Paper 2024/1149
Improved High-Order Masked Generation of Masking Vector and Rejection Sampling in Dilithium
Abstract
In this work, we introduce enhanced high-order masking techniques tailored for Dilithium, the post-quantum signature scheme recently standardized by NIST. We improve the masked generation of the masking vector $\vec{y}$, based on a fast Boolean-to-arithmetic conversion modulo $q$. We also describe an optimized gadget for the high-order masked rejection sampling, with a complexity independent from the size of the modulus $q$. We prove the security of our gadgets in the classical ISW $t$-probing model. Finally, we detail our open-source C implementation of these gadgets integrated into a fully masked Dilithium implementation, and provide an efficiency comparison with previous works.
Metadata
- Available format(s)
-
PDF
- Category
- Implementation
- Publication info
- A minor revision of an IACR publication in TCHES 2024
- Keywords
- Side-channel countermeasuremaskinglattice-based signatures.
- Contact author(s)
-
jscoron @ gmail com
francois gerard @ uni lu
tlepoint @ amazon com
matthias trannoy @ idemia com
rina zeitoun @ idemia com - History
- 2024-07-19: approved
- 2024-07-15: received
- See all versions
- Short URL
- https://ia.cr/2024/1149
- License
-
CC BY
BibTeX
@misc{cryptoeprint:2024/1149,
author = {Jean-Sébastien Coron and François Gérard and Tancrède Lepoint and Matthias Trannoy and Rina Zeitoun},
title = {Improved High-Order Masked Generation of Masking Vector and Rejection Sampling in Dilithium},
howpublished = {Cryptology ePrint Archive, Paper 2024/1149},
year = {2024},
note = {\url{https://eprint.iacr.org/2024/1149}},
url = {https://eprint.iacr.org/2024/1149}
}
