Implementation and Evaluation of Improved Gaussian Sampling for Lattice Trapdoors

We report on our implementation of a new Gaussian sampling algorithm for lattice trapdoors. Lattice trapdoors are used in a wide array of lattice-based cryptographic schemes including digital signatures, attributed-based encryption, program obfuscation and others. Our implementation provides Gaussian sampling for trapdoor lattices with prime moduli, and supports both single- and multi-threaded execution. We experimentally evaluate our implementation through its use in the GPV hash-and-sign digital signature scheme as a benchmark. We compare our design and implementation with prior work reported in the literature. The evaluation shows that our implementation 1) has smaller space requirements and faster runtime, 2) does not require multi-precision floating-point arithmetic, and 3) can be used for a broader range of cryptographic primitives than previous implementations.

[1]  Chris Peikert,et al.  A Toolkit for Ring-LWE Cryptography , 2013, IACR Cryptol. ePrint Arch..

[2]  Chris Peikert,et al.  A Decade of Lattice Cryptography , 2016, Found. Trends Theor. Comput. Sci..

[3]  Brent Waters,et al.  Homomorphic Encryption from Learning with Errors: Conceptually-Simpler, Asymptotically-Faster, Attribute-Based , 2013, CRYPTO.

[4]  Phong Q. Nguyen,et al.  BKZ 2.0: Better Lattice Security Estimates , 2011, ASIACRYPT.

[5]  Chris Peikert,et al.  Trapdoors for Lattices: Simpler, Tighter, Faster, Smaller , 2012, IACR Cryptol. ePrint Arch..

[6]  Jean-Jacques Quisquater,et al.  Recent Results on Modular Multiplications for Smart Cards , 1998, CARDIS.

[7]  Frederik Vercauteren,et al.  Somewhat Practical Fully Homomorphic Encryption , 2012, IACR Cryptol. ePrint Arch..

[8]  Chris Peikert,et al.  Public-key cryptosystems from the worst-case shortest vector problem: extended abstract , 2009, STOC '09.

[9]  Chris Peikert,et al.  An Efficient and Parallel Gaussian Sampler for Lattices , 2010, CRYPTO.

[10]  Daniele Micciancio,et al.  Gaussian Sampling over the Integers: Efficient, Generic, Constant-Time , 2017, CRYPTO.

[11]  Craig Gentry,et al.  Trapdoors for hard lattices and new cryptographic constructions , 2008, IACR Cryptol. ePrint Arch..

[12]  Patrick Schaumont,et al.  Low-cost and area-efficient FPGA implementations of lattice-based cryptography , 2013, 2013 IEEE International Symposium on Hardware-Oriented Security and Trust (HOST).

[13]  Daniele Micciancio Lattice-Based Cryptography , 2011, Encyclopedia of Cryptography and Security.

[14]  Craig Gentry,et al.  Homomorphic Evaluation of the AES Circuit , 2012, IACR Cryptol. ePrint Arch..

[15]  Craig Gentry,et al.  (Leveled) fully homomorphic encryption without bootstrapping , 2012, ITCS '12.

[16]  Oded Regev,et al.  Lattice-Based Cryptography , 2006, CRYPTO.

[17]  Michael Naehrig,et al.  Manual for Using Homomorphic Encryption for Bioinformatics , 2017, Proceedings of the IEEE.

[18]  Léo Ducas,et al.  Faster Gaussian Lattice Sampling Using Lazy Floating-Point Arithmetic , 2012, ASIACRYPT.

[19]  M. Robshaw,et al.  Faster Gaussian Sampling for Trapdoor Lattices with Arbitrary Modulus , 2018, IACR Cryptol. ePrint Arch..

[20]  Craig Gentry,et al.  Fully Key-Homomorphic Encryption, Arithmetic Circuit ABE and Compact Garbled Circuits , 2014, EUROCRYPT.

[21]  Rachid El Bansarkhani,et al.  Improvement and Efficient Implementation of a Lattice-Based Signature Scheme , 2013, Selected Areas in Cryptography.

[22]  Oded Regev Quantum Computation and Lattice Problems , 2004, SIAM J. Comput..

[23]  Vinod Vaikuntanathan,et al.  Obfuscating Conjunctions under Entropic Ring LWE , 2016, ITCS.