Abstract
With the call for new cryptographic standards that resist powerful quantum computers, lattice-based cryptography has gained significant popularity. To become viable replacements for contemporary cryptography, lattice-based encryption and key-exchange schemes based on the hardness of the ring-LWE problem still need to address the issues with today’s adversary models in real-world security applications. In this chapter we discuss the Boolean techniques and conversion challenges for the protection of ring-LWE encryption against active attacks (i.e., adaptive chosen-ciphertext attacks) and equipped with countermeasures against side-channel analysis. Our solution is based on a post-quantum variant of the Fujisaki–Okamoto (FO) transform combined with provably secure, first-order masking. We show that CCA2-secured ring-LWE-based encryption can be achieved with reasonable performance on constrained devices but also stresses that the required transformation and handling of decryption errors implies an additional performance overhead that has not been considered so far.
The majority of the work was performed while Tobias Schneider was with Ruhr-Universität Bochum.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Notes
- 1.
In [3] the definition of the binomial distribution contains a typo in which the sum goes from zero to k.
References
Albrecht, M.R., Hanser, C., Höller, A., Pöppelmann, T., Virdia, F., Wallner, A.: Learning with errors on RSA co-processors. IACR Cryptol. ePrint Arch. 2018, 425 (2018)
Alkim, E., Jakubeit, P., Schwabe, P.: A new hope on ARM Cortex-M. In: Carlet, C., Hasan, A., Saraswat, V. (eds). Security, Privacy, and Advanced Cryptography Engineering. Lecture Notes in Computer Science. Springer, Berlin (2016, to appear). Document ID: c7a82d41d39c535fd09ca1b032ebca1b. http://cryptojedi.org/papers/#newhopearm
Alkim, E., Ducas, L., Pöppelmann, T., Schwabe, P.: Post-quantum key exchange—a new hope. In: Holz, T., Savage, S. (eds.). 25th USENIX Security Symposium, USENIX Security, 16, Austin, TX, pp. 327–343. USENIX Association, Berkeley, CA (2016)
Bai, S., Langlois, A., Lepoint, T., Stehlé, D., Steinfeld, R.: Improved security proofs in lattice-based cryptography: using the rényi divergence rather than the statistical distance. In: Iwata, T., Cheon, J.H. (eds.) Advances in Cryptology—ASIACRYPT 2015. Proceedings of the Part I: 21st International Conference on the Theory and Application of Cryptology and Information Security. Lecture Notes in Computer Science, vol. 9452, pp. 3–24. Springer, Berlin (2015)
Balasch, J., Gierlichs, B., Grosso, V., Reparaz, O., Standaert, F.X.: On the cost of lazy engineering for masked software implementations. In: Joye, M., Moradi, A. (eds.) 13th International Conference Smart Card Research and Advanced Applications (CARDIS 2014). Lecture Notes in Computer Science, vol. 8968, pp. 64–81. Springer, Berlin (2014)
Barrett, P.: Implementing the Rivest Shamir and Adleman public key encryption algorithm on a standard digital signal processor. In: Odlyzko, A.M. (ed.) Conference on the Theory and Application of Cryptographic Techniques. Lecture Notes in Computer Science, vol. 263, pp. 311–323. Springer, Berlin (1986)
Barthe, G., Belaïd, S., Dupressoir, F., Fouque, P.A., Grégoire, B., Strub, P.Y., Zucchini, R.: Strong non-interference and type-directed higher-order masking. In: Weippl, E.R., Katzenbeisser, S., Kruegel, C., Myers, A.C., Halevi, S. (eds.) Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security, pp. 116–129. ACM, New York (2016)
