a masked ring lwe
play

A MASKED RING-LWE IMPLEMENTATION Oscar Reparaz, Sujoy Sinha Roy, - PowerPoint PPT Presentation

Aug 27, 2023 •100 likes •477 views

A MASKED RING-LWE IMPLEMENTATION Oscar Reparaz, Sujoy Sinha Roy, Frederik Vercauteren, Ingrid Verbauwhede COSIC/KU Leuven CHES 2015, Saint-Malo, FR 1 un protected ring-LWE decryption r2 m=th[INTT(c 1 *r 2 + c 2 )] 2 un protected ring-LWE

  1. A MASKED RING-LWE IMPLEMENTATION Oscar Reparaz, Sujoy Sinha Roy, Frederik Vercauteren, Ingrid Verbauwhede COSIC/KU Leuven CHES 2015, Saint-Malo, FR 1

  2. un protected ring-LWE decryption r2 m=th[INTT(c 1 *r 2 + c 2 )] 2

  3. un protected ring-LWE decryption r2 c1 c2 m=th[INTT(c 1 *r 2 + c 2 )] 2

  4. un protected ring-LWE decryption r2 x x x x x x x x x x c1 c2 m=th[INTT(c 1 *r 2 + c 2 )] 2

  5. un protected ring-LWE decryption r2 x x x x x x x x x x c1 + + + + + + + + + + c2 m=th[INTT(c 1 *r 2 + c 2 )] 2

  6. un protected ring-LWE decryption r2 x x x x x x x x x x c1 + + + + + + + + + + c2 INTT m=th[INTT(c 1 *r 2 + c 2 )] 2

  7. un protected ring-LWE decryption r2 x x x x x x x x x x c1 + + + + + + + + + + c2 INTT th th th th th th th th th th m m=th[INTT(c 1 *r 2 + c 2 )] 2

  8. th operation 3

  9. masking ring-LWE • Core idea: split the secret: r= r’+r’’ m=th[INTT(c 1 *r 2 + c 2 )] 4

  10. masking ring-LWE • Core idea: split the secret: r= r’+r’’ 1 2 2 m=th[INTT(c 1 *r 2 + c 2 )] 4

  11. on the masked decoder 1 2 2 6

  12. on the masked decoder 1 2 2 6

  13. 7

  14. 7

  15. 7

  16. 7

  17. what happened? • could decode th (a) from quad(a’) and quad(a’’) – quad() return only 2 bits, so it will be easy to perform masked computation. • Idea: decode th (a) only from quad(a’) and quad(a’’) – large compression 8

  18. decoding rules • There are 7 other more cases (“rules”) • There are 8 cases that don’t allow inferring th(a)! 9

  19. Cases where it fails 10

  20. solution: refresh • Refresh the sharing: a’ := a’ + D a’’ := a’’ – D And try again • Do not draw D from random, compute nice ones. 11

  21. 12

  22. implementation costs unprotected (CHES2014*) protected (this work) • 1713 LUTs / 830 FFs / 1 DSP • 2014 LUTs / 959 FFs / 1 DSP • Fmax = 120 MHz • 100 MHz Parameter set: (n,q,s)=(256,7681,11.32) Xilinx Virtex-II xc2vp7 FPGA * Synthetized on Virtex-II 13

  23. implementation costs unprotected (CHES2014*) protected (this work) • 1713 LUTs / 830 FFs / 1 DSP • 2014 LUTs / 959 FFs / 1 DSP • Fmax = 120 MHz • 100 MHz • 2.8 k cycles (23.5 us) • 7.5 k cycles (75.2 us) Parameter set: (n,q,s)=(256,7681,11.32) Xilinx Virtex-II xc2vp7 FPGA * Synthetized on Virtex-II 13

  24. implementation costs unprotected (CHES2014*) protected (this work) • 1713 LUTs / 830 FFs / 1 DSP • 2014 LUTs / 959 FFs / 1 DSP • Fmax = 120 MHz • 100 MHz • 2.8 k cycles (23.5 us) • 7.5 k cycles (75.2 us) Parameter set: (n,q,s)=(256,7681,11.32) Xilinx Virtex-II xc2vp7 FPGA ECC: Rebeiro et.al. (CHES2012): 289 kcycles * LUT This work: 151 k cycles*LUTs * Synthetized on Virtex-II 13

