Paper 2021/1615

High-order Polynomial Comparison and Masking Lattice-based Encryption

Jean-Sébastien Coron, University of Luxembourg
François Gérard, University of Luxembourg
Simon Montoya, IDEMIA
Rina Zeitoun, IDEMIA
Abstract

The main protection against side-channel attacks consists in computing every function with multiple shares via the masking countermeasure. For IND-CCA secure lattice-based encryption schemes, the masking of the decryption algorithm requires the high-order computation of a polynomial comparison. In this paper, we describe and evaluate a number of different techniques for such high-order comparison, always with a security proof in the ISW probing model. As an application, we describe the full high-order masking of the NIST finalists Kyber and Saber, with a concrete implementation.

Metadata
Available format(s)
PDF
Category
Implementation
Publication info
A minor revision of an IACR publication in TCHES 2023
Keywords
Lattice-based cryptographymasking countermeasureprobing model.
Contact author(s)
jean-sebastien coron @ uni lu
francois gerard @ uni lu
simon montoya @ idemia com
rina zeitoun @ idemia com
History
2023-05-20: last of 2 revisions
2021-12-14: received
See all versions
Short URL
https://ia.cr/2021/1615
License
Creative Commons Attribution
CC BY

BibTeX 

@misc{cryptoeprint:2021/1615,
      author = {Jean-Sébastien Coron and François Gérard and Simon Montoya and Rina Zeitoun},
      title = {High-order Polynomial Comparison and Masking Lattice-based Encryption},
      howpublished = {Cryptology {ePrint} Archive, Paper 2021/1615},
      year = {2021},
      url = {https://eprint.iacr.org/2021/1615}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.