Netinfo Security ›› 2024, Vol. 24 ›› Issue (6): 855-862.doi: 10.3969/j.issn.1671-1122.2024.06.004

Previous Articles     Next Articles

An Algorithm for Sampling Exactly from Exponential Bernoulli Distributions with Resistance against Timing Attacks

DU Yusong1(), JIANG Siwei1, SHEN Jing2, ZHANG Jiahao1   

  1. 1. School of Computer Science and Engineering, Sun Yat-Sen University, Guangzhou 510006, China
    2. Guangdong Polytechnic of Industry and Commerce, Guangzhou 510510, China
  • Received:2024-04-06 Online:2024-06-10 Published:2024-07-05

Abstract:

Discrete Gaussian sampling over the integers is one of the fundamental building blocks of lattice-based cryptography. Rejection sampling is one of the main methods for the discrete Gaussian sampling over the integers. The key of using rejection sampling is to implement a sampling procedure for Bernoulli distributions with exponential functions as parameters, and this sampling procedure is also the key to determine whether the whole sampling algorithm can resist timing attacks. For a real x > 0, based on the isochronous sampling algorithm given by SUN et al. for the “exponential Bernoulli distribution” β2-x, an alternative exact sampling algorithm with timing attack resistance is proposed for β2-x. It can prevent the leakage of the information on the value of x caused by timing attacks, and does not require (online) floating-point arithmetic, and can also avoid the statistical error in the practical implementation of the sampling algorithm of SUN et al., so as to ensure the exactness of sampling results in practice. Experimental results demonstrate the effectiveness of this exact sampling algorithm.

Key words: lattice-based cryptography, discrete Gaussian sampling, Bernoulli distribution, timing attack

CLC Number: