On Highly Nonlinear S-Boxes and Their Inability to Thwart DPA Attacks
نویسنده
چکیده
Prouff has introduced recently, at FSE 2005, the notion of transparency order of S-boxes. This new characteristic is related to the ability of an S-box, used in a cryptosystem in which the round keys are introduced by addition, to thwart single-bit or multi-bit DPA attacks on the system. If this parameter has sufficiently small value, then the S-box is able to withstand DPA attacks without that ad-hoc modifications in the implementation be necessary (these modifications make the encryption about twice slower). We prove lower bounds on the transparency order of highly nonlinear S-boxes. We show that some highly nonlinear functions (in odd or even numbers of variables) have very bad transparency orders: the inverse functions (used as S-box in the AES), the Gold functions and the Kasami functions (at least under some assumption).
منابع مشابه
Provably Secure S-Box Implementation Based on Fourier Transform
Cryptographic algorithms implemented in embedded devices must withstand Side Channel Attacks such as the Differential Power Analysis (DPA). A common method of protecting symmetric cryptographic implementations against DPA is to use masking techniques. However, clever masking of non-linear parts such as S-Boxes is difficult and has been the flaw of many countermeasures. In this article, we take ...
متن کاملDPA Attacks and S-Boxes
For the power consumption model called Hamming weight model, we rewrite DPA attacks in terms of correlation coefficients between two Boolean functions. We exhibit properties of S-boxes (also called (n, m)-functions) relied on DPA attacks. We show that these properties are opposite to the non-linearity criterion and to the propagation criterion. To quantify the resistance of an S-box to DPA atta...
متن کاملIC 1204 : Trustworthy Manufacturing and Utilization of Secure Devices
During my visit to FER I worked on several projects that relate to the activities of COST action working groups. More specifically, projects related with groups WG3-Fault attack detection and protection, WG4-Reconfigurable devices for secure functions and WG5-Validation, Evaluation, and Fault Injection. First project deals with the improvements of side channel resistance of nonlinear elements o...
متن کاملEnhanced DES Implementation Secure Against High-Order Differential Power Analysis in Smartcards
Since Differential Power Analysis (DPA) on DES in smartcards was firstly published by Kocher et al. in 1999, many countermeasures have been proposed to protect cryptographic algorithms from the attack, of which masking is an efficient and easily implemented method. In this paper, after showing some attacks on Akkar et al. ’s improved DES implementation from FSE’04, we list and prove some basic ...
متن کاملEvolving DPA-Resistant Boolean Functions
Boolean functions are important primitives in cryptography. Accordingly, there exist numerous works on the methods of constructions of Boolean functions. However, the property specifying the resistance of Boolean functions against Differential Power Analysis (DPA) attacks was until now scarcely investigated and only for S-boxes. Here, we evolve Boolean functions that have higher resistance to D...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
عنوان ژورنال:
- IACR Cryptology ePrint Archive
دوره 2005 شماره
صفحات -
تاریخ انتشار 2005