Confused by Confusion: Systematic Evaluation of DPA Resistance of Various S-boxes

When studying the DPA resistance of S-boxes, the research community is divided in their opinions on what properties should be considered. So far, there exist only a few properties that aim at expressing the resilience of S-boxes to side-channel attacks. Recently, the confusioncoefficient property was defined with the intention to characterize the resistance of an S-box. However, there exist no experimental results or methods for creating S-boxes with a “good” confusion coefficient property. In this paper, we employ a novel heuristic technique to generate S-boxes with “better” values of the confusion coefficient in terms of improving their side-channel resistance. We conduct extensive side-channel analysis and detect S-boxes that exhibit previously unseen behavior. For the \(4\times 4\) size we find S-boxes that belong to optimal classes, but they exhibit linear behavior when running a CPA attack, therefore preventing an attacker from achieving 100% success rate on recovering the key.

[1]  Peter L. Hammer,et al.  Boolean Models and Methods in Mathematics, Computer Science, and Engineering , 2010, Boolean Models and Methods.

[2]  A. Adam Ding,et al.  A Statistical Model for DPA with Novel Algorithmic Confusion Analysis , 2012, CHES.

[3]  Gregor Leander,et al.  On the Classification of 4 Bit S-Boxes , 2007, WAIFI.

[4]  Martijn Stam,et al.  Understanding Adaptivity: Random Systems Revisited , 2012, ASIACRYPT.

[5]  Stefan Mangard,et al.  Power analysis attacks - revealing the secrets of smart cards , 2007 .

[6]  Kostas Papagiannopoulos,et al.  Optimality and beyond: The case of 4×4 S-boxes , 2014, 2014 IEEE International Symposium on Hardware-Oriented Security and Trust (HOST).

[7]  Thomas Jensen,et al.  Smart Card Programming and Security , 2001, Lecture Notes in Computer Science.

[8]  C. Small Arithmetic of Finite Fields , 1991 .

[9]  Rainer A. Rueppel Advances in Cryptology — EUROCRYPT’ 92 , 2001, Lecture Notes in Computer Science.

[10]  Eli Biham,et al.  Differential cryptanalysis of DES-like cryptosystems , 1990, Journal of Cryptology.

[11]  Sylvain Guilley,et al.  Improving Side-channel Attacks by Exploiting Substitution Boxes Properties , 2007 .

[12]  Vincent Rijmen,et al.  The Design of Rijndael , 2002, Information Security and Cryptography.

[13]  Donald W. Davies,et al.  Advances in Cryptology — EUROCRYPT ’91 , 2001, Lecture Notes in Computer Science.

[14]  G. Syswerda,et al.  Schedule Optimization Using Genetic Algorithms , 1991 .

[15]  Thomas Weise,et al.  Global Optimization Algorithms -- Theory and Application , 2009 .

[16]  Peter L. Hammer,et al.  Boolean Models and Methods in Mathematics, Computer Science, and Engineering: Contents , 2010 .

[17]  Gerhard Goos,et al.  Fast Software Encryption , 2001, Lecture Notes in Computer Science.

[18]  Liwei Zhang,et al.  A Statistical Model for Higher Order DPA on Masked Devices , 2014, IACR Cryptol. ePrint Arch..

[19]  P. Kocher,et al.  Differential power analysis, advances in cryptology-CRYPTO'99 , 1999 .

[20]  An Braeken,et al.  Cryptographic Properties of Boolean Functions and S-Boxes (Cryptografische eigenschappen van Booleaanse functies en S-Boxen) , 2006 .

[21]  Liwei Zhang,et al.  A Statistics-based Fundamental Model for Side-channel Attack Analysis , 2014, IACR Cryptol. ePrint Arch..

[22]  Sylvain Guilley,et al.  Differential Power Analysis Model and Some Results , 2004, CARDIS.

[23]  Debdeep Mukhopadhyay,et al.  Constrained Search for a Class of Good Bijective $S$-Boxes With Improved DPA Resistivity , 2013, IEEE Transactions on Information Forensics and Security.

[24]  Debdeep Mukhopadhyay,et al.  Design and implementation of rotation symmetric S-boxes with high nonlinearity and high DPA resilience , 2013, 2013 IEEE International Symposium on Hardware-Oriented Security and Trust (HOST).

