Gaussian Sampling over the Integers: Efficient, Generic, Constant-Time
نویسندگان
چکیده
Sampling integers with Gaussian distribution is a fundamental problem that arises in almost every application of lattice cryptography, and it can be both time consuming and challenging to implement. Most previous work has focused on the optimization and implementation of integer Gaussian sampling in the context of specific applications, with fixed sets of parameters. We present new algorithms for discrete Gaussian sampling that are both generic (application independent), efficient, and more easily implemented in constant time without incurring a substantial slow-down, making them more resilient to side-channel (e.g., timing) attacks. As an additional contribution, we present new analytical techniques that can be used to simplify the precision/security evaluation of floating point cryptographic algorithms, and an experimental comparison of our algorithms with previous algorithms from the literature.
منابع مشابه
Security Systems Based on Gaussian Integers : Analysis of Basic Operations and Time Complexity of Secret Transformations
SECURITY SYSTEMS BASED ON GAUSSIAN INTEGERS: ANALYSIS OF BASIC OPERATIONS AND TIME COMPLEXITY OF SECRET TRANSFORMATIONS by Aleksey Koval Many security algorithms currently in use rely heavily on integer arithmetic modulo prime numbers. Gaussian integers can be used with most security algorithms that are formulated for real integers. The aim of this work is to study the benefits of common securi...
متن کاملOn Rejection Sampling Algorithms for Centered Discrete Gaussian Distribution over Integers
Lattice-based cryptography has been accepted as a promising candidate for public key cryptography in the age of quantum computing. Discrete Gaussian sampling is one of fundamental operations in many lattice-based cryptosystems. In this paper, we discuss a sub-problem of discrete Gaussian sampling, which is to sample from a centered discrete Gaussian distribution DZ,σ,c over the integers Z with ...
متن کاملEfficient Simulation for the Maximum of Infinite Horizon Discrete-time Gaussian Processes
We consider the problem of estimating the probability that the maximum of a Gaussian process with negative mean and indexed by positive integers reaches a high level, say b. In great generality such a probability converges to 0 exponentially fast in a power of b. Undermild assumptions on themarginal distributions of the process and no assumption on the correlation structure, we develop an impor...
متن کاملConstant-time Discrete Gaussian Sampling
Sampling from a discrete Gaussian distribution is an indispensable part of lattice-based cryptography. Several recent works have shown that the timing leakage from a non-constant-time implementation of the discrete Gaussian sampling algorithm could be exploited to recover the secret. In this paper, we propose a constant-time implementation of the Knuth-Yao random walk algorithm for performing c...
متن کاملDiscrete Ziggurat: A Time-Memory Trade-Off for Sampling from a Gaussian Distribution over the Integers
Several lattice-based cryptosystems require to sample from a discrete Gaussian distribution over the integers. Existing methods to sample from such a distribution either need large amounts of memory or they are very slow. In this paper we explore a different method that allows for a flexible time-memory trade-off, offering developers freedom in choosing how much space they can spare to store pr...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
عنوان ژورنال:
- IACR Cryptology ePrint Archive
دوره 2017 شماره
صفحات -
تاریخ انتشار 2017