi Tibouchi

Abstract

Recently, numerous physical attacks have been demonstrated against lattice-based schemes, often exploiting their unique properties such as the reliance on Gaussian distributions, rejection sampling and FFT-based polynomial multiplication. As the call for concrete implementations and deployment of postquantum cryptography becomes more pressing, protecting against those attacks is an important problem. However, few countermeasures have been proposed so far. In particular, masking has been applied to the decryption procedure of some lattice-based encryption schemes, but the much more difficult case of signatures (which are highly non-linear and typically involve randomness) has not been considered until now. In this paper, we describe the first masked implementation of a lattice-based signature scheme. Since masking Gaussian sampling and other procedures involving contrived probability distribution would be prohibitively inefficient, we focus on the GLP scheme of Güneysu, Lyubashevsky and Pöppelmann (CHES 2012). We show how to provably mask it in the Ishai--Sahai--Wagner model (CRYPTO 2003) at any order in a relatively efficient manner, using extensions of the techniques of Coron et al for converting between arithmetic and Boolean masking. Our proof relies on a mild generalization of probing security that supports the notion of public outputs. We also provide a proof-of-concept implementation to assess the efficiency of the proposed countermeasure.

Metadata
Available format(s)
PDF
Publication info
A minor revision of an IACR publication in EUROCRYPT 2018
Keywords
Side-channelMaskinglattice-based signature
Contact author(s)
melissa rossi @ ens fr
History
2020-08-19: last of 2 revisions
2018-04-30: received
See all versions
Short URL
https://ia.cr/2018/381
License
Creative Commons Attribution
CC BY
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.