Revisiting Higher-Order Masked Comparison for Lattice-Based Cryptography: Algorithms and Bit-Sliced Implementations

Masked comparison is one of the most expensive operations in side-channel secure implementations of lattice-based post-quantum cryptography, especially for higher masking orders. First, we introduce two new masked comparison algorithms, which improve the arithmetic comparison of D'Anvers et al....

Full description

Saved in:
Bibliographic Details
Published in:IEEE transactions on computers 2023-02, Vol.72 (2), p.321-332
Main Authors: D'Anvers, Jan-Pieter, Van Beirendonck, Michiel, Verbauwhede, Ingrid
Format: Article
Language:English
Subjects:
Algorithms
Arithmetic
Costs
Cryptography
Encryption
lattice-based cryptography
masking
NIST
Post-quantum cryptography
Quantum cryptography
Security
Side-channel attacks
side-channel protection
Streamlining
Citations: Items that this one cites
Items that cite this one
Online Access:Get full text
Tags: Add Tag
No Tags, Be the first to tag this record!
cited_by cdi_FETCH-LOGICAL-c330t-69ddb31439f040b65560d8b4b3558663f9c2e426d804ed8ccfd3a0de46036d173
cites cdi_FETCH-LOGICAL-c330t-69ddb31439f040b65560d8b4b3558663f9c2e426d804ed8ccfd3a0de46036d173
container_end_page 332
container_issue 2
container_start_page 321
container_title IEEE transactions on computers
container_volume 72
creator D'Anvers, Jan-Pieter
Van Beirendonck, Michiel
Verbauwhede, Ingrid
description Masked comparison is one of the most expensive operations in side-channel secure implementations of lattice-based post-quantum cryptography, especially for higher masking orders. First, we introduce two new masked comparison algorithms, which improve the arithmetic comparison of D'Anvers et al. (2021) and the hybrid comparison method of Coron et al. (2021) respectively. We then look into implementation-specific optimizations, and show that small specific adaptations can have a significant impact on the overall performance. Finally, we implement various state-of-the-art comparison algorithms and benchmark them on the same platform (ARM-Cortex M4) to allow a fair comparison between them. We improve on the arithmetic comparison of D'Anvers et al. with a factor \approx 20\% ≈20% by using Galois Field multiplications and the hybrid comparison of Coron et al. with a factor \approx 25\% ≈25% by streamlining the design. Our implementation-specific improvements allow a speedup of a straightforward comparison implementation of \approx 33\% ≈33% . We discuss the differences between the various algorithms and provide the implementations and a testing framework to ease future research.
doi_str_mv 10.1109/TC.2022.3197074
format article
fullrecord <record><control><sourceid>proquest_cross</sourceid><recordid>TN_cdi_crossref_primary_10_1109_TC_2022_3197074</recordid><sourceformat>XML</sourceformat><sourcesystem>PC</sourcesystem><ieee_id>9852472</ieee_id><sourcerecordid>2766621631</sourcerecordid><originalsourceid>FETCH-LOGICAL-c330t-69ddb31439f040b65560d8b4b3558663f9c2e426d804ed8ccfd3a0de46036d173</originalsourceid><addsrcrecordid>eNo9kM9PwjAYhhujiYiePXhp4nnw9ce61RssKiQYEsXzUtYOimydbTHhv3cE4-k7vM_7fsmD0D2BESEgx6tiRIHSESMyg4xfoAFJ0yyRMhWXaABA8kQyDtfoJoQdAAgKcoDCu_mxwUbbbvDMbrbGJ0uvjcdvKnwZjQvXdMrb4FpcO48XKkZbmWSqwin0xy66jVfd9viEJ_uN8zZum4BVq_HUxuRj38Maz5tubxrTRhWta8MtuqrVPpi7vztEny_Pq2KWLJav82KySCrGICZCar1mhDNZA4e1SFMBOl_zNUvTXAhWy4oaToXOgRudV1WtmQJtuAAmNMnYED2edzvvvg8mxHLnDr7tX5Y0E0JQIhjpqfGZqrwLwZu67LxtlD-WBMqT2XJVlCez5Z_ZvvFwblhjzD8t85TyjLJfKFp0-A</addsrcrecordid><sourcetype>Aggregation