You are looking at a specific version 20211214:093628 of this paper. See the latest version.

Paper 2021/1615

High-order Polynomial Comparison and Masking Lattice-based Encryption

Jean-Sébastien Coron and François Gérard and Simon Montoya and Rina Zeitoun

Abstract

The main protection against side-channel attacks consists in computing every function with multiple shares via the masking countermeasure. For IND-CCA secure lattice-based encryption schemes, the masking of the decryption algorithm requires the high-order computation of a polynomial comparison. In this paper, we describe and evaluate a number of different techniques for such high-order comparison, always with a security proof in the ISW probing model. As an application, we describe the full high-order masking of the NIST finalists Kyber and Saber, with a concrete implementation.

Metadata
Available format(s)
PDF
Category
Implementation
Publication info
Preprint. MINOR revision.
Keywords
Lattice-based cryptographymasking countermeasureprobing model.
Contact author(s)
jscoron @ gmail com
History
2023-05-20: last of 2 revisions
2021-12-14: received
See all versions
Short URL
https://ia.cr/2021/1615
License
Creative Commons Attribution
CC BY
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.