Skip to main content
SpringerLink
Log in

Additively Homomorphic Ring-LWE Masking

  • Conference paper
  • First Online:
Book cover Post-Quantum Cryptography (PQCrypto 2016)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 9606))

Included in the following conference series:

Abstract

In this paper, we present a new masking scheme for ring-LWE decryption. Our scheme exploits the additively-homomorphic property of the existing ring-LWE encryption schemes and computes an additive-mask as an encryption of a random message. Our solution differs in several aspects from the recent masked ring-LWE implementation by Reparaz et al. presented at CHES 2015; most notably we do not require a masked decoder but work with a conventional, unmasked decoder. As such, we can secure a ring-LWE implementation using additive masking with minimal changes. Our masking scheme is also very generic in the sense that it can be applied to other additively-homomorphic encryption schemes.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Notes

  1. 1.

    http://www.st.com/web/en/resource/technical/document/datasheet/DM00037051.pdf.

References

  1. Aysu, A., Patterson, C., Schaumont, P.: Low-cost and area-efficient FPGA implementations of lattice-based cryptography. In: 2013 IEEE International Symposium on Hardware-Oriented Security and Trust (HOST), pp. 81–86 (2013)

    Google Scholar 

  2. Brier, E., Clavier, C., Olivier, F.: Correlation power analysis with a leakage model. In: Joye, M., Quisquater, J.-J. (eds.) CHES 2004. LNCS, vol. 3156, pp. 16–29. Springer, Heidelberg (2004)

    Chapter  Google Scholar 

  3. Bos, J.W., Lauter, K., Loftus, J., Naehrig, M.: Improved security for a ring-based fully homomorphic encryption scheme, Cryptology ePrint Archive, Report 2013/075 (2013). http://eprint.iacr.org/

  4. Boorghany, A., Sarmadi, S.B., Jalili, R.: On constrained implementation of lattice-based cryptographic primitives and schemes on smart cards. ACM Trans. Embed. Comput. Syst. 14(3), 42 (2015)

    Article  Google Scholar 

  5. Chari, S., Jutla, C.S., Rao, J.R., Rohatgi, P.: Towards sound approaches to counteract power-analysis attacks. In: Wiener, M. (ed.) CRYPTO 1999. LNCS, vol. 1666, pp. 398–412. Springer, Heidelberg (1999)

    Chapter  Google Scholar 

  6. de Clercq, R., Roy, S.S., Vercauteren, F., Verbauwhede, I.: Efficient software implementation of ring-lwe encryption. In: Nebel, W., Atienza, D. (ed.) Proceedings of the 2015 Design, Automation & Test in Europe Conference & Exhibition, Grenoble, France, 9–13 March 2015, pp. 339–344. ACM (2015)

    Google Scholar 

  7. Fan, J., Vercauteren, F.: Somewhat practical fully homomorphic encryption, Cryptology ePrint Archive, Report 2012/144 (2012). http://www.eprint.iacr.org/

  8. Göttert, N., Feller, T., Schneider, M., Buchmann, J., Huss, S.: On the design of hardware building blocks for modern lattice-based encryption schemes. In: Prouff, E., Schaumont, P. (eds.) CHES 2012. LNCS, vol. 7428, pp. 512–529. Springer, Heidelberg (2012)

    Chapter  Google Scholar 

  9. Güneysu, T., Oder, T., Pöppelmann, T., Schwabe, P.: Software speed records for lattice-based signatures. In: Gaborit, P. (ed.) PQCrypto 2013. LNCS, vol. 7932, pp. 67–82. Springer, Heidelberg (2013)

    Chapter  Google Scholar 

  10. Goubin, L., Patarin, J.: DES and differential power analysis. In: Koç, Ç.K., Paar, C. (eds.) CHES 1999. LNCS, vol. 1717, pp. 158–172. Springer, Heidelberg (1999)

    Chapter  Google Scholar 

  11. Golic, J.D., Tymen, T.: Multiplicative masking and power analysis of AES, cryptographic hardware and embedded systems - CHES 2002. In: Kaliski Jr, Burton S., Koç, Çetin Kaya, Paar, Christof (eds.) CHES 2002. LNCS, vol. 2523, pp. 198–212. Springer, Heidelberg (2002)

    Chapter  Google Scholar 

  12. Kocher, P.C., Jaffe, J., Jun, B.: Differential Power Analysis. In: Wiener, M. (ed.) CRYPTO 1999. LNCS, vol. 1666, pp. 388–397. Springer, Heidelberg (1999)

    Chapter  Google Scholar 

  13. Kocher, P.C.: Timing attacks on implementations of Diffie-Hellman, RSA, DSS, and other systems. In: Koblitz, N. (ed.) CRYPTO 1996. LNCS, vol. 1109, pp. 104–113. Springer, Heidelberg (1996)

    Google Scholar 

  14. Lyubashevsky, V., Peikert, C., Regev, O.: On ideal lattices and learning with errors over rings. In: Gilbert, H. (ed.) EUROCRYPT 2010. LNCS, vol. 6110, pp. 1–23. Springer, Heidelberg (2010)

