Quantum supremacy using a programmable superconducting processor". In: Nature 574, pp.505-510, 2019. ,
Efficient Lattice (H)IBE in the Standard Model, LNCS, vol.6110, pp.553-572, 2010. ,
, From Identification to Signatures via the Fiat-Shamir Transform: Minimizing Assumptions for Security and Forward-Security". In: EUROCRYPT 2002, vol.2332, pp.418-433, 2002.
URL : https://hal.archives-ouvertes.fr/hal-02391526
Cold Boot Attacks on Ring and Module LWE Keys Under the NTT, IACR TCHES, vol.3, pp.173-213, 2018. ,
Cold Boot Attacks on Ring and Module LWE Keys Under the NTT, IACR TCHES, vol.2018, issue.3, pp.173-213, 2018. ,
Generating Hard Instances of Lattice Problems (Extended Abstract), 28th ACM STOC, pp.99-108, 1996. ,
The Shortest Vector Problem in L2 is NP-hard for Randomized Reductions (Extended Abstract), 30th ACM STOC, pp.10-19, 1998. ,
A sieve algorithm for the shortest lattice vector problem, 33rd ACM STOC, pp.601-610, 2001. ,
Revisiting the expected cost of solving uSVP and applications to LWE, International Conference on the Theory and Application of Cryptology and Information Security, pp.297-322, 2017. ,
Estimate All the LWE, NTRU Schemes!" In: SCN 18, LNCS, vol.11035, p.145, 2018. ,
TESLA: Tightly-Secure Efficient Signatures from Standard Lattices, Cryptology ePrint Archive, 2015. ,
NewHope without reconciliation. Cryptology ePrint Archive, p.113, 1157. ,
Post-quantum key exchange-a new hope, 25th USENIX Security Symposium (USENIX Security 16, pp.327-343, 2016. ,
Revisiting TESLA in the Quantum Random Oracle Model, Post-Quantum Cryptography -8th International Workshop, pp.143-162, 2017. ,
On the concrete hardness of learning with errors, p.128, 2015. ,
Lattice Problems in NP cap coNP, 45th FOCS, pp.362-371, 2004. ,
The Hardness of Approximate Optimia in Lattices, Codes, and Systems of Linear Equations, 34th FOCS, pp.724-733, 1993. ,
Round5: Compact and Fast Post-quantum Public-Key Encryption, Post-Quantum Cryptography -10th International Conference, PQCrypto, pp.83-102, 2019. ,
On Lovász' Lattice Reduction and the Nearest Lattice Point Problem (Shortened Version) ,
Misuse Attacks on Post-quantum Cryptosystems, EURO-CRYPT, 2019. ,
Improved Security Proofs in Lattice-Based Cryptography: Using the Rényi Divergence Rather Than the Statistical Distance, ASIACRYPT 2015, Part I. Ed. by Tetsu Iwata and Jung Hee Cheon, vol.9452, pp.3-24, 2015. ,
Strong Non-Interference and Type-Directed Higher-Order Masking, ACM CCS, 2016. ,
URL : https://hal.archives-ouvertes.fr/hal-01410216
, , pp.116-129, 2016.
Masking the GLP Lattice-Based Signature Scheme at Any Order, EUROCRYPT 2018, Part II, vol.10821, pp.354-384, 2018. ,
URL : https://hal.archives-ouvertes.fr/hal-01900708
GALACTICS: Gaussian Sampling for Lattice-Based Constant-Time Implementation of Cryptographic Signatures, 2019. ,
URL : https://hal.archives-ouvertes.fr/hal-02470947
, GALACTICS implementations, 2019.
