期刊文献+

一种抵御计时攻击的指数Bernoulli精确采样算法

An Algorithm for Sampling Exactly from Exponential Bernoulli Distributions with Resistance against Timing Attacks
下载PDF
导出
摘要 整数上的离散高斯采样是格密码的基础构建之一。拒绝采样是实现整数上离散高斯采样的一种主要的方法,而使用拒绝采样的关键是实现一个以指数函数为参数的Bernoulli分布的采样过程。这一采样过程也是决定整个采样算法能否抵御计时攻击的关键。对于实数x>0,借鉴SUN等人提出的一种针对指数函数Bernoulli分布β_(2)-x的等时采样算法,文章给出了一种可供选择的针对Bernoulli分布β_(2)-x的抵御计时攻击的精确采样算法,该算法能防止x的取值因计时攻击而遭到泄露,并且不需要(在线的)浮点运算,同时还能避免SUN等人的采样算法在实际实现中产生的统计误差,从而确保采样结果的精确性。实验结果验证了这一精确采样算法的有效性。 Discrete Gaussian sampling over the integers is one of the fundamental building blocks of lattice-based cryptography.Rejection sampling is one of the main methods for the discrete Gaussian sampling over the integers.The key of using rejection sampling is to implement a sampling procedure for Bernoulli distributions with exponential functions as parameters,and this sampling procedure is also the key to determine whether the whole sampling algorithm can resist timing attacks.For a real x>0,based on the isochronous sampling algorithm given by SUN et al.for the“exponential Bernoulli distribution”β_(2)-x,an alternative exact sampling algorithm with timing attack resistance is proposed for β_(2)-x.It can prevent the leakage of the information on the value of x caused by timing attacks,and does not require(online)floating-point arithmetic,and can also avoid the statistical error in the practical implementation of the sampling algorithm of SUN et al.,so as to ensure the exactness of sampling results in practice.Experimental results demonstrate the effectiveness of this exact sampling algorithm.
作者 杜育松 江思维 沈静 张家豪 DU Yusong;JIANG Siwei;SHEN Jing;ZHANG Jiahao(School of Computer Science and Engineering,Sun Yat-Sen University,Guangzhou 510006,China;Guangdong Polytechnic of Industry and Commerce,Guangzhou 510510,China)
出处 《信息网络安全》 CSCD 北大核心 2024年第6期855-862,共8页 Netinfo Security
基金 广东省基础与应用基础研究重大项目[2019B030302008] 广东省基础与应用基础研究项目[2022A1515011512] 广东工贸职业技术学院校级科研项目[2021-ZK-17]。
关键词 格密码 离散高斯采样 Bernoulli分布 计时攻击 lattice-based cryptography discrete Gaussian sampling Bernoulli distribution timing attack
  • 相关文献

参考文献2

二级参考文献11

  • 1Oded Regev.On lattices, learning with errors, random linear codes, and cryptography[J].Journal of the ACM (JACM).2009(6)
  • 2Johannes Bl?mer,Stefanie Naewe.Sampling methods for shortest vectors, closest vectors and successive minima[J].Theoretical Computer Science.2009(18)
  • 3Phong Q. Nguyen,Thomas Vidick.Sieve algorithms for the shortest vector problem are practical[J].Journal of Mathematical Cryptology.2008(2)
  • 4Jean-Sebastien Coron,Alexander May.Deterministic Polynomial-Time Equivalence of Computing the RSA Secret Key and Factoring[J].Journal of Cryptology.2007(1)
  • 5Dorit Aharonov,Oded Regev.Lattice problems in NP ∩ coNP[J].Journal of the ACM (JACM).2005(5)
  • 6Subhash Khot.Hardness of approximating the shortest vector problem in lattices[J].Journal of the ACM (JACM).2005(5)
  • 7Phong Q. Nguyen,Igor E. Shparlinski.The Insecurity of the Elliptic Curve Digital Signature Algorithm with Partially Known Nonces[J].Designs Codes and Cryptography.2003(2)
  • 8I. Dinur,G. Kindler,R. Raz,S. Safra.Approximating CVP to Within Almost-Polynomial Factors is NP-Hard[J].COMBINATORICA.2003(2)
  • 9Irit Dinur.Approximating SVP ∞ to within almost-polynomial factors is NP-hard[J].Theoretical Computer Science.2002(1)
  • 10Jin-Yi Cai.A new transference theorem in the geometry of numbers and new bounds for Ajtai’s connection factor[J].Discrete Applied Mathematics.2002(1)

共引文献44

相关作者

内容加载中请稍等...

相关机构

内容加载中请稍等...

相关主题

内容加载中请稍等...

浏览历史

内容加载中请稍等...
;
使用帮助 返回顶部