Paper 2023/896
Improved Gadgets for the High-Order Masking of Dilithium
Abstract
We present novel and improved high-order masking gadgets for Dilithium, a post-quantum signature scheme that has been standardized by the National Institute of Standards and Technologies (NIST). Our proposed gadgets include the ShiftMod gadget, which is used for efficient arithmetic shifts and serves as a component in other masking gadgets. Additionally, we propose a new algorithm for Boolean-to-arithmetic masking conversion of a $\mu$-bit integer $x$ modulo any integer $q$, with a complexity that is independent of both $\mu$ and $q$. This algorithm is used in Dilithium to mask the generation of the random variable $y$ modulo $q$. Moreover, we describe improved techniques for masking the Decompose function in Dilithium. Our new gadgets are proven to be secure in the $t$-probing model. We demonstrate the effectiveness of our countermeasures by presenting a complete high-order masked implementation of Dilithium that utilizes the improved gadgets described above. We provide practical results obtained from a C implementation and compare the performance improvements provided by our new gadgets with those of previous work.
Metadata
- Available format(s)
-
PDF
- Category
- Implementation
- Publication info
- Published by the IACR in TCHES 2023
- Keywords
- Lattice-based signaturesDilithiumside-channel masking.
- Contact author(s)
-
jean-sebastien coron @ uni lu
francois gerard @ uni lu
matthias trannoy @ idemia com
rina zeitoun @ idemia com - History
- 2023-07-13: revised
- 2023-06-09: received
- See all versions
- Short URL
- https://ia.cr/2023/896
- License
-
CC BY
BibTeX
@misc{cryptoeprint:2023/896,
author = {Jean-Sébastien Coron and François Gérard and Matthias Trannoy and Rina Zeitoun},
title = {Improved Gadgets for the High-Order Masking of Dilithium},
howpublished = {Cryptology ePrint Archive, Paper 2023/896},
year = {2023},
note = {\url{https://eprint.iacr.org/2023/896}},
url = {https://eprint.iacr.org/2023/896}
}
