logo

SCIENCE CHINA Information Sciences, Volume 64 , Issue 3 : 139104(2021) https://doi.org/10.1007/s11432-019-9919-7

Error estimation of practical convolution discrete Gaussian sampling with rejection sampling

More info
  • ReceivedFeb 21, 2019
  • AcceptedJun 10, 2019
  • PublishedFeb 4, 2021

Abstract

There is no abstract available for this article.


Acknowledgment

This work was supported by National Key Research and Development Program of China (Grant No. 2017YFA0303903), National Cryptography Development Fund (Grant No. MMJJ20170121), and Zhejiang Province Key RD Project (Grant No. 2017C01062).


Supplement

Appendixes A–C.


References

[1] Micciancio D, Walter M. Gaussian Sampling over the Integers: Efficient, Generic, Constant-Time. In: Proceedings of CRYPTO 2017, 2017. 455--485. Google Scholar

[2] Pöppelmann T, Ducas L, Güneysu T. Enhanced lattice-based signatures on reconfigurable hardware. In: Proceedings of International Workshop on Cryptographic Hardware and Embedded Systems. Berlin: Springer, 2014. 353--370. Google Scholar

[3] Prest T. Sharper bounds in lattice-based cryptography using the Rényi divergence. In: Proceedings of ASIACRYPTO 2017, 2017. 347--374. Google Scholar

[4] Du Y S, Wei B D, Zhang H. A rejection sampling algorithm for off-centered discrete Gaussian distributions over the integers. Sci China Inf Sci, 2019, 62: 39103 CrossRef Google Scholar

[5] Peikert C. An efficient and parallel Gaussian sampler for lattices. In: Proceedings of Annual Cryptology Conference. Berlin: Springer, 2010. 80--97. Google Scholar

[6] Micciancio D, Peikert C. Hardness of SIS and LWE with small parameters. In: Proceedings of Advances in Cryptology-CRYPTO 2013. Berlin: Springer, 2013. 21--39. Google Scholar

[7] Gentry C, Peikert C, Vaikuntanathan V. Trapdoors forHard Lattices and New Cryptographic Constructions.In: Proceedings of the 40th Annual ACM Symposium on Theory of Computing, Victoria, 2008. 197--206. Google Scholar

  • Figure 1

    (Color online) Experiments results of practical errors of discrete gaussian convolution. (a) For $\Delta_{\rm~SD}$, $\Delta_{\rm~KL}$ and $\Delta_{\rm~RD}$; (b) for $\Delta_{\rm~ML}$ and $\Delta_{\rm~RE}$.