a masked ring lwe
play

A MASKED RING-LWE IMPLEMENTATION Oscar Reparaz, Sujoy Sinha Roy, - PowerPoint PPT Presentation

Aug 27, 2023 •100 likes •477 views

A MASKED RING-LWE IMPLEMENTATION Oscar Reparaz, Sujoy Sinha Roy, Frederik Vercauteren, Ingrid Verbauwhede COSIC/KU Leuven CHES 2015, Saint-Malo, FR 1 un protected ring-LWE decryption r2 m=th[INTT(c 1 *r 2 + c 2 )] 2 un protected ring-LWE

  1. A MASKED RING-LWE IMPLEMENTATION Oscar Reparaz, Sujoy Sinha Roy, Frederik Vercauteren, Ingrid Verbauwhede COSIC/KU Leuven CHES 2015, Saint-Malo, FR 1

  2. un protected ring-LWE decryption r2 m=th[INTT(c 1 *r 2 + c 2 )] 2

  3. un protected ring-LWE decryption r2 c1 c2 m=th[INTT(c 1 *r 2 + c 2 )] 2

  4. un protected ring-LWE decryption r2 x x x x x x x x x x c1 c2 m=th[INTT(c 1 *r 2 + c 2 )] 2

  5. un protected ring-LWE decryption r2 x x x x x x x x x x c1 + + + + + + + + + + c2 m=th[INTT(c 1 *r 2 + c 2 )] 2

  6. un protected ring-LWE decryption r2 x x x x x x x x x x c1 + + + + + + + + + + c2 INTT m=th[INTT(c 1 *r 2 + c 2 )] 2

  7. un protected ring-LWE decryption r2 x x x x x x x x x x c1 + + + + + + + + + + c2 INTT th th th th th th th th th th m m=th[INTT(c 1 *r 2 + c 2 )] 2

  8. th operation 3

  9. masking ring-LWE • Core idea: split the secret: r= r’+r’’ m=th[INTT(c 1 *r 2 + c 2 )] 4

  10. masking ring-LWE • Core idea: split the secret: r= r’+r’’ 1 2 2 m=th[INTT(c 1 *r 2 + c 2 )] 4

  11. on the masked decoder 1 2 2 6

  12. on the masked decoder 1 2 2 6

  13. 7

  14. 7

  15. 7

  16. 7

  17. what happened? • could decode th (a) from quad(a’) and quad(a’’) – quad() return only 2 bits, so it will be easy to perform masked computation. • Idea: decode th (a) only from quad(a’) and quad(a’’) – large compression 8

  18. decoding rules • There are 7 other more cases (“rules”) • There are 8 cases that don’t allow inferring th(a)! 9

  19. Cases where it fails 10

  20. solution: refresh • Refresh the sharing: a’ := a’ + D a’’ := a’’ – D And try again • Do not draw D from random, compute nice ones. 11

  21. 12

  22. implementation costs unprotected (CHES2014*) protected (this work) • 1713 LUTs / 830 FFs / 1 DSP • 2014 LUTs / 959 FFs / 1 DSP • Fmax = 120 MHz • 100 MHz Parameter set: (n,q,s)=(256,7681,11.32) Xilinx Virtex-II xc2vp7 FPGA * Synthetized on Virtex-II 13

  23. implementation costs unprotected (CHES2014*) protected (this work) • 1713 LUTs / 830 FFs / 1 DSP • 2014 LUTs / 959 FFs / 1 DSP • Fmax = 120 MHz • 100 MHz • 2.8 k cycles (23.5 us) • 7.5 k cycles (75.2 us) Parameter set: (n,q,s)=(256,7681,11.32) Xilinx Virtex-II xc2vp7 FPGA * Synthetized on Virtex-II 13

  24. implementation costs unprotected (CHES2014*) protected (this work) • 1713 LUTs / 830 FFs / 1 DSP • 2014 LUTs / 959 FFs / 1 DSP • Fmax = 120 MHz • 100 MHz • 2.8 k cycles (23.5 us) • 7.5 k cycles (75.2 us) Parameter set: (n,q,s)=(256,7681,11.32) Xilinx Virtex-II xc2vp7 FPGA ECC: Rebeiro et.al. (CHES2012): 289 kcycles * LUT This work: 151 k cycles*LUTs * Synthetized on Virtex-II 13

