Paper 2012/300

Threshold Implementations of all 3x3 and 4x4 S-boxes

B. Bilgin, S. Nikova, V. Nikov, V. Rijmen, and G. Stütz

Abstract

Side-channel attacks have proven many hardware implementations of cryptographic algorithms to be vulnerable. A recently proposed masking method, based on secret sharing and multi-party computation methods, introduces a set of sufficient requirements for implementations to be provably resistant against first-order DPA with minimal assumptions on the hardware. The original paper doesn't describe how to construct the Boolean functions that are to be used in the implementation. In this paper, we derive the functions for all invertible $3 \times 3$, $4 \times 4$ S-boxes and the $6 \times 4$ DES S-boxes. Our methods and observations can also be used to accelerate the search for sharings of larger (e.g. $8 \times 8$) S-boxes. Finally, we investigate the cost of such protection.

Metadata
Available format(s)
PDF
Publication info
Published elsewhere. This is an extended version of the paper "Threshold Implementations of all 3x3 and 4x4 S-boxes", which will appear at CHES 2012.
Keywords
DPAmaskingglitchessharingnonlinear functionsS-box
Contact author(s)
svetla nikova @ esat kuleuven be
History
2012-06-23: last of 2 revisions
2012-06-03: received
See all versions
Short URL
https://ia.cr/2012/300
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2012/300,
      author = {B.  Bilgin and S. Nikova and V. Nikov and V. Rijmen and G. Stütz},
      title = {Threshold Implementations of all 3x3 and 4x4 S-boxes},
      howpublished = {Cryptology ePrint Archive, Paper 2012/300},
      year = {2012},
      note = {\url{https://eprint.iacr.org/2012/300}},
      url = {https://eprint.iacr.org/2012/300}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.