eprint.iacr.org will be offline for approximately an hour for routine maintenance again at 10pm UTC on Wednesday, April 17.

Paper 2019/206

Fault Attack Countermeasures for Error Samplers in Lattice-Based Cryptography

James Howe, Ayesha Khalid, Marco Martinoli, Francesco Regazzoni, and Elisabeth Oswald


Lattice-based cryptography is one of the leading candidates for NIST's post-quantum standardisation effort, providing efficient key encapsulation and signature schemes. Most of these schemes base their hardness on variants of LWE, and thus rely heavily on error samplers to provide necessary uncertainty by obfuscating computations on secret information. Because of this it is a clear and obvious target for side-channel analysis, with numerous types of attacks targeting this component to gain secret-key information. In order to bring potential lattice-based cryptographic standards to practical realisation, it is important to protect these modules from past and future fault and side-channel attacks. This paper proposes countermeasures that exploit the distributions expected from these error samples, that is either Gaussian or binomial, by using statistical tests to verify the samplers are operating properly. The novel countermeasures are designed to protect against all previous fault attacks on error samplers. We optimize hardware implementation of the proposed tests to avoid division and square root calculations, however, the countermeasure we propose is sufficiently generic to be suitable also for software. We measure the impact of these countermeasures on performance and area consumption on a Xilinx Artix-7 FPGA. Our countermeasure achieve promising performance while resulting in a minimal overhead.

Available format(s)
Publication info
Published elsewhere. Major revision. IEEE ISCAS 2019
Lattice-based cryptographyfault attackscountermeasuresFPGAhardware security.
Contact author(s)
james howe @ bristol ac uk
2019-02-27: received
Short URL
Creative Commons Attribution


      author = {James Howe and Ayesha Khalid and Marco Martinoli and Francesco Regazzoni and Elisabeth Oswald},
      title = {Fault Attack Countermeasures for Error Samplers in Lattice-Based Cryptography},
      howpublished = {Cryptology ePrint Archive, Paper 2019/206},
      year = {2019},
      note = {\url{https://eprint.iacr.org/2019/206}},
      url = {https://eprint.iacr.org/2019/206}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.