  25. error rates 14

  26. error rates 14

  27. 15

  28. 16

  29. evaluation 17

  30. PRNG off 18

  31. PRNG on 19

  32. second order 20

  33. second order 21

  34. Conclusion • Fully masked ring-LWE decryption – outputs Boolean shares • Manageable overhead: x2.6 cycles wrt unprotected • Small! • Bespoke decoder – Error rate controlled • Practical evaluation 22

  35. 23

  36. A MASKED RING-LWE IMPLEMENTATION Oscar Reparaz, Sujoy Sinha Roy, Frederik Vercauteren, Ingrid Verbauwhede COSIC/KU Leuven CHES 2015, Saint-Malo, FR 24

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Ring-LWE Implementation Tobias Oder 1 , Tobias Schneider 2 , Thomas Pppelmann 3 , Tim Gneysu

Ring-LWE Implementation Tobias Oder 1 , Tobias Schneider 2 , Thomas Pppelmann 3 , Tim Gneysu

Practical CCA2-Secure and Masked Ring-LWE Implementation Tobias Oder 1 , Tobias Schneider 2 , Thomas Pppelmann 3 , Tim Gneysu 1,4 1 Ruhr-University Bochum, 2 Universit Catholique de Louvain, 3 Infineon Technologies AG, 4 DFKI 10.09.2018

736 views • 36 slides
A machine learning approach against a masked AES L. LERMAN , S. FERNANDES MEDEIROS, G. BONTEMPI,

A machine learning approach against a masked AES L. LERMAN , S. FERNANDES MEDEIROS, G. BONTEMPI,

A machine learning approach against a masked AES A machine learning approach against a masked AES L. LERMAN , S. FERNANDES MEDEIROS, G. BONTEMPI, and O. MARKOWITCH Universit Libre de Bruxelles Faculty of Sciences Department of Computer

349 views • 20 slides
Improving PixelCNN Vertical stack oblem with this m of masked convolution. Blind spot

Improving PixelCNN Vertical stack oblem with this m of masked convolution. Blind spot

Improving PixelCNN Vertical stack oblem with this m of masked convolution. Blind spot Horizontal stack Solution: use two stacks of Stacking layers of masked convolution, convolution creates convolution creates a blindspot a blindspot a

489 views • 48 slides
Virtual ring routing Virtual ring routing Some slides from http://

Virtual ring routing Virtual ring routing Some slides from http://

Virtual ring routing Virtual ring routing Some slides from http:// research.microsoft.com/en-us/um/people/antr/vrr- sigcomm06.ppt 123 VRR: the virtual ring VRR: the virtual ring topology-independent 0 FFF node identifiers, e.g., MAC

694 views • 18 slides
Ring A Vaginal Ring Containing Dapivirine for HIV-1 PrEP Ring Study: Background Study Design:

Ring A Vaginal Ring Containing Dapivirine for HIV-1 PrEP Ring Study: Background Study Design:

A Vaginal Ring Containing Dapivirine for HIV-1 PrEP Ring A Vaginal Ring Containing Dapivirine for HIV-1 PrEP Ring Study: Background Study Design: Ring Background : Randomized, double-blind, phase 3, placebo-controlled trial of a

341 views • 6 slides
Statistical Ineffective Fault Attacks on Masked AES with Fault Countermeasures Christoph

Statistical Ineffective Fault Attacks on Masked AES with Fault Countermeasures Christoph

Statistical Ineffective Fault Attacks on Masked AES with Fault Countermeasures Christoph Dobraunig, Maria Eichlseder, Hannes Gross, Stefan Mangard, Florian Mendel, Robert Primas ASIACRYPT 2018 IAIK - Graz University of Technology www.tugraz.at

1.01k views • 78 slides
Reducing a Masked Implementations Effective Security Order with Setup Manipulations And an

Reducing a Masked Implementations Effective Security Order with Setup Manipulations And an

Crypto. group SWORD Reducing a Masked Implementations Effective Security Order with Setup Manipulations And an Explanation Based on Externally-Amplified Couplings Itamar Levi, Davide Bellizia and Franois-Xavier Standaert Aug. 2018 Moti

