A masked ring-LWE implementation

Research output: Chapter in Book/Report/Conference proceedingConference contribution


Colleges, School and Institutes

External organisations

  • Catholic University of Leuven


Lattice-based cryptography has been proposed as a postquantum public-key cryptosystem. In this paper, we present a masked ring-LWE decryption implementation resistant to first-order side-channel attacks. Our solution has the peculiarity that the entire computation is performed in the masked domain. This is achieved thanks to a new, bespoke masked decoder implementation. The output of the ring-LWE decryption are Boolean shares suitable for derivation of a symmetric key. We have implemented a hardware architecture of the masked ring-LWE processor on a Virtex-II FPGA, and have performed side channel analysis to confirm the soundness of our approach. The area of the protected architecture is around 2000 LUTs, a 20% increase with respect to the unprotected architecture. The protected implementation takes 7478 cycles to compute, which is only a factor ×2. 6 larger than the unprotected implementation.


Original languageEnglish
Title of host publicationCryptographic Hardware and Embedded Systems - CHES 2015
Subtitle of host publication17th International Workshop Saint-Malo, France, September 13–16, 2015 Proceedings
EditorsTim Güneysu, Helena Handschuh
Publication statusPublished - 1 Sep 2015
EventInternational Workshop on Cryptographic Hardware and Embedded Systems, CHES 2015 - Saint-Malo, France
Duration: 13 Sep 201516 Sep 2015

Publication series

NameLecture Notes in Computer Science
ISSN (Print)0302-9743
ISSN (Electronic)1611-3349


ConferenceInternational Workshop on Cryptographic Hardware and Embedded Systems, CHES 2015