Description
NIST’s post-quantum cryptography competition has entered in its second phase, the time has come to focus more closely on practical aspects of the candidates. On the lattice-based side, certain schemes chose to implement discrete Gaussian distributions which allow better parameters and security reductions. However, this advantage has also proved to be their Achilles’ heel, as discrete Gaussians pose serious challenges in terms of protection against timing attacks. In this talk, I will review the different timing weaknesses and present several constant-time techniques including a new approach to polynomially approximate transcendental functions (https://eprint.iacr.org/2019/511.pdf). I will emphasis on the application of these techniques on BLISS and FALCON signature schemes (https://tprest.github.io/pdf/pub/simple-fast-gaussian.pdf). We will see that the efficiency loss in the resulting implementations is reasonably low compared to the non constant-time.<br/> lien: http://desktop.visio.renater.fr/scopia?ID=729028***8178&autojoin
Next sessions
-
Polytopes in the Fiat-Shamir with Aborts Paradigm
Speaker : Hugo Beguinet - ENS Paris / Thales
The Fiat-Shamir with Aborts paradigm (FSwA) uses rejection sampling to remove a secret’s dependency on a given source distribution. Recent results revealed that unlike the uniform distribution in the hypercube, both the continuous Gaussian and the uniform distribution within the hypersphere minimise the rejection rate and the size of the proof of knowledge. However, in practice both these[…]-
Cryptography
-
Asymmetric primitive
-
Mode and protocol
-
-
Post-quantum Group-based Cryptography
Speaker : Delaram Kahrobaei - The City University of New York