298 views • 27 slides
lattice element example in the Recycler Ring octupole 14 0.00000 0.33083E-01 0.0000E+00

lattice element example in the Recycler Ring octupole 14 0.00000 0.33083E-01 0.0000E+00

Crystal Extraction from the Recycler Ring A.I. Drozhdin Fermi National Accelerator Laboratory P.O. Box 500, Batavia, Illinois 60510 May 31, 2012 1 Recycler Ring Lattice The choices to install the crystal in the Recycler Ring would be

427 views • 13 slides
New criteria for a ring to have a semisimple left quotient ring V. V. Bavula (University of

New criteria for a ring to have a semisimple left quotient ring V. V. Bavula (University of

New criteria for a ring to have a semisimple left quotient ring V. V. Bavula (University of Sheffield) V. V. Bavula, New criteria for a ring to have a semisim- ple left quotient ring. Arxiv:math.RA:1303.0859. talk-NewCrit-SS-lQuot.tex 1

359 views • 15 slides
MASS: Masked Sequence to Sequence Pre-training for Language Generation Tao Qin Joint work with

MASS: Masked Sequence to Sequence Pre-training for Language Generation Tao Qin Joint work with

MASS: Masked Sequence to Sequence Pre-training for Language Generation Tao Qin Joint work with Kaitao Song, Xu Tan, Jianfeng Lu and Tie-Yan Liu Microsoft Research Asia Nanjing University of Science and Technology Motivation BERT and GPT

939 views • 16 slides
A05: Quantum cr A05: Quantum crystal and ring e ystal and ring exchange change Novel magnetic

A05: Quantum cr A05: Quantum crystal and ring e ystal and ring exchange change Novel magnetic

A05: Quantum cr A05: Quantum crystal and ring e ystal and ring exchange change Novel magnetic stat No el magnetic states es induced b induced by ring e ring exchange change Members: Tsutomu Momoi (RIKEN) Kenn Kubo (Aoyama Gakuinn Univ.)

489 views • 31 slides
T / U T proves we utter the phrase Let R be a ring.. A surprising observation is that the

T / U T proves we utter the phrase Let R be a ring.. A surprising observation is that the

The generic model Nongeometric properties A systematic source A topos-theoretic Nullstellensatz This talk in a nutshell: There is a certain ring, the generic ring , which is special in that it is conserva- tive : It has exactly

855 views • 26 slides
Second-Order Masked Lookup Table Compression Scheme Annapurna Valiveti , Srinivas Vivek IIIT

Second-Order Masked Lookup Table Compression Scheme Annapurna Valiveti , Srinivas Vivek IIIT

Second-Order Masked Lookup Table Compression Scheme Annapurna Valiveti , Srinivas Vivek IIIT Bangalore annapurna@iiitb.org, srinivas.vivek@iiitb.ac.in 14-17 September, CHES 2020 Annapurna Valiveti, Srinivas Vivek Second-Order Masked Lookup

806 views • 52 slides
Masked Ballot Voting for Receipt-Free Online Elections Roland Wen and Richard Buckland School of

Masked Ballot Voting for Receipt-Free Online Elections Roland Wen and Richard Buckland School of

Masked Ballot Voting for Receipt-Free Online Elections Roland Wen and Richard Buckland School of Computer Science and Engineering The University of New South Wales Sydney, Australia {rolandw,richardb}@cse.unsw.edu.au VOTE-ID 2009 1 / 35

509 views • 35 slides
EU -Russia/Ukraine: from Ring of Friends to Ring of Fire? The European Union:

EU -Russia/Ukraine: from Ring of Friends to Ring of Fire? The European Union:

EU -Russia/Ukraine: from Ring of Friends to Ring of Fire? The European Union: challenges and strategic responses Colloquium 27 October 2015 Dr. Graeme P. Herd , Professor of Transnational Security Studies, George C. Marshall

344 views • 9 slides
From ring epimorphisms to universal localisations joint with Jorge Vitoria I. Ring epimorphisms

From ring epimorphisms to universal localisations joint with Jorge Vitoria I. Ring epimorphisms

From ring epimorphisms to universal localisations joint with Jorge Vitoria I. Ring epimorphisms II. Universal localisations III. Recollements Throughout, A will denote a ring (with unit) and K a field. I. Ring epimorphisms Ring epimorphisms