Bernstein, D.J.: Cache-timing attacks on AES (2005)
Bertoni, G., Daemen, J., Peeters, M., Van Assche, G. Building power analysis resistant implementations of Keccak. In: Second SHA-3 Candidate Conference, vol. 142. (2010)
Bertoni, G., Daemen, J., Peeters, M., Van Assche, G.: Keccak. In: Johansson, T., Nguyen, P.Q. (eds.) Advances in Cryptology - EUROCRYPT 2013, Proceedings of the 32nd Annual International Conference on the Theory and Applications of Cryptographic Techniques. Lecture Notes in Computer Science, vol. 7881, pp. 313–314. Springer, Berlin (2013)
Bos, J.W., Costello, C., Naehrig, M., Stebila, D.: Post-quantum key exchange for the TLS protocol from the ring learning with errors problem. In: 2015 IEEE Symposium on Security and Privacy, pp. 553–570. IEEE Computer Society, Silver Spring (2015)
Bos, J.W., Costello, C., Ducas, L., Mironov, I., Naehrig, M., Nikolaenko, V., Raghunathan, A., Stebila, D.: Frodo: take off the ring! Practical, quantum-secure key exchange from LWE. In: Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security, pp. 1006–1018. ACM, New York (2016)
Bos, J., Ducas, L., Kiltz, E., Lepoint, T., Lyubashevsky, V., Schanck, J.M., Schwabe, P., Seiler, G., Stehlé, D., CRYSTALS—Kyber: a CCA-secure module-lattice-based KEM. In: 2018 IEEE European Symposium on Security and Privacy, p. 634. IEEE, Piscataway (2017)
Brumley, D., Boneh, D.: Remote timing attacks are practical. In: Proceedings of the 12th USENIX Security Symposium. USENIX Association, Berkeley, CA (2003)
Buchmann, J.A., Göpfert, F., Güneysu, T., Oder, T., Pöppelmann, T.: High-performance and lightweight lattice-based public-key encryption. In: Chow, C., Saldamli, G. (eds.) Proceedings of the 2nd ACM International Workshop on IoT Privacy, Trust, and Security, pp. 2–9. ACM, New York (2016)
Cooper, J., DeMulder, E., Goodwill, G., Jaffe, J., Kenworthy, G., Rohatgi, P.: Test vector leakage assessment (TVLA) methodology in practice. International Cryptographic Module Conference (2013)
Coron, J.-S.: High-order conversion from Boolean to arithmetic masking. In: Fischer, W., Homma, N. (eds.) Proceedings of the 19th International Conference on Cryptographic Hardware and Embedded Systems (CHES 2017). Lecture Notes in Computer Science, vol. 10529, pp. 93–114. Springer, Berlin (2017)
Coron, J-S., Großschädl, J., Tibouchi, M., Vadnala, P.K.: Conversion from arithmetic to Boolean masking with logarithmic complexity. In: International Workshop on Fast Software Encryption, pp. 130–149. Springer, Berlin (2015)
Coron, J-S., Großschädl, J., Tibouchi, M., Vadnala, P.K.: Conversion from arithmetic to Boolean masking with logarithmic complexity. In: Leander, G. (ed.) 22nd International Workshop on Fast Software Encryption (FSE 2015). Lecture Notes in Computer Science, vol. 9054, pp. 130–149. Springer, Berlin (2015)
De Clercq, R., Roy, S.S., Vercauteren, F., Verbauwhede, I.: Efficient software implementation of ring-LWE encryption. In: 2015 Design, Automation & Test in Europe Conference & Exhibition, p. 725. IEEE, Piscataway (2014)
Debraize, B.: Efficient and provably secure methods for switching from arithmetic to Boolean masking. In: International Workshop on Cryptographic Hardware and Embedded Systems, pp. 107–121. Springer, Berlin (2012)
Fujisaki, E., Okamoto, T.: Secure integration of asymmetric and symmetric encryption schemes. In Wiener, M.J. (ed.) Proceedings of the 19th Annual International Conference on Advances in Cryptology (CRYPTO ’99). Lecture Notes in Computer Science, vol. 1666, pp. 537–554. Springer, Berlin (1999)
Goodwill, G., Jun, B., Jaffe, J., Rohatgi, P.: A testing methodology for side channel resistance validation. In: NIST Non-Invasive Attack Testing Workshop (2011)
Göttert, N., Feller, T., Schneider, M., Buchmann, J., Huss, S.: On the design of hardware building blocks for modern lattice-based encryption schemes. In: Prouff, E., Schaumont, P. (eds). In: Proceedings of the 14th International Workshop on Cryptographic Hardware and Embedded Systems (CHES 2012). Lecture Notes in Computer Science, vol. 7428. Springer, Berlin (2012), pp. 512–529. Springer, Berlin (2012)
Goubin, L.: A sound method for switching between Boolean and arithmetic masking. In: Koç, Ç.K., Naccache, D., Paar, C. (eds.) Proceedings of the Third International Workshop on Cryptographic Hardware and Embedded Systems (CHES 2001). Lecture Notes in Computer Science, vol. 2162, pp. 3–15. Springer, Berlin (2001)
Güneysu, T., Lyubashevsky, V., Pöppelmann, T.: Practical lattice-based cryptography: a signature scheme for embedded systems. In: Prouff, E., Schaumont, P. (eds). In: Proceedings of the 14th International Workshop on Cryptographic Hardware and Embedded Systems (CHES 2012). Lecture Notes in Computer Science, vol. 7428. Springer, Berlin (2012), pp. 530–547. Springer, Berlin (2012)
Howe, J., Oder, T., Krausz, M., Güneysu, T.: Standard lattice-based key encapsulation on embedded devices. IACR Trans. Cryptogr. Hardw. Embed. Syst. 2018(3), 372–393 (2018)
Ishai, Y., Sahai, A., Wagner, D.: Private circuits: securing hardware against probing attacks. In: Proceedings of the 23rd Annual International Conference on Advances in Cryptology (CRYPTO 2003), pp. 463–481. Springer, Berlin (2003)
Kannwischer, M.J., Rijneveld, J., Schwabe, P.: Faster multiplication in \(\mathbb {z}{ }_{\mbox{2}}^{\mbox{m}}[x]\) on Cortex-M4 to speed up NIST PQC candidates. IACR Cryptol. ePrint Arch. 2018, 1018 (2018)
Karmakar, A. Mera, J.M.B., Roy, S.S., Verbauwhede, I.: Saber on ARM CCA-secure module lattice-based key encapsulation on ARM. IACR Trans. Cryptogr. Hardw. Embed. Syst. 2018(3), 243–266 (2018)
Kocher, P., Jaffe, J., Jun, B., Rohatgi, P.: Introduction to differential power analysis. J. Cryptograph. Eng. 1(1), 5–27 (2011)
Lindner, R., Peikert, C.: Better key sizes (and attacks) for LWE-based encryption. In: Kiayias,A. (ed.) Topics in Cryptology - CT-RSA 2011 - The Cryptographers’ Track at the RSA Conference 2011. Lecture Notes in Computer Science, vol. 6558, pp. 319–339. Springer, Berlin (2011)
Lyubashevsky, V., Peikert, C., Regev, O.: On ideal lattices and learning with errors over rings. In: Gilbert, H. (ed.) Advances in Cryptology - EUROCRYPT 2010. Proceedings of the 29th Annual International Conference on the Theory and Applications of Cryptographic Techniques. Lecture Notes in Computer Science, vol. 6110, pp. 1–23. Springer, Berlin (2010). Presentation slides: http://crypto.rd.francetelecom.com/events/eurocrypt2010/talks/slides-ideal-lwe.pdf
