Description
NIST’s post-quantum cryptography competition has entered in its second phase, the time has come to focus more closely on practical aspects of the candidates. On the lattice-based side, certain schemes chose to implement discrete Gaussian distributions which allow better parameters and security reductions. However, this advantage has also proved to be their Achilles’ heel, as discrete Gaussians pose serious challenges in terms of protection against timing attacks. In this talk, I will review the different timing weaknesses and present several constant-time techniques including a new approach to polynomially approximate transcendental functions (https://eprint.iacr.org/2019/511.pdf). I will emphasis on the application of these techniques on BLISS and FALCON signature schemes (https://tprest.github.io/pdf/pub/simple-fast-gaussian.pdf). We will see that the efficiency loss in the resulting implementations is reasonably low compared to the non constant-time.<br/> lien: http://desktop.visio.renater.fr/scopia?ID=729028***8178&autojoin