Paper 2018/949

Constructing TI-Friendly Substitution Boxes using Shift-Invariant Permutations

Si Gao, Arnab Roy, and Elisabeth Oswald


The threat posed by side channels requires ciphers that can be efficiently protected in both software and hardware against such attacks. In this paper, we proposed a novel Sbox construction based on iterations of shift-invariant quadratic permutations and linear diffusions. Owing to the selected quadratic permutations, all of our Sboxes enable uniform 3-share threshold implementations, which provide first order SCA protections without any fresh randomness. More importantly, because of the "shift-invariant" property, there are ample implementation trade-offs available, in software as well as hardware. We provide implementation results (software and hardware) for a four-bit and an eight-bit Sbox, which confirm that our constructions are competitive and can be easily adapted to various platforms as claimed. We have successfully verified their resistance to first order attacks based on real acquisitions. Because there are very few studies focusing on software-based threshold implementations, our software implementations might be of independent interest in this regard.

Note: Fixing incorrect data in Table 1, 28 contains 4 linear permutations.

Available format(s)
Publication info
Published elsewhere. Major revision. CT-RSA 2019
Shift-invariantThreshold implementationSbox
Contact author(s)
si gao @ bristol ac uk
2019-02-15: last of 4 revisions
2018-10-09: received
See all versions
Short URL
Creative Commons Attribution


      author = {Si Gao and Arnab Roy and Elisabeth Oswald},
      title = {Constructing TI-Friendly Substitution Boxes using Shift-Invariant Permutations},
      howpublished = {Cryptology ePrint Archive, Paper 2018/949},
      year = {2018},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.