Lyubashevsky, V., Peikert, C., Regev, O.: On ideal lattices and learning with errors over rings. Presentation of Lyubashevsky, V., Peikert, C., Regev, O.: On ideal lattices and learning with errors over rings. In: Gilbert, H. (ed.) Advances in Cryptology - EUROCRYPT 2010. Proceedings of the 29th Annual International Conference on the Theory and Applications of Cryptographic Techniques. Lecture Notes in Computer Science, vol. 6110, pp. 1–23. Springer, Berlin (2010). Presentation slides: http://crypto.rd.francetelecom.com/events/eurocrypt2010/talks/slides-ideal-lwe.pdf given by Chris Peikert at Eurocrypt’10 (2010). See http://www.cc.gatech.edu/~cpeikert/pubs/slides-ideal-lwe.pdf
Lyubashevsky, V., Peikert, C., Regev, O.: On ideal lattices and learning with errors over rings. IACR Cryptol. ePrint Arch. 2012, 230 (2012). Full version of Lyubashevsky, V., Peikert, C., Regev, O.: On ideal lattices and learning with errors over rings. In: Gilbert, H. (ed.) Advances in Cryptology - EUROCRYPT 2010. Proceedings of the 29th Annual International Conference on the Theory and Applications of Cryptographic Techniques. Lecture Notes in Computer Science, vol. 6110, pp. 1–23. Springer, Berlin (2010). Presentation slides: http://crypto.rd.francetelecom.com/events/eurocrypt2010/talks/slides-ideal-lwe.pdf
National Institute of Standards and Technology: Submission requirements and evaluation criteria for the post-quantum cryptography standardization process. https://csrc.nist.gov/CSRC/media/Projects/Post-Quantum-Cryptography/documents/call-for-proposals-final-dec-2016.pdf. Accessed 14 November 2018
Peikert, C.: Lattice cryptography for the Internet. In: Mosca, M. (ed) In: Proceedings of the 6th International Workshop on Post-Quantum Cryptography (PQCrypto 2014). Lecture Notes in Computer Science, vol. 8772, pp. 197–219. Springer, Berlin (2014)
Pöppelmann, T., Güneysu, T.: Towards practical lattice-based public-key encryption on reconfigurable hardware. In: Lange, T., Lauter, K.E.., Lisonek, P. (eds) 20th International Conference on Selected Areas in Cryptography (SAC 2013). Lecture Notes in Computer Science, vol. 8282, pp. 68–85. Springer, Berlin (2013)
Pöppelmann, T., Ducas, L., Güneysu, T.: Enhanced lattice-based signatures on reconfigurable hardware. In: Batina, L., Robshaw, M., (eds.) In: Proceedings of the 16th International Workshop on Cryptographic Hardware and Embedded Systems (CHES 2014). Lecture Notes in Computer Science, vol. 8731, pp. 353–370. Springer, Berlin (2014)
Primas, R., Pessl, P., Mangard, S.: Single-trace side-channel attacks on masked lattice-based encryption. In: Fischer, W., Homma, N. (eds) Proceedings of the 19th International Conference on Cryptographic Hardware and Embedded Systems (CHES 2017). Lecture Notes in Computer Science, vol. 10529, pp. 513–533. Springer, Berlin (2017)
Prouff, E., Rivain, M., Bevan, R.: Statistical analysis of second order differential power analysis. IEEE Trans. Comput. 58(6), 799–811 (2009)
Regev, O.: On lattices, learning with errors, random linear codes, and cryptography. In: Gabow, H.N., Fagin, R. (eds) Proceedings of the 37th Annual ACM Symposium on Theory of Computing, Baltimore, pp. 84–93. ACM, New York (2005)
Reparaz, O., Roy, S.S., Vercauteren, F., Verbauwhede, I.: A masked ring-LWE implementation. In: Güneysu, T., Handschuh, H. (eds.) Proceedings of the 17th International Workshop on Cryptographic Hardware and Embedded Systems (CHES 2015). Lecture Notes in Computer Science, vol. 9293, pp. 683–702. Springer, Berlin (2015)
Reparaz, O., Roy, S.S., Vercauteren, F., Verbauwhede, I.: A masked ring-LWE implementation. IACR Cryptol. ePrint Arch. 2015, 724 (2015)