Assessment of the Key-Reuse Resilience of NewHope, LNCS, vol.11405, pp.158-160, 2019. ,
URL : https://hal.archives-ouvertes.fr/hal-02139910
Remote Timing Attacks Are Practical, USENIX Security 2003. USENIX Association, 2003. ,
Efficient polynomial L ? -approximations, 18th IEEE Symposium on Computer Arithmetic (ARITH 18, pp.169-176, 2018. ,
URL : https://hal.archives-ouvertes.fr/inria-00119513
The Magma algebra system I. The user language, J. Symbolic Comput, vol.24, pp.235-265, 1997. ,
HILA5 Pindakaas: On the CCA security of lattice-based encryption with error correction, Cryptology ePrint Archive, p.111, 2017. ,
NTRU Prime: Reducing Attack Surface at Low Cost, LNCS, vol.10719, pp.235-260, 2017. ,
URL : https://hal.archives-ouvertes.fr/hal-01934158
Practical Implementation of Ring-SIS/LWE Based Signature and IBE, Post-Quantum Cryptography -9th International Conference, PQCrypto, pp.271-291, 2018. ,
URL : https://hal.archives-ouvertes.fr/hal-01878516
PQC Round-2 candidate: NTRU Prime, p.160, 2019. ,
Cache-timing attacks on AES, 2005. ,
An Improved Compression Technique for Signatures Based on Learning with Errors ,
, LNCS, vol.8366, p.187, 2014.
, , 2017.
, , p.94, 2019.
A refined analysis of the cost for solving LWE via uSVP, Cryptology ePrint Archive, 2019. ,
URL : https://hal.archives-ouvertes.fr/hal-02886638
Bernstein and VAMPIRE Lab others. System for Unified Performance Evaluation Related to Cryptographic Operations and Primitives ,
Order-LWE and the Hardness of Ring-LWE with Entropic Secrets, Advances in Cryptology -ASIACRYPT 2019, pp.91-120, 2019. ,
LWE Without Modular Reduction and Improved Side-Channel Attacks Against BLISS, ASIACRYPT 2018, Part I. Ed. by Thomas Peyrin and Steven Galbraith, vol.11272, p.136, 2018. ,
URL : https://hal.archives-ouvertes.fr/hal-02073933
Frodo: Take off the Ring! Practical, Quantum-Secure Key Exchange from LWE, p.154, 2016. ,
Assessing the Feasibility of Single Trace Power Analysis of Frodo, 2018. ,
Fly, you fool! Faster Frodo for the ARM Cortex-M4. Cryptology ePrint Archive, 1116. ,
Classical hardness of learning with errors, pp.575-584, 2013. ,
URL : https://hal.archives-ouvertes.fr/hal-00922194
Flush, Gauss, and Reload -A Cache Attack on the BLISS Lattice-Based Signature Scheme, CHES 2016, vol.9813, p.148, 2016. ,
Scrambled Linear Pseudorandom Number Generators, 2018. ,
Bonsai Trees, or How to Delegate a Lattice Basis, LNCS, vol.6110, pp.523-552, 2010. ,
Distributions of Angles in Random Packing on Spheres, Journal of Machine Learning Research, vol.14, pp.1837-1864, 2013. ,
Approximate Trapdoors for Lattices and Smaller Hash-and-Sign Signatures, ASIACRYPT 2019, pp.3-32, 2019. ,
Secure Conversion between Boolean and Arithmetic Masking of Any Order, CHES 2014, vol.8731, pp.188-205, 2014. ,
Towards Sound Approaches to Counteract Power-Analysis Attacks, LNCS, vol.1666, pp.398-412, 1999. ,
, Report on Post-Quantum Cryptography. National Institute of Standards and Technology (NIST), NISTIR 8105 Draft, 2016.
Lizard: Cut off the tail! A practical post-quantum public-key encryption from LWE and LWR, International Conference on Security and Cryptography for Networks, pp.160-177, 2018. ,
, GLYPH: A New Instantiation of the GLP Digital Signature Scheme. Cryptology ePrint Archive
Grafting Trees: A Fault Attack Against the SPHINCS Framework, Post-Quantum Cryptography -9th International Conference, PQCrypto, pp.165-184, 2018. ,
BKZ 2.0: Better Lattice Security Estimates, ASIACRYPT 2011, vol.7073, pp.1-20, 2011. ,
URL : https://hal.archives-ouvertes.fr/hal-01109961
Higher-Order Side Channel Security and Mask Refreshing, LNCS, vol.8424, p.66, 2014. ,
Conversion from Arithmetic to Boolean Masking with Logarithmic Complexity, FSE 2015, vol.9054, pp.130-149, 2015. ,
Higher Order Masking of Look-Up Tables, EURO-CRYPT 2014, vol.8441, pp.441-458, 2014. ,
High-Order Conversion from Boolean to Arithmetic Masking, CHES 2017, vol.10529, pp.93-114, 2017. ,
On the Concrete Security of Goldreich's Pseudorandom Generator, ASI-ACRYPT 2018, Part II, vol.11273, pp.96-124, 2018. ,
URL : https://hal.archives-ouvertes.fr/hal-01944772
Template Attacks, CHES 2002 ,
, LNCS, vol.2523, pp.13-28, 2003.