    Chapter  Google Scholar 

  15. Liu, Z., Seo, H., Roy, S.S. Großschädl, J., Kim, H., Verbauwhede, I.: Efficient ring-lwe encryption on 8-bit avr processors, Cryptology ePrint Archive, Report 2015/410 (2015). http://eprint.iacr.org/

    Google Scholar 

  16. Cryptography today, Last Modified on 19, Aug 2015. https://www.nsa.gov/ia/programs/suiteb_cryptography/index.shtml

  17. Pöppelmann, T., Ducas, L., Güneysu, T.: Enhanced lattice-based signatures on reconfigurable hardware. In: Batina, L., Robshaw, M. (eds.) CHES 2014. LNCS, vol. 8731, pp. 353–370. Springer, Heidelberg (2014)

    Google Scholar 

  18. Pöppelmann, T., Güneysu, T.: Towards practical lattice-based public-key encryption on reconfigurable hardware. In: Lange, T., Lauter, K., Lisoněk, P. (eds.) SAC 2013. LNCS, vol. 8282, pp. 68–86. Springer, Heidelberg (2014)

    Chapter  Google Scholar 

  19. Pöppelmann, T., Oder, T., Güneys, T.: High-performance ideal lattice-based cryptography on 8-bit atxmega microcontrollers, Cryptology ePrint Archive, Report 2015/382 (2015). http://eprint.iacr.org/

  20. Regev, O.: On lattices, learning with errors, random linear codes, and cryptography. In: Proceedings of the Thirty-seventh Annual ACM Symposium on Theory of Computing, New York, NY, USA, STOC 2005, pp. 84–93. ACM (2005)

    Google Scholar 

  21. Reparaz, O., Roy, S.S., Vercauteren, F., Verbauwhede, I.: A masked ring-LWE implementation. In: Güneysu, T., Handschuh, H. (eds.) CHES 2015. LNCS, vol. 9293, pp. 683–702. Springer, Heidelberg (2015)

    Chapter  Google Scholar 

  22. Roy, S.S., Vercauteren, F., Mentens, N., Chen, D.D., Verbauwhede, I.: Compact ring-LWE cryptoprocessor. In: Batina, L., Robshaw, M. (eds.) CHES 2014. LNCS, vol. 8731, pp. 371–391. Springer, Heidelberg (2014)

    Google Scholar 

  23. Roy, S.S., Vercauteren, F., Verbauwhede, I.: High precision discrete gaussian sampling on FPGAs. In: Lange, T., Lauter, K., Lisoněk, P. (eds.) SAC 2013. LNCS, vol. 8282, pp. 383–401. Springer, Heidelberg (2014)

    Chapter  Google Scholar 

  24. Shor, P.W.: Polynomial-time algorithms for prime factorization and discrete logarithms on a quantum computer. SIAM Review. 41, 303–332 (1999)

    Article  MathSciNet  MATH  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. COSIC/KU Leuven and iMinds, Kasteelpark Arenberg 10, 3001, Leuven, Belgium

    Oscar Reparaz, Ruan de Clercq, Sujoy Sinha Roy, Frederik Vercauteren & Ingrid Verbauwhede

Authors
  1. Oscar Reparaz
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Ruan de Clercq
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Sujoy Sinha Roy
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Frederik Vercauteren
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Ingrid Verbauwhede
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Oscar Reparaz .

Editor information

Editors and Affiliations

  1. Kyushu University, Fukuoka, Japan

    Tsuyoshi Takagi

An Attack on the Multiplication

An Attack on the Multiplication

An adversary could mount the following attack with a zero-value power model to recover only whether \(s[i]=0\) or not. Note that the distribution of \((c_1+c'_1)\cdot s\) when \(s=0\) and \(c_1+c'_1\) is uniform random is different from the distribution of \((c_1+c'_1) \cdot s\) when \(s\ne 0\). This effect resembles [GT02], with the important difference that here the attacker has no control over \((c_1+c'_1)\) and that the outcome of the attack is recovering only whether \(s[i]=0\) or not.

  1. 1.

    locate time samples where \((c_1+c'_1)[i] \cdot s[i]\) is handled \(i\in \{0,\ldots , 255\}\).

  2. 2.

    cluster \((c_1+c'_1)[i] \cdot s[i]\) into two groups according to mean power consumption (or variance).

  3. 3.

    tag the two groups as \(s[i]=0\) or \(s[i]\ne 0\).

Rights and permissions

Reprints and permissions

Copyright information

© 2016 Springer International Publishing Switzerland

About this paper

Cite this paper

Reparaz, O., de Clercq, R., Roy, S.S., Vercauteren, F., Verbauwhede, I. (2016). Additively Homomorphic Ring-LWE Masking. In: Takagi, T. (eds) Post-Quantum Cryptography. PQCrypto 2016. Lecture Notes in Computer Science(), vol 9606. Springer, Cham. https://doi.org/10.1007/978-3-319-29360-8_15

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-29360-8_15

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-29359-2

  • Online ISBN: 978-3-319-29360-8

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation