Compact, Scalable, and Efficient Discrete Gaussian Samplers for Lattice-Based Cryptography

Ayesha Khalid, James Howe, Ciara Rafferty, Francesco Regazzoni, Maire O'Neill

Research output: Chapter in Book/Report/Conference proceedingConference Contribution (Conference Proceeding)

Abstract

Lattice-based cryptography, one of the leading candidates for post-quantum security, relies heavily on discrete Gaussian samplers to provide necessary uncertainty, obfuscating computations on secret information. For reconfigurable hardware, the cumulative distribution table (CDT) scheme has previously been shown to achieve the highest throughput and the smallest resource utilisation, easily outperforming other existing samplers. However, the CDT sampler does not scale well. In fact, for large parameters, the lookup tables required are far too large to be practically implemented. This research proposes a hierarchy of multiple smaller samplers, extending the Gaussian convolution lemma to compute optimal parameters, where the individual samplers require much smaller lookup tables. A large range of parameter sets, covering encryption, signatures, and key exchange are evaluated. Hardware-optimised parameters are formulated and a practical implementation on Xilinx Artix-7 FPGA device is realised. The proposed sampling designs demonstrate promising performance on reconfigurable hardware, even for large parameters, that were otherwise thought infeasible.
Original languageEnglish
Title of host publication2018 IEEE International Symposium on Circuits and Systems (ISCAS 2018)
PublisherInstitute of Electrical and Electronics Engineers (IEEE)
Number of pages5
ISBN (Electronic)9781538648810
ISBN (Print)9781538648827
DOIs
Publication statusE-pub ahead of print - 7 May 2018

Publication series

Name
ISSN (Print)2379-447X

Keywords

  • FPGA
  • hardware security
  • Gaussian samplers
  • post-quantum cryptography
  • lattice-based cryptography

Fingerprint Dive into the research topics of 'Compact, Scalable, and Efficient Discrete Gaussian Samplers for Lattice-Based Cryptography'. Together they form a unique fingerprint.

Cite this