Discrete Gaussian Sampling

  • Sujoy Sinha RoyEmail author
  • Ingrid Verbauwhede
Part of the Computer Architecture and Design Methodologies book series (CADM)


In this chapter we propose an efficient hardware implementation of a discrete Gaussian sampler for ring-LWE encryption schemes. The proposed sampler architecture is based on the Knuth-Yao sampling Algorithm [10]. It has high precision and large tail-bound to keep the statistical distance below \(2^{-90}\) to the true Gaussian distribution for the secure parameter sets [6] that are used in the public key encryption schemes [12, 17].


  1. 1.
    Cormen TH, Stein C, Rivest RL, Leiserson CE (2001) Introduction to algorithms, 2nd edn. McGraw-Hill Higher EducationGoogle Scholar
  2. 2.
    de Clercq R, Roy SS, Vercauteren F, Verbauwhede I (2015) Efficient software implementation of ring-LWE encryption. In: Proceedings of the 2015 design, automation & test in Europe conference & exhibition, DATE ’15, pp 339–344Google Scholar
  3. 3.
    Devroye L (1986) Non-Uniform random variate generation. Springer, New YorkCrossRefGoogle Scholar
  4. 4.
    Ducas L, Durmus A, Lepoint T, Lyubashevsky V (2013) Lattice signatures and bimodal gaussians. In: Proceedings of the 33rd annual cryptology conference advances in cryptology—CRYPTO 2013, Santa Barbara, CA, USA, 18–22 Aug 2013, Part I. Springer, Berlin, Heidelberg, pp 40–56CrossRefGoogle Scholar
  5. 5.
    Dwarakanath N, Galbraith S (2014) Sampling from discrete gaussians for lattice-based cryptography on a constrained device. Appl Algebra Eng Commun Comput 25(3):159–180MathSciNetCrossRefGoogle Scholar
  6. 6.
    Göttert N, Feller T, Schneider M, Buchmann J, Huss S (2012) On the design of hardware building blocks for modern lattice-based encryption schemes. Cryptographic hardware and embedded systems—CHES 2012. volume 7428 of LNCS. Springer, Berlin, pp 512–529CrossRefGoogle Scholar
  7. 7.
    Groot Bruinderink L, Hülsing A., Lange T, Yarom Y (2016) Flush, gauss, and reload—a cache attack on the BLISS lattice-based signature scheme. In: Proceedings of the 18th international conference on cryptographic hardware and embedded systems—CHES 2016, Santa Barbara, CA, USA, 17–19 Aug 2016, Berlin, Heidelberg, 2016. Springer, Berlin, Heidelberg, pp 323–345Google Scholar
  8. 8.
    Karmakar A, Roy SS, Vercauteren F, Verbauwhede I (2017) Constant-time discrete gaussian sampling. Under RevGoogle Scholar
  9. 9.
    Knuth DE (1997) The art of computer programming, volume 2 (3rd ed): seminumerical algorithms. Addison-Wesley Longman Publishing Co, Inc, Boston, MA, USAGoogle Scholar
  10. 10.
    Knuth DE, Yao AC (1976) The complexity of non-uniform random number generation. Algorithms and complexity, pp 357–428Google Scholar
  11. 11.
    Lenstra AK, Lenstra HW, Lovász L (1982) Factoring polynomials with rational coefficients. Mathematische Annalen 261(4):515–534MathSciNetCrossRefGoogle Scholar
  12. 12.
    Lindner R, Peikert C (2011) Better key sizes (and Attacks) for LWE-based encryption. CT-RSA 2011:319–339MathSciNetzbMATHGoogle Scholar
  13. 13.
    Liu Z, Seo H, Roy SS, Großschädl J, Kim H, Verbauwhede (2015) Efficient ring-LWE encryption on 8-bit AVR processors. In: Proceedings of the 17th international workshop on cryptographic hardware and embedded systems–CHES 2015, Saint-Malo, France, 13–16 Sept 2015, Berlin, Heidelberg. Springer, Berlin, Heidelberg, pp. 663–682Google Scholar
  14. 14.
    Lyubashevsky V (2012) Lattice signatures without trapdoors. In: Proceedings of the 31st annual international conference on theory and applications of cryptographic techniques, EUROCRYPT’12, Berlin. Springer, pp 738–755CrossRefGoogle Scholar
  15. 15.
    Pessl P (2016) Analyzing the shuffling side-channel countermeasure for lattice-based signatures. In: Progress in cryptology–INDOCRYPT 2016: proceeding of the 17th international conference on cryptology in India, Kolkata, India, 11–14 Dec 2016, Cham. Springer International Publishing, Cham, pp. 153–170CrossRefGoogle Scholar
  16. 16.
    Pöppelmann T, Güneysu T (2014) Area optimization of lightweight lattice-based encryption on reconfigurable hardware. In: 2014 IEEE international symposium on circuits and systems (ISCAS), June 2014, pp 2796–2799Google Scholar
  17. 17.
    Regev O (2005) On lattices, learning with errors, random linear codes, and cryptography. In: Proceedings of the thirty-seventh annual ACM symposium on theory of computing, STOC ’05, New York, NY, USA. ACM, pp 84–93Google Scholar

Copyright information

© Springer Nature Singapore Pte Ltd. 2020

Authors and Affiliations

  1. 1.School of Computer ScienceUniversity of BirminghamBirminghamUK
  2. 2.ESAT—COSICKU LeuvenLeuvenBelgium

Personalised recommendations