Skip to main content
SpringerLink
Log in

Secure Implementation of Lattice-Based Encryption Schemes

  • Chapter
  • First Online:
Advanced Boolean Techniques

  • 627 Accesses

Abstract

With the call for new cryptographic standards that resist powerful quantum computers, lattice-based cryptography has gained significant popularity. To become viable replacements for contemporary cryptography, lattice-based encryption and key-exchange schemes based on the hardness of the ring-LWE problem still need to address the issues with today’s adversary models in real-world security applications. In this chapter we discuss the Boolean techniques and conversion challenges for the protection of ring-LWE encryption against active attacks (i.e., adaptive chosen-ciphertext attacks) and equipped with countermeasures against side-channel analysis. Our solution is based on a post-quantum variant of the Fujisaki–Okamoto (FO) transform combined with provably secure, first-order masking. We show that CCA2-secured ring-LWE-based encryption can be achieved with reasonable performance on constrained devices but also stresses that the required transformation and handling of decryption errors implies an additional performance overhead that has not been considered so far.

The majority of the work was performed while Tobias Schneider was with Ruhr-Universität Bochum.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 84.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 109.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info
Hardcover Book
USD 109.99
Price excludes VAT (USA)
  • Durable hardcover edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Notes

  1. 1.

    In [3] the definition of the binomial distribution contains a typo in which the sum goes from zero to k.

References

  1. Albrecht, M.R., Hanser, C., Höller, A., Pöppelmann, T., Virdia, F., Wallner, A.: Learning with errors on RSA co-processors. IACR Cryptol. ePrint Arch. 2018, 425 (2018)

    Google Scholar 

  2. Alkim, E., Jakubeit, P., Schwabe, P.: A new hope on ARM Cortex-M. In: Carlet, C., Hasan, A., Saraswat, V. (eds). Security, Privacy, and Advanced Cryptography Engineering. Lecture Notes in Computer Science. Springer, Berlin (2016, to appear). Document ID: c7a82d41d39c535fd09ca1b032ebca1b. http://cryptojedi.org/papers/#newhopearm

  3. Alkim, E., Ducas, L., Pöppelmann, T., Schwabe, P.: Post-quantum key exchange—a new hope. In: Holz, T., Savage, S. (eds.). 25th USENIX Security Symposium, USENIX Security, 16, Austin, TX, pp. 327–343. USENIX Association, Berkeley, CA (2016)

    Google Scholar 

  4. Bai, S., Langlois, A., Lepoint, T., Stehlé, D., Steinfeld, R.: Improved security proofs in lattice-based cryptography: using the rényi divergence rather than the statistical distance. In: Iwata, T., Cheon, J.H. (eds.) Advances in Cryptology—ASIACRYPT 2015. Proceedings of the Part I: 21st International Conference on the Theory and Application of Cryptology and Information Security. Lecture Notes in Computer Science, vol. 9452, pp. 3–24. Springer, Berlin (2015)

    Chapter  Google Scholar 

  5. Balasch, J., Gierlichs, B., Grosso, V., Reparaz, O., Standaert, F.X.: On the cost of lazy engineering for masked software implementations. In: Joye, M., Moradi, A. (eds.) 13th International Conference Smart Card Research and Advanced Applications (CARDIS 2014). Lecture Notes in Computer Science, vol. 8968, pp. 64–81. Springer, Berlin (2014)

    Google Scholar 

  6. Barrett, P.: Implementing the Rivest Shamir and Adleman public key encryption algorithm on a standard digital signal processor. In: Odlyzko, A.M. (ed.) Conference on the Theory and Application of Cryptographic Techniques. Lecture Notes in Computer Science, vol. 263, pp. 311–323. Springer, Berlin (1986)

    Google Scholar 

  7. Barthe, G., Belaïd, S., Dupressoir, F., Fouque, P.A., Grégoire, B., Strub, P.Y., Zucchini, R.: Strong non-interference and type-directed higher-order masking. In: Weippl, E.R., Katzenbeisser, S., Kruegel, C., Myers, A.C., Halevi, S. (eds.) Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security, pp. 116–129. ACM, New York (2016)

    Google Scholar 

  8. Bernstein, D.J.: Cache-timing attacks on AES (2005)

    Google Scholar 

  9. Bertoni, G., Daemen, J., Peeters, M., Van Assche, G. Building power analysis resistant implementations of Keccak. In: Second SHA-3 Candidate Conference, vol. 142. (2010)

