Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.


Zalcon: an alternative FPA-free NTRU sampler for Falcon

June 9, 2021


Yu Yang - Tsinghua University


Falcon is a very efficient and compact lattice-based signature scheme following the hash-and-sign GPV paradigm. The scheme is in the third round of the NIST Post-Quantum competition. It relies on the fast FFO sampler proposed by Ducas and Prest for sampling a Gaussian distribution over a lattice, that require floating-point operations. Floating-point operations are complex to protect against side-channel attack. We propose to tweak Falcon into Zalcon, an FPA-free alternative. We slightly modify the key generation and replace the FFO sampler with a new sampler based on Ducas et al. paper (Eurocrypt 2020). We specify the latter and show that it can be implemented without floating-point arithmetic operations. We additionally separate the sampling into an off-line phase that can be done in preprocessing and a fast and simple on-line sampling. This alternative is useful in constraint environments like smart cards where the on-line phase should be both fast and protected against side-channels. In this work-in-progress report, we also provide a provable masking and an implementation of the on-line sampler. We believe that it is possible to secure the off-line sampler as well.

Event Details



Related Topics

Security and Privacy: post-quantum cryptography

Created June 09, 2021, Updated June 10, 2021