Gaussian Sampling in Lattice-Based Cryptography

Although rather recent, lattice-based cryptography has stood out on numer-ous points, be it by the variety of constructions that it allows, by its expectedresistance to quantum computers, of by its efficiency when instantiated on someclasses of lattices.One of the most powerful tools of lattice-based cryptography is Gaussiansampling. At a high level, it allows to prove the knowledge of a particularlattice basis without disclosing any information about this basis. It allows torealize a wide array of cryptosystems. Somewhat surprisingly, few practicalinstantiations of such schemes are realized, and the algorithms which performGaussian sampling are seldom studied.The goal of this thesis is to fill the gap between the theory and practice ofGaussian sampling. First, we study and improve the existing algorithms, byboth a statistical analysis and a geometrical approach. We then exploit thestructures underlying many classes of lattices and apply the ideas of the fastFourier transform to a Gaussian sampler, allowing us to reach a quasilinearcomplexity instead of quadratic.Finally, we use Gaussian sampling in practice to instantiate a signaturescheme and an identity-based encryption scheme. The first one yields signaturesthat are the most compact currently obtained in lattice-based cryptography, andthe second one allows encryption and decryption that are about one thousandtimes faster than those obtained with a pairing-based counterpart on ellipticcurves.