A masked ring-LWE implementation

Oscar Reparaz; Sujoy Sinha Roy; Frederik Vercauteren; Ingrid Verbauwhede

doi:10.1007/978-3-662-48324-4_34

A masked ring-LWE implementation

Oscar Reparaz^*, Sujoy Sinha Roy, Frederik Vercauteren, Ingrid Verbauwhede

^*Corresponding author for this work

Computer Science

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

29 Citations (Scopus)

Abstract

Lattice-based cryptography has been proposed as a postquantum public-key cryptosystem. In this paper, we present a masked ring-LWE decryption implementation resistant to first-order side-channel attacks. Our solution has the peculiarity that the entire computation is performed in the masked domain. This is achieved thanks to a new, bespoke masked decoder implementation. The output of the ring-LWE decryption are Boolean shares suitable for derivation of a symmetric key. We have implemented a hardware architecture of the masked ring-LWE processor on a Virtex-II FPGA, and have performed side channel analysis to confirm the soundness of our approach. The area of the protected architecture is around 2000 LUTs, a 20% increase with respect to the unprotected architecture. The protected implementation takes 7478 cycles to compute, which is only a factor ×2. 6 larger than the unprotected implementation.

Original language	English
Title of host publication	Cryptographic Hardware and Embedded Systems - CHES 2015
Subtitle of host publication	17th International Workshop Saint-Malo, France, September 13–16, 2015 Proceedings
Editors	Tim Güneysu, Helena Handschuh
Publisher	Springer Verlag
Pages	683-702
ISBN (Electronic)	9783662483244
ISBN (Print)	9783662483237
DOIs	https://doi.org/10.1007/978-3-662-48324-4_34
Publication status	Published - 1 Sept 2015
Event	International Workshop on Cryptographic Hardware and Embedded Systems, CHES 2015 - Saint-Malo, France Duration: 13 Sept 2015 → 16 Sept 2015

Publication series

Name	Lecture Notes in Computer Science
Publisher	Springer
Volume	9293
ISSN (Print)	0302-9743
ISSN (Electronic)	1611-3349

Conference

Conference	International Workshop on Cryptographic Hardware and Embedded Systems, CHES 2015
Country/Territory	France
City	Saint-Malo
Period	13/09/15 → 16/09/15

ASJC Scopus subject areas

Theoretical Computer Science
General Computer Science

Access to Document

10.1007/978-3-662-48324-4_34

Cite this

Reparaz, O., Roy, S. S., Vercauteren, F., & Verbauwhede, I. (2015). A masked ring-LWE implementation. In T. Güneysu, & H. Handschuh (Eds.), Cryptographic Hardware and Embedded Systems - CHES 2015: 17th International Workshop Saint-Malo, France, September 13–16, 2015 Proceedings (pp. 683-702). (Lecture Notes in Computer Science ; Vol. 9293). Springer Verlag. https://doi.org/10.1007/978-3-662-48324-4_34

@inproceedings{d63910d96d444ee68dc52b89cf9b74bd,

title = "A masked ring-LWE implementation",

abstract = "Lattice-based cryptography has been proposed as a postquantum public-key cryptosystem. In this paper, we present a masked ring-LWE decryption implementation resistant to first-order side-channel attacks. Our solution has the peculiarity that the entire computation is performed in the masked domain. This is achieved thanks to a new, bespoke masked decoder implementation. The output of the ring-LWE decryption are Boolean shares suitable for derivation of a symmetric key. We have implemented a hardware architecture of the masked ring-LWE processor on a Virtex-II FPGA, and have performed side channel analysis to confirm the soundness of our approach. The area of the protected architecture is around 2000 LUTs, a 20% increase with respect to the unprotected architecture. The protected implementation takes 7478 cycles to compute, which is only a factor ×2. 6 larger than the unprotected implementation.",

author = "Oscar Reparaz and Roy, {Sujoy Sinha} and Frederik Vercauteren and Ingrid Verbauwhede",

year = "2015",

month = sep,

day = "1",

doi = "10.1007/978-3-662-48324-4_34",

language = "English",

isbn = "9783662483237",

series = "Lecture Notes in Computer Science ",

publisher = "Springer Verlag",

pages = "683--702",

editor = "Tim G{\"u}neysu and Helena Handschuh",

booktitle = "Cryptographic Hardware and Embedded Systems - CHES 2015",

note = "International Workshop on Cryptographic Hardware and Embedded Systems, CHES 2015 ; Conference date: 13-09-2015 Through 16-09-2015",

