Paper 2005/387

On highly nonlinear S-boxes and their inability to thwart DPA attacks (completed version)

C. Carlet

Abstract

Prouff has introduced recently, at FSE 2005, the notion of transparency order of S-boxes. This new characteristic is related to the ability of an S-box, used in a cryptosystem in which the round keys are introduced by addition, to thwart single-bit or multi-bit DPA attacks on the system. If this parameter has sufficiently small value, then the S-box is able to withstand DPA attacks without that ad-hoc modifications in the implementation be necessary (these modifications make the encryption about twice slower). We prove lower bounds on the transparency order of highly nonlinear S-boxes. We show that some highly nonlinear functions (in odd or even numbers of variables) have very bad transparency orders: the inverse functions (used as S-box in the AES), the Gold functions and the Kasami functions (at least under some assumption).

Note: The cases of Gold and Kasami functions in odd and even numbers of variables are now treated

Metadata
Available format(s)
PDF
Category
Secret-key cryptography
Publication info
Published elsewhere. completed version of a paper presented at INDOCRYPT 2005
Contact author(s)
claude carlet @ inria fr
History
2005-12-05: revised
2005-10-29: received
See all versions
Short URL
https://ia.cr/2005/387
License
Creative Commons Attribution
CC BY

BibTeX 

@misc{cryptoeprint:2005/387,
      author = {C.  Carlet},
      title = {On highly nonlinear S-boxes and their inability to thwart DPA attacks (completed version)},
      howpublished = {Cryptology ePrint Archive, Paper 2005/387},
      year = {2005},
      note = {\url{https://eprint.iacr.org/2005/387}},
      url = {https://eprint.iacr.org/2005/387}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.