Algoritmos de amostragem Gaussiana discreta sobre reticulados demandam métodos discretos de amostragem sobre inteiros. Considerando que a amostragem de DΛ,σ,c é um dos passos na encriptação em certos criptosistemas modernos baseados em reticulados, surge a preocupação por implementações resistentes a ataques por canais laterais. Este trabalho apresenta e discute implementações dos métodos Knuth-Yao e Ziggurat em tempo constante comparando-as com suas versões de tempo variável. A implementação em tempo constante do Knuth-Yao é aplicada na amostragem sobre reticulados.
Several works have characterized weak instances of the Ring-LWE problem by exploring vulnerabilities arising from the use of algebraic structures. Although these weak instances are not addressed by worst-case hardness theorems, enabling other ring instantiations enlarges the scope of possible applications and favors the diversification of security assumptions. In this work, we extend the Ring-LWE problem in lattice-based cryptography to include algebraic lattices, realized through twisted embeddings. We define the class of problems Twisted Ring-LWE, which replaces the canonical embedding by an extended form. By doing so, we allow the Ring-LWE problem to be used over maximal real subfields of cyclotomic number fields. We prove that Twisted Ring-LWE is secure by providing a security reduction from Ring-LWE to Twisted Ring-LWE in both search and decision forms. It is also shown that the twist factor does not affect the asymptotic approximation factors in the worst-case to average-case reductions. Thus, Twisted Ring-LWE maintains the consolidated hardness guarantee of Ring-LWE and increases the existing scope of algebraic lattices that can be considered for cryptographic applications. Additionally, we expand on the results of Ducas and Durmus (Public-Key Cryptography, 2012) on spherical Gaussian distributions to the proposed class of lattices under certain restrictions. As a result, sampling from a spherical Gaussian distribution can be done directly in the respective number field while maintaining its format and standard deviation when seen in Zn via twisted embeddings.
This paper presents preliminary experimental results for the implementation of the third-round NIST finalists CRYSTALS-Kyber and Saber on the ARMv8 architecture. Our implementation uses NEON instructions to speed up key generation, encapsulation, and decapsulation of the reference codes. The benchmarks are performed on three devices: an Orange Pi WinPlus (Cortex-A53), a Raspberry Pi 4 (Cortex-A72), and a MacBook Air based on an Apple M1 chip. The experimental results show substantial improvements for Kyber and Saber, with speed-ups in the ranges 1.16-1.38x and 1.21-1.96x, respectively. We focused on the most time-consuming operations of each cryptosystem; however, similar works suggest that more expressive speed-ups can be obtained by extending the use of NEON instructions to other primary sub-routines.
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.
customersupport@researchsolutions.com
10624 S. Eastern Ave., Ste. A-614
Henderson, NV 89052, USA
Copyright © 2024 scite LLC. All rights reserved.
Made with 💙 for researchers
Part of the Research Solutions Family.