}

Reparaz, O, Roy, SS, Vercauteren, F & Verbauwhede, I 2015, A masked ring-LWE implementation. in T Güneysu & H Handschuh (eds), Cryptographic Hardware and Embedded Systems - CHES 2015: 17th International Workshop Saint-Malo, France, September 13–16, 2015 Proceedings. Lecture Notes in Computer Science , vol. 9293, Springer Verlag, pp. 683-702, International Workshop on Cryptographic Hardware and Embedded Systems, CHES 2015, Saint-Malo, France, 13/09/15. https://doi.org/10.1007/978-3-662-48324-4_34

A masked ring-LWE implementation. / Reparaz, Oscar; Roy, Sujoy Sinha; Vercauteren, Frederik et al.
Cryptographic Hardware and Embedded Systems - CHES 2015: 17th International Workshop Saint-Malo, France, September 13–16, 2015 Proceedings. ed. / Tim Güneysu; Helena Handschuh. Springer Verlag, 2015. p. 683-702 (Lecture Notes in Computer Science ; Vol. 9293).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

TY - GEN

T1 - A masked ring-LWE implementation

AU - Reparaz, Oscar

AU - Roy, Sujoy Sinha

AU - Vercauteren, Frederik

AU - Verbauwhede, Ingrid

PY - 2015/9/1

Y1 - 2015/9/1

N2 - Lattice-based cryptography has been proposed as a postquantum public-key cryptosystem. In this paper, we present a masked ring-LWE decryption implementation resistant to first-order side-channel attacks. Our solution has the peculiarity that the entire computation is performed in the masked domain. This is achieved thanks to a new, bespoke masked decoder implementation. The output of the ring-LWE decryption are Boolean shares suitable for derivation of a symmetric key. We have implemented a hardware architecture of the masked ring-LWE processor on a Virtex-II FPGA, and have performed side channel analysis to confirm the soundness of our approach. The area of the protected architecture is around 2000 LUTs, a 20% increase with respect to the unprotected architecture. The protected implementation takes 7478 cycles to compute, which is only a factor ×2. 6 larger than the unprotected implementation.

AB - Lattice-based cryptography has been proposed as a postquantum public-key cryptosystem. In this paper, we present a masked ring-LWE decryption implementation resistant to first-order side-channel attacks. Our solution has the peculiarity that the entire computation is performed in the masked domain. This is achieved thanks to a new, bespoke masked decoder implementation. The output of the ring-LWE decryption are Boolean shares suitable for derivation of a symmetric key. We have implemented a hardware architecture of the masked ring-LWE processor on a Virtex-II FPGA, and have performed side channel analysis to confirm the soundness of our approach. The area of the protected architecture is around 2000 LUTs, a 20% increase with respect to the unprotected architecture. The protected implementation takes 7478 cycles to compute, which is only a factor ×2. 6 larger than the unprotected implementation.

UR - http://www.scopus.com/inward/record.url?scp=84946053752&partnerID=8YFLogxK

U2 - 10.1007/978-3-662-48324-4_34

DO - 10.1007/978-3-662-48324-4_34

M3 - Conference contribution

AN - SCOPUS:84946053752

SN - 9783662483237

T3 - Lecture Notes in Computer Science

SP - 683

EP - 702

BT - Cryptographic Hardware and Embedded Systems - CHES 2015

A2 - Güneysu, Tim

A2 - Handschuh, Helena

PB - Springer Verlag

T2 - International Workshop on Cryptographic Hardware and Embedded Systems, CHES 2015

Y2 - 13 September 2015 through 16 September 2015

ER -

A masked ring-LWE implementation

Abstract

Publication series

Conference

ASJC Scopus subject areas

Access to Document

Fingerprint

Cite this