[crypto] Fwd: [risc-list] RISC at CWI (Fri Nov 7): Melissa Rossi (ENS Paris / Thales) _Masking Lattice-based Fiat-Shamir-with-aborts Signatures at Any Order_

R. Hirschfeld ray at unipay.nl
Mon Aug 27 19:50:45 CEST 2018

-------- Original Message --------
Subject: [risc-list] RISC at CWI (Fri Nov 7): Melissa Rossi (ENS Paris / 
Thales) _Masking Lattice-based Fiat-Shamir-with-aborts Signatures at Any 
Date: 2018-08-27 15:45
 From: Leo Ducas <L.Ducas at cwi.nl>
To: risc-list at cwi.nl

Dear Colleagues,

we cordially invite you to a RISC Seminar featuring a talk by

    * Melissa Rossi (ENS Paris / Thales) *


    */Masking Lattice-based Fiat-Shamir-with-aborts Signatures at Any 
Order/ <https://projects.cwi.nl/crypto/risc.php#>  *

The seminar takes place in the room L016 in CWI, on

          * Friday 7, September, 2018, from 16:00 to 17:00. *

See below for the abstract, and visit the RISC web page
https://projects.cwi.nl/crypto/risc.php  for more information.

Best regards,
Leo Ducas

/Abstract:/  Recently, numerous physical attacks have been
demonstrated against lattice-based schemes, often exploiting their
unique properties such as the reliance on Gaussian distributions,
rejection sampling and FFT-based polynomial multiplication. As the call
for concrete implementations and deployment of postquantum cryptography
becomes more pressing, protecting against those attacks is an important
problem. However, few countermeasures have been proposed. In particular,
  masking has been applied to the decryption procedure of some
lattice-based encryption schemes, but the much more difficult case of
signatures (which are highly non-linear and typically involve
randomness) has not been considered until now.

In this presentation, I will describe the first masked implementation of
  a lattice-based signature scheme. Since masking Gaussian sampling and
other procedures involving contrived probability distribution would be
prohibitively inefficient, we focused on the GLP scheme of Güneysu,
Lyubashevsky and Pöppelmann (CHES 2012). We showed how to provably mask
it in the Ishai-Sahai-Wagner model (CRYPTO 2003) at any order in a
relatively efficient manner, using extensions of the techniques of Coron
  et al. for converting between arithmetic and Boolean masking. I will
extend the results to other Fiat—Shamir with aborts signatures and
expose the new challenges.

Blog article : http://risq.fr/?page_id=365&lang=en

Presentation based on an extension of the following paper :

risc-list mailing list
risc-list at cwi.nl

More information about the crypto mailing list