    Google Scholar 

  10. Bertoni, G., Daemen, J., Peeters, M., Van Assche, G.: Keccak. In: Johansson, T., Nguyen, P.Q. (eds.) Advances in Cryptology - EUROCRYPT 2013, Proceedings of the 32nd Annual International Conference on the Theory and Applications of Cryptographic Techniques. Lecture Notes in Computer Science, vol. 7881, pp. 313–314. Springer, Berlin (2013)

    Google Scholar 

  11. Bos, J.W., Costello, C., Naehrig, M., Stebila, D.: Post-quantum key exchange for the TLS protocol from the ring learning with errors problem. In: 2015 IEEE Symposium on Security and Privacy, pp. 553–570. IEEE Computer Society, Silver Spring (2015)

    Google Scholar 

  12. Bos, J.W., Costello, C., Ducas, L., Mironov, I., Naehrig, M., Nikolaenko, V., Raghunathan, A., Stebila, D.: Frodo: take off the ring! Practical, quantum-secure key exchange from LWE. In: Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security, pp. 1006–1018. ACM, New York (2016)

    Google Scholar 

  13. Bos, J., Ducas, L., Kiltz, E., Lepoint, T., Lyubashevsky, V., Schanck, J.M., Schwabe, P., Seiler, G., Stehlé, D., CRYSTALS—Kyber: a CCA-secure module-lattice-based KEM. In: 2018 IEEE European Symposium on Security and Privacy, p. 634. IEEE, Piscataway (2017)

    Google Scholar 

  14. Brumley, D., Boneh, D.: Remote timing attacks are practical. In: Proceedings of the 12th USENIX Security Symposium. USENIX Association, Berkeley, CA (2003)

    Google Scholar 

  15. Buchmann, J.A., Göpfert, F., Güneysu, T., Oder, T., Pöppelmann, T.: High-performance and lightweight lattice-based public-key encryption. In: Chow, C., Saldamli, G. (eds.) Proceedings of the 2nd ACM International Workshop on IoT Privacy, Trust, and Security, pp. 2–9. ACM, New York (2016)

    Google Scholar 

  16. Cooper, J., DeMulder, E., Goodwill, G., Jaffe, J., Kenworthy, G., Rohatgi, P.: Test vector leakage assessment (TVLA) methodology in practice. International Cryptographic Module Conference (2013)

    Google Scholar 

  17. Coron, J.-S.: High-order conversion from Boolean to arithmetic masking. In: Fischer, W., Homma, N. (eds.) Proceedings of the 19th International Conference on Cryptographic Hardware and Embedded Systems (CHES 2017). Lecture Notes in Computer Science, vol. 10529, pp. 93–114. Springer, Berlin (2017)

    Google Scholar 

  18. Coron, J-S., Großschädl, J., Tibouchi, M., Vadnala, P.K.: Conversion from arithmetic to Boolean masking with logarithmic complexity. In: International Workshop on Fast Software Encryption, pp. 130–149. Springer, Berlin (2015)

    Chapter  Google Scholar 

  19. Coron, J-S., Großschädl, J., Tibouchi, M., Vadnala, P.K.: Conversion from arithmetic to Boolean masking with logarithmic complexity. In: Leander, G. (ed.) 22nd International Workshop on Fast Software Encryption (FSE 2015). Lecture Notes in Computer Science, vol. 9054, pp. 130–149. Springer, Berlin (2015)

    Google Scholar 

  20. De Clercq, R., Roy, S.S., Vercauteren, F., Verbauwhede, I.: Efficient software implementation of ring-LWE encryption. In: 2015 Design, Automation & Test in Europe Conference & Exhibition, p. 725. IEEE, Piscataway (2014)

    Google Scholar 

  21. Debraize, B.: Efficient and provably secure methods for switching from arithmetic to Boolean masking. In: International Workshop on Cryptographic Hardware and Embedded Systems, pp. 107–121. Springer, Berlin (2012)

    Chapter  Google Scholar 

  22. Fujisaki, E., Okamoto, T.: Secure integration of asymmetric and symmetric encryption schemes. In Wiener, M.J. (ed.) Proceedings of the 19th Annual International Conference on Advances in Cryptology (CRYPTO ’99). Lecture Notes in Computer Science, vol. 1666, pp. 537–554. Springer, Berlin (1999)

    Google Scholar 

  23. Goodwill, G., Jun, B., Jaffe, J., Rohatgi, P.: A testing methodology for side channel resistance validation. In: NIST Non-Invasive Attack Testing Workshop (2011)

