High-order Polynomial Comparison and Masking Lattice-based Encryption

Authors

  • Jean-Sébastien Coron University of Luxembourg, Esch-sur-Alzette, Luxembourg
  • François Gérard University of Luxembourg, Esch-sur-Alzette, Luxembourg
  • Simon Montoya IDEMIA, Cryptography & Security Labs, Courbevoie, France; LIX, INRIA, CNRS, École Polytechnique, Institut Polytechnique de Paris, France
  • Rina Zeitoun IDEMIA, Cryptography & Security Labs, Courbevoie, France

DOI:

https://doi.org/10.46586/tches.v2023.i1.153-192

Keywords:

High-order masking, lattice-based encryption

Abstract

The main protection against side-channel attacks consists in computing every function with multiple shares via the masking countermeasure. For IND-CCA secure lattice-based encryption schemes, the masking of the decryption algorithm requires the high-order computation of a polynomial comparison. In this paper, we describe and evaluate a number of different techniques for such high-order comparison, always with a security proof in the ISW probing model. As an application, we describe the full high-order masking of the NIST standard Kyber, with a concrete implementation on ARM Cortex M architecture, and a t-test evaluation.

Downloads

Published

2022-11-29

Issue

Volume 2023, Issue 1

Section

Articles

License

Copyright (c) 2022 Jean-Sébastien Coron, François Gérard, Simon Montoya, Rina Zeitoun

Creative Commons License

This work is licensed under a Creative Commons Attribution 4.0 International License.

How to Cite

Coron, J.-S., Gérard, F., Montoya, S., & Zeitoun, R. (2022). High-order Polynomial Comparison and Masking Lattice-based Encryption. IACR Transactions on Cryptographic Hardware and Embedded Systems, 2023(1), 153-192. https://doi.org/10.46586/tches.v2023.i1.153-192