Abstract
This paper suggests to use rounded Gaussians in place of discrete Gaussians in rejection-sampling-based lattice signature schemes like BLISS or Lyubashevsky’s signature scheme. We show that this distribution can efficiently be sampled from while additionally making it easy to sample in constant time, systematically avoiding recent timing-based side-channel attacks on lattice-based signatures. We show the effectiveness of the new sampler by applying it to BLISS, prove analogues of the security proofs for BLISS, and present an implementation that runs in constant time. Our implementation needs no precomputed tables and is twice as fast as the variable-time CDT sampler posted by the BLISS authors with precomputed tables.
| Original language | English |
|---|---|
| Title of host publication | Public-Key Cryptography - PKC 2018 - 21st IACR International Conference on Practice and Theory of Public-Key Cryptography, Proceedings |
| Editors | Michel Abdalla, Ricardo Dahab |
| Place of Publication | Berlin |
| Publisher | Springer |
| Pages | 728-757 |
| Number of pages | 30 |
| ISBN (Print) | 9783319765778 |
| DOIs | |
| Publication status | Published - 2018 |
| Event | 21st IACR International Conference on Practice and Theory of Public-Key Cryptography (PKC 2018) - Rio de Janeiro, Brazil Duration: 25 Mar 2018 → 29 Mar 2018 Conference number: 21 https://pkc.iacr.org/2018/ |
Publication series
| Name | Lecture Notes in Computer Science |
|---|---|
| Volume | 10769 |
| ISSN (Print) | 0302-9743 |
| ISSN (Electronic) | 1611-3349 |
Conference
| Conference | 21st IACR International Conference on Practice and Theory of Public-Key Cryptography (PKC 2018) |
|---|---|
| Abbreviated title | PKC2018 |
| Country/Territory | Brazil |
| City | Rio de Janeiro |
| Period | 25/03/18 → 29/03/18 |
| Internet address |
Keywords
- BLISS
- Constant-time implementations
- Gaussian sampling
- Lattice-based cryptography
- Post-quantum cryptography
- Signatures