  25. error rates 14

  26. error rates 14

  27. 15

  28. 16

  29. evaluation 17

  30. PRNG off 18

  31. PRNG on 19

  32. second order 20

  33. second order 21

  34. Conclusion • Fully masked ring-LWE decryption – outputs Boolean shares • Manageable overhead: x2.6 cycles wrt unprotected • Small! • Bespoke decoder – Error rate controlled • Practical evaluation 22

  35. 23

  36. A MASKED RING-LWE IMPLEMENTATION Oscar Reparaz, Sujoy Sinha Roy, Frederik Vercauteren, Ingrid Verbauwhede COSIC/KU Leuven CHES 2015, Saint-Malo, FR 24

Recommend

Ring-LWE Implementation Tobias Oder 1 , Tobias Schneider 2 , Thomas Pppelmann 3 , Tim Gneysu

Ring-LWE Implementation Tobias Oder 1 , Tobias Schneider 2 , Thomas Pppelmann 3 , Tim Gneysu

Practical CCA2-Secure and Masked Ring-LWE Implementation Tobias Oder 1 , Tobias Schneider 2 , Thomas Pppelmann 3 , Tim Gneysu 1,4 1 Ruhr-University Bochum, 2 Universit Catholique de Louvain, 3 Infineon Technologies AG, 4 DFKI 10.09.2018

736 views • 36 slides
A machine learning approach against a masked AES L. LERMAN , S. FERNANDES MEDEIROS, G. BONTEMPI,

A machine learning approach against a masked AES L. LERMAN , S. FERNANDES MEDEIROS, G. BONTEMPI,

A machine learning approach against a masked AES A machine learning approach against a masked AES L. LERMAN , S. FERNANDES MEDEIROS, G. BONTEMPI, and O. MARKOWITCH Universit Libre de Bruxelles Faculty of Sciences Department of Computer

349 views • 20 slides
Improving PixelCNN Vertical stack oblem with this m of masked convolution. Blind spot

Improving PixelCNN Vertical stack oblem with this m of masked convolution. Blind spot

Improving PixelCNN Vertical stack oblem with this m of masked convolution. Blind spot Horizontal stack Solution: use two stacks of Stacking layers of masked convolution, convolution creates convolution creates a blindspot a blindspot a

489 views • 48 slides
Virtual ring routing Virtual ring routing Some slides from http://

Virtual ring routing Virtual ring routing Some slides from http://

Virtual ring routing Virtual ring routing Some slides from http:// research.microsoft.com/en-us/um/people/antr/vrr- sigcomm06.ppt 123 VRR: the virtual ring VRR: the virtual ring topology-independent 0 FFF node identifiers, e.g., MAC

694 views • 18 slides
Ring A Vaginal Ring Containing Dapivirine for HIV-1 PrEP Ring Study: Background Study Design:

Ring A Vaginal Ring Containing Dapivirine for HIV-1 PrEP Ring Study: Background Study Design:

A Vaginal Ring Containing Dapivirine for HIV-1 PrEP Ring A Vaginal Ring Containing Dapivirine for HIV-1 PrEP Ring Study: Background Study Design: Ring Background : Randomized, double-blind, phase 3, placebo-controlled trial of a

341 views • 6 slides
Statistical Ineffective Fault Attacks on Masked AES with Fault Countermeasures Christoph

Statistical Ineffective Fault Attacks on Masked AES with Fault Countermeasures Christoph

Statistical Ineffective Fault Attacks on Masked AES with Fault Countermeasures Christoph Dobraunig, Maria Eichlseder, Hannes Gross, Stefan Mangard, Florian Mendel, Robert Primas ASIACRYPT 2018 IAIK - Graz University of Technology www.tugraz.at

1.01k views • 78 slides
Reducing a Masked Implementations Effective Security Order with Setup Manipulations And an

Reducing a Masked Implementations Effective Security Order with Setup Manipulations And an

Crypto. group SWORD Reducing a Masked Implementations Effective Security Order with Setup Manipulations And an Explanation Based on Externally-Amplified Couplings Itamar Levi, Davide Bellizia and Franois-Xavier Standaert Aug. 2018 Moti

