On Design of Nonlinear Operations and Round Functions of Block Ciphers with Resistance to ASCAs

As a combination of algebraic attacks and side-channel attacks, the ASCA (Algebraic Side-Channel Attack) has become a very effective attack against block ciphers. From cryptographic designers' point of view, the knowledge of the minimal number of rounds needed in ASCAs will be helpful to improve the design of cryptographic algorithms by means of a few lightweight countermeasures. However, there is still neither a method to evaluate the minimal number of rounds needed in ASCAs nor a security index to characterize the resistance against ASCAs up to now. In this paper, based on information theory, a method to evaluate the security of block ciphers against ASCAs under the Hamming weight model has been investigated. Relying on the above evaluation method, we further propose a security index referred to as HWE (Hamming Weight Extension) to measure the resistance of nonlinear operations and round functions of block ciphers to ASCAs. Furthermore, we show that the HWE and another important cryptographic index, it nonlinearity, are restricted mutually when ASCAs and linear analyses are taken account of simultaneously. Finally we perform experiment with the MIBS algorithm, and need to iterate at least 4 rounds of the MIBS to guarantee that the HWEs of both nonlinear operations and round functions are nonzero, which are in consistency with our theoretical analyses.