Database</sourcetype><iscdi>true</iscdi><recordtype>article</recordtype><pqid>2766621631</pqid></control><display><type>article</type><title>Revisiting Higher-Order Masked Comparison for Lattice-Based Cryptography: Algorithms and Bit-Sliced Implementations</title><source>IEEE Electronic Library (IEL) Journals</source><creator>D'Anvers, Jan-Pieter ; Van Beirendonck, Michiel ; Verbauwhede, Ingrid</creator><creatorcontrib>D'Anvers, Jan-Pieter ; Van Beirendonck, Michiel ; Verbauwhede, Ingrid</creatorcontrib><description><![CDATA[Masked comparison is one of the most expensive operations in side-channel secure implementations of lattice-based post-quantum cryptography, especially for higher masking orders. First, we introduce two new masked comparison algorithms, which improve the arithmetic comparison of D'Anvers et al. (2021) and the hybrid comparison method of Coron et al. (2021) respectively. We then look into implementation-specific optimizations, and show that small specific adaptations can have a significant impact on the overall performance. Finally, we implement various state-of-the-art comparison algorithms and benchmark them on the same platform (ARM-Cortex M4) to allow a fair comparison between them. We improve on the arithmetic comparison of D'Anvers et al. with a factor <inline-formula><tex-math notation="LaTeX">\approx 20\%</tex-math> <mml:math><mml:mrow><mml:mo>≈</mml:mo><mml:mn>20</mml:mn><mml:mo>%</mml:mo></mml:mrow></mml:math><inline-graphic xlink:href="danvers-ieq1-3197074.gif"/> </inline-formula> by using Galois Field multiplications and the hybrid comparison of Coron et al. with a factor <inline-formula><tex-math notation="LaTeX">\approx 25\%</tex-math> <mml:math><mml:mrow><mml:mo>≈</mml:mo><mml:mn>25</mml:mn><mml:mo>%</mml:mo></mml:mrow></mml:math><inline-graphic xlink:href="danvers-ieq2-3197074.gif"/> </inline-formula> by streamlining the design. Our implementation-specific improvements allow a speedup of a straightforward comparison implementation of <inline-formula><tex-math notation="LaTeX">\approx 33\%</tex-math> <mml:math><mml:mrow><mml:mo>≈</mml:mo><mml:mn>33</mml:mn><mml:mo>%</mml:mo></mml:mrow></mml:math><inline-graphic xlink:href="danvers-ieq3-3197074.gif"/> </inline-formula>. We discuss the differences between the various algorithms and provide the implementations and a testing framework to ease future research.]]></description><identifier>ISSN: 0018-9340</identifier><identifier>EISSN: 1557-9956</identifier><identifier>DOI: 10.1109/TC.2022.3197074</identifier><identifier>CODEN: ITCOB4</identifier><language>eng</language><publisher>New York: IEEE</publisher><subject>Algorithms ; Arithmetic ; Costs ; Cryptography ; Encryption ; lattice-based cryptography ; masking ; NIST ; Post-quantum cryptography ; Quantum cryptography ; Security ; Side-channel attacks ; side-channel protection ; Streamlining</subject><ispartof>IEEE transactions on computers, 2023-02, Vol.72 (2), p.321-332</ispartof><rights>Copyright The Institute of Electrical and Electronics Engineers, Inc. (IEEE) 2023</rights><lds50>peer_reviewed</lds50><oa>free_for_read</oa><woscitedreferencessubscribed>false</woscitedreferencessubscribed><citedby>FETCH-LOGICAL-c330t-69ddb31439f040b65560d8b4b3558663f9c2e426d804ed8ccfd3a0de46036d173</citedby><cites>FETCH-LOGICAL-c330t-69ddb31439f040b65560d8b4b3558663f9c2e426d804ed8ccfd3a0de46036d173</cites><orcidid>0000-0002-0879-076X ; 