    Google Scholar 

  24. Göttert, N., Feller, T., Schneider, M., Buchmann, J., Huss, S.: On the design of hardware building blocks for modern lattice-based encryption schemes. In: Prouff, E., Schaumont, P. (eds). In: Proceedings of the 14th International Workshop on Cryptographic Hardware and Embedded Systems (CHES 2012). Lecture Notes in Computer Science, vol. 7428. Springer, Berlin (2012), pp. 512–529. Springer, Berlin (2012)

    MATH  Google Scholar 

  25. Goubin, L.: A sound method for switching between Boolean and arithmetic masking. In: Koç, Ç.K., Naccache, D., Paar, C. (eds.) Proceedings of the Third International Workshop on Cryptographic Hardware and Embedded Systems (CHES 2001). Lecture Notes in Computer Science, vol. 2162, pp. 3–15. Springer, Berlin (2001)

    Chapter  Google Scholar 

  26. Güneysu, T., Lyubashevsky, V., Pöppelmann, T.: Practical lattice-based cryptography: a signature scheme for embedded systems. In: Prouff, E., Schaumont, P. (eds). In: Proceedings of the 14th International Workshop on Cryptographic Hardware and Embedded Systems (CHES 2012). Lecture Notes in Computer Science, vol. 7428. Springer, Berlin (2012), pp. 530–547. Springer, Berlin (2012)

    Google Scholar 

  27. Howe, J., Oder, T., Krausz, M., Güneysu, T.: Standard lattice-based key encapsulation on embedded devices. IACR Trans. Cryptogr. Hardw. Embed. Syst. 2018(3), 372–393 (2018)

    Google Scholar 

  28. Ishai, Y., Sahai, A., Wagner, D.: Private circuits: securing hardware against probing attacks. In: Proceedings of the 23rd Annual International Conference on Advances in Cryptology (CRYPTO 2003), pp. 463–481. Springer, Berlin (2003)

    Chapter  Google Scholar 

  29. Kannwischer, M.J., Rijneveld, J., Schwabe, P.: Faster multiplication in \(\mathbb {z}{ }_{\mbox{2}}^{\mbox{m}}[x]\) on Cortex-M4 to speed up NIST PQC candidates. IACR Cryptol. ePrint Arch. 2018, 1018 (2018)

    Google Scholar 

  30. Karmakar, A. Mera, J.M.B., Roy, S.S., Verbauwhede, I.: Saber on ARM CCA-secure module lattice-based key encapsulation on ARM. IACR Trans. Cryptogr. Hardw. Embed. Syst. 2018(3), 243–266 (2018)

    Google Scholar 

  31. Kocher, P., Jaffe, J., Jun, B., Rohatgi, P.: Introduction to differential power analysis. J. Cryptograph. Eng. 1(1), 5–27 (2011)

    Article  Google Scholar 

  32. Lindner, R., Peikert, C.: Better key sizes (and attacks) for LWE-based encryption. In: Kiayias,A. (ed.) Topics in Cryptology - CT-RSA 2011 - The Cryptographers’ Track at the RSA Conference 2011. Lecture Notes in Computer Science, vol. 6558, pp. 319–339. Springer, Berlin (2011)

    Google Scholar 

  33. Lyubashevsky, V., Peikert, C., Regev, O.: On ideal lattices and learning with errors over rings. In: Gilbert, H. (ed.) Advances in Cryptology - EUROCRYPT 2010. Proceedings of the 29th Annual International Conference on the Theory and Applications of Cryptographic Techniques. Lecture Notes in Computer Science, vol. 6110, pp. 1–23. Springer, Berlin (2010). Presentation slides: http://crypto.rd.francetelecom.com/events/eurocrypt2010/talks/slides-ideal-lwe.pdf

    Google Scholar 

  34. Lyubashevsky, V., Peikert, C., Regev, O.: On ideal lattices and learning with errors over rings. Presentation of Lyubashevsky, V., Peikert, C., Regev, O.: On ideal lattices and learning with errors over rings. In: Gilbert, H. (ed.) Advances in Cryptology - EUROCRYPT 2010. Proceedings of the 29th Annual International Conference on the Theory and Applications of Cryptographic Techniques. Lecture Notes in Computer Science, vol. 6110, pp. 1–23. Springer, Berlin (2010). Presentation slides: http://crypto.rd.francetelecom.com/events/eurocrypt2010/talks/slides-ideal-lwe.pdf given by Chris Peikert at Eurocrypt’10 (2010). See http://www.cc.gatech.edu/~cpeikert/pubs/slides-ideal-lwe.pdf

