TY - JOUR
T1 - Learning parity with physical noise
T2 - Imperfections, reductions and fpga prototype
AU - Bellizia, Davide
AU - Hoffmann, Clément
AU - Kamel, Dina
AU - Liu, Hanlin
AU - Méaux, Pierrick
AU - Standaert, François Xavier
AU - Yu, Yu
N1 - Publisher Copyright:
© 2021, Ruhr-University of Bochum. All rights reserved.
PY - 2021/7/9
Y1 - 2021/7/9
N2 - Hard learning problems are important building blocks for the design of various cryptographic functionalities such as authentication protocols and post-quantum public key encryption. The standard implementations of such schemes add some controlled errors to simple (e.g., inner product) computations involving a public challenge and a secret key. Hard physical learning problems formalize the potential gains that could be obtained by leveraging inexact computing to directly generate erroneous samples. While they have good potential for improving the performances and physical security of more conventional samplers when implemented in specialized integrated circuits, it remains unknown whether physical defaults that inevitably occur in their instantiation can lead to security losses, nor whether their implementation can be viable on standard platforms such as FPGAs. We contribute to these questions in the context of the Learning Parity with Physical Noise (LPPN) problem by: (1) exhibiting new (output) data dependencies of the error probabilities that LPPN samples may suffer from; (2) formally showing that LPPN instances with such dependencies are as hard as the standard LPN problem; (3) analyzing an FPGA prototype of LPPN processor that satisfies basic security and performance requirements.
AB - Hard learning problems are important building blocks for the design of various cryptographic functionalities such as authentication protocols and post-quantum public key encryption. The standard implementations of such schemes add some controlled errors to simple (e.g., inner product) computations involving a public challenge and a secret key. Hard physical learning problems formalize the potential gains that could be obtained by leveraging inexact computing to directly generate erroneous samples. While they have good potential for improving the performances and physical security of more conventional samplers when implemented in specialized integrated circuits, it remains unknown whether physical defaults that inevitably occur in their instantiation can lead to security losses, nor whether their implementation can be viable on standard platforms such as FPGAs. We contribute to these questions in the context of the Learning Parity with Physical Noise (LPPN) problem by: (1) exhibiting new (output) data dependencies of the error probabilities that LPPN samples may suffer from; (2) formally showing that LPPN instances with such dependencies are as hard as the standard LPN problem; (3) analyzing an FPGA prototype of LPPN processor that satisfies basic security and performance requirements.
KW - FPGA Implementations
KW - Learning Parity with Noise
KW - Physical Assumptions
KW - Physical Defaults
KW - Security Reductions
KW - Side-Channel Security
UR - https://www.scopus.com/pages/publications/85118420239
U2 - 10.46586/tches.v2021.i3.390-417
DO - 10.46586/tches.v2021.i3.390-417
M3 - 文章
AN - SCOPUS:85118420239
SN - 2569-2925
VL - 2021
SP - 390
EP - 417
JO - IACR Transactions on Cryptographic Hardware and Embedded Systems
JF - IACR Transactions on Cryptographic Hardware and Embedded Systems
IS - 3
ER -