0000-0001-9675-7988</orcidid></display><links><openurl>$$Topenurl_article</openurl><openurlfulltext>$$Topenurlfull_article</openurlfulltext><thumbnail>$$Tsyndetics_thumb_exl</thumbnail><linktohtml>$$Uhttps://ieeexplore.ieee.org/document/9852472$$EHTML$$P50$$Gieee$$Hfree_for_read</linktohtml><link.rule.ids>314,776,780,27901,27902,54771</link.rule.ids></links><search><creatorcontrib>D'Anvers, Jan-Pieter</creatorcontrib><creatorcontrib>Van Beirendonck, Michiel</creatorcontrib><creatorcontrib>Verbauwhede, Ingrid</creatorcontrib><title>Revisiting Higher-Order Masked Comparison for Lattice-Based Cryptography: Algorithms and Bit-Sliced Implementations</title><title>IEEE transactions on computers</title><addtitle>TC</addtitle><description><![CDATA[Masked comparison is one of the most expensive operations in side-channel secure implementations of lattice-based post-quantum cryptography, especially for higher masking orders. First, we introduce two new masked comparison algorithms, which improve the arithmetic comparison of D'Anvers et al. (2021) and the hybrid comparison method of Coron et al. (2021) respectively. We then look into implementation-specific optimizations, and show that small specific adaptations can have a significant impact on the overall performance. Finally, we implement various state-of-the-art comparison algorithms and benchmark them on the same platform (ARM-Cortex M4) to allow a fair comparison between them. We improve on the arithmetic comparison of D'Anvers et al. with a factor <inline-formula><tex-math notation="LaTeX">\approx 20\%</tex-math> <mml:math><mml:mrow><mml:mo>≈</mml:mo><mml:mn>20</mml:mn><mml:mo>%</mml:mo></mml:mrow></mml:math><inline-graphic xlink:href="danvers-ieq1-3197074.gif"/> </inline-formula> by using Galois Field multiplications and the hybrid comparison of Coron et al. with a factor <inline-formula><tex-math notation="LaTeX">\approx 25\%</tex-math> <mml:math><mml:mrow><mml:mo>≈</mml:mo><mml:mn>25</mml:mn><mml:mo>%</mml:mo></mml:mrow></mml:math><inline-graphic xlink:href="danvers-ieq2-3197074.gif"/> </inline-formula> by streamlining the design. Our implementation-specific improvements allow a speedup of a straightforward comparison implementation of <inline-formula><tex-math notation="LaTeX">\approx 33\%</tex-math> <mml:math><mml:mrow><mml:mo>≈</mml:mo><mml:mn>33</mml:mn><mml:mo>%</mml:mo></mml:mrow></mml:math><inline-graphic xlink:href="danvers-ieq3-3197074.gif"/> </inline-formula>. We discuss the differences between the various algorithms and provide the implementations and a testing framework to ease future research.]]></description><subject>Algorithms</subject><subject>Arithmetic</subject><subject>Costs</subject><subject>Cryptography</subject><subject>Encryption</subject><subject>lattice-based cryptography</subject><subject>masking</subject><subject>NIST</subject><subject>Post-quantum cryptography</subject><subject>Quantum cryptography</subject><subject>Security</subject><subject>Side-channel attacks</subject><subject>side-channel protection</subject><subject>Streamlining</subject><issn>0018-9340</issn><issn>1557-9956</issn><fulltext>true</fulltext><rsrctype>article</rsrctype><creationdate>2023</creationdate><recordtype>article</recordtype><sourceid>ESBDL</sourceid><recordid>eNo9kM9PwjAYhhujiYiePXhp4nnw9ce61RssKiQYEsXzUtYOimydbTHhv3cE4-k7vM_7fsmD0D2BESEgx6tiRIHSESMyg4xfoAFJ0yyRMhWXaABA8kQyDtfoJoQdAAgKcoDCu_mxwUbbbvDMbrbGJ0uvjcdvKnwZjQvXdMrb4FpcO48XKkZbmWSqwin0xy66jVfd9viEJ_uN8zZum4BVq_HUxuRj38Maz5tubxrTRhWta8MtuqrVPpi7vztEny_Pq2KWLJav82KySCrGICZCar1mhDNZA4e1SFMBOl_zNUvTXAhWy4oaToXOgRudV1WtmQJtuAAmNMnYED2edzvvvg8mxHLnDr7tX5Y0E0JQIhjpqfGZqrwLwZu67LxtlD-WBMqT2XJVlCez5Z_ZvvFwblhjzD8t85TyjLJfKFp0-A</recordid><startdate>20230201</startdate><enddate>20230201</enddate><creator>D'Anvers, Jan-Pieter</creator><creator>Van