Cryptology ePrint Archive: Report 2012/300

Threshold Implementations of all 3x3 and 4x4 S-boxes

B. Bilgin and S.Nikova and V.Nikov and V.Rijmen and G.Stütz

Abstract: Side-channel attacks have proven many hardware implementations of cryptographic algorithms to be vulnerable. A recently proposed masking method, based on secret sharing and multi-party computation methods, introduces a set of sufficient requirements for implementations to be provably resistant against first-order DPA with minimal assumptions on the hardware. The original paper doesn't describe how to construct the Boolean functions that are to be used in the implementation. In this paper, we derive the functions for all invertible $3 \times 3$, $4 \times 4$ S-boxes and the $6 \times 4$ DES S-boxes. Our methods and observations can also be used to accelerate the search for sharings of larger (e.g. $8 \times 8$) S-boxes. Finally, we investigate the cost of such protection.

Category / Keywords: DPA, masking, glitches, sharing, nonlinear functions, S-box

Publication Info: This is an extended version of the paper "Threshold Implementations of all 3x3 and 4x4 S-boxes", which will appear at CHES 2012.

Date: received 29 May 2012, last revised 23 Jun 2012

Contact author: svetla nikova at esat kuleuven be

Available formats: PDF | BibTeX Citation

Version: 20120623:094706 (All versions of this report)

Discussion forum: Show discussion | Start new discussion