Improved Gadgets for the High-Order Masking of Dilithium

被引:0
作者
Coron J.-S. [1 ]
Gérard F. [1 ]
Trannoy M. [1 ,2 ]
Zeitoun R. [2 ]
机构
[1] University of Luxembourg, Esch-sur-Alzette
[2] IDEMIA, Cryptography & Security Labs, Courbevoie
来源
IACR Transactions on Cryptographic Hardware and Embedded Systems | 2023年 / 2023卷 / 04期
关键词
Dilithium; high-order masking; Lattice-based signature;
D O I
10.46586/tches.v2023.i4.110-145
中图分类号
学科分类号
摘要
We present novel and improved high-order masking gadgets for Dilithium, a post-quantum signature scheme that has been standardized by the National Institute of Standards and Technologies (NIST). Our proposed gadgets include the ShiftMod gadget, which is used for efficient arithmetic shifts and serves as a component in other masking gadgets. Additionally, we propose a new algorithm for Boolean-to-arithmetic masking conversion of a µ-bit integer x modulo any integer q, with a complexity that is independent of both µ and q. This algorithm is used in Dilithium to mask the generation of the random variable y modulo q. Moreover, we describe improved techniques for masking the Decompose function in Dilithium. Our new gadgets are proven to be secure in the t-probing model. We demonstrate the effectiveness of our countermeasures by presenting a complete high-order masked implementation of Dilithium that utilizes the improved gadgets described above. We provide practical results obtained from a C implementation and compare the performance improvements provided by our new gadgets with those of previous work. © 2023, Ruhr-University of Bochum. All rights reserved.
引用
收藏
页码:110 / 145
页数:35
相关论文
共 27 条
[1]  
Azouaoui Melissa, Bronchain Olivier, Cassiers Gaetan, Hoffmann Clement, Kuzovkova Yulia, Renes Joost, Schonauer Markus, Schneider Tobias, Standaert FrancoisXavier, van Vredendaal Christine, Leveling dilithium against leakage: Revisited sensitivity analysis and improved implementations, Cryptology ePrint Archive, (2022)
[2]  
Barthe Gilles, Belaid Sonia, Dupressoir Francois, Fouque Pierre-Alain, Gregoire Benjamin, Strub Pierre-Yves, Verified proofs of higher-order masking, Advances in Cryptology-EUROCRYPT 2015-Proceedings, Part I, pp. 457-485, (2015)
[3]  
Barthe Gilles, Belaid Sonia, Dupressoir Francois, Fouque Pierre-Alain, Gregoire Benjamin, Strub Pierre-Yves, Zucchini Rebecca, Strong noninterference and type-directed higher-order masking, Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security, pp. 116-129, (2016)
[4]  
Barthe Gilles, Belaid Sonia, Espitau Thomas, Fouque Pierre-Alain, Gregoire Benjamin, Rossi Melissa, Tibouchi Mehdi, Masking the GLP lattice-based signature scheme at any order, Advances in Cryptology-EUROCRYPT 2018-Proceedings, Part II, pp. 354-384, (2018)
[5]  
Bronchain Olivier, Cassiers Gaetan, Bitslicing arithmetic/boolean masking conversions for fun and profit with application to lattice-based kems, IACR Trans. Cryptogr. Hardw. Embed. Syst, 2022, 4, pp. 553-588, (2022)
[6]  
Bettale Luk, Coron Jean-Sebastien, Zeitoun Rina, Improved high-order conversion from boolean to arithmetic masking, IACR Trans. Cryptogr. Hardw. Embed. Syst, 2018, 2, pp. 22-45, (2018)
[7]  
Bootle Jonathan, Delaplace Claire, Espitau Thomas, Fouque Pierre-Alain, Tibouchi Mehdi, LWE without modular reduction and improved side-channel attacks against BLISS, Advances in Cryptology-ASIACRYPT 2018-24th International Conference on the Theory and Application of Cryptology and Information Security, Brisbane, QLD, Australia, December 2-6, 2018, Proceedings, Part I, volume 11272 of Lecture Notes in Computer Science, pp. 494-524
[8]  
Bhasin Shivam, D'Anvers Jan-Pieter, Heinz Daniel, Poppelmann Thomas, Van Beirendonck Michiel, Attacking and defending masked polynomial comparison for lattice-based cryptography, IACR Trans. Cryptogr. Hardw. Embed. Syst, 2021, 3, pp. 334-359, (2021)
[9]  
Bai Shi, Ducas Leo, Kiltz Eike, Lepoint Tancrede, Lyubashevsky Vadim, Schwabe Peter, Seiler Gregor, Stehle Damien, Crystalsdilithium algorithm specifications and supporting documentation (version 3.1), (2021)
[10]  
Bai Shi, Galbraith Steven D., An improved compression technique for signatures based on learning with errors, Topics in Cryptology – CT-RSA 2014, pp. 28-47, (2014)