Arithmetic Coding and Blinding Countermeasures for Ring-LWE

We describe new arithmetic coding techniques and side-channel blinding countermeasures for lattice-based cryptography. Using these techniques we develop a practical, compact, and more quantum-resistant variant of the BLISS Ring-LWE Signature Scheme. We first show how the BLISS hash-based random oracle can be modified to be more secure against quantum preimage attacks while optimising signature size. Arithmetic Coding offers an information theoretically optimal compression for stationary and memoryless sources, such as the discrete Gaussian distributions often present in lattice-based cryptography. We show that this technique gives better signature sizes than the previously proposed advanced Huffman-based signature compressors. We further demonstrate that arithmetic decoding from an uniform source to target distribution is also an optimal non-uniform sampling method in the sense that a minimal amount of true random bits is required. Performance of this new Binary Arithmetic Coding (BAC) sampler is comparable to other practical samplers. The same code, tables, or circuitry can be utilised for both tasks, eliminating the need for separate sampling and compression components. We then describe simple randomised blinding techniques that can be applied to anti-cyclic polynomial multiplication to mask timingand power consumption sidechannels in ring arithmetic. We further show that the Gaussian sampling process can also be blinded by a split-and-permute techniques as an effective countermeasure against side-channel attacks.