The discrete Gaussian sampler is one of the fundamental tools in implementing lattice-based cryptosystems. However, a naive discrete Gaussian sampling implementation suffers from side-channel vulnerabilities, and the existing countermeasures usually introduce significant overhead in either the running speed or the memory consumption. In this paper, we propose a fast, compact, and constant-time implementation of the binary sampling algorithm, originally introduced in the BLISS signature scheme. Our implementation adapts the Rényi divergence and the transcendental function polynomial approximation techniques. The efficiency of our scheme is independent of the standard deviation, and we show evidence that our implementations are either faster or more compact than several existing constant-time samplers. In addition, we show the performance of our implementation techniques applied to and integrated with two existing signature schemes: qTesla and Falcon. On the other hand, the convolution theorems are typically adapted to sample from larger standard deviations, by combining samples with much smaller standard deviations. As an additional contribution, we show better parameters for the convolution theorems.

中文翻译：

---

FACCT：整数上的快速、紧凑和恒定时间离散高斯采样器

离散高斯采样器是实现基于格的密码系统的基本工具之一。然而，朴素的离散高斯采样实现存在侧信道漏洞，现有的对策通常会在运行速度或内存消耗方面带来显着的开销。在本文中，我们提出了最初在 BLISS 签名方案中引入的二进制采样算法的快速、紧凑和恒定时间实现。我们的实现采用了 Rényi 散度和超越函数多项式近似技术。我们方案的效率与标准偏差无关，并且我们证明了我们的实现比几个现有的恒定时间采样器更快或更紧凑。此外，我们展示了我们的实现技术应用于并与两个现有签名方案集成的性能：qTesla 和 Falcon。另一方面，卷积定理通常适用于从较大的标准偏差中采样，通过组合具有小得多的标准偏差的样本。作为额外的贡献，我们展示了更好的卷积定理参数。