A Flexible and Generic Gaussian Sampler With Power Side-Channel Countermeasures for Quantum-Secure Internet of Things

Post-quantum cryptography (PQC) great potential in providing reliable communication security for Internet-of-Things (IoT) devices against the quantum computer in the future. The Gaussian sampler is a crucial part in lattice-based post-quantum cryptosystems, thus being the most vulnerable module to side-channel attack as well. However, research on the countermeasures for the Gaussian sampler against power side-channel attacks is almost blank. In this article, a flexible and generic cumulative distribution table (CDT)-based Gaussian sampler using the hardware–software approach is proposed. The proposed CDT sampler has an AHB interface and can be reconfigured to support various parameter sets, while utilizing just 77 Slices on a Xilinx Spartan-6 FPGA with constant response time. Additionally, the first simple power analysis (SPA) attack on the CDT sampler is presented. The presented attack mainly takes advantage of the chosen input and the SPA vulnerability associated with the binary search method, hence the attacker is able to recover every sampled value by comparing a few pairs of power consumption traces. To further protect against chosen input SPA attack, this article identifies the vulnerability associated with three main operations in every binary search state and construct an effective countermeasure based on randomization at the cost of only extra 58.4% Slices. Compared to other related works, the merits of the proposed CDT sampler are the high hardware flexibility, side-channel security, and suitability for resource-constrained IoT nodes.