Zalcon: an alternative FPA-free NTRU sampler for Falcon

Falcon is a very efficient and compact lattice-based signature scheme following the hashand-sign GPV paradigm. The scheme is in the third round of the NIST Post-Quantum competition. It relies on the fast FFO sampler proposed by Ducas and Prest for sampling a Gaussian distribution over a lattice, that require floating-point operations. Floating-point operations are complex to protect against side-channel attack. We propose to tweak Falcon into Zalcon, an FPA-free alternative. We slightly modify the key generation and replace the FFO sampler with a new sampler based on Ducas et al. paper (Eurocrypt 2020). We specify the latter and show that it can be implemented without floatingpoint arithmetic operations. We additionally separate the sampling into an off-line phase that can be done in preprocessing and a fast and simple on-line sampling. This alternative is useful in constraint environments like smart cards where the on-line phase should be both fast and protected against sidechannels. In this work-in-progress report, we also provide a provable masking and an implementation of the on-line sampler. We believe that it is possible to secure the off-line sampler as well.