298 views • 27 slides
lattice element example in the Recycler Ring octupole 14 0.00000 0.33083E-01 0.0000E+00

lattice element example in the Recycler Ring octupole 14 0.00000 0.33083E-01 0.0000E+00

Crystal Extraction from the Recycler Ring A.I. Drozhdin Fermi National Accelerator Laboratory P.O. Box 500, Batavia, Illinois 60510 May 31, 2012 1 Recycler Ring Lattice The choices to install the crystal in the Recycler Ring would be

427 views • 13 slides
New criteria for a ring to have a semisimple left quotient ring V. V. Bavula (University of

New criteria for a ring to have a semisimple left quotient ring V. V. Bavula (University of

New criteria for a ring to have a semisimple left quotient ring V. V. Bavula (University of Sheffield) V. V. Bavula, New criteria for a ring to have a semisim- ple left quotient ring. Arxiv:math.RA:1303.0859. talk-NewCrit-SS-lQuot.tex 1

359 views • 15 slides
MASS: Masked Sequence to Sequence Pre-training for Language Generation Tao Qin Joint work with

MASS: Masked Sequence to Sequence Pre-training for Language Generation Tao Qin Joint work with

MASS: Masked Sequence to Sequence Pre-training for Language Generation Tao Qin Joint work with Kaitao Song, Xu Tan, Jianfeng Lu and Tie-Yan Liu Microsoft Research Asia Nanjing University of Science and Technology Motivation BERT and GPT

939 views • 16 slides
A05: Quantum cr A05: Quantum crystal and ring e ystal and ring exchange change Novel magnetic

A05: Quantum cr A05: Quantum crystal and ring e ystal and ring exchange change Novel magnetic

A05: Quantum cr A05: Quantum crystal and ring e ystal and ring exchange change Novel magnetic stat No el magnetic states es induced b induced by ring e ring exchange change Members: Tsutomu Momoi (RIKEN) Kenn Kubo (Aoyama Gakuinn Univ.)

489 views • 31 slides
T / U T proves we utter the phrase Let R be a ring.. A surprising observation is that the

T / U T proves we utter the phrase Let R be a ring.. A surprising observation is that the

The generic model Nongeometric properties A systematic source A topos-theoretic Nullstellensatz This talk in a nutshell: There is a certain ring, the generic ring , which is special in that it is conserva- tive : It has exactly

855 views • 26 slides
Second-Order Masked Lookup Table Compression Scheme Annapurna Valiveti , Srinivas Vivek IIIT

Second-Order Masked Lookup Table Compression Scheme Annapurna Valiveti , Srinivas Vivek IIIT

Second-Order Masked Lookup Table Compression Scheme Annapurna Valiveti , Srinivas Vivek IIIT Bangalore annapurna@iiitb.org, srinivas.vivek@iiitb.ac.in 14-17 September, CHES 2020 Annapurna Valiveti, Srinivas Vivek Second-Order Masked Lookup

806 views • 52 slides
Masked Ballot Voting for Receipt-Free Online Elections Roland Wen and Richard Buckland School of

Masked Ballot Voting for Receipt-Free Online Elections Roland Wen and Richard Buckland School of

Masked Ballot Voting for Receipt-Free Online Elections Roland Wen and Richard Buckland School of Computer Science and Engineering The University of New South Wales Sydney, Australia {rolandw,richardb}@cse.unsw.edu.au VOTE-ID 2009 1 / 35

509 views • 35 slides
EU -Russia/Ukraine: from Ring of Friends to Ring of Fire? The European Union:

EU -Russia/Ukraine: from Ring of Friends to Ring of Fire? The European Union:

EU -Russia/Ukraine: from Ring of Friends to Ring of Fire? The European Union: challenges and strategic responses Colloquium 27 October 2015 Dr. Graeme P. Herd , Professor of Transnational Security Studies, George C. Marshall

344 views • 9 slides
From ring epimorphisms to universal localisations joint with Jorge Vitoria I. Ring epimorphisms

From ring epimorphisms to universal localisations joint with Jorge Vitoria I. Ring epimorphisms

From ring epimorphisms to universal localisations joint with Jorge Vitoria I. Ring epimorphisms II. Universal localisations III. Recollements Throughout, A will denote a ring (with unit) and K a field. I. Ring epimorphisms Ring epimorphisms

