Gaussian Sampling Precision in Lattice Cryptography

Security parameters and attack countermeasures for Lattice-based cryptosystems have not yet matured to the level that we now expect from RSA and Elliptic Curve implementations. Many modern Ring-LWE and other lattice-based public key algorithms require high precision random sampling from the Discrete Gaussian distribution. The sampling procedure often represents the biggest implementation bottleneck due to its memory and computational requirements. We examine the stated requirements of precision for Gaussian samplers, where statistical distance to the theoretical distribution is typically expected to be below $2^{-90}$ or $2^{-128}$ for 90 or 128 ``bit\u27\u27 security level. We argue that such precision is excessive and give precise theoretical arguments why half of the precision of the security parameter is almost always sufficient. This leads to faster and more compact implementations; almost halving implementation size in both hardware and software. We further propose new experimental parameters for practical Gaussian samplers for use in Lattice Cryptography

A Hardware Efficient Random Number Generator for Nonuniform Distributions with Arbitrary Precision

Nonuniform random numbers are key for many technical applications, and designing efficient hardware implementations of non-uniform random number generators is a very active research field. However, most state-of-the-art architectures are either tailored to specific distributions or use up a lot of hardware resources. At ReConFig 2010, we have presented a new design that saves up to 48% of area compared to state-of-the-art inversion-based implementation, usable for arbitrary distributions and precision. In this paper, we introduce a more flexible version together with a refined segmentation scheme that allows to further reduce the approximation error significantly. We provide a free software tool allowing users to implement their own distributions easily, and we have tested our random number generator thoroughly by statistic analysis and two application tests

Hardware-Optimized Ziggurat Algorithm for High-Speed Gaussian Random Number Generators

Abstract Many scientific and engineering applications, which are increasingly being ported from software to reconfigurable platforms, require Gaussian-distributed random numbers. Thus, the efficient generation of these random numbers using few resources and allowing for high clocking rates is an important design factor in the application performance. In this paper, we demonstrate scalable implementations of the Ziggurat algorithm, a Gaussian random number generator, which we have modified for optimal performance on the Xilinx Virtex-4 FX12 FPGA. The resource-efficient design uses a small number of slices (233) while delivering a high throughput of 240 million samples per second. A two-way parallelizable design is discussed and the estimated throughput scales almost linearly. The generation of multiple Gaussian random numbers per cycle allows for the implementation of multiple, concurrent simulations on FPGAs with minimal resource overhead