US 11,924,346 B2
Efficient and masked sampling of polynomials for lattice-based cryptography
Markus Schoenauer, Vienna (AT); Tobias Schneider, Craz (AT); Joost Roland Renes, Eindhoven (AT); and Melissa Azouaoui, Norderstedt (AT)
Assigned to NXP B.V., Eindhoven (NL)
Filed by NXP B.V., Eindhoven (NL)
Filed on Apr. 28, 2022, as Appl. No. 17/732,164.
Prior Publication US 2023/0353361 A1, Nov. 2, 2023
Int. Cl. H04L 9/30 (2006.01); G06F 9/30 (2018.01)
CPC H04L 9/3093 (2013.01) [G06F 9/30018 (2013.01); H04L 9/3026 (2013.01)] 20 Claims
OG exemplary drawing
 
1. A data processing system comprising instructions embodied in a non-transitory computer readable medium, the instructions for masked sampling of polynomials for lattice-based cryptography in a processor, the instructions, comprising:
determining a number m of random bits to be sampled based upon a sample bound parameter β;
producing a plurality of Boolean masked shares of a polynomial coefficient each having a determined number m of random bits using a uniform random sampling function;
determining that the polynomial coefficient is within a range of values based upon the sample bound parameter β;
converting the plurality of Boolean masked shares of the polynomial coefficient to a plurality of arithmetic masked shares of the polynomial coefficient;
shifting the plurality of arithmetic masked shares based upon the sample bound parameter β; and
performing lattice-based cryptography using masked sampling of the polynomial coefficients using the plurality of shifted arithmetic masked shares.