June 9, 2021
Yu Yang - Tsinghua University
Falcon is a very efficient and compact lattice-based signature scheme following the hash-and-sign GPV paradigm. The scheme is in the third round of the NIST Post-Quantum competition. It relies on the fast FFO sampler proposed by Ducas and Prest for sampling a Gaussian distribution over a lattice, that require floating-point operations. Floating-point operations are complex to protect against side-channel attack. We propose to tweak Falcon into Zalcon, an FPA-free alternative. We slightly modify the key generation and replace the FFO sampler with a new sampler based on Ducas et al. paper (Eurocrypt 2020). We specify the latter and show that it can be implemented without floating-point arithmetic operations. We additionally separate the sampling into an off-line phase that can be done in preprocessing and a fast and simple on-line sampling. This alternative is useful in constraint environments like smart cards where the on-line phase should be both fast and protected against side-channels. In this work-in-progress report, we also provide a provable masking and an implementation of the on-line sampler. We believe that it is possible to secure the off-line sampler as well.
