Paper 2005/387
On highly nonlinear S-boxes and their inability to thwart DPA attacks (completed version)
C. Carlet
Abstract
Prouff has introduced recently, at FSE 2005, the notion of transparency order of S-boxes. This new characteristic is related to the ability of an S-box, used in a cryptosystem in which the round keys are introduced by addition, to thwart single-bit or multi-bit DPA attacks on the system. If this parameter has sufficiently small value, then the S-box is able to withstand DPA attacks without that ad-hoc modifications in the implementation be necessary (these modifications make the encryption about twice slower). We prove lower bounds on the transparency order of highly nonlinear S-boxes. We show that some highly nonlinear functions (in odd or even numbers of variables) have very bad transparency orders: the inverse functions (used as S-box in the AES), the Gold functions and the Kasami functions (at least under some assumption).
Note: The cases of Gold and Kasami functions in odd and even numbers of variables are now treated
Metadata
- Available format(s)
- Category
- Secret-key cryptography
- Publication info
- Published elsewhere. completed version of a paper presented at INDOCRYPT 2005
- Contact author(s)
- claude carlet @ inria fr
- History
- 2005-12-05: revised
- 2005-10-29: received
- See all versions
- Short URL
- https://ia.cr/2005/387
- License
-
CC BY
BibTeX
@misc{cryptoeprint:2005/387, author = {C. Carlet}, title = {On highly nonlinear S-boxes and their inability to thwart {DPA} attacks (completed version)}, howpublished = {Cryptology {ePrint} Archive, Paper 2005/387}, year = {2005}, url = {https://eprint.iacr.org/2005/387} }