Skip to main content
SpringerLink
Log in
Book cover

International Conference on Security, Privacy, and Applied Cryptography Engineering

SPACE 2018: Security, Privacy, and Applied Cryptography Engineering pp 65–84Cite as

Addressing Side-Channel Vulnerabilities in the Discrete Ziggurat Sampler

  • Conference paper
  • First Online:

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 11348))

Abstract

Post-quantum cryptography with lattices typically requires high precision sampling of vectors with discrete Gaussian distributions. Lattice signatures require large values of the standard deviation parameter, which poses difficult problems in finding a suitable trade-off between throughput performance and memory resources on constrained devices. In this paper, we propose modifications to the Ziggurat method, known to be advantageous with respect to these issues, but problematic due to its inherent rejection-based timing profile. We improve upon information leakage through timing channels significantly and require: only 64-bit unsigned integers, no floating-point arithmetic, no division and no external libraries. Also proposed is a constant-time Gaussian function, possessing all aforementioned advantageous properties. The measures taken to secure the sampler completely close side-channel vulnerabilities through direct timing of operations and these have no negative implications on its applicability to lattice-based signatures. We demonstrate the improved method with a 128-bit reference implementation, showing that we retain the sampler’s efficiency and decrease memory consumption by a factor of 100. We show that this amounts to memory savings by a factor of almost 5,000, in comparison to an optimised, state-of-the-art implementation of another popular sampling method, based on cumulative distribution tables.

This is a preview of subscription content, log in via an institution.

Chapter
USD   29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD   39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD   54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions

Notes

  1. 1.

    These functions are adapted from https://cryptocoding.net/index.php/Coding_rules and have been extended to use multi-precision logic.

References

  1. Peikert, C.: A decade of lattice cryptography. Found. Trends Theor. Comput. Sci. 10(4), 283–424 (2016). https://doi.org/10.1561/0400000074

    Article  MathSciNet  MATH  Google Scholar 

  2. Micciancio, D., Regev, O.: Worst-case to average-case reductions based on Gaussian measures. In: 45th Annual IEEE Symposium on Foundations of Computer Science, October 2004, pp. 372–381 (2004)

    Google Scholar 

  3. Groot Bruinderink, L., Hülsing, A., Lange, T., Yarom, Y.: Flush, gauss, and reload – a cache attack on the BLISS lattice-based signature scheme. In: Gierlichs, B., Poschmann, A.Y. (eds.) CHES 2016. LNCS, vol. 9813, pp. 323–345. Springer, Heidelberg (2016). https://doi.org/10.1007/978-3-662-53140-2_16

    Chapter  Google Scholar 

  4. Ducas, L., Durmus, A., Lepoint, T., Lyubashevsky, V.: Lattice signatures and bimodal Gaussians. In: Canetti, R., Garay, J.A. (eds.) CRYPTO 2013. LNCS, vol. 8042, pp. 40–56. Springer, Heidelberg (2013). https://doi.org/10.1007/978-3-642-40041-4_3

    Chapter  Google Scholar 

  5. Genise, N., Micciancio, D.: Faster Gaussian sampling for trapdoor lattices with arbitrary modulus. Cryptology ePrint Archive, Report 2017/308 (2017). https://eprint.iacr.org/2017/308

  6. Chen, L., et al.: Report on post-quantum cryptography. US Department of Commerce, National Institute of Standards and Technology (2016)

    Google Scholar 

  7. Hoffstein, J., Pipher, J., Whyte, W., Zhang, Z.: pqNTRUSign: update and recent results (2017). https://2017.pqcrypto.org/conference/slides/recent-results/zhang.pdf

  8. Zhang, Z., Chen, C., Hoffstein, J., Whyte, W.: NTRUEncrypt. Technical report, National Institute of Standards and Technology (2017). https://csrc.nist.gov/projects/post-quantum-cryptography/round-1-submissions

  9. Le Trieu Phong, T.H., Aono, Y., Moriai, S.: Lotus. Technical report, National Institute of Standards and Technology (2017). https://csrc.nist.gov/projects/post-quantum-cryptography/round-1-submissions

  10. Peikert, C.: An efficient and parallel Gaussian sampler for lattices. In: Rabin, T. (ed.) CRYPTO 2010. LNCS, vol. 6223, pp. 80–97. Springer, Heidelberg (2010). https://doi.org/10.1007/978-3-642-14623-7_5

