Description
NIST’s post-quantum cryptography competition has entered in its second phase, the time has come to focus more closely on practical aspects of the candidates. On the lattice-based side, certain schemes chose to implement discrete Gaussian distributions which allow better parameters and security reductions. However, this advantage has also proved to be their Achilles’ heel, as discrete Gaussians pose serious challenges in terms of protection against timing attacks. In this talk, I will review the different timing weaknesses and present several constant-time techniques including a new approach to polynomially approximate transcendental functions (https://eprint.iacr.org/2019/511.pdf). I will emphasis on the application of these techniques on BLISS and FALCON signature schemes (https://tprest.github.io/pdf/pub/simple-fast-gaussian.pdf). We will see that the efficiency loss in the resulting implementations is reasonably low compared to the non constant-time.<br/> lien: http://desktop.visio.renater.fr/scopia?ID=729028***8178&autojoin
Next sessions
-
CryptoVerif: a computationally-sound security protocol verifier
Speaker : Bruno Blanchet - Inria
CryptoVerif is a security protocol verifier sound in the computational model of cryptography. It produces proofs by sequences of games, like those done manually by cryptographers. It has an automatic proof strategy and can also be guided by the user. It provides a generic method for specifying security assumptions on many cryptographic primitives, and can prove secrecy, authentication, and[…]-
Cryptography
-