Paper 2022/1188

High-order masking of NTRU

Jean-Sebastien Coron, University of Luxembourg
François Gérard, University of Luxembourg
Matthias Trannoy, IDEMIA
Rina Zeitoun, IDEMIA
Abstract

The main protection against side-channel attacks consists in computing every function with multiple shares via the masking countermeasure. While the masking countermeasure was originally developed for securing block-ciphers such as AES, the protection of lattice-based cryptosystems is often more challenging, because of the diversity of the underlying algorithms. In this paper, we introduce new gadgets for the high-order masking of the NTRU cryptosystem, with security proofs in the classical ISW probing model. We then describe the first fully masked implementation of the NTRU Key Encapsulation Mechanism submitted to NIST, including the key generation. To assess the practicality of our countermeasures, we provide a concrete implementation on ARM Cortex-M3 architecture, and eventually a t-test leakage evaluation.

Metadata
Available format(s)
PDF
Category
Implementation
Publication info
A minor revision of an IACR publication in TCHES 2023
Keywords
High-order maskinglattice-based cryptographyNTRU
Contact author(s)
jean-sebastien coron @ uni lu
francois gerard @ uni lu
matthias trannoy @ idemia com
rina zeitoun @ idemia com
History
2023-05-21: last of 2 revisions
2022-09-09: received
See all versions
Short URL
https://ia.cr/2022/1188
License
Creative Commons Attribution
CC BY

BibTeX 

@misc{cryptoeprint:2022/1188,
      author = {Jean-Sebastien Coron and François Gérard and Matthias Trannoy and Rina Zeitoun},
      title = {High-order masking of NTRU},
      howpublished = {Cryptology ePrint Archive, Paper 2022/1188},
      year = {2022},
      note = {\url{https://eprint.iacr.org/2022/1188}},
      url = {https://eprint.iacr.org/2022/1188}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.