International Association for Cryptologic Research

International Association
for Cryptologic Research

CryptoDB

High-order Table-based Conversion Algorithms and Masking Lattice-based Encryption

Authors:
Jean-Sébastien Coron , University of Luxembourg, Esch-sur-Alzette, Luxembourg
François Gérard , University of Luxembourg, Esch-sur-Alzette, Luxembourg
Simon Montoya , IDEMIA, Cryptography & Security Labs, Courbevoie, France; LIX, INRIA, CNRS, École Polytechnique, Institut Polytechnique de Paris, France
Rina Zeitoun , IDEMIA, Cryptography & Security Labs, Courbevoie, France
Download:
DOI: 10.46586/tches.v2022.i2.1-40
URL: https://tches.iacr.org/index.php/TCHES/article/view/9479
Search ePrint
Search Google
Presentation: Slides
Abstract: Masking is the main countermeasure against side-channel attacks on embedded devices. For cryptographic algorithms that combine Boolean and arithmetic masking, one must therefore convert between the two types of masking, without leaking additional information to the attacker. In this paper we describe a new high-order conversion algorithm between Boolean and arithmetic masking, based on table recomputation, and provably secure in the ISW probing model. We show that our technique is particularly efficient for masking structured LWE encryption schemes such as Kyber and Saber. In particular, for Kyber IND-CPA decryption, we obtain an order of magnitude improvement compared to existing techniques.
BibTeX
@article{tches-2022-31982,
  title={High-order Table-based Conversion Algorithms and Masking Lattice-based Encryption},
  journal={IACR Transactions on Cryptographic Hardware and Embedded Systems},
  publisher={Ruhr-Universität Bochum},
  volume={2022, Issue 2},
  pages={1-40},
  url={https://tches.iacr.org/index.php/TCHES/article/view/9479},
  doi={10.46586/tches.v2022.i2.1-40},
  author={Jean-Sébastien Coron and François Gérard and Simon Montoya and Rina Zeitoun},
  year=2022
}