Generalized Accept-Reject sampling schemes, Lecture Notes-Monograph Series, vol.45, pp.342-347, 2004. ,
LWE with Side Information: Attacks and Concrete Security Estimation ,
Decryption Failure Attacks on IND-CCA Secure Lattice-Based Schemes, PKC 2019, Part II, vol.11443, p.158, 2019. ,
Sujoy Sinha Roy, and Frederik Vercauteren. SABER. Tech. rep, 2019. ,
Unifying Leakage Models: From Probing Attacks to Noisy Leakage, LNCS. Springer, Heidelberg, vol.8441, pp.423-440, 2014. ,
A designer's guide to KEMs, 2003. ,
Non-Uniform Random Variate Generation(originally published with, 1986. ,
New directions in cryptography, IEEE transactions on Information Theory, p.110, 1976. ,
New cryptographic constructions using generalized learning with errors problem, Cryptology ePrint Archive, 2012. ,
BLISS: Bimodal Lattice Signature Schemes, p.52, 2013. ,
Efficient Identity-Based Encryption over NTRU Lattices, ASIACRYPT 2014, Part II. Ed. by Palash Sarkar and Tetsu Iwata, vol.8874, p.60, 2014. ,
URL : https://hal.archives-ouvertes.fr/hal-01094814
Faster Gaussian Lattice Sampling Using Lazy Floating-Point Arithmetic, LNCS, vol.7658, p.30, 2012. ,
URL : https://hal.archives-ouvertes.fr/hal-00864360
Learning a Zonotope and More: Cryptanalysis of NTRUSign Countermeasures, LNCS, vol.7658, p.12, 2012. ,
URL : https://hal.archives-ouvertes.fr/hal-00864359
One) failure is not an option: Bootstrapping the search for failures in lattice-based encryption schemes ,
Lattice Signatures and Bimodal Gaussians, CRYPTO 2013, Part I, vol.8042, pp.40-56, 2013. ,
URL : https://hal.archives-ouvertes.fr/hal-00864298
CRYSTALS-Dilithium: A Lattice-Based Digital Signature Scheme, IACR TCHES 2018, vol.1, p.94, 2018. ,
URL : https://hal.archives-ouvertes.fr/hal-01934176
On the impact of decryption failures on the security of LWE/LWR based schemes, In: IACR Cryptology ePrint Archive, vol.2018, p.159, 2018. ,
A public key cryptosystem and a signature scheme based on discrete logarithms, IEEE transactions on information theory, vol.31, pp.469-472, 1985. ,
Loop-Abort Faults on Lattice-Based Fiat-Shamir and Hash-and-Sign Signatures, SAC 2016, vol.10532, pp.140-158, 2016. ,
Side-Channel Attacks on BLISS Lattice-Based Signatures: Exploiting Branch Tracing against strongSwan and Electromagnetic Emanations in Microcontrollers, ACM CCS 2017, p.63, 2017. ,
URL : https://hal.archives-ouvertes.fr/hal-01648080
Organization of Computer Systems: The Fixed Plus Variable Structure Computer, Western Joint IRE-AIEE-ACM Computer Conference. IRE-AIEE-ACM '60 (Western), pp.33-40, 1960. ,
Detecting cache-timing vulnerabilities in post-quantum cryptography algorithms, 2018 IEEE 3rd International Verification and Security Workshop (IVSW), pp.7-12, 2018. ,
Cryptanalysis of ring-LWE based key exchange with key share reuse, Cryptology ePrint Archive ,
Secure Integration of Asymmetric and Symmetric Encryption Schemes, Journal of Cryptology, vol.26, p.119, 2013. ,
Key Recovery from Gram-Schmidt Norm Leakage in Hash-and-Sign Signatures over NTRU Lattices, Cryptology ePrint Archive, p.58, 2019. ,
Improved methods for calculating vectors of short lengthin a lattice, including a complexity analysis, vol.44, pp.463-471, 1985. ,
, Thijs Laarhoven, and Rachel Player. Round5. Tech. rep. NIST, p.137, 2019.
On the Limits of Non-Approximability of Lattice Problems, 30th ACM STOC, pp.1-9, 1998. ,
Public-Key Cryptosystems from Lattice Reduction Problems, LNCS, vol.1294, p.12, 1997. ,
A Generic Attack on Latticebased Schemes using Decryption Errors with Application to ss-ntru-pke ,
A Generic Attack on Latticebased Schemes using Decryption Errors, Cryptology ePrint Archive ,
Practical Lattice-Based Cryptography: A Signature Scheme for Embedded Systems, CHES 2012, vol.7428, pp.530-547, 2012. ,
Faster Gaussian Sampling for Trapdoor Lattices with Arbitrary Modulus, EUROCRYPT 2018, Part I, vol.10820, pp.174-203, 2018. ,
New Chosen-Ciphertext Attacks on NTRU, Public Key Cryptography -PKC, 2007. ,
Predicting Lattice Reduction, EURO-CRYPT, vol.4965, pp.31-51, 2008. ,
A Sound Method for Switching between Boolean and Arithmetic Masking, LNCS, vol.2162, p.69, 2001. ,
, Differential Fault Attacks on Deterministic Lattice Signatures". In: IACR TCHES, vol.2018, issue.3, p.136, 2018.
DES and Differential Power Analysis (The "Duplication" Method), CHES'99, vol.1717, pp.158-172, 1999. ,
Trapdoors for hard lattices and new cryptographic constructions, 40th ACM STOC, pp.197-206, 2008. ,
An Efficient and Provable Masked Implementation of qTESLA, Cryptology ePrint Archive, p.184 ,
A Fast Quantum Mechanical Algorithm for Database Search, Proceedings of the Twenty-eighth Annual ACM Symposium on Theory of Computing. STOC '96, 1996. ,
A Modular Analysis of the Fujisaki-Okamoto Transformation, p.110, 2017. ,
Accuracy and Stability of Numerical Algorithms, Second. SIAM, 2002. ,
Rounded Gaussians -Fast and Secure Constant-Time Sampling for Lattice-Based Crypto, PKC 2018, Part II, vol.10770, pp.728-757, 2018. ,
NTRUSIGN: Digital Signatures Using the NTRU Lattice, CT-RSA 2003, vol.2612, pp.122-140, 2003. ,
Practical lattice-based cryptography: NTRUEncrypt and NTRUSign, The LLL Algorithm, pp.349-390, 2009. ,
The Impact of Decryption Failures on the Security of NTRU Encryption, p.111, 2003. ,
Isochronous Gaussian Sampling: From Inception to Implementation, 2020 Cited on pages 17, vol.24, p.58 ,
A Hybrid Lattice-Reduction and Meet-in-the-Middle Attack Against NTRU, CRYPTO 2007, vol.4622, pp.150-169, 2007. ,
NSS: An NTRU Lattice-Based Signature Scheme, EUROCRYPT 2001. Ed. by Birgit Pfitzmann, vol.2045, pp.211-228, 2001. ,
Algorithms for the Shortest and Closest Lattice Vector Problems, Ling, Fengjing Shao, Yuansheng Tang, Huaxiong Wang, and Chaoping Xing, pp.159-190, 2011. ,
URL : https://hal.archives-ouvertes.fr/hal-00640637
Analyzing Blockwise Lattice Algorithms Using Dynamical Systems, CRYPTO 2011. Ed. by Phillip Rogaway, vol.6841, pp.447-464, 2011. ,
URL : https://hal.archives-ouvertes.fr/hal-00640638
NTRU: A ring-based public key cryptosystem, Algorithmic Number Theory, p.12, 1998. ,
Private Circuits: Securing Hardware against Probing Attacks, CRYPTO 2003. Ed. by Dan Boneh, vol.2729, pp.463-481, 2003. ,
Postquantum IND-CCA-secure KEM without Additional Hash ,
A Chosen-Ciphertext Attack against NTRU ,
Improved Algorithms for Integer Programming and Related Lattice Problems, 15th ACM STOC, pp.193-206, 1983. ,
Minkowski's convex body theorem and integer programming, Mathematics of operations research, vol.12, p.142, 1987. ,
, Constant-Time Discrete Gaussian Sampling, vol.67, pp.1561-1571, 2018.
, Cited on page 30
Pushing the speed limit of constant-time discrete Gaussian sampling. A case study on the Falcon signature scheme, Proceedings of the 56th Annual Design Automation Conference, pp.1-6, 2019. ,
Message on StackExchange, p.36, 2020. ,
Compact, scalable, and efficient discrete Gaussian samplers for latticebased cryptography, 2018 IEEE International Symposium on Circuits and Systems (ISCAS), pp.1-5, 2018. ,
Hardness of Approximating the Shortest Vector Problem in Lattices, 45th FOCS, pp.126-135, 2004. ,
Differential Power Analysis, LNCS, vol.1666, pp.388-397, 1999. ,
Introduction to Modern Cryptography, 2014. ,
Timing Attacks on Implementations of Diffie-Hellman, RSA, DSS, and Other Systems, LNCS, vol.1109, pp.104-113, 1996. ,
Lattices and Factorization of Polynomials, In: SIGSAM Bull, vol.15, issue.3, pp.15-16, 1981. ,
Meltdown: Reading Kernel Memory from User Space, pp.973-990, 2018. ,
Linear Transformation of Multivariate Normal Distribution: Marginal, Joint and Posterior, 2019. ,
Factoring Polynomials with Rational Coefficients, Mathematische Annalen 261, 1982. ,
Generalized Compact Knapsacks Are Collision Resistant, ICALP 2006, Part II, vol.4052, pp.144-155, 2006. ,
Better Key Sizes (and Attacks) for LWE-Based Encryption, Aggelos Kiayias, vol.6558, pp.319-339, 2011. ,
On Ideal Lattices and Learning with Errors over Rings, LNCS, vol.6110, p.120, 2010. ,
URL : https://hal.archives-ouvertes.fr/hal-00921792
A Toolkit for Ring-LWE Cryptography, EUROCRYPT 2013, vol.7881, pp.35-54, 2013. ,
URL : https://hal.archives-ouvertes.fr/hal-00864284
Hardness of decision (R)LWE for any modulus, Cryptology ePrint Archive, 2012. ,
Worst-Case to Average-Case Reductions for Module Lattices, Cryptology ePrint Archive ,
URL : https://hal.archives-ouvertes.fr/hal-01091291
, PQC Round-2 candidate: LAC. Tech. rep. NIST, 2019.
Simple Lattice Trapdoor Sampling from a Broad Class of Distributions, PKC 2015. Ed. by Jonathan Katz, vol.9020, pp.716-730, 2015. ,
URL : https://hal.archives-ouvertes.fr/hal-01235177
, CRYSTALS-DILITHIUM. Tech. rep. National Institute of Standards and Technology, 2019.
Fiat-Shamir with Aborts: Applications to Lattice and Factoring-Based Signatures, ASIACRYPT 2009. Ed. by Mitsuru Matsui, vol.5912, pp.598-616, 2009. ,
Lattice Signatures without Trapdoors, EUROCRYPT 2012, vol.7237, pp.738-755, 2012. ,
URL : https://hal.archives-ouvertes.fr/hal-00864308
Perfect lattices in Euclidean spaces, vol.327, p.141, 2013. ,
Lattices Algorithms and Applications (course CSE206A). Accessed on, 2020. ,
Masking Dilithium -Efficient Implementation and Side-Channel Evaluation, LNCS, vol.11464, p.184, 2019. ,
Generalized rejection sampling schemes and applications in signal processing, Signal Processing, vol.90, pp.2981-2995, 2010. ,
Power Analysis Attacks: Revealing the Secrets of Smart Cards, 2007. ,
Towards Practical Tools for Side Channel Aware Software Engineering: 'Grey Box' Modelling for Instruction Leakages, 26th USENIX Security Symposium (USENIX Security 17), pp.199-216, 2017. ,
, Trapdoors for Lattices: Simpler, Tighter, Faster, Smaller". In: EUROCRYPT 2012, vol.7237, p.60, 2012.
