Info: Zenodo’s user support line is staffed on regular business days between Dec 23 and Jan 5. Response times may be slightly longer than normal.

Published September 12, 2019 | Version v1
Conference paper Open

Pushing the speed limit of constant-time discrete Gaussian sampling. A case study on Falcon

  • 1. imec-COSIC, KU Leuven

Description

Sampling from discrete Gaussian distribution has applications in lattice-based post-quantum cryptography. Several efficient solutions have been proposed in the recent years. However, making a Gaussian sampler secure against timing attacks turned out to be a challenging research problem. In this work, we observed an important property of the input random bit strings that generate samples in Knuth-Yao sampling. We delineate a generic step-by-step method to instantiate a discrete Gaussian sampler of arbitrary standard deviation and precision by efficiently minimizing the Boolean expressions by exploiting this property. Discrete Gaussian samplers generated in this method can be up to 37% faster than the state of the art method. Finally, we show that the signing algorithm of post-quantum signature scheme Falcon using our constant-time sampler is at most 33% slower than the fastest nonconstant time sampler.

Files

201906- Pushing the speed limit of constant-time discrete Gaussian sampling. A case study on Falcon.pdf

Additional details

Funding

FENTEC – Functional Encryption Technologies 780108
European Commission