Paper 2022/707
Efficiently Masking Polynomial Inversion at Arbitrary Order
, Ruhr University Bochum, Ruhr University Bochum, German Research Centre for Artificial Intelligence, Ruhr University Bochum, Ruhr University Bochum, German Research Centre for Artificial IntelligenceAbstract
Physical side-channel analysis poses a huge threat to post-quantum cryptographic schemes implemented on embedded devices. Still, secure implementations are missing for many schemes. In this paper, we present an efficient solution for masked polynomial inversion, a main component of the key generation of multiple post-quantum KEMs. For this, we introduce a polynomial-multiplicative masking scheme with efficient arbitrary order conversions from and to additive masking. Furthermore, we show how to integrate polynomial inversion and multiplication into the masking schemes to reduce costs considerably. We demonstrate the performance of our algorithms for two different post-quantum cryptographic schemes on the Cortex-M4. For NTRU, we measure an overhead of 35% for the first-order masked inversion compared to the unmasked inversion while for BIKE the overhead is as little as 11%. Lastly, we verify the security of our algorithms for the first masking order by measuring and performing a TVLA based side-channel analysis.
Metadata
- Available format(s)
-
PDF
- Category
- Implementation
- Publication info
- Preprint.
- Keywords
- PQC Masking Polynomial Inversion Higher-order Masking
- Contact author(s)
-
markus krausz @ rub de
georg land @ rub de
jan richter-brockmann @ rub de
tim gueneysu @ rub de - History
- 2022-06-06: approved
- 2022-06-03: received
- See all versions
- Short URL
- https://ia.cr/2022/707
- License
-
CC0
BibTeX
@misc{cryptoeprint:2022/707,
author = {Markus Krausz and Georg Land and Jan Richter-Brockmann and Tim Güneysu},
title = {Efficiently Masking Polynomial Inversion at Arbitrary Order},
howpublished = {Cryptology {ePrint} Archive, Paper 2022/707},
year = {2022},
url = {https://eprint.iacr.org/2022/707}
}
