International Association for Cryptologic Research

International Association
for Cryptologic Research

CryptoDB

High-order Polynomial Comparison and Masking Lattice-based Encryption

Authors:
Jean-Sébastien Coron , University of Luxembourg, Esch-sur-Alzette, Luxembourg
François Gérard , University of Luxembourg, Esch-sur-Alzette, Luxembourg
Simon Montoya , IDEMIA, Cryptography & Security Labs, Courbevoie, France; LIX, INRIA, CNRS, École Polytechnique, Institut Polytechnique de Paris, France
Rina Zeitoun , IDEMIA, Cryptography & Security Labs, Courbevoie, France
Download:
DOI: 10.46586/tches.v2023.i1.153-192
URL: https://tches.iacr.org/index.php/TCHES/article/view/9950
Search ePrint
Search Google
Abstract: The main protection against side-channel attacks consists in computing every function with multiple shares via the masking countermeasure. For IND-CCA secure lattice-based encryption schemes, the masking of the decryption algorithm requires the high-order computation of a polynomial comparison. In this paper, we describe and evaluate a number of different techniques for such high-order comparison, always with a security proof in the ISW probing model. As an application, we describe the full high-order masking of the NIST standard Kyber, with a concrete implementation on ARM Cortex M architecture, and a t-test evaluation.
BibTeX
@article{tches-2022-32684,
  title={High-order Polynomial Comparison and Masking Lattice-based Encryption},
  journal={IACR Transactions on Cryptographic Hardware and Embedded Systems},
  publisher={Ruhr-Universität Bochum},
  volume={2023, Issue 1},
  pages={153-192},
  url={https://tches.iacr.org/index.php/TCHES/article/view/9950},
  doi={10.46586/tches.v2023.i1.153-192},
  author={Jean-Sébastien Coron and François Gérard and Simon Montoya and Rina Zeitoun},
  year=2022
}