KULeuven-COSIC / Masked-Comparison

MIT License
5 stars 2 forks source link

Higher-Order Masked Ciphertext Comparison for Lattice-Based Cryptography

This repository contains ARM Cortex-M4 code for higher-order masked ciphertext comparison for lattice-based cryptography. The implementations are described in our paper "Higher-Order Masked Ciphertext Comparison for Lattice-Based Cryptography", Jan-Pieter D'Anvers, Daniel Heinz, Peter Pessl, Michiel van Beirendonck and Ingrid Verbauwhede (ePrint 2021/1422) that appeared in TCHES, Volume 2022, Issue 2 (TCHES).


Building and running the code requires:


The code in this repository uses the libopencm3 open-source ARM Cortex-M microcontroller library. The repository is built after the libopencm3-template.

After cloning or downloading this repository, it is necessary to initialize libopencm3:

git submodule update --init --recursive
make -C libopencm3

Tests and Benchmarks


The Makefile allows to configure which benchmarks or tests to run.

It is possible to both compile the code for execution on STM32F407G-DISC1 board or on a host PC by setting the corresponding flag:

PLATFORM = {ARM, host}

In both case, binaries are built with make. For execution on the STM32F407G-DISC1 board, the binary can be flashed to the board with make flash. The serial output can be retrieved with make screen, which should be set-up before flashing the binary. For host execution, code can be suqbsequently be run with make run. Host execution sets the -DDEBUG flag, which enables sanity-check assertions within the codebase.

The masked comparison target scheme can be configured for Kyber or Saber:


The number of shares can be set:


The number of tests to run can be selected:


Finally, there are flags that allow to profile the implementation:


Only one of these flags should be set at any point for consistent benchmarks. For example, counting the requested number of random bytes would incur overheads in the cycle counts.

ChipWhisperer Integration

It is also possible to compile the code for the ChipWhisperer-Lite target. We provide a jupyter notebook for an easy build and evaluation process in the jupyter folder.

Requirement is a working ChipWhisperer Installation in Python.


Files developed in this work are released under the MIT License. In addition, if you use or build upon the code in this repository, please cite our paper using our citation key.

B2A.c is licensed under GNU General Public License version 2.

Jan-Pieter D'Anvers, Daniel Heinz, Peter Pessl, Michiel van Beirendonck and Ingrid Verbauwhede