## Cryptology ePrint Archive: Report 2019/674

Polar Sampler: A Novel Bernoulli Sampler Using Polar Codes with Application to Integer Gaussian Sampling

Jiabo Wang and Cong Ling

Abstract: Cryptographic constructions based on hard lattice problems have emerged as a front runner for the standardization of post quantum public key cryptography. As the standardization process takes place, optimizing specific parts of proposed schemes, e.g., Bernoulli sampling and integer Gaussian sampling, becomes a worthwhile endeavor. In this work, we propose a novel Bernoulli sampler based on polar codes, dubbed polar sampler". The polar sampler is information theoretically optimum in the sense that the number of uniformly random bits it consumes approaches the entropy bound asymptotically. It also features quasi-linear complexity and constant-time implementation. An integer Gaussian sampler is developed using multilevel polar samplers. Our algorithm becomes effective when sufficiently many samples are required at each query to the sampler. Security analysis is given based on Kullback-Leibler divergence and Rényi divergence. Experimental and asymptotic comparisons between our integer Gaussian sampler and state-of-the-art samplers verify its efficiency in terms of entropy consumption, running time and memory cost. We envisage that the proposed Bernoulli sampler can find other applications in cryptography in addition to Gaussian sampling.

Category / Keywords: applications / Bernoulli sampling, Discrete Gaussian sampling, Polar codes, Integer lattice, Kullback-Leibler divergence, Constant-time implementation

Date: received 6 Jun 2019, last revised 10 Jan 2022

Contact author: wangjiabo at mail tsinghua edu cn, c ling at imperial ac uk

Available format(s): PDF | BibTeX Citation

Note: Constant-time analysis in Section 6.1 and Appendix B is improved.

Short URL: ia.cr/2019/674

[ Cryptology ePrint archive ]