IC 1204 : Trustworthy Manufacturing and Utilization of Secure Devices

During my visit to FER I worked on several projects that relate to the activities of COST action working groups. More specifically, projects related with groups WG3-Fault attack detection and protection, WG4-Reconfigurable devices for secure functions and WG5-Validation, Evaluation, and Fault Injection. First project deals with the improvements of side channel resistance of nonlinear elements of stream and block ciphers. Increase in DPA resistance can be obtained by changing current nonlinear elements with those that have better transparency order property. Transparency order property defines the resistance of S-boxes to DPA attacks. As presented in [1], our results confirm there is an increase in the number of needed traces when S-box with better transparency order is used. For the 8x8 case, we succeeded in lowering transparency order from 7.86 (AES case) to 7.35 which is as far as we know current lowest transparency order result for S-box of that size. After working on 8x8 case, when I arrived to FER we continued to conduct the research for the 4x4 case as well as for Boolean functions. When considering 4x4 case, we found S-boxes that belong to the optimal S-boxes classification (they have best set of properties to protect against linear and differential cryptanalysis) but with better DPA resistance. In accordance with that, we conducted experiments with the PRESENT algorithm (comparing original PRESENT S-box and our evolved S-box) and we found that our new S-box has better DPA resistance. From cryptographic properties perspective, we lowered transparency order from 3.53 (PRESENT) to 3.2 value while keeping nonlinearity and delta uniformity at the maximal value of 4. Furthermore, we showed that S-boxes are not affine invariant when considering transparency order or SNR (DPA) properties (properties related with side channel resistance). Results of those experiments will be presented at the HOST conference [3]. Our