Worst-case to average-case reductions based on Gaussian measures, vol.37, p.149, 2007. ,
Computational Alternatives to Random Number Generators, LNCS, vol.1556, pp.72-80, 1999. ,
Fast Lattice Point Enumeration with Minimal Overhead, pp.276-294, 2015. ,
Gaussian Sampling over the Integers: Efficient, Generic, Constant-Time, CRYPTO 2017, Part II, vol.10402, pp.455-485, 2017. ,
, Cited on pages 30, vol.32, p.78
, Ananth Raghunathan, and Douglas Stebila. FrodoKEM. Tech. rep. National Institute of Standards and Technology, 2017.
, FrodoKEM. Tech. rep. NIST, 2019.
Giophanthus and *LWR-based submissions, 2019. ,
, Submission Requirements and Evaluation Criteria for the Post-Quantum Cryptography Standardization Process, 2016.
Learning a Parallelepiped: Cryptanalysis of GGH and NTRU Signatures, EUROCRYPT 2006 ,
, LNCS. Springer, vol.4004, p.12, 2006.
To BLISS-B or not to be: Attacking strongSwan's Implementation of Post-Quantum Signatures, ACM CCS 2017, pp.1843-1855, 2017. ,
Enhanced Lattice-Based Signatures on Reconfigurable Hardware, LNCS, vol.8731, pp.353-370, 2014. ,
Probabilistic reasoning in intelligent systems: networks of plausible inference, 2014. ,
An Efficient and Parallel Gaussian Sampler for Lattices, CRYPTO 2010, vol.6223, p.60, 2010. ,
Lattice Cryptography for the Internet, Post-Quantum Cryptography -6th International Workshop, PQCrypto, pp.197-219, 2014. ,
Attacking Deterministic Signature Schemes using Fault Attacks. Cryptology ePrint Archive, 1014. ,
, NewHope. Tech. rep. NIST, p.148, 2019.
Why Constant-Time Crypto?, 2018. ,
New Efficient, Constant-Time Implementations of Falcon. Cryptology ePrint Archive, 2019. ,
, , 2020.
Efficient Collision-Resistant Hashing from Worst-Case Assumptions on Cyclic Lattices, LNCS, vol.3876, p.12, 2006. ,
, FALCON. Tech. rep. National Institute of Standards and Technology, 2019.
Sharper Bounds in Lattice-Based Cryptography Using the Rényi Divergence, ASIACRYPT 2017, Part I, vol.10624, p.34, 2017. ,
A Complete and Optimized Key Mismatch Attack on NIST Candidate NewHope, Cryptology ePrint Archive, 2019. ,
Side-channel Assisted Existential Forgery Attack on Dilithium -A NIST PQC candidate. Cryptology ePrint Archive, vol.821, p.136, 2018. ,
Exploiting Determinism in Lattice-based Signatures: Practical Fault Attacks on pqm4 Implementations of NIST Candidates, ASIACCS 19, pp.427-440, 2019. ,
New lattice based cryptographic constructions, 35th ACM STOC, pp.407-416, 2003. ,
On lattices, learning with errors, random linear codes, and cryptography, 37th ACM STOC, pp.84-93, 2005. ,
Lattice-Based Cryptography (Invited Talk)". In: CRYPTO, Cynthia Dwork, vol.4117, p.12, 2006. ,
A Side-Channel Assisted Cryptanalytic Attack Against QcBits, CHES 2017, vol.10529, pp.3-23, 2017. ,
URL : https://hal.archives-ouvertes.fr/hal-01614569
Provably Secure Higher-Order Masking of AES, CHES 2010. Ed. by Stefan Mangard and François-Xavier Standaert, vol.6225, pp.413-427, 2010. ,
A Provable-Security Treatment of the Key-Wrap Problem, EUROCRYPT 2006. Ed. by Serge Vaudenay, vol.4004, pp.373-390, 2006. ,
, CRYSTALS-KYBER. Tech. rep. NIST, p.148, 2019.
Lattice basis reduction: Improved practical algorithms and solving subset sum problems, Mathematical programming, p.128, 1994. ,
Algorithms for Quantum Computation: Discrete Logarithms and Factoring, 35th FOCS, pp.124-134, 1994. ,
Sollya: An Environment for the Development of Numerical Codes, Mathematical Software -ICMS 2010, vol.6327, pp.28-31, 2010. ,
URL : https://hal.archives-ouvertes.fr/hal-00761644
On a theorem of functional analysis, Transl. Amer. Math. Soc, vol.34, pp.39-68, 1963. ,
Efficient Public Key Encryption Based on Ideal Lattices, ASIACRYPT 2009. Ed. by Mitsuru Matsui, vol.5912, p.12, 2009. ,
Tightly-Secure Key-Encapsulation Mechanism in the Quantum Random Oracle Model ,
Post-Quantum Security of the Fujisaki-Okamoto and OAEP Transforms, TCC 2016, 2016. ,
One Bit is All It Takes: A Devastating Timing Attack on BLISS's Non-Constant Time Sign Flips, Cryptology ePrint Archive, 2019. ,
Sampling the Integers with Low Relative Error, LNCS, vol.11627, p.31, 2019. ,
A detailed analysis of the hybrid lattice-reduction and meetin-the-middle attack, J. Mathematical Cryptology, vol.13, pp.1-26, 2019. ,
, , 2017.
Joost Rijneveld, Peter Schwabe, and Oussama Danba. PQC Round-2 candidate, 2019. ,
FACCT: FAst, Compact, and Constant-Time Discrete Gaussian Sampler over Integers, Cryptology ePrint Archive, 1234. ,
Compact and Scalable Arbitrarycentered Discrete Gaussian Sampling over Integers. Cryptology ePrint Archive ,
, All the ? 0 ? d observations made by the attacker of this last instance of Full? can be perfectly first compute the absolute value of x and perform the masked test |x| ? param. This saves the need for a masked operation to aggregate both tests
, Data: The shared element (x i ) 0?i?d to check in mod-q arithmetic masked representation; param Result: The bit rs equal to 1 iff |x| ? param
, Thus, for proving its d-NI security, it remains to prove the d-NIo or d-NI security of each of its gadgets: A q B, sec|.|, sec +q , and Full?. As seen before, A q B (Lemma 23), sec|.| (Lemma 25), Full? (Lemma 11) and sec + (Lemma 14) are d-NI. The is linear for Boolean masking, so it is d-NI. Thus, rejection sampling is d-NI, The rejection sampling is a succession of gadgets without cycle
, Data: Integer x ? Z q in arithmetic masked form (x i ) 0?i?d , param 1 , param 2 and Tail the number of least significant bits that are kept. Result: wr = 1 iff (|x| ? param 1 ) ? (| x Lst | ? param 2 )
, Lemma 28. The gadget WRnd-Coeff in Gadget 21 is d-NI secure
, Our goal is to prove that all these ? observations can be perfectly simulated with at most ? shares of (x i ) 0?i?d . In the following, we consider the following distribution of the attacker's ? observations: ? 1 observed during the computation of A q B that produces shares of (x i ) 0?i?d , ? 2 observed during the computation of the upper sec|.| that produces the shares of (a i ) 0?i?d , ? 3 observed during the Refresh, ? 4 observed during the computations of the ? and sec|.| that produces the shares of (y i ) 0?i?d , ? 5 observed during the sec + that produces (a i ) 0?i?d , ? 6 observed during the sec +, Proof: A graphical representation of Gadget 21 is in Fig. A.6. Let ? ? d be the number of observations made by the attacker