Improved High-Order Masked Generation of Masking Vector and Rejection Sampling in Dilithium

Authors

  • Jean-Sébastien Coron University of Luxembourg, Esch-sur-Alzette, Luxembourg
  • François Gérard University of Luxembourg, Esch-sur-Alzette, Luxembourg
  • Tancrède Lepoint Amazon Web Services, Seattle, United States of America
  • Matthias Trannoy University of Luxembourg, Esch-sur-Alzette, Luxembourg; IDEMIA, Cryptography, Courbevoie, France & Security Labs, Courbevoie, France
  • Rina Zeitoun IDEMIA, Cryptography, Courbevoie, France & Security Labs, Courbevoie, France

DOI:

https://doi.org/10.46586/tches.v2024.i4.335-354

Keywords:

High-order masking, Boolean to arithmetic conversion, Dilithium signature, ML-DSA

Abstract

for Dilithium, the post-quantum signature scheme recently standardized by NIST. We improve the masked generation of the masking vector y, based on a fast Booleanto- arithmetic conversion modulo q. We also describe an optimized gadget for the high-order masked rejection sampling, with a complexity independent from the size of the modulus q. We prove the security of our gadgets in the classical ISW t-probing model. Finally, we detail our open-source C implementation of these gadgets integrated into a fully masked Dilithium implementation, and provide an efficiency comparison with previous works.

Downloads

Published

2024-09-05

Issue

Vol. 2024 No. 4

Section

Articles

License

Copyright (c) 2024 Jean-Sébastien Coron, François Gérard, Tancrède Lepoint, Matthias Trannoy, Rina Zeitoun

Creative Commons License

This work is licensed under a Creative Commons Attribution 4.0 International License.

How to Cite

Improved High-Order Masked Generation of Masking Vector and Rejection Sampling in Dilithium. (2024). IACR Transactions on Cryptographic Hardware and Embedded Systems, 2024(4), 335-354. https://doi.org/10.46586/tches.v2024.i4.335-354