    Chapter  Google Scholar 

  11. Sinha Roy, S., Vercauteren, F., Verbauwhede, I.: High precision discrete gaussian sampling on FPGAs. In: Lange, T., Lauter, K., Lisoněk, P. (eds.) SAC 2013. LNCS, vol. 8282, pp. 383–401. Springer, Heidelberg (2014). https://doi.org/10.1007/978-3-662-43414-7_19

    Chapter  Google Scholar 

  12. Micciancio, D., Walter, M.: Gaussian sampling over the integers: efficient, generic, constant-time. Technical report 259 (2017). https://eprint.iacr.org/2017/259

  13. Buchmann, J., Cabarcas, D., Göpfert, F., Hülsing, A., Weiden, P.: Discrete Ziggurat: a time-memory trade-off for sampling from a Gaussian distribution over the integers. In: Lange, T., Lauter, K., Lisoněk, P. (eds.) SAC 2013. LNCS, vol. 8282, pp. 402–417. Springer, Heidelberg (2014). https://doi.org/10.1007/978-3-662-43414-7_20

    Chapter  Google Scholar 

  14. Shoup, V.: Number theory C++ library (NTL) version 10.3.0 (2003). http://www.shoup.net/ntl

  15. GNU: glibc-2.7 (2018). https://www.gnu.org/software/libc/

  16. Marsaglia, G., Tsang, W.W.: The ziggurat method for generating random variables. J. Stat. Softw. 5(1), 1–7 (2000). https://www.jstatsoft.org/index.php/jss/article/view/v005i08

  17. libsafecrypto: WP6 of the SAFEcrypto project - a suite of lattice-based cryptographic schemes, July 2018, original-date: 2017-10-16T14:56:31Z. https://github.com/safecrypto/libsafecrypto

  18. Pöppelmann, T., Ducas, L., Güneysu, T.: Enhanced lattice-based signatures on reconfigurable hardware. In: Batina, L., Robshaw, M. (eds.) CHES 2014. LNCS, vol. 8731, pp. 353–370. Springer, Heidelberg (2014). https://doi.org/10.1007/978-3-662-44709-3_20

    Chapter  MATH  Google Scholar 

  19. Roy, S.S., Reparaz, O., Vercauteren, F., Verbauwhede, I.: Compact and side channel secure discrete Gaussian sampling. IACR Cryptology ePrint Archive 2014, 591 (2014)

    Google Scholar 

  20. Pessl, P.: Analyzing the shuffling side-channel countermeasure for lattice-based signatures. In: Dunkelman, O., Sanadhya, S.K. (eds.) INDOCRYPT 2016. LNCS, vol. 10095, pp. 153–170. Springer, Cham (2016). https://doi.org/10.1007/978-3-319-49890-4_9

    Chapter  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Centre for Secure Information Technologies (CSIT), Queen’s University Belfast, Belfast, UK

    Séamus Brannigan, Máire O’Neill, Ayesha Khalid & Ciara Rafferty

Authors
  1. Séamus Brannigan
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Máire O’Neill
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Ayesha Khalid
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Ciara Rafferty
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Séamus Brannigan .

Editor information

Editors and Affiliations

  1. School of Computer Science and Engineering, Nanyang Technological University, Singapore, Singapore

    Anupam Chattopadhyay

  2. Indian Institute of Technology Madras, Chennai, India

    Chester Rebeiro

  3. University of Adelaide, Adelaide, Australia

    Yuval Yarom

Rights and permissions

Reprints and permissions

Copyright information

© 2018 Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Brannigan, S., O’Neill, M., Khalid, A., Rafferty, C. (2018). Addressing Side-Channel Vulnerabilities in the Discrete Ziggurat Sampler. In: Chattopadhyay, A., Rebeiro, C., Yarom, Y. (eds) Security, Privacy, and Applied Cryptography Engineering. SPACE 2018. Lecture Notes in Computer Science(), vol 11348. Springer, Cham. https://doi.org/10.1007/978-3-030-05072-6_5

Download citation

  • DOI: https://doi.org/10.1007/978-3-030-05072-6_5

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-030-05071-9

  • Online ISBN: 978-3-030-05072-6

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation