Journal ArticleOPEN ACCESS

High-order Polynomial Comparison and Masking Lattice-based Encryption

IACR Transactions on Cryptographic Hardware and Embedded Systems (2022) 2023(1) 153-192
DOI: 10.46586/tches.v2023.i1.153-192
16Citations
Citations of this article
8Readers
Mendeley users who have this article in their library.

Abstract

The main protection against side-channel attacks consists in computing every function with multiple shares via the masking countermeasure. For IND-CCA secure lattice-based encryption schemes, the masking of the decryption algorithm requires the high-order computation of a polynomial comparison. In this paper, we describe and evaluate a number of different techniques for such high-order comparison, always with a security proof in the ISW probing model. As an application, we describe the full high-order masking of the NIST standard Kyber, with a concrete implementation on ARM Cortex M architecture, and a t-test evaluation.

Author supplied keywords

Cite

CITATION STYLE

APA

Coron, J. S., Gérard, F., Montoya, S., & Zeitoun, R. (2022). High-order Polynomial Comparison and Masking Lattice-based Encryption. IACR Transactions on Cryptographic Hardware and Embedded Systems, 2023(1), 153–192. https://doi.org/10.46586/tches.v2023.i1.153-192

Register to see more suggestions

Mendeley helps you to discover research relevant for your work.

Already have an account?

Save time finding and organizing research with Mendeley

Sign up for free