[25]  Ingrid Verbauwhede,et al.  Cryptographic hardware and embedded systems : CHES 2007 : 9th International Workshop, Vienna, Austria, September 10-13, 2007 : proceedings , 2007 .

[26]  Moti Yung,et al.  A New Randomness Extraction Paradigm for Hybrid Encryption , 2009, EUROCRYPT.

[27]  Claude Carlet,et al.  On Highly Nonlinear S-Boxes and Their Inability to Thwart DPA Attacks , 2005, INDOCRYPT.

[28]  Andrey Bogdanov,et al.  PRESENT: An Ultra-Lightweight Block Cipher , 2007, CHES.

[29]  Anne Canteaut,et al.  PRINCE - A Low-latency Block Cipher for Pervasive Computing Applications (Full version) , 2012, IACR Cryptol. ePrint Arch..

[30]  Ramarathnam Venkatesan,et al.  Progress in Cryptology - INDOCRYPT 2005, 6th International Conference on Cryptology in India, Bangalore, India, December 10-12, 2005, Proceedings , 2005, INDOCRYPT.

[31]  Mitsuru Matsui,et al.  A New Method for Known Plaintext Attack of FEAL Cipher , 1992, EUROCRYPT.

[32]  Emmanuel Prouff,et al.  DPA Attacks and S-Boxes , 2005, FSE.

[33]  Zbigniew Michalewicz,et al.  Genetic Algorithms + Data Structures = Evolution Programs , 1996, Springer Berlin Heidelberg.

[34]  Lejla Batina,et al.  A Very Compact "Perfectly Masked" S-Box for AES , 2008, ACNS.

[35]  Paul C. Kocher,et al.  Timing Attacks on Implementations of Diffie-Hellman, RSA, DSS, and Other Systems , 1996, CRYPTO.

[36]  Kaisa Nyberg,et al.  Perfect Nonlinear S-Boxes , 1991, EUROCRYPT.

[37]  Moti Yung,et al.  A Unified Framework for the Analysis of Side-Channel Key Recovery Attacks (extended version) , 2009, IACR Cryptol. ePrint Arch..

[38]  Zbigniew Michalewicz,et al.  Genetic algorithms + data structures = evolution programs (3rd ed.) , 1996 .

[39]  Vincent Rijmen,et al.  The Block Cipher Rijndael , 1998, CARDIS.

[40]  Paul C. Kocher,et al.  Differential Power Analysis , 1999, CRYPTO.

[41]  David Canright,et al.  A Very Compact S-Box for AES , 2005, CHES.

[42]  Berk Sunar,et al.  Cryptographic Hardware and Embedded Systems - CHES 2005, 7th International Workshop, Edinburgh, UK, August 29 - September 1, 2005, Proceedings , 2005, CHES.

[43]  Sylvain Guilley,et al.  A Theoretical Study of Kolmogorov-Smirnov Distinguishers: Side-Channel Analysis vs. Differential Cryptanalysis , 2014, IACR Cryptol. ePrint Arch..

[44]  A. E. Eiben,et al.  Introduction to Evolutionary Computing , 2003, Natural Computing Series.

[45]  Jean-Jacques Quisquater,et al.  ElectroMagnetic Analysis (EMA): Measures and Counter-Measures for Smart Cards , 2001, E-smart.

[46]  Yunsi Fei,et al.  Algorithmic collision analysis for evaluating cryptographic systems and side-channel attacks , 2011, 2011 IEEE International Symposium on Hardware-Oriented Security and Trust.

[47]  Dominique De Werra Boolean Models and Methods in Mathematics, Computer Science, and Engineering , 2010, Boolean Models and Methods.

[48]  Yee Wei Law,et al.  KLEIN: A New Family of Lightweight Block Ciphers , 2010, RFIDSec.

[49]  Neal Koblitz,et al.  Advances in Cryptology — CRYPTO ’96 , 2001, Lecture Notes in Computer Science.

[50]  Michael Wiener,et al.  Advances in Cryptology — CRYPTO’ 99 , 1999 .

[51]  Patrick Schaumont,et al.  Cryptographic Hardware and Embedded Systems – CHES 2012 , 2012, Lecture Notes in Computer Science.

[52]  Lejla Batina,et al.  On using genetic algorithms for intrinsic side-channel resistance: the case of AES S-box , 2014, CS2 '14.

[53]  Adi Shamir,et al.  RSA Key Extraction via Low-Bandwidth Acoustic Cryptanalysis , 2014, CRYPTO.