Beirendonck, Michiel</creator><creator>Verbauwhede, Ingrid</creator><general>IEEE</general><general>The Institute of Electrical and Electronics Engineers, Inc. (IEEE)</general><scope>97E</scope><scope>ESBDL</scope><scope>RIA</scope><scope>RIE</scope><scope>AAYXX</scope><scope>CITATION</scope><scope>7SC</scope><scope>7SP</scope><scope>8FD</scope><scope>JQ2</scope><scope>L7M</scope><scope>L~C</scope><scope>L~D</scope><orcidid>https://orcid.org/0000-0002-0879-076X</orcidid><orcidid>https://orcid.org/0000-0001-9675-7988</orcidid></search><sort><creationdate>20230201</creationdate><title>Revisiting Higher-Order Masked Comparison for Lattice-Based Cryptography: Algorithms and Bit-Sliced Implementations</title><author>D'Anvers, Jan-Pieter ; Van Beirendonck, Michiel ; Verbauwhede, Ingrid</author></sort><facets><frbrtype>5</frbrtype><frbrgroupid>cdi_FETCH-LOGICAL-c330t-69ddb31439f040b65560d8b4b3558663f9c2e426d804ed8ccfd3a0de46036d173</frbrgroupid><rsrctype>articles</rsrctype><prefilter>articles</prefilter><language>eng</language><creationdate>2023</creationdate><topic>Algorithms</topic><topic>Arithmetic</topic><topic>Costs</topic><topic>Cryptography</topic><topic>Encryption</topic><topic>lattice-based cryptography</topic><topic>masking</topic><topic>NIST</topic><topic>Post-quantum cryptography</topic><topic>Quantum cryptography</topic><topic>Security</topic><topic>Side-channel attacks</topic><topic>side-channel protection</topic><topic>Streamlining</topic><toplevel>peer_reviewed</toplevel><toplevel>online_resources</toplevel><creatorcontrib>D'Anvers, Jan-Pieter</creatorcontrib><creatorcontrib>Van Beirendonck, Michiel</creatorcontrib><creatorcontrib>Verbauwhede, Ingrid</creatorcontrib><collection>IEEE All-Society Periodicals Package (ASPP) 2005-present</collection><collection>IEEE Open Access Journals</collection><collection>IEEE All-Society Periodicals Package (ASPP) 1998-Present</collection><collection>IEEE/IET Electronic Library (IEL)</collection><collection>CrossRef</collection><collection>Computer and Information Systems Abstracts</collection><collection>Electronics &amp; Communications Abstracts</collection><collection>Technology Research Database</collection><collection>ProQuest Computer Science Collection</collection><collection>Advanced Technologies Database with Aerospace</collection><collection>Computer and Information Systems Abstracts – Academic</collection><collection>Computer and Information Systems Abstracts Professional</collection><jtitle>IEEE transactions on computers</jtitle></facets><delivery><delcategory>Remote Search Resource</delcategory><fulltext>fulltext</fulltext></delivery><addata><au>D'Anvers, Jan-Pieter</au><au>Van Beirendonck, Michiel</au><au>Verbauwhede, Ingrid</au><format>journal</format><genre>article</genre><ristype>JOUR</ristype><atitle>Revisiting Higher-Order Masked Comparison for Lattice-Based Cryptography: Algorithms and Bit-Sliced Implementations</atitle><jtitle>IEEE transactions on computers</jtitle><stitle>TC</stitle><date>2023-02-01</date><risdate>2023</risdate><volume>72</volume><issue>2</issue><spage>321</spage><epage>332</epage><pages>321-332</pages><issn>0018-9340</issn><eissn>1557-9956</eissn><coden>ITCOB4</coden><abstract><![CDATA[Masked comparison is one of the most expensive operations in side-channel secure implementations of lattice-based post-quantum cryptography, especially for higher masking orders. First, we