Fast and Power-Analysis Resistant Ring Lizard Crypto-Processor Based on the Sparse Ternary Property
- 주제(키워드) Coprocessors , digital circuits , field programmable gate arrays , side-channel attacks , post-quantum cryptography
- 주제(기타) Computer Science, Information Systems
- 주제(기타) Engineering, Electrical & Electronic
- 주제(기타) Telecommunications
- 설명문(일반) [Choi, Piljoo] Hanyang Univ, Software Educ Comm, Seoul 04763, South Korea; [Kim, Ji-Hoon] Ewha Womans Univ, Dept Elect & Elect Engn, Seoul 04763, South Korea; [Kim, Dong Kyue] Hanyang Univ, Dept Elect Engn, Seoul 04763, South Korea
- 등재 SCIE, SCOPUS
- OA유형 gold
- 발행기관 IEEE-INST ELECTRICAL ELECTRONICS ENGINEERS INC
- 발행년도 2019
- 총서유형 Journal
- URI http://www.dcollection.net/handler/ewha/000000172022
- 본문언어 영어
- Published As https://dx.doi.org/10.1109/ACCESS.2019.2929299
초록/요약
Ring Lizard (RLizard) is a quantum-resistant public-key cryptosystem based on the ideal lattice. RLizard uses a sparse ternary polynomial, which facilitates implementation with lower complexity. The Lizard scheme's proposal for the National Institute of Standards and Technology's post-quantum cryptography standardization included its reference hardware design using the sparse ternary property; however, in this paper, we present the RLizard crypto-processor with the improved processing speed and security level against power analysis attacks. By additionally utilizing unused values for each memory access in the conventional RLizard crypto-processor, the processing speed of the proposed RLizard crypto-processors can increase by a factor of two or up to four times. The implementation results with three different FPGA devices show that the area overhead is approximately 50-100 flip-flops (FFs) and 50-300 lookup tables (LUTs), occupying approximately 2%-3% of the total area. The vulnerability to power analysis attacks and the proposed countermeasures were also analyzed. The experimental results prove the vulnerability of unprotected implementation, and the implementation results show that the masking and hiding countermeasures additionally require approximately 50-120 FFs and 100-360 LUTs. In addition, our idea can be applied to other ideal-lattice-based cryptosystems using a sparse binary or ternary polynomial, such as NTRU and Round5.
more