Cryptology ePrint Archive: Report 2012/300
Threshold Implementations of all 3x3 and 4x4 S-boxes
B. Bilgin and S.Nikova and V.Nikov and V.Rijmen and G.Stütz
Abstract: Side-channel attacks have proven many hardware implementations of cryptographic algorithms to be vulnerable. A recently proposed masking method, based on secret sharing and multi-party computation methods, introduces a set of sufficient requirements for implementations to be provably resistant against first-order DPA with minimal assumptions on the hardware. The original paper doesn't describe how to construct the Boolean functions that are to be used in the implementation. In this paper, we derive the functions for all invertible $3 \times 3$, $4 \times 4$ S-boxes and the $6 \times 4$ DES S-boxes. Our methods and observations can also be used to accelerate the search for sharings of larger (e.g. $8 \times 8$) S-boxes. Finally, we investigate the cost of such protection.
Category / Keywords: DPA, masking, glitches, sharing, nonlinear functions, S-box
Publication Info: This is an extended version of the paper "Threshold Implementations of all 3x3 and 4x4 S-boxes", which will appear at CHES 2012.
Date: received 29 May 2012, last revised 23 Jun 2012
Contact author: svetla nikova at esat kuleuven be
Available format(s): PDF | BibTeX Citation
Version: 20120623:094706 (All versions of this report)
Short URL: ia.cr/2012/300
Discussion forum: Show discussion | Start new discussion
[ Cryptology ePrint archive ]