Paper 2022/1141
An Optimal Universal Construction for the Threshold Implementation of Bijective S-boxes
Abstract
Threshold implementation is a method based on secret sharing to secure cryptographic ciphers (and in particular S-boxes) against differential power analysis side-channel attacks which was proposed by Nikova, Rechberger, and Rijmen in 2006. Until now, threshold implementations were only constructed for specific types of functions and some small S-boxes, but no generic construction was ever presented. In this paper, we present the first universal threshold implementation with $t+2$ shares that is applicable to any bijective S-box, where $t$ is its algebraic degree (or is larger than the algebraic degree). While being universal, our construction is also optimal with respect to the number of shares, since the theoretically smallest possible number, $t+1$, is not attainable for some bijective S-boxes. Our results enable low latency secure hardware implementations without the need for additional randomness. In particular, we apply this result to find two uniform sharings of the AES S-box. The first sharing is obtained by using the threshold implementation of the inversion in $\mathbb{F}_{2^8}$ and the second by using two threshold implementations of two cubic power permutations that decompose the inversion. Area and performance figures for hardware implementations are provided.
Metadata
- Available format(s)
- Category
- Implementation
- Publication info
- Preprint.
- Keywords
- AESDPAGlitchesMaskingPermutation PolynomialsSharingThreshold ImplementationsVectorial Boolean Functions
- Contact author(s)
-
enrico piccione @ uib no
samuele andreoli @ uib no
lilya budaghyan @ uib no
siemen dhooghe @ esat kuleuven be
svetla nikova @ esat kuleuven be
g petrides @ yahoo com - History
- 2022-12-23: revised
- 2022-09-01: received
- See all versions
- Short URL
- https://ia.cr/2022/1141
- License
-
CC BY
BibTeX
@misc{cryptoeprint:2022/1141, author = {Enrico Piccione and Samuele Andreoli and Lilya Budaghyan and Claude Carlet and Siemen Dhooghe and Svetla Nikova and George Petrides and Vincent Rijmen}, title = {An Optimal Universal Construction for the Threshold Implementation of Bijective S-boxes}, howpublished = {Cryptology {ePrint} Archive, Paper 2022/1141}, year = {2022}, url = {https://eprint.iacr.org/2022/1141} }