Constructing TI-friendly Substitution Boxes using Shift-Invariant Permutations

The threat posed by side channels requires ciphers that can be efficiently protected in both software and hardware against such attacks. In this paper, we proposed a novel Sbox construction based on iterations of shift-invariant quadratic permutations and linear diffusions. Owing to the selected quadratic permutations, all of our Sboxes enable uniform 3-share threshold implementations, which provide first order SCA protections without any fresh randomness. More importantly, because of the “shift-invariant” property, there are ample implementation trade-offs available, in software as well as hardware. We provide implementation results (software and hardware) for a four-bit and an eight-bit Sbox, which confirm that our constructions are competitive and can be easily adapted to various platforms as claimed. We have successfully verified their resistance to first order attacks based on real acquisitions. Because there are very few studies focusing on software-based threshold implementations, our software implementations might be of independent interest in this regard.

[1]  Ivica Nikolic,et al.  Rotational Cryptanalysis of ARX , 2010, FSE.

[2]  Syed Kareem Uddin Trade-OFFS For Threshold Implementations Illustrated on AES , 2017 .

[3]  Huaxiong Wang,et al.  On 3-Share Threshold Implementations for 4-Bit S-boxes , 2013, COSADE.

[4]  Christof Paar,et al.  Pushing the Limits: A Very Compact and a Threshold Implementation of AES , 2011, EUROCRYPT.

[5]  Pankaj Rohatgi,et al.  Towards Sound Approaches to Counteract Power-Analysis Attacks , 1999, CRYPTO.

[6]  Vincent Rijmen,et al.  A More Efficient AES Threshold Implementation , 2014, AFRICACRYPT.

[7]  Vincent Rijmen,et al.  Threshold Implementations of all 3x3 and 4x4 S-boxes , 2012, IACR Cryptol. ePrint Arch..

[8]  Amir Moradi,et al.  Threshold Implementation in Software - Case Study of PRESENT , 2018, IACR Cryptol. ePrint Arch..

[9]  Kaisa Nyberg,et al.  Differentially Uniform Mappings for Cryptography , 1994, EUROCRYPT.

[10]  Oscar Reparaz A note on the security of Higher-Order Threshold Implementations , 2015, IACR Cryptol. ePrint Arch..

[11]  Amir Moradi,et al.  A First-Order SCA Resistant AES without Fresh Randomness , 2018, IACR Cryptol. ePrint Arch..

[12]  Joan Daemen,et al.  Cipher and hash function design strategies based on linear and differential cryptanalysis , 1995 .

[13]  Guido Bertoni,et al.  Keccak , 2013, EUROCRYPT.

[14]  Vincent Rijmen,et al.  Threshold Implementations Against Side-Channel Attacks and Glitches , 2006, ICICS.

[15]  Lauren De Meyer,et al.  More Constructions for strong 8-bit S-boxes with efficient masking in hardware , 2017 .

[16]  Vincent Rijmen,et al.  Secure Hardware Implementation of Nonlinear Functions in the Presence of Glitches , 2011, Journal of Cryptology.

[17]  P. Rohatgi,et al.  A testing methodology for side channel resistance , 2011 .

[18]  Joan Daemen,et al.  Changing of the Guards: A Simple and Efficient Method for Achieving Uniformity in Threshold Sharing , 2017, CHES.

[19]  Vincent Rijmen,et al.  Does Coupling Affect the Security of Masked Implementations? , 2017, COSADE.

[20]  Kostas Papagiannopoulos,et al.  Bitsliced Masking and ARM: Friends or Foes? , 2016, LightSec.

[21]  Andrey Bogdanov,et al.  PRESENT: An Ultra-Lightweight Block Cipher , 2007, CHES.

[22]  Domagoj Jakobovic,et al.  Cellular automata based S-boxes , 2018, Cryptography and Communications.

[23]  Begül Bilgin,et al.  Uniform First-Order Threshold Implementations , 2016, SAC.

[24]  Josep Balasch,et al.  On the Cost of Lazy Engineering for Masked Software Implementations , 2014, CARDIS.

[25]  Marc Stöttinger,et al.  Efficient Side-Channel Protections of ARX Ciphers , 2018, IACR Cryptol. ePrint Arch..

[26]  Gregor Leander,et al.  On the Classification of 4 Bit S-Boxes , 2007, WAIFI.

[27]  Matthieu Rivain,et al.  How Fast Can Higher-Order Masking Be in Software? , 2017, EUROCRYPT.

[28]  Begül Bilgin,et al.  Classification of Balanced Quadratic Functions , 2018, IACR Cryptol. ePrint Arch..

[29]  François Durvaux,et al.  Towards Sound and Optimal Leakage Detection Procedure , 2017, IACR Cryptol. ePrint Arch..

[30]  Donghoon Chang,et al.  Threshold Implementations of GIFT: A Trade-off Analysis , 2017, IACR Cryptol. ePrint Arch..

[31]  Thomas S. Messerges,et al.  Securing the AES Finalists Against Power Analysis Attacks , 2000, FSE.

[32]  Begül Bilgin,et al.  A Note on 5-bit Quadratic Permutations' Classification , 2017, IACR Trans. Symmetric Cryptol..

[33]  Amir Moradi,et al.  Spin Me Right Round Rotational Symmetry for FPGA-Specific AES: Extended Version , 2018, Journal of Cryptology.

[34]  Tim Güneysu,et al.  Strong 8-bit Sboxes with efficient masking in hardware extended version , 2016, Journal of Cryptographic Engineering.

[35]  Ingrid Verbauwhede,et al.  DPA, Bitslicing and Masking at 1 GHz , 2015, IACR Cryptol. ePrint Arch..