Cryptology ePrint Archive: Report 2014/367

Redefining the Transparency Order

Kaushik Chakraborty and Sumanta Sarkar and Subhamoy Maitra and Bodhisatwa Mazumdar and Debdeep Mukhopadhyay and Emmanuel Prouff

Abstract: In this paper, we consider the multi-bit Differential Power Analysis (DPA) in the Hamming weight model. In this regard, we revisit the definition of Transparency Order (TO) from the work of Prouff (FSE 2005) and find that the definition has certain limitations. Although this work has been quite well referred in the literature, surprisingly, these limitations remained unexplored for almost a decade. We analyse the definition from scratch, modify it and finally provide a definition with better insight that can theoretically capture DPA in Hamming weight model for hardware implementation with precharge logic. At the end, we confront the notion of (revised) transparency order with attack sim- ulations in order to study to what extent the low transparency order of an s-box impacts the efficiency of a side channel attack against its processing. To the best of our knowledge, this is the first time that such a critical analysis is conducted (even considering the original notion of Prouff). It practically confirms that the transparency order is indeed re- lated to the resistance of the s-box against side-channel attacks, but it also shows that it is not sufficient alone to directly achieve a satisfying level of security. Regarding this point, our conclusion is that the (revised) transparency order is a valuable criterion to consider when designing a cryptographic algorithm, and even if it does not preclude to also use classical countermeasures like masking or shuffling, it enables to improve their effectiveness.

Category / Keywords: implementation / AES, Auto-correlation, Cross-correlation, Differential Power Analysis, Prince, S-Box, Transparency Order, Walsh Spectrum.

Date: received 26 May 2014, last revised 23 Jan 2015

Contact author: subho at isical ac in

Available format(s): PDF | BibTeX Citation

Note: Detailed revision.

Version: 20150123:161210 (All versions of this report)

Discussion forum: Show discussion | Start new discussion


[ Cryptology ePrint archive ]