A Post-Quantum Secure Discrete Gaussian Noise Sampler

While the notion of achieving “quantum supremacy” may be debatable, rapid developments in the field of quantum computing are heading towards more realistic quantum computers. As practical quantum computers start becoming more feasible, the requirement to have quantum secure cryptosystems becomes more compelling. Due to its many advantages, lattice based cryptography has become one of the key candidates for designing secure systems for the post-quantum era. The security of lattice-based cryptography is governed by the small error samples generated from a Gaussian distribution. Hence, the Gaussian distribution lies at the core of these cryptosystems. In this paper, we present the hardware design implementation of three different sampling algorithms including rejection, Box-Muller, and the Ziggurat method for the Gaussian Sampler. Our goal is to provide concrete recommendations for future use and adoption in various cryptosystems based on sampling efficiency, hardware cost and throughput. The key feature of our design implementation is that it performs high-precision sampling to meet the NIST’s recommended security level of 112-bits or higher for the postquantum era, which most existing hardware implementations fail to do. Furthermore, our design implementation is highly optimized for FPGA-based implementation and is also generic so that it can be seamlessly integrated into most cryptosystems. Synthesis results are obtained using Vivado design suite for a Xilinx Zynq-7010 CLG400ACX1341 FPGA board.