introduce two new masked comparison algorithms, which improve the arithmetic comparison of D'Anvers et al. (2021) and the hybrid comparison method of Coron et al. (2021) respectively. We then look into implementation-specific optimizations, and show that small specific adaptations can have a significant impact on the overall performance. Finally, we implement various state-of-the-art comparison algorithms and benchmark them on the same platform (ARM-Cortex M4) to allow a fair comparison between them. We improve on the arithmetic comparison of D'Anvers et al. with a factor <inline-formula><tex-math notation="LaTeX">\approx 20\%</tex-math> <mml:math><mml:mrow><mml:mo>≈</mml:mo><mml:mn>20</mml:mn><mml:mo>%</mml:mo></mml:mrow></mml:math><inline-graphic xlink:href="danvers-ieq1-3197074.gif"/> </inline-formula> by using Galois Field multiplications and the hybrid comparison of Coron et al. with a factor <inline-formula><tex-math notation="LaTeX">\approx 25\%</tex-math> <mml:math><mml:mrow><mml:mo>≈</mml:mo><mml:mn>25</mml:mn><mml:mo>%</mml:mo></mml:mrow></mml:math><inline-graphic xlink:href="danvers-ieq2-3197074.gif"/> </inline-formula> by streamlining the design. Our implementation-specific improvements allow a speedup of a straightforward comparison implementation of <inline-formula><tex-math notation="LaTeX">\approx 33\%</tex-math> <mml:math><mml:mrow><mml:mo>≈</mml:mo><mml:mn>33</mml:mn><mml:mo>%</mml:mo></mml:mrow></mml:math><inline-graphic xlink:href="danvers-ieq3-3197074.gif"/> </inline-formula>. We discuss the differences between the various algorithms and provide the implementations and a testing framework to ease future research.]]></abstract><cop>New York</cop><pub>IEEE</pub><doi>10.1109/TC.2022.3197074</doi><tpages>12</tpages><orcidid>https://orcid.org/0000-0002-0879-076X</orcidid><orcidid>https://orcid.org/0000-0001-9675-7988</orcidid><oa>free_for_read</oa></addata></record>
fulltext fulltext
identifier ISSN: 0018-9340
ispartof IEEE transactions on computers, 2023-02, Vol.72 (2), p.321-332
issn 0018-9340
1557-9956
language eng
recordid cdi_crossref_primary_10_1109_TC_2022_3197074
source IEEE Electronic Library (IEL) Journals
subjects Algorithms
Arithmetic
Costs
Cryptography
Encryption
lattice-based cryptography
masking
NIST
Post-quantum cryptography
Quantum cryptography
Security
Side-channel attacks
side-channel protection
Streamlining
title Revisiting Higher-Order Masked Comparison for Lattice-Based Cryptography: Algorithms and Bit-Sliced Implementations
url http://sfxeu10.hosted.exlibrisgroup.com/loughborough?ctx_ver=Z39.88-2004&ctx_enc=info:ofi/enc:UTF-8&ctx_tim=2025-02-01T12%3A52%3A12IST&url_ver=Z39.88-2004&url_ctx_fmt=infofi/fmt:kev:mtx:ctx&rfr_id=info:sid/primo.exlibrisgroup.com:primo3-Article-proquest_cross&rft_val_fmt=info:ofi/fmt:kev:mtx:journal&rft.genre=article&rft.atitle=Revisiting%20Higher-Order%20Masked%20Comparison%20for%20Lattice-Based%20Cryptography:%20Algorithms%20and%20Bit-Sliced%20Implementations&rft.jtitle=IEEE%20transactions%20on%20computers&rft.au=D'Anvers,%20Jan-Pieter&rft.date=2023-02-01&rft.volume=72&rft.issue=2&rft.spage=321&rft.epage=332&rft.pages=321-332&rft.issn=0018-9340&rft.eissn=1557-9956&rft.coden=ITCOB4&rft_id=info:doi/10.1109/TC.2022.3197074&rft_dat=%3Cproquest_cross%3E2766621631%3C/proquest_cross%3E%3Cgrp_id%3Ecdi_FETCH-LOGICAL-c330t-69ddb31439f040b65560d8b4b3558663f9c2e426d804ed8ccfd3a0de46036d173%3C/grp_id%3E%3Coa%3E%3C/oa%3E%3Curl%3E%3C/url%3E&rft_id=info:oai/&rft_pqid=2766621631&rft_id=info:pmid/&rft_ieee_id=9852472&rfr_iscdi=true