PICARO - A Block Cipher Allowing Efficient Higher-Order Side-Channel Resistance

Many papers deal with the problem of constructing an efficient masking scheme for existing block ciphers. We take the reverse approach: that is, given a proven masking scheme (Rivain and Prouff, CHES 2010) we design a block cipher that fits well the masking constraints. The difficulty of implementing efficient masking for a block cipher comes mainly from the S-boxes. Therefore the choice of an adequate S-box is the first and most critical step of our work. The S-box we selected is non-bijective; we discuss the resulting design and security problems. A complete design of the cipher is given, as well as some implementation results.

[1]  Emmanuel Prouff,et al.  Block Ciphers Implementations Provably Secure Against Second Order Side Channel Analysis , 2008, FSE.

[2]  David Pointcheval Topics in Cryptology - CT-RSA 2006, The Cryptographers' Track at the RSA Conference 2006, San Jose, CA, USA, February 13-17, 2006, Proceedings , 2006, CT-RSA.

[3]  Mitsuru Matsui,et al.  Camellia: A 128-Bit Block Cipher Suitable for Multiple Platforms - Design and Analysis , 2000, Selected Areas in Cryptography.

[4]  Kaisa Nyberg,et al.  Perfect Nonlinear S-Boxes , 1991, EUROCRYPT.

[5]  Louis Goubin,et al.  DES and Differential Power Analysis (The "Duplication" Method) , 1999, CHES.

[6]  Pankaj Rohatgi,et al.  Towards Sound Approaches to Counteract Power-Analysis Attacks , 1999, CRYPTO.

[7]  Pil Joong Lee,et al.  Advances in Cryptology — ASIACRYPT 2001 , 2001, Lecture Notes in Computer Science.

[8]  Yuval Ishai,et al.  Private Circuits: Securing Hardware against Probing Attacks , 2003, CRYPTO.

[9]  François Durvaux,et al.  Cryptanalysis of the CHES 2009/2010 Random Delay Countermeasure , 2012, IACR Cryptol. ePrint Arch..

[10]  Pascale Charpin,et al.  On Propagation Characteristics of Resilient Functions , 2002, Selected Areas in Cryptography.

[11]  Vincent Rijmen,et al.  On Weaknesses of Non–surjective Round Functions , 1997, Des. Codes Cryptogr..

[12]  Elisabeth Oswald,et al.  Cryptographic Hardware and Embedded Systems - CHES 2008, 10th International Workshop, Washington, D.C., USA, August 10-13, 2008. Proceedings , 2008, CHES.

[13]  Vincent Rijmen,et al.  A Side-Channel Analysis Resistant Description of the AES S-Box , 2005, FSE.

[14]  Neal Koblitz,et al.  Advances in Cryptology — CRYPTO ’96 , 2001, Lecture Notes in Computer Science.

[15]  Stefan Mangard,et al.  Protecting AES Software Implementations on 32-Bit Processors Against Power Analysis , 2007, ACNS.

[16]  Claude Carlet,et al.  Vectorial Boolean Functions for Cryptography , 2006 .

[17]  Bart Preneel,et al.  On Feistel Ciphers Using Optimal Diffusion Mappings Across Multiple Rounds , 2004, ASIACRYPT.

[18]  Ingrid Verbauwhede,et al.  A logic level design methodology for a secure DPA resistant ASIC or FPGA implementation , 2004, Proceedings Design, Automation and Test in Europe Conference and Exhibition.

[19]  Jean-Sébastien Coron,et al.  Analysis and Improvement of the Random Delay Countermeasure of CHES 2009 , 2010, CHES.

[20]  Alex Biryukov,et al.  Slide Attacks , 1999, FSE.

[21]  Christof Paar,et al.  Higher Order Masking of the AES , 2006, CT-RSA.

[22]  Bart Preneel,et al.  Mutual Information Analysis A Generic Side-Channel Distinguisher , 2008 .