418 views • 5 slides
VerMI & VerFI Verification Tools for Masked Implementations Svetla Nikova, Victor Arribas

VerMI & VerFI Verification Tools for Masked Implementations Svetla Nikova, Victor Arribas

VerMI & VerFI Verification Tools for Masked Implementations Svetla Nikova, Victor Arribas COSIC, KULeuven Joint work with Vincent Rijmen (KU Leuven), Felix Wegener, Amir Moradi (RU Bochum) 1 Verification Tools Why do we need

782 views • 50 slides
LS-Designs Bitslice Encryption for Efficient Masked Software Implementations Instances Security

LS-Designs Bitslice Encryption for Efficient Masked Software Implementations Instances Security

1 / 20 Conclusion FSE 2014 LS-Designs G. Leurent (UCL,Inria) Motivation LS-Designs Bitslice Encryption for Efficient Masked Software Implementations Instances Security Analysis LS-Designs . . . . . . . . . . . . . . . . . . Vincent

638 views • 27 slides
Symbolic Approach for Side-Channel Resistance Analysis of Masked Assembly Codes Workshop PROOFS

Symbolic Approach for Side-Channel Resistance Analysis of Masked Assembly Codes Workshop PROOFS

Introduction / Motivation Symbolic Method Experiments Conclusion Symbolic Approach for Side-Channel Resistance Analysis of Masked Assembly Codes Workshop PROOFS In` es Ben El Ouahma Quentin Meunier Karine Heydemann Emmanuelle Encrenaz

271 views • 25 slides
Magnet neto-pl plasmonic asmonic Au/ u/Tb Tb 18 18 Co Co 82 82 nano nano-ring ring res

Magnet neto-pl plasmonic asmonic Au/ u/Tb Tb 18 18 Co Co 82 82 nano nano-ring ring res

Magnet neto-pl plasmonic asmonic Au/ u/Tb Tb 18 18 Co Co 82 82 nano nano-ring ring res esona onator tors s Initial patterning and update by Agn iuiulkait Uppsala University Motivation Fabricate magneto-plasmonic

321 views • 28 slides
Sicherheitsunterweisung fr Operateure fr den AEB Ring-HF im BG1.016 Sicherheitsbelehrung AEB

Sicherheitsunterweisung fr Operateure fr den AEB Ring-HF im BG1.016 Sicherheitsbelehrung AEB

Sicherheitsunterweisung fr Operateure fr den AEB Ring-HF im BG1.016 Sicherheitsbelehrung AEB Ring-HF 1 Elektrische Anlagen im AEB Ring HF BG1016 Sicherheitsbelehrung AEB Ring-HF 2 Elektr. Anlagen im BG1016 Netzgerte fr

290 views • 17 slides
Pseudorandomness of Ring-LWE for Any Ring and Modulus Chris Peikert University of Michigan Oded

Pseudorandomness of Ring-LWE for Any Ring and Modulus Chris Peikert University of Michigan Oded

Pseudorandomness of Ring-LWE for Any Ring and Modulus Chris Peikert University of Michigan Oded Regev Noah Stephens-Davidowitz (to appear, STOC17) 10 March 2017 1 / 14 Lattice-Based Cryptography p d o m x g = y N = = p m

1.08k views • 82 slides
thickened, specialized segments. Secrete a mucus ring into which egg and sperm are released

thickened, specialized segments. Secrete a mucus ring into which egg and sperm are released

A clitellum is a band of thickened, specialized segments. Secrete a mucus ring into which egg and sperm are released After eggs are fertilized in the ring, the ring slips off the worm's body and forms a protective cocoon.

218 views • 7 slides
Masked Correlation Filters for Partially Occluded Face Recognition Eric He ICASSP 2016

Masked Correlation Filters for Partially Occluded Face Recognition Eric He ICASSP 2016

Masked Correlation Filters for Partially Occluded Face Recognition Eric He ICASSP 2016 2/24/2015 Partial Occlusions of Faces 2 Correlation Filters FFT IFFT Correlation Test Image Filter Training Images Filter Design T. Sim, S. Baker,

646 views • 25 slides

More recommend