Reparaz, O., de Clercq, R., Roy, S.S., Vercauteren, F., Verbauwhede, I.: Additively homomorphic ring-LWE masking. In: Takagi, T. (ed.) Proceedings of the 7th International Workshop on Post-Quantum Cryptography (PQCrypto 2016). Lecture Notes in Computer Science, vol. 9606, pp. 233–244. Springer, Berlin (2016)
Reparaz, O., Roy, S.S., de Clercq, R., Vercauteren, F., Verbauwhede, I.: Masking ring-LWE. J. Cryptograph. Eng. 6(2), 139–153 (2016)
Roy, S.S., Vercauteren, F., Mentens, N., Chen, D.D., Verbauwhede, I.: Compact ring-LWE cryptoprocessor. In: Batina, L., Robshaw, M. (eds) Proceedings of the 16th International Workshop on Cryptographic Hardware and Embedded Systems (CHES 2014). Lecture Notes in Computer Science, vol. 8731, pp. 371–391. Springer, Berlin (2014)
Saarinen, M.-J.O.: tiny_sha3 (2011). https://github.com/mjosaarinen/tiny_sha3
Saarinen, M.-J.O.: Arithmetic coding and blinding countermeasures for ring-LWE. IACR Cryptol. ePrint Arch. 2016, 276 (2016)
Saarinen, M.-J.O., Bhattacharya, S., Garcia-Morchon, O., Rietman, R., Tolhuizen, L., Zhang, Z.: Shorter messages and faster post-quantum encryption with Round5 on Cortex M. IACR Cryptol. ePrint Arch. 2018, 723 (2018)
Schneider, T., Moradi, A.: Leakage assessment methodology—a clear roadmap for side-channel evaluations. In: Proceedings of the 17th International Workshop on Cryptographic Hardware and Embedded Systems (CHES 2015), pp. 495–513. Springer, Berlin (2015)
Shor, P.W.: Algorithms for quantum computation: discrete logarithms and factoring. In: 35th Annual Symposium on Foundations of Computer Science, pp. 124–134. IEEE Computer Society, Silver Spring (1994)
Standaert, F.-X., Veyrat-Charvillon, N., Oswald, E., Gierlichs, B., Medwed, M., Kasper, M., Mangard, S.: The world is not enough: Another look on second-order DPA. In: Proceedings of the 16th International Conference on the Theory and Application of Cryptology and Information Security, Advances in Cryptology (ASIACRYPT 2010), pp. 112–129 (2010)
Targhi, E.E., Unruh, D.: Post-quantum security of the Fujisaki-Okamoto and OAEP transforms. In Hirt, M., Smith, A.D. (eds.) Part II: Proceedings of the 14th International Conference on Theory of Cryptography (TCC 2016-B). Lecture Notes in Computer Science, vol. 9986, pp. 192–216. Springer, Berlin (2016)
Trichina, E.: Combinational logic design for AES subbyte transformation on masked data. IACR Cryptol. ePrint Arch. 2003, 236 (2003)
Vadnala, P.K., Großschädl, J.: Faster mask conversion with lookup tables. In: Mangard, S., Poschmann, A.Y. (eds.) 6th International Workshop on Constructive Side-Channel Analysis and Secure Design (COSADE 2015). Lecture Notes in Computer Science, vol. 9064, pp. 207–221. Springer, Berlin (2015)
Von Zur Gathen, J., Gerhard, J.: Modern Computer Algebra, 2nd edn. Cambridge University Press, New York (2003)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2020 Springer Nature Switzerland AG
About this chapter
Cite this chapter
Oder, T., Schneider, T., Güneysu, T. (2020). Secure Implementation of Lattice-Based Encryption Schemes. In: Drechsler, R., Soeken, M. (eds) Advanced Boolean Techniques. Springer, Cham. https://doi.org/10.1007/978-3-030-20323-8_2
Download citation
DOI: https://doi.org/10.1007/978-3-030-20323-8_2
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-20322-1
Online ISBN: 978-3-030-20323-8
eBook Packages: EngineeringEngineering (R0)