[23]  Kaisa Nyberg,et al.  Differentially Uniform Mappings for Cryptography , 1994, EUROCRYPT.

[24]  Ernest F. Brickell,et al.  Structure in the S-boxes of the DES , 1986, CRYPTO.

[25]  Gerhard Goos,et al.  Fast Software Encryption , 2001, Lecture Notes in Computer Science.

[26]  Kyoji Shibutani,et al.  On Feistel Structures Using a Diffusion Switching Mechanism , 2006, FSE.

[27]  Eli Biham,et al.  New types of cryptanalytic attacks using related keys , 1994, Journal of Cryptology.

[28]  Tor Helleseth,et al.  Advances in Cryptology — EUROCRYPT ’93 , 2001, Lecture Notes in Computer Science.

[29]  Siva Sai Yerubandi,et al.  Differential Power Analysis , 2002 .

[30]  Masayuki Kanda,et al.  Practical Security Evaluation against Differential and Linear Cryptanalyses for Feistel Ciphers with SPN Round Function , 2000, Selected Areas in Cryptography.

[31]  Taizo Shirai,et al.  Improved Upper Bounds of Differential and Linear Characteristic Probability for Camellia , 2002, FSE.

[32]  Dan Boneh,et al.  Advances in Cryptology - CRYPTO 2003 , 2003, Lecture Notes in Computer Science.

[33]  Xuejia Lai,et al.  Markov Ciphers and Differential Cryptanalysis , 1991, EUROCRYPT.

[34]  Vincent Rijmen,et al.  Cryptanalysis of McGuffin , 1994, FSE.

[35]  Bruce Schneier,et al.  The MacGuffin Block Cipher Algorithm , 1994, FSE.

[36]  Eli Biham,et al.  New Types of Cryptanalytic Attacks Using related Keys (Extended Abstract) , 1994, EUROCRYPT.

[37]  Aggelos Kiayias,et al.  Polynomial Reconstruction Based Cryptography , 2001, Selected Areas in Cryptography.

[38]  Marc Joye,et al.  Cryptographic Hardware and Embedded Systems - CHES 2004 , 2004, Lecture Notes in Computer Science.

[39]  Eli Biham,et al.  An improvement of Davies’ attack on DES , 1994, Journal of Cryptology.

[40]  Stefan Mangard,et al.  An AES Smart Card Implementation Resistant to Power Analysis Attacks , 2006, ACNS.

[41]  Bart Preneel,et al.  Mutual Information Analysis , 2008, CHES.

[42]  Mitsuru Matsui,et al.  Linear Cryptanalysis Method for DES Cipher , 1994, EUROCRYPT.

[43]  Alex Biryukov,et al.  Advanced Slide Attacks , 2000, EUROCRYPT.

[44]  Vincent Rijmen,et al.  Secure Hardware Implementation of Nonlinear Functions in the Presence of Glitches , 2011, Journal of Cryptology.

[45]  Claude Carlet Relating three nonlinearity parameters of vectorial functions and building APN functions from bent functions , 2011, Des. Codes Cryptogr..

[46]  Seokhie Hong,et al.  A Fast and Provably Secure Higher-Order Masking of AES S-Box , 2011, CHES.

[47]  Christophe Clavier,et al.  Correlation Power Analysis with a Leakage Model , 2004, CHES.

[48]  Johannes Blömer,et al.  Provably Secure Masking of AES , 2004, IACR Cryptol. ePrint Arch..

[49]  Michaël Quisquater,et al.  Thwarting Higher-Order Side Channel Analysis with Additive and Multiplicative Maskings , 2011, CHES.

[50]  Jason Gait,et al.  Report of the Workshop on Cryptography in Support of Computer Security , 1977 .

[51]  Eli Biham,et al.  Differential cryptanalysis of DES-like cryptosystems , 1990, Journal of Cryptology.