418 views • 5 slides
Adaptive Mapping of Linear DSP Adaptive Mapping of Linear DSP Algorithms to Fixed- -Point

Adaptive Mapping of Linear DSP Adaptive Mapping of Linear DSP Algorithms to Fixed- -Point

Adaptive Mapping of Linear DSP Adaptive Mapping of Linear DSP Algorithms to Fixed- -Point Arithmetic Point Arithmetic Algorithms to Fixed Lawrence J. Chang Inpyo Hong Yevgen Voronenko Markus Pschel Carnegie Mellon Department of

403 views • 22 slides
Contents Slide 1-1 Some DSP Chip History Slide 1-2 Other DSP Manufacturers Slide 1-3 DSP

Contents Slide 1-1 Some DSP Chip History Slide 1-2 Other DSP Manufacturers Slide 1-3 DSP

Contents Slide 1-1 Some DSP Chip History Slide 1-2 Other DSP Manufacturers Slide 1-3 DSP Applications Slide 1-4 TMS320C6713 DSP Starter Kit (DSK) Slide 1-5 TMS320C6713 DSK Features Slide 1-6 TMS320C6713 Architecture Slide 1-7 Main

538 views • 27 slides
Demand Response Prof. S. A. Khaparde EE 772 Department of Electrical Engineering IIT Bombay 1

Demand Response Prof. S. A. Khaparde EE 772 Department of Electrical Engineering IIT Bombay 1

Demand Response Prof. S. A. Khaparde EE 772 Department of Electrical Engineering IIT Bombay 1 / 26 Motivation Demand supply balance : a critical aspect of electricity grid Challenges increase further with increase in competition at retail

815 views • 26 slides
Representing decision-makers in SGAM-H: Norwegian University of Science and Technology the Smart

Representing decision-makers in SGAM-H: Norwegian University of Science and Technology the Smart

Representing decision-makers in SGAM-H: Norwegian University of Science and Technology the Smart Grid Architecture Model Extended with the Human Layer Adam Szekeres , Einar Snekkenes NTNU Gjvik, Norway GraMSec 2020 22.06.2020. Online

141 views • 12 slides
Programming in Pd Week 1 About this course... 10:45am -12:15pm 10:45 11:45 Class (1hr)

Programming in Pd Week 1 About this course... 10:45am -12:15pm 10:45 11:45 Class (1hr)

Programming in Pd Week 1 About this course... 10:45am -12:15pm 10:45 11:45 Class (1hr) 11:45 12:15 Lab session ( hr) Sometimes 45min + 45min Room 365? Section 1: Installing, configuring, testing and troubleshooting Pure Data

493 views • 27 slides
Optimizing Stream Programs Using Linear State Space Analysis Sitij Agrawal 1,2 , William Thies 1 ,

Optimizing Stream Programs Using Linear State Space Analysis Sitij Agrawal 1,2 , William Thies 1 ,

1 Optimizing Stream Programs Using Linear State Space Analysis Sitij Agrawal 1,2 , William Thies 1 , and Saman Amarasinghe 1 1 Massachusetts Institute of Technology 2 Sandbridge Technologies CASES 2005 http://cag.lcs.mit.edu/streamit Streaming

765 views • 41 slides
Single Touch Payroll - Phase 2 Digital Service Providers (DSPs) Presented by: Michael Karavas

Single Touch Payroll - Phase 2 Digital Service Providers (DSPs) Presented by: Michael Karavas

Single Touch Payroll - Phase 2 Digital Service Providers (DSPs) Presented by: Michael Karavas CLASSIFIFICATION UNCLASSIFIED Superannuation and Employer Obligations Single Touch Payroll Phase 2 Overview S i n g l e T o u c h P a y r o l

943 views • 14 slides
Why is it important to measure operational wireless networks? Diagnose faults Identify

Why is it important to measure operational wireless networks? Diagnose faults Identify

Plan X Enabling Innovative Measurements of Operational Wireless Networks Manu Bansal, Aaron Schulman, Omid Aryan, Sachin Katti Stanford Why is it important to measure operational wireless networks? Diagnose faults Identify interference

426 views • 9 slides

More recommend