Research On Hardware Implementation Of Gaussian Sampler For Ring-LWE Cryptosystem

Communication technology continues to develop with the pursuit of efficient and fast information transmission by human beings.Protecting the transmission security of massive information is always the top priority,reflected in the development of encryption technology.Encryption technology has evolved from an early classical cipher relying on displacement and substitution to a public-key cryptography based on trapdoor one-way function.At present,the mainstream RSA and ECC public Key cryptosystems,which are based on difficult mathematical problems,are widely used in the field of information security.With the development of quantum computation,there is a risk that the existing public key cryptosystems are easily cracked.The Ring-LWE problem is a difficult problem based on lattices.The Ring-LWE cryptosystem is a research hotspot of post-quantum cryptography by virtue of its resource-efficient implementation and resistance against quantum attacks.The Ring-LWE cryptosystem requires a polynomial whose coefficients satisfy the discrete Gaussian distribution for key generation and encryption.Therefore,the Gaussian sampler is the core module of the cryptosystem.Research on efficient Gaussian sampler is carried out for the design goal of saving hardware resources and the limitation of 8-bit random number input.Using the symmetry of the discrete Gaussian distribution and the characteristics of the cumulative distribution function,the CDT inversion sampling method is optimized to save 65.9% of storage resources.Based on this,a sampler that can resist timing analysis attacks is designed.Test and analysis results show that the circuit shows superiority in terms of resource,performance,and security.In order to solve the security problem of power analysis attack,research and circuit design of anti-power attack are carried out.A chosen input power analysis attack scheme is proposed,which can effectively attack the sampler using the CDT inversion sampling method based on binary comparison search.The specific reasons for the power consumption characteristics of the sampler during operation are analyzed,and the countermeasures for masking the occurrence of power consumption characteristics is determined.The original power consumption characteristics is masked by the power consumption of the memory in the module being randomly read.Based on this,a sampler is designed.The circuit consumes a total of 406 LUTs and 123 FFs,occupies 122 SLICEs,and produces one sample every 8 clock cycles.Tests and analysis results show that the designed sampler can effectively resist chosen input power analysis attack.