Paper 2022/1141

An Optimal Universal Construction for the Threshold Implementation of Bijective S-boxes

Enrico Piccione, University of Bergen, Bergen, Norway
Samuele Andreoli, University of Bergen, Bergen, Norway
Lilya Budaghyan, University of Bergen, Bergen, Norway
Claude Carlet, University of Bergen, Bergen, Norway, University of Paris 8, Saint-Denis, France
Siemen Dhooghe, KU Leuven, Leuven, Belgium
Svetla Nikova, University of Bergen, Bergen, Norway, KU Leuven, Leuven, Belgium
George Petrides, University of Cyprus, Nicosia, Cyprus
Vincent Rijmen, KU Leuven, Leuven, Belgium, University of Bergen, Bergen, Norway
Abstract

Threshold implementation is a method based on secret sharing to secure cryptographic ciphers (and in particular S-boxes) against differential power analysis side-channel attacks which was proposed by Nikova, Rechberger, and Rijmen in 2006. Until now, threshold implementations were only constructed for specific types of functions and some small S-boxes, but no generic construction was ever presented. In this paper, we present the first universal threshold implementation with $t+2$ shares that is applicable to any bijective S-box, where $t$ is its algebraic degree (or is larger than the algebraic degree). While being universal, our construction is also optimal with respect to the number of shares, since the theoretically smallest possible number, $t+1$, is not attainable for some bijective S-boxes. Our results enable low latency secure hardware implementations without the need for additional randomness. In particular, we apply this result to find two uniform sharings of the AES S-box. The first sharing is obtained by using the threshold implementation of the inversion in $\mathbb{F}_{2^8}$ and the second by using two threshold implementations of two cubic power permutations that decompose the inversion. Area and performance figures for hardware implementations are provided.

Metadata
Available format(s)
PDF
Category
Implementation
Publication info
Preprint.
Keywords
AESDPAGlitchesMaskingPermutation PolynomialsSharingThreshold ImplementationsVectorial Boolean Functions
Contact author(s)
enrico piccione @ uib no
samuele andreoli @ uib no
lilya budaghyan @ uib no
siemen dhooghe @ esat kuleuven be
svetla nikova @ esat kuleuven be
g petrides @ yahoo com
History
2022-12-23: revised
2022-09-01: received
See all versions
Short URL
https://ia.cr/2022/1141
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2022/1141,
      author = {Enrico Piccione and Samuele Andreoli and Lilya Budaghyan and Claude Carlet and Siemen Dhooghe and Svetla Nikova and George Petrides and Vincent Rijmen},
      title = {An Optimal Universal Construction for the Threshold Implementation of Bijective S-boxes},
      howpublished = {Cryptology {ePrint} Archive, Paper 2022/1141},
      year = {2022},
      url = {https://eprint.iacr.org/2022/1141}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.