Abstract
Harvey butterflies and their variants are core primitives in many optimized number-theoretic transform (NTT) implementations, such as those used by the HElib and SEAL homomorphic encryption libraries. However, these butterflies are not constant-time algorithms and may leak secret data when incorrectly implemented. Luckily for SEAL and HElib, the compilers optimize the code to run in constant-time. We claim that relying on the compiler is risky and demonstrate how a simple code modification, naïve compiler misuse, or even a malicious attacker that injects just a single compiler flag can cause leakage. This leakage can reduce the hardness of the ring learning with errors (R-LWE) instances used by these libraries, for example, from 2 128 to 2 104.
Author supplied keywords
Cite
CITATION STYLE
Drucker, N., & Pelleg, T. (2022). Timing Leakage Analysis of Non-constant-time NTT Implementations with Harvey Butterflies. In Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) (Vol. 13301 LNCS, pp. 99–117). Springer Science and Business Media Deutschland GmbH. https://doi.org/10.1007/978-3-031-07689-3_8
Register to see more suggestions
Mendeley helps you to discover research relevant for your work.