  35. Lyubashevsky, V., Peikert, C., Regev, O.: On ideal lattices and learning with errors over rings. IACR Cryptol. ePrint Arch. 2012, 230 (2012). Full version of Lyubashevsky, V., Peikert, C., Regev, O.: On ideal lattices and learning with errors over rings. In: Gilbert, H. (ed.) Advances in Cryptology - EUROCRYPT 2010. Proceedings of the 29th Annual International Conference on the Theory and Applications of Cryptographic Techniques. Lecture Notes in Computer Science, vol. 6110, pp. 1–23. Springer, Berlin (2010). Presentation slides: http://crypto.rd.francetelecom.com/events/eurocrypt2010/talks/slides-ideal-lwe.pdf

  36. National Institute of Standards and Technology: Submission requirements and evaluation criteria for the post-quantum cryptography standardization process. https://csrc.nist.gov/CSRC/media/Projects/Post-Quantum-Cryptography/documents/call-for-proposals-final-dec-2016.pdf. Accessed 14 November 2018

  37. Peikert, C.: Lattice cryptography for the Internet. In: Mosca, M. (ed) In: Proceedings of the 6th International Workshop on Post-Quantum Cryptography (PQCrypto 2014). Lecture Notes in Computer Science, vol. 8772, pp. 197–219. Springer, Berlin (2014)

    Google Scholar 

  38. Pöppelmann, T., Güneysu, T.: Towards practical lattice-based public-key encryption on reconfigurable hardware. In: Lange, T., Lauter, K.E.., Lisonek, P. (eds) 20th International Conference on Selected Areas in Cryptography (SAC 2013). Lecture Notes in Computer Science, vol. 8282, pp. 68–85. Springer, Berlin (2013)

    Google Scholar 

  39. Pöppelmann, T., Ducas, L., Güneysu, T.: Enhanced lattice-based signatures on reconfigurable hardware. In: Batina, L., Robshaw, M., (eds.) In: Proceedings of the 16th International Workshop on Cryptographic Hardware and Embedded Systems (CHES 2014). Lecture Notes in Computer Science, vol. 8731, pp. 353–370. Springer, Berlin (2014)

    MATH  Google Scholar 

  40. Primas, R., Pessl, P., Mangard, S.: Single-trace side-channel attacks on masked lattice-based encryption. In: Fischer, W., Homma, N. (eds) Proceedings of the 19th International Conference on Cryptographic Hardware and Embedded Systems (CHES 2017). Lecture Notes in Computer Science, vol. 10529, pp. 513–533. Springer, Berlin (2017)

    Google Scholar 

  41. Prouff, E., Rivain, M., Bevan, R.: Statistical analysis of second order differential power analysis. IEEE Trans. Comput. 58(6), 799–811 (2009)

    Article  MathSciNet  Google Scholar 

  42. Regev, O.: On lattices, learning with errors, random linear codes, and cryptography. In: Gabow, H.N., Fagin, R. (eds) Proceedings of the 37th Annual ACM Symposium on Theory of Computing, Baltimore, pp. 84–93. ACM, New York (2005)

    Google Scholar 

  43. Reparaz, O., Roy, S.S., Vercauteren, F., Verbauwhede, I.: A masked ring-LWE implementation. In: Güneysu, T., Handschuh, H. (eds.) Proceedings of the 17th International Workshop on Cryptographic Hardware and Embedded Systems (CHES 2015). Lecture Notes in Computer Science, vol. 9293, pp. 683–702. Springer, Berlin (2015)

    Chapter  Google Scholar 

  44. Reparaz, O., Roy, S.S., Vercauteren, F., Verbauwhede, I.: A masked ring-LWE implementation. IACR Cryptol. ePrint Arch. 2015, 724 (2015)

    Google Scholar 

  45. Reparaz, O., de Clercq, R., Roy, S.S., Vercauteren, F., Verbauwhede, I.: Additively homomorphic ring-LWE masking. In: Takagi, T. (ed.) Proceedings of the 7th International Workshop on Post-Quantum Cryptography (PQCrypto 2016). Lecture Notes in Computer Science, vol. 9606, pp. 233–244. Springer, Berlin (2016)

    Google Scholar 

  46. Reparaz, O., Roy, S.S., de Clercq, R., Vercauteren, F., Verbauwhede, I.: Masking ring-LWE. J. Cryptograph. Eng. 6(2), 139–153 (2016)

    Article  Google Scholar 

  47. Roy, S.S., Vercauteren, F., Mentens, N., Chen, D.D., Verbauwhede, I.: Compact ring-LWE cryptoprocessor. In: Batina, L., Robshaw, M. (eds) Proceedings of the 16th International Workshop on Cryptographic Hardware and Embedded Systems (CHES 2014). Lecture Notes in Computer Science, vol. 8731, pp. 371–391. Springer, Berlin (2014)

