Generalized Polynomial Decomposition for S-boxes with Application to Side-Channel Countermeasures

Dahmun Goudarzi; Matthieu Rivain; Damien Vergnaud; Srinivas Vivek

Paper 2017/632

Generalized Polynomial Decomposition for S-boxes with Application to Side-Channel Countermeasures

Dahmun Goudarzi, Matthieu Rivain, Damien Vergnaud, and Srinivas Vivek

Abstract

Masking is a widespread countermeasure to protect implementations of block-ciphers against side-channel attacks. Several masking schemes have been proposed in the literature that rely on the efficient decomposition of the underlying s-box(es). We propose a generalized decomposition method for s-boxes that encompasses several previously proposed methods while providing new trade-offs. It allows to evaluate $n λ$ -bit to $m λ$ -bit s-boxes for any integers $n, m, λ \geq 1$ by seeing it a sequence of $m$ $n$ -variate polynomials over $F_{2^{λ}}$ and by trying to minimize the number of multiplications over $F_{2^{λ}}$ .

Metadata

Available format(s): PDF
Publication info: Published by the IACR in CHES 2017
Keywords: s-box decomposition side-channel countermeasure masking software implementation block cipher
Contact author(s): dahmun goudarzi @ cryptoexperts com
matthieu rivain @ gmail com
damien vergnaud @ ens fr
sv venkatesh @ bristol ac uk
History: 2017-06-27: received
Short URL: https://ia.cr/2017/632
License: CC BY

BibTeX

@misc{cryptoeprint:2017/632,
      author = {Dahmun Goudarzi and Matthieu Rivain and Damien Vergnaud and Srinivas Vivek},
      title = {Generalized Polynomial Decomposition for S-boxes with Application to Side-Channel Countermeasures},
      howpublished = {Cryptology {ePrint} Archive, Paper 2017/632},
      year = {2017},
      url = {https://eprint.iacr.org/2017/632}
}