Paper 2024/1149

Improved High-Order Masked Generation of Masking Vector and Rejection Sampling in Dilithium

Jean-Sébastien Coron, University of Luxembourg
François Gérard, University of Luxembourg
Tancrède Lepoint, Amazon Web Services
Matthias Trannoy, Idemia, Courbevoie, France
Rina Zeitoun, Idemia, Courbevoie, France
Abstract

In this work, we introduce enhanced high-order masking techniques tailored for Dilithium, the post-quantum signature scheme recently standardized by NIST. We improve the masked generation of the masking vector $\vec{y}$, based on a fast Boolean-to-arithmetic conversion modulo $q$. We also describe an optimized gadget for the high-order masked rejection sampling, with a complexity independent from the size of the modulus $q$. We prove the security of our gadgets in the classical ISW $t$-probing model. Finally, we detail our open-source C implementation of these gadgets integrated into a fully masked Dilithium implementation, and provide an efficiency comparison with previous works.

Metadata
Available format(s)
PDF
Category
Implementation
Publication info
A minor revision of an IACR publication in TCHES 2024
Keywords
Side-channel countermeasuremaskinglattice-based signatures.
Contact author(s)
jscoron @ gmail com
francois gerard @ uni lu
tlepoint @ amazon com
matthias trannoy @ idemia com
rina zeitoun @ idemia com
History
2024-11-06: revised
2024-07-15: received
See all versions
Short URL
https://ia.cr/2024/1149
License
Creative Commons Attribution
CC BY

BibTeX 

@misc{cryptoeprint:2024/1149,
      author = {Jean-Sébastien Coron and François Gérard and Tancrède Lepoint and Matthias Trannoy and Rina Zeitoun},
      title = {Improved High-Order Masked Generation of Masking Vector and Rejection Sampling in Dilithium},
      howpublished = {Cryptology {ePrint} Archive, Paper 2024/1149},
      year = {2024},
      url = {https://eprint.iacr.org/2024/1149}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.