    Google Scholar 

  48. Saarinen, M.-J.O.: tiny_sha3 (2011). https://github.com/mjosaarinen/tiny_sha3

  49. Saarinen, M.-J.O.: Arithmetic coding and blinding countermeasures for ring-LWE. IACR Cryptol. ePrint Arch. 2016, 276 (2016)

    Google Scholar 

  50. Saarinen, M.-J.O., Bhattacharya, S., Garcia-Morchon, O., Rietman, R., Tolhuizen, L., Zhang, Z.: Shorter messages and faster post-quantum encryption with Round5 on Cortex M. IACR Cryptol. ePrint Arch. 2018, 723 (2018)

    Google Scholar 

  51. Schneider, T., Moradi, A.: Leakage assessment methodology—a clear roadmap for side-channel evaluations. In: Proceedings of the 17th International Workshop on Cryptographic Hardware and Embedded Systems (CHES 2015), pp. 495–513. Springer, Berlin (2015)

    Google Scholar 

  52. Shor, P.W.: Algorithms for quantum computation: discrete logarithms and factoring. In: 35th Annual Symposium on Foundations of Computer Science, pp. 124–134. IEEE Computer Society, Silver Spring (1994)

    Google Scholar 

  53. Standaert, F.-X., Veyrat-Charvillon, N., Oswald, E., Gierlichs, B., Medwed, M., Kasper, M., Mangard, S.: The world is not enough: Another look on second-order DPA. In: Proceedings of the 16th International Conference on the Theory and Application of Cryptology and Information Security, Advances in Cryptology (ASIACRYPT 2010), pp. 112–129 (2010)

    Chapter  Google Scholar 

  54. Targhi, E.E., Unruh, D.: Post-quantum security of the Fujisaki-Okamoto and OAEP transforms. In Hirt, M., Smith, A.D. (eds.) Part II: Proceedings of the 14th International Conference on Theory of Cryptography (TCC 2016-B). Lecture Notes in Computer Science, vol. 9986, pp. 192–216. Springer, Berlin (2016)

    Google Scholar 

  55. Trichina, E.: Combinational logic design for AES subbyte transformation on masked data. IACR Cryptol. ePrint Arch. 2003, 236 (2003)

    Google Scholar 

  56. Vadnala, P.K., Großschädl, J.: Faster mask conversion with lookup tables. In: Mangard, S., Poschmann, A.Y. (eds.) 6th International Workshop on Constructive Side-Channel Analysis and Secure Design (COSADE 2015). Lecture Notes in Computer Science, vol. 9064, pp. 207–221. Springer, Berlin (2015)

    Chapter  Google Scholar 

  57. Von Zur Gathen, J., Gerhard, J.: Modern Computer Algebra, 2nd edn. Cambridge University Press, New York (2003)

    MATH  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Horst Görtz Institute for IT Security, Ruhr-Universität Bochum, Bochum, Germany

    Tobias Oder

  2. ICTEAM/ELEN/Crypto Group, Université Catholique de Louvain, Louvain, Belgium

    Tobias Schneider

  3. Horst Görtz Institute for IT Security, Ruhr-Universität Bochum, Bochum, Germany

    Tim Güneysu

  4. DFKI, Bremen, Germany

    Tim Güneysu

Authors
  1. Tobias Oder
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Tobias Schneider
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Tim Güneysu
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Tim Güneysu .

Editor information

Editors and Affiliations

  1. Arbeitsgruppe Rechnerarchitektur, Universität Bremen, Bremen, Germany

    Rolf Drechsler

  2. École Polytechnique Fédérale de Lausanne, Lausanne, Switzerland

    Mathias Soeken

Rights and permissions

Reprints and permissions

Copyright information

© 2020 Springer Nature Switzerland AG

About this chapter

Check for updates. Verify currency and authenticity via CrossMark

Cite this chapter

Oder, T., Schneider, T., Güneysu, T. (2020). Secure Implementation of Lattice-Based Encryption Schemes. In: Drechsler, R., Soeken, M. (eds) Advanced Boolean Techniques. Springer, Cham. https://doi.org/10.1007/978-3-030-20323-8_2

Download citation

  • DOI: https://doi.org/10.1007/978-3-030-20323-8_2

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-030-20322-1

  • Online ISBN: 978-3-030-20323-8

  • eBook Packages: EngineeringEngineering (R0)

Publish with us

Policies and ethics

Search

Navigation