LOW-MEMORY DILITHIUM WITH MASKED HINT VECTOR COMPUTATION

Organization Name

NXP B.V.

Inventor(s)

Joost Roland Renes of 's-Hertogenbosch NL

Tobias Schneider of Graz AT

Melissa Azouaoui of Norderstedt DE

Mohamed Elghamrawy of Hamburg DE

LOW-MEMORY DILITHIUM WITH MASKED HINT VECTOR COMPUTATION

This abstract first appeared for US patent application 18366384 titled 'LOW-MEMORY DILITHIUM WITH MASKED HINT VECTOR COMPUTATION

Original Abstract Submitted

A method of performing a Dilithium signature operation on a message M using a secret key sk, including: calculating a value {tilde over (r)} based upon w, c, and s, where wand c are calculated as part of the Dilithium signature operation and sis part of the secret key sk; performing a bound check on {tilde over (r)} based upon γand β, where γand β are parameters of the Dilithium signature operation; calculating a hint h based on the value {tilde over (r)} and deleting the value {tilde over (r)} in a memory; regenerating a value y using an ExpandMask function; calculating z based upon y, c, and s, where sis part of the secret key sk and replacing y with z in the memory; performing a bound check on z based on γand β, where γis a parameter of the Dilithium signature operation; and returning a digital signature of the message M where the digital signature includes z and h.