**Redefining the Transparency Order**

*Kaushik Chakraborty and Subhamoy Maitra and Sumanta Sarkar and Bodhisatwa Mazumdar and Debdeep Mukhopadhyay*

**Abstract: **In this paper, we consider the multi-bit Differential Power Analysis (DPA) in the Hamming weight model. In this regard, we revisit the definition of Transparency Order (TO) from the work of Prouff (FSE 2005) and find that the definition has certain limitations. Although this work has been quite well referred in the literature, surprisingly, these limitations remained unexplored for almost a decade. The existing definition of TO (by Prouff) for an S-box
$F: \F_2^n \rightarrow \F_2^m$ considers maximization on $\beta \in \F_2^m$. However, we show that the expression suggested by Prouff is always maximum when $\beta$ is either all-zero or all-one, that makes the maximization over all $\beta \in \F_2^m$ redundant. Digging TO deeper, we note that the existing definition of TO assumes certain cross-correlation terms between the co-ordinate Boolean functions of $F$ as zero. This is not true in general and thus we need to accommodate these terms in the definition. Further the definition is based on the assumption that the co-ordinate functions in
the S-boxes are balanced (which is indeed logical for practical S-boxes), but unfortunately the measure has been calculated for bent functions (which are not balanced) in Prouff's paper and subsequent works. We analyse the definition from scratch, modify it and finally provide a substantially improved and logical definition that can theoretically capture DPA in Hamming weight model for hardware implementation with precharge logic. In this regard, our analysis comes with numerical data for AES S-Box and the family of S-Boxes described in the context of Prince.

**Category / Keywords: **implementation / AES, Auto-correlation, Cross-correlation, Differential Power Analysis, Prince, S-Box, Transparency Order, Walsh Spectrum.

**Date: **received 26 May 2014

**Contact author: **subho at isical ac in

**Available format(s): **PDF | BibTeX Citation

**Version: **20140527:101925 (All versions of this report)

**Short URL: **ia.cr/2014/367

**Discussion forum: **Show discussion | Start new discussion

[ Cryptology ePrint archive ]