TY - GEN
T1 - Compact, Scalable, and Efficient Discrete Gaussian Samplers for Lattice-Based Cryptography
AU - Khalid, Ayesha
AU - Howe, James
AU - Rafferty, Ciara
AU - Regazzoni, Francesco
AU - O'Neill, Maire
PY - 2018/5/7
Y1 - 2018/5/7
N2 - Lattice-based cryptography, one of the leading candidates for post-quantum security, relies heavily on discrete Gaussian samplers to provide necessary uncertainty, obfuscating computations on secret information. For reconfigurable hardware, the cumulative distribution table (CDT) scheme has previously been shown to achieve the highest throughput and the smallest resource utilisation, easily outperforming other existing samplers. However, the CDT sampler does not scale well. In fact, for large parameters, the lookup tables required are far too large to be practically implemented. This research proposes a hierarchy of multiple smaller samplers, extending the Gaussian convolution lemma to compute optimal parameters, where the individual samplers require much smaller lookup tables. A large range of parameter sets, covering encryption, signatures, and key exchange are evaluated. Hardware-optimised parameters are formulated and a practical implementation on Xilinx Artix-7 FPGA device is realised. The proposed sampling designs demonstrate promising performance on reconfigurable hardware, even for large parameters, that were otherwise thought infeasible.
AB - Lattice-based cryptography, one of the leading candidates for post-quantum security, relies heavily on discrete Gaussian samplers to provide necessary uncertainty, obfuscating computations on secret information. For reconfigurable hardware, the cumulative distribution table (CDT) scheme has previously been shown to achieve the highest throughput and the smallest resource utilisation, easily outperforming other existing samplers. However, the CDT sampler does not scale well. In fact, for large parameters, the lookup tables required are far too large to be practically implemented. This research proposes a hierarchy of multiple smaller samplers, extending the Gaussian convolution lemma to compute optimal parameters, where the individual samplers require much smaller lookup tables. A large range of parameter sets, covering encryption, signatures, and key exchange are evaluated. Hardware-optimised parameters are formulated and a practical implementation on Xilinx Artix-7 FPGA device is realised. The proposed sampling designs demonstrate promising performance on reconfigurable hardware, even for large parameters, that were otherwise thought infeasible.
KW - FPGA
KW - hardware security
KW - Gaussian samplers
KW - post-quantum cryptography
KW - lattice-based cryptography
UR - https://pure.qub.ac.uk/portal/en/publications/compact-scalable-and-efficient-discrete-gaussian-samplers-for-latticebased-cryptography(b3655e11-64e4-4736-8eb5-7f7bb35a1f5d).html
U2 - 10.1109/ISCAS.2018.8351009
DO - 10.1109/ISCAS.2018.8351009
M3 - Conference Contribution (Conference Proceeding)
SN - 9781538648827
BT - 2018 IEEE International Symposium on Circuits and Systems (ISCAS 2018)
PB - Institute of Electrical and Electronics Engineers (IEEE)
ER -