[52]  Stefan Mangard,et al.  Cryptographic Hardware and Embedded Systems, CHES 2010, 12th International Workshop, Santa Barbara, CA, USA, August 17-20, 2010. Proceedings , 2010, CHES.

[53]  L. Goubin,et al.  DES and Differential Power Analysis , 1999 .

[54]  Bart Preneel,et al.  Advances in cryptology - EUROCRYPT 2000 : International Conference on the Theory and Application of Cryptographic Techniques, Bruges, Belgium, May 14-18, 2000 : proceedings , 2000 .

[55]  Emmanuel Prouff,et al.  Provably Secure Higher-Order Masking of AES , 2010, IACR Cryptol. ePrint Arch..

[56]  Emmanuel Prouff,et al.  Higher-Order Glitches Free Implementation of the AES Using Secure Multi-party Computation Protocols , 2011, CHES.

[57]  Alfredo De Santis,et al.  Advances in Cryptology — EUROCRYPT'94 , 1994, Lecture Notes in Computer Science.

[58]  Serge Vaudenay,et al.  Links Between Differential and Linear Cryptanalysis , 1994, EUROCRYPT.

[59]  Michael Tunstall,et al.  Efficient Use of Random Delays , 2006, IACR Cryptol. ePrint Arch..

[60]  Sébastien Kunz-Jacques,et al.  New Improvements of Davies-Murphy Cryptanalysis , 2005, ASIACRYPT.

[61]  Pulak Mishra,et al.  Mergers, Acquisitions and Export Competitive- ness: Experience of Indian Manufacturing Sector , 2012 .

[62]  Sean Murphy,et al.  Pairs and triplets of DES S-boxes , 2004, Journal of Cryptology.

[63]  Bruce Schneier,et al.  Key-Schedule Cryptanalysis of IDEA, G-DES, GOST, SAFER, and Triple-DES , 1996, CRYPTO.

[64]  Tsuyoshi Takagi,et al.  Cryptographic Hardware and Embedded Systems - CHES 2011 - 13th International Workshop, Nara, Japan, September 28 - October 1, 2011. Proceedings , 2011, CHES.

[65]  Kristin E. Lauter,et al.  Selected Areas in Cryptography -- SAC 2013 , 2013, Lecture Notes in Computer Science.

[66]  Bruce Schneier,et al.  Related-key cryptanalysis of 3-WAY, Biham-DES, CAST, DES-X, NewDES, RC2, and TEA , 1997, ICICS.

[67]  Mitsuru Matsui,et al.  On Correlation Between the Order of S-boxes and the Strength of DES , 1994, EUROCRYPT.

[68]  Harald Niederreiter,et al.  On orthogonal systems and permutation polynomials in several variables , 1973 .

[69]  Kyoji Shibutani,et al.  Improving Immunity of Feistel Ciphers against Differential Cryptanalysis by Using Multiple MDS Matrices , 2004, FSE.

[70]  Donald W. Davies,et al.  Advances in Cryptology — EUROCRYPT ’91 , 2001, Lecture Notes in Computer Science.

[71]  Lars R. Knudsen,et al.  Truncated and Higher Order Differentials , 1994, FSE.

[72]  Thomas S. Messerges,et al.  Securing the AES Finalists Against Power Analysis Attacks , 2000, FSE.

[73]  Vincent Rijmen,et al.  The Design of Rijndael , 2002, Information Security and Cryptography.

[74]  A. Maximov,et al.  Fast computation of large distributions and its cryptographic applications , 2005 .

[75]  Christophe Clavier,et al.  Differential Power Analysis in the Presence of Hardware Countermeasures , 2000, CHES.

[76]  Christophe Giraud,et al.  An Implementation of DES and AES, Secure against Some Attacks , 2001, CHES.

[77]  Michael Wiener,et al.  Advances in Cryptology — CRYPTO’ 99 , 1999 .