Fault Attack Countermeasures for Error Samplers in Lattice-Based Cryptography

James Howe, Ayesha Khalid, Marco Martinoli, Francesco Regazzoni, Elisabeth Oswald

Research output: Chapter in Book/Report/Conference proceedingConference Contribution (Conference Proceeding)


Lattice-based cryptography is one of the leading candidates for NIST's post-quantum standardisation effort, providing efficient key encapsulation and signature schemes. Most of these schemes base their hardness on variants of LWE, and thus rely heavily on error samplers to provide necessary uncertainty by obfuscating computations on secret information. Because of this it is a clear and obvious target for side-channel analysis, with numerous types of attacks targeting this component to gain secret-key information. In order to bring potential lattice-based cryptographic standards to practical realisation, it is important to protect these modules from past and future fault and side-channel attacks. This paper proposes countermeasures that exploit the distributions expected from these error samples, that is either Gaussian or binomial, by using statistical tests to verify the samplers are operating properly. The novel countermeasures are designed to protect against all previous fault attacks on error samplers. We optimize hardware implementation of the proposed tests to avoid division and square root calculations, however, the countermeasure we propose is sufficiently generic to be suitable also for software. We measure the impact of these countermeasures on performance and area consumption on a Xilinx Artix-7 FPGA. Our countermeasure achieve promising performance while resulting in a minimal overhead.
Original languageEnglish
Title of host publicationIEEE International Symposium on Circuits and Systems (ISCAS)
Publication statusAccepted/In press - 22 Feb 2019

Fingerprint Dive into the research topics of 'Fault Attack Countermeasures for Error Samplers in Lattice-Based Cryptography'. Together they form a unique fingerprint.

Cite this