TY - GEN
T1 - A Post-Quantum Secure Discrete Gaussian Noise Sampler
AU - Agrawal, Rashmi
AU - Bu, Lake
AU - Kinsy, Michel A.
N1 - Publisher Copyright:
© 2020 IEEE.
PY - 2020/12/7
Y1 - 2020/12/7
N2 - While the notion of achieving 'quantum supremacy' may be debatable, rapid developments in the field of quantum computing are heading towards more realistic quantum computers. As practical quantum computers start becoming more feasible, the requirement to have quantum secure cryptosystems becomes more compelling. Due to its many advantages, lattice based cryptography has become one of the key candidates for designing secure systems for the post-quantum era. The security of lattice-based cryptography is governed by the small error samples generated from a Gaussian distribution. Hence, the Gaussian distribution lies at the core of these cryptosystems. In this paper, we present the hardware design implementation of three different sampling algorithms including rejection, Box-Muller, and the Ziggurat method for the Gaussian Sampler. Our goal is to provide concrete recommendations for future use and adoption in various cryptosystems based on sampling efficiency, hardware cost and throughput. The key feature of our design implementation is that it performs high-precision sampling to meet the NIST's recommended security level of 112-bits or higher for the postquantum era, which most existing hardware implementations fail to do. Furthermore, our design implementation is highly optimized for FPGA-based implementation and is also generic so that it can be seamlessly integrated into most cryptosystems. Synthesis results are obtained using Vivado design suite for a Xilinx Zynq-7010 CLG400ACX1341 FPGA board.
AB - While the notion of achieving 'quantum supremacy' may be debatable, rapid developments in the field of quantum computing are heading towards more realistic quantum computers. As practical quantum computers start becoming more feasible, the requirement to have quantum secure cryptosystems becomes more compelling. Due to its many advantages, lattice based cryptography has become one of the key candidates for designing secure systems for the post-quantum era. The security of lattice-based cryptography is governed by the small error samples generated from a Gaussian distribution. Hence, the Gaussian distribution lies at the core of these cryptosystems. In this paper, we present the hardware design implementation of three different sampling algorithms including rejection, Box-Muller, and the Ziggurat method for the Gaussian Sampler. Our goal is to provide concrete recommendations for future use and adoption in various cryptosystems based on sampling efficiency, hardware cost and throughput. The key feature of our design implementation is that it performs high-precision sampling to meet the NIST's recommended security level of 112-bits or higher for the postquantum era, which most existing hardware implementations fail to do. Furthermore, our design implementation is highly optimized for FPGA-based implementation and is also generic so that it can be seamlessly integrated into most cryptosystems. Synthesis results are obtained using Vivado design suite for a Xilinx Zynq-7010 CLG400ACX1341 FPGA board.
KW - Box-Muller
KW - Gaussian Noise Sampler
KW - Lattice-based
KW - R-LWE
KW - Rejection
KW - Ziggurat
UR - http://www.scopus.com/inward/record.url?scp=85095314709&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=85095314709&partnerID=8YFLogxK
U2 - 10.1109/HOST45689.2020.9300275
DO - 10.1109/HOST45689.2020.9300275
M3 - Conference contribution
AN - SCOPUS:85095314709
T3 - Proceedings of the IEEE International Symposium on Hardware Oriented Security and Trust, HOST 2020
SP - 295
EP - 304
BT - Proceedings of the IEEE International Symposium on Hardware Oriented Security and Trust, HOST 2020
PB - Institute of Electrical and Electronics Engineers Inc.
T2 - 2020 IEEE International Symposium on Hardware Oriented Security and Trust, HOST 2020
Y2 - 7 December 2020 through 11 December 2020
ER -