High Precision Discrete Gaussian Sampling on FPGAs

  • Sujoy Sinha Roy
  • Frederik Vercauteren
  • Ingrid Verbauwhede
Conference paper

DOI: 10.1007/978-3-662-43414-7_19

Volume 8282 of the book series Lecture Notes in Computer Science (LNCS)
Cite this paper as:
Sinha Roy S., Vercauteren F., Verbauwhede I. (2014) High Precision Discrete Gaussian Sampling on FPGAs. In: Lange T., Lauter K., Lisoněk P. (eds) Selected Areas in Cryptography -- SAC 2013. SAC 2013. Lecture Notes in Computer Science, vol 8282. Springer, Berlin, Heidelberg

Abstract

Lattice-based public key cryptography often requires sampling from discrete Gaussian distributions. In this paper we present an efficient hardware implementation of a discrete Gaussian sampler with high precision and large tail-bound based on the Knuth-Yao algorithm. The Knuth-Yao algorithm is chosen since it requires a minimal number of random bits and is well suited for high precision sampling. We propose a novel implementation of this algorithm based on an efficient traversal of the discrete distribution generating (DDG) tree. Furthermore, we propose optimization techniques to store the probabilities of the sample points in near-optimal space. Our implementation targets the Gaussian distribution parameters typically used in LWE encryption schemes and has maximum statistical distance of \(2^{-90}\) to a true discrete Gaussian distribution. For these parameters, our implementation on the Xilinx Virtex V platform results in a sampler architecture that only consumes 47 slices and has a delay of 3 ns.

Keywords

Lattice-based cryptography Discrete gaussian sampler Hardware implementation Knuth-Yao algorithm Discrete distribution generating (DDG) tree 

Copyright information

© Springer-Verlag Berlin Heidelberg 2014

Authors and Affiliations

  • Sujoy Sinha Roy
    • 1
  • Frederik Vercauteren
    • 1
  • Ingrid Verbauwhede
    • 1
  1. 1.ESAT/COSIC and iMindsKU LeuvenLeuven-HeverleeBelgium