Top

Journal of Cryptographic Engineering

Published in:

01-06-2016 | CHES 2015

Masking ring-LWE

Authors: Oscar Reparaz, Sujoy Sinha Roy, Ruan de Clercq, Frederik Vercauteren, Ingrid Verbauwhede

Published in: Journal of Cryptographic Engineering | Issue 2/2016

Activate our intelligent search to find suitable subject content or patents.

search-config

AI-assisted search

Off

Abstract

In this paper, we propose a masking scheme to protect ring-LWE decryption from first-order side-channel attacks. In an unprotected ring-LWE decryption, the recovered plaintext is computed by first performing polynomial arithmetic on the secret key and then decoding the result. We mask the polynomial operations by arithmetically splitting the secret key polynomial into two random shares; the final decoding operation is performed using a new bespoke masked decoder. The outputs of our masked ring-LWE decryption are Boolean shares suitable for derivation of a symmetric key. Thus, the masking scheme keeps all intermediates, including the recovered plaintext, in the masked domain. We have implemented the masking scheme on both hardware and software. On a Xilinx Virtex-II FPGA, the masked ring-LWE processor requires around 2000 LUTs, a \(20~\%\) increase in the area with respect to the unprotected architecture. A masked decryption operation takes 7478 cycles, which is only a factor \(2.6\times \) larger than the unprotected decryption. On a 32-bit ARM Cortex-M4F processor, the masked software implementation costs around \(5.2\times \) more cycles than the unprotected implementation.

previous article Secure key generation from biased PUFs: extended version

next article Improved cryptanalysis of the DECT standard cipher

Dont have a licence yet? Then find out more about our products and how to get one now:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

über 102.000 Bücher
über 537 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Finance + Banking
Management + Führung
Marketing + Vertrieb
Maschinenbau + Werkstoffe
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

inform now

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 390 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Maschinenbau + Werkstoffe

Jetzt Wissensvorsprung sichern!

inform now

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 340 Zeitschriften

aus folgenden Fachgebieten:

Bauwesen + Immobilien
Business IT + Informatik
Finance + Banking
Management + Führung
Marketing + Vertrieb
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

inform now

Available only for authorised users

We use here the term “refresh” to refer to the process of modifying the masked representation \((a',a'')\) of a without modifying the unshared value a, but, contrary to other contexts in the literature, we do not imply that we are pumping new randomness in the new representation.

Note that in the special case, q is a prime close to a power of two and the construction of the quadrant block can be further simplified.

We would like to thank the anonyomus reviewer for bringing this important issue to our attention.

Balasch, J., Gierlichs, B., Reparaz, O., Verbauwhede, I.: Dpa, bitslicing and masking at 1 ghz. In: Güneysu, Handschuh [15], pp. 599–619

Bernstein, D.J., Buchmann, J., Dahmen, E.: Post Quantum Cryptography, 1st edn. Springer, Berlin (2008)

Bilgin, B., Gierlichs, B., Nikova, S., Nikov, V., Rijmen, V.: Higher-order threshold implementations. In: ASIACRYPT, Volume 8874 of LNCS, pp. 326–343. Springer, Berlin (2014)

Bos, J.W., Lauter, K., Loftus, J., Naehrig, M.: Improved security for a ring-based fully homomorphic encryption scheme. In: Cryptography and Coding, Volume 8308 of LNCS, pp. 45–64. Springer, Berlin (2013)

Brenner, H., Gaspar, L., Leurent, G., Rosen, A., Standaert, F.-X.: FPGA implementations of SPRING—and their countermeasures against side-channel attacks. In: CHES, Volume 8731 of LNCS, pp. 414–432. Springer, Berlin (2014)

Brier, E., Clavier, C., Olivier, F.: Correlation power analysis with a leakage model. In: CHES, Volume 3156 of LNCS, pp. 16–29. Springer, Berlin (2004)

Chari, S., Jutla, C.S., Rao, J.R., Rohatgi, P.: Towards sound approaches to counteract power-analysis attacks. In: CRYPTO, Volume 1666 of LNCS, pp. 398–412. Springer, Berlin (1999)

Coron, J.S.: Higher order masking of look-up tables. In: EUROCRYPT, Volume 8441 of LNCS, pp. 441–458. Springer, Berlin (2014)

de Clercq, R., Roy, S.S., Vercauteren, F., Verbauwhede, I.: Efficient software implementation of ring-LWE encryption. In: Nebel, W., Atienza, D. (eds.) Proceedings of the 2015 Design, Automation and Test in Europe Conference and Exhibition, DATE 2015, Grenoble, France, March 9–13, 2015, pp. 339–344. ACM (2015)

10.

Ducas, L., Durmus, A., Lepoint, T., Lyubashevsky, V.: Lattice signatures and bimodal gaussians. In: CRYPTO, Volume 8042 of LNCS, pp. 40–56. Springer, Berlin (2013)

11.

Fan, J., Vercauteren, F.: Somewhat practical fully homomorphic encryption. Cryptology ePrint Archive, Report 2012/144 (2012). http://eprint.iacr.org/

12.

Fujisaki, E., Okamoto, T.: Secure integration of asymmetric and symmetric encryption schemes. J. Cryptol. 26(1), 80–101 (2013)MathSciNetCrossRefMATH

13.

Göttert, N., Feller, T., Schneider, M., Buchmann, J., Huss, S.: On the design of hardware building blocks for modern lattice-based encryption schemes. In: CHES, Volume 7428 of LNCS, pp. 512–529. Springer, Berlin (2012)

14.

Goubin, L., Patarin, J.: DES and differential power analysis the duplication method. In: CHES, Volume 1717 of LNCS, pp. 158–172. Springer, Berlin (1999)

15.

Kocher, P.: Timing attacks on implementations of Diffie–Hellman, RSA, DSS, and other systems. In: CRYPTO, Volume 1109 of LNCS, pp. 104–113. Springer, Berlin (1996)

16.

Kocher, P., Jaffe, J., Jun, B.: Differential power analysis. In: CRYPTO, Volume 1666 of LNCS, pp. 388–397. Springer, Berlin (1999)

17.

Lyubashevsky, V., Peikert, C., Regev, O.: On ideal lattices and learning with errors over rings. In: EUROCRYPT, Volume 6110 of LNCS, pp. 1–23. Springer, 2010. Full Version available at Cryptology ePrint Archive, Report 2012/230

18.

Pan, J., den Hartog, J.I., Lu, J.: You cannot hide behind the mask: power analysis on a provably secure s-box implementation. In: Information Security Applications, Volume 5932 of LNCS, pp. 178–192. Springer, Berlin (2009)

19.

Peikert, C.: Lattice cryptography for the internet. In: Post-Quantum Cryptography—6th International Workshop, PQCrypto 2014, Waterloo, ON, Canada, October 1–3, 2014. Proceedings, pp. 197–219 (2014)

20.

Pöppelmann, T., Güneysu, T.: Towards practical lattice-based public-key encryption on reconfigurable hardware. In: Selected Areas in Cryptography—SAC 2013, Volume 8282 of LNCS, pp. 68–85. Springer, Berlin (2014)

21.

Prouff, E., Rivain, M., Bevan, R.: Statistical analysis of second order differential power analysis. IEEE Trans. Comput. 58(6), 799–811 (2009)MathSciNetCrossRef

22.

Rebeiro, C., Roy, S.S., Mukhopadhyay, D.: Pushing the limits of high-speed GF(\(2^m\)) elliptic curve scalar multiplication on fpgas. In: CHES, Volume 7428 of LNCS, pp. 494–511. Springer, Berlin (2012)

23.

Regev, O.: On lattices, learning with errors, random linear codes, and cryptography. In: Proceedings of the Thirty-seventh Annual ACM Symposium on Theory of Computing, STOC ’05, pp. 84–93, New York, NY, USA, 2005. ACM

24.

Reparaz, O., Bilgin, B., Nikova, S., Gierlichs, B., Verbauwhede, I.: Consolidating masking schemes. In: CRYPTO, Volume 9215 of LNCS, pp. 764–783. Springer, Berlin (2015)

25.

Reparaz, O., Gierlichs, B., Verbauwhede, I.: Selecting time samples for multivariate DPA attacks. In: CHES, Volume 7428 of LNCS, pp. 155–174. Springer, Berlin (2012)

26.

Reparaz, O., Roy, S.S., Vercauteren, F., Verbauwhede, I.: A masked ring-lwe implementation. In: Güneysu and Handschuh [15], pp. 683–702 (2015)

27.

Roy, S.S., Reparaz, O., Vercauteren, F., Verbauwhede, I.: Compact and side channel secure discrete gaussian sampling. In: IACR Cryptology ePrint Archive, vol. 2014, p. 591 (2014)

28.

Roy, S.S., Vercauteren, F., Mentens, N., Chen, D.D., Verbauwhede, I.: Compact ring-lwe cryptoprocessor. In: CHES, Volume 8731 of LNCS, pp. 371–391. Springer, Berlin (2014)

29.

Rudell, R.L.: Multiple-valued logic minimization for pla synthesis. Technical report, DTIC Document (1986)

30.

E.V. Trichina. Table lookup operation on masked data, 2013. US Patent 8,422,668

31.

Tunstall, M., Hanley, N., McEvoy, R.P., Whelan, C., Murphy, C.C., Marnane, W.P.: Correlation power analysis of large word sizes. In: IET Irish Signals and Systems Conference (ISSC) 2007, September 2007. Available at http://www.cs.bris.ac.uk/home/tunstall/papers/THMWMM.pdf

Title: Masking ring-LWE
Authors: Oscar Reparaz
Sujoy Sinha Roy
Ruan de Clercq
Frederik Vercauteren
Ingrid Verbauwhede
Publication date: 01-06-2016
Publisher: Springer Berlin Heidelberg
Published in: Journal of Cryptographic Engineering / Issue 2/2016
Print ISSN: 2190-8508
Electronic ISSN: 2190-8516
DOI: https://doi.org/10.1007/s13389-016-0126-5

Springer Professional

Abstract

Please log in to get access to your license.

Dont have a licence yet? Then find out more about our products and how to get one now:

Springer Professional "Wirtschaft+Technik"

Springer Professional "Technik"

Springer Professional "Wirtschaft"

Other articles of this Issue 2/2016

Exclusive exponent blinding is not enough to prevent any timing attack on RSA

Improved cryptanalysis of the DECT standard cipher

Introduction to the CHES 2015 special issue

Secure key generation from biased PUFs: extended version

Leakage assessment methodology

Premium Partner