Results 1 
3 of
3
Sampling from discrete Gaussians for latticebased cryptography on a constrained device
 Appl. Algebra Eng. Commun. Comput
"... ABSTRACT. Modern latticebased publickey cryptosystems require sampling from discrete Gaussian (normal) distributions. The paper surveys algorithms to implement such sampling efficiently, with particular focus on the case of constrained devices with small onboard storage and without access to larg ..."
Abstract

Cited by 14 (0 self)
 Add to MetaCart
(Show Context)
ABSTRACT. Modern latticebased publickey cryptosystems require sampling from discrete Gaussian (normal) distributions. The paper surveys algorithms to implement such sampling efficiently, with particular focus on the case of constrained devices with small onboard storage and without access to large numbers of external random bits. We review latticebased encryption schemes and signature schemes and their requirements for sampling from discrete Gaussians. Finally, we make some remarks on challenges and potential solutions for practical latticebased cryptography.
Fast Fourier Orthogonalization (and Applications to LatticeBased Cryptography)
"... Abstract. The classical Fast Fourier Transform (FFT) allows to compute in quasilinear time the product of two polynomials, in the circular convolution ring R[x]/(xd − 1) — a task that naively requires quadratic time. Equivalently, it allows to accelerate matrixvector products when the matrix is ..."
Abstract
 Add to MetaCart
Abstract. The classical Fast Fourier Transform (FFT) allows to compute in quasilinear time the product of two polynomials, in the circular convolution ring R[x]/(xd − 1) — a task that naively requires quadratic time. Equivalently, it allows to accelerate matrixvector products when the matrix is circulant. In this work, we discover that the ideas of the FFT can be applied to speed up the orthogonalization process of a circulant matrix. We show that, when n is composite, it is possible to proceed to the orthogonalization in an inductive way, leading to a structured GramSchmidt decomposition. In turn, this structured GramSchmidt decomposition accelerates a cornerstone lattice algorithm: the Nearest Plane algorithm. The results easily extend to cyclotomic rings, and can be adapted to Gaussian Samplers. This finds applications in latticebased cryptography, improving the performances of trapdoor functions.
Gaussian Sampling Precision in Lattice Cryptography
, 2015
"... Security parameters and attack countermeasures for Latticebased cryptosystems have not yet matured to the level that we now expect from RSA and Elliptic Curve implementations. Many modern RingLWE and other latticebased public key algorithms require high precision random sampling from the Discrete ..."
Abstract
 Add to MetaCart
(Show Context)
Security parameters and attack countermeasures for Latticebased cryptosystems have not yet matured to the level that we now expect from RSA and Elliptic Curve implementations. Many modern RingLWE and other latticebased public key algorithms require high precision random sampling from the Discrete Gaussian distribution. The sampling procedure often represents the biggest implementation bottleneck due to its memory and computational requirements. We examine the stated requirements of precision for Gaussian samplers, where statistical distance to the theoretical distribution is typically expected to be below 290 or 2128 for 90 or 128 “bit ” security level. We argue that such precision is excessive and give precise theoretical arguments why half of the precision of the security parameter is almost always sufficient. This leads to faster and more compact implementations; almost halving implementation size in both hardware and software. We further propose new experimental parameters for practical Gaussian samplers for use in Lattice Cryptography.