Search-Space Reduction for S-Boxes Resilient to Power Attacks

The search of bijective n × n S-boxes resilient to power attacks in the space of dimension ( 2 n ) ! is a controversial topic in the cryptology community nowadays. This paper proposes partitioning the space of ( 2 n ) ! S-boxes into equivalence classes using the hypothetical power leakage according to the Hamming weights model, which ensures a homogeneous theoretical resistance within the class against power attacks. We developed a fast algorithm to generate these S-boxes by class. It was mathematically demonstrated that the theoretical metric confusion coefficient variance takes constant values within each class. A new search strategy—jumping over the class space—is justified to find S-boxes with high confusion coefficient variance in the space partitioned by Hamming weight classes. In addition, a decision criterion is proposed to move quickly between or within classes. The number of classes and the number of S-boxes within each class are calculated, showing that, as n increases, the class space dimension is an ever-smaller fraction of the space of S-boxes, which significantly reduces the space of search of S-boxes resilient to power attacks, when the search is performed from class to class.

[1]  A. Adam Ding,et al.  A Statistical Model for DPA with Novel Algorithmic Confusion Analysis , 2012, CHES.

[2]  Claude Carlet,et al.  Vectorial Boolean Functions for Cryptography , 2006 .

[3]  Kaisa Nyberg,et al.  On the Construction of Highly Nonlinear Permutations , 1992, EUROCRYPT.

[4]  Christophe Clavier,et al.  Correlation Power Analysis with a Leakage Model , 2004, CHES.

[5]  Kostas Papagiannopoulos,et al.  Confused by Confusion: Systematic Evaluation of DPA Resistance of Various S-boxes , 2014, INDOCRYPT.

[6]  Matthew J. B. Robshaw,et al.  PRINTcipher: A Block Cipher for IC-Printing , 2010, CHES.

[7]  Yongbin Zhou,et al.  The Notion of Transparency Order, Revisited , 2020, IACR Cryptol. ePrint Arch..

[8]  Somanath Tripathy,et al.  Correlation Power Analysis of KASUMI and Power Resilience Analysis of Some Equivalence Classes of KASUMI S-Boxes , 2020, J. Hardw. Syst. Secur..

[9]  Emmanuel Prouff,et al.  DPA Attacks and S-Boxes , 2005, FSE.

[10]  Olivier Markowitch,et al.  Comparing Sboxes of ciphers from the perspective of side-channel attacks , 2016, 2016 IEEE Asian Hardware-Oriented Security and Trust (AsianHOST).

[11]  Alejandro Freyre-Echevarría,et al.  Evolving Nonlinear S-Boxes With Improved Theoretical Resilience to Power Attacks , 2020, IEEE Access.

[12]  Kostas Papagiannopoulos,et al.  Optimality and beyond: The case of 4×4 S-boxes , 2014, 2014 IEEE International Symposium on Hardware-Oriented Security and Trust (HOST).

[13]  Nikita Veshchikov,et al.  SILK: high level of abstraction leakage simulator for side channel analysis , 2014, PPREW@ACSAC.

[14]  Claude Carlet,et al.  Trade-Offs for S-Boxes: Cryptographic Properties and Side-Channel Resilience , 2017, ACNS.

[15]  Liwei Zhang,et al.  A Statistics-based Fundamental Model for Side-channel Attack Analysis , 2014, IACR Cryptol. ePrint Arch..

[16]  Alex Biryukov,et al.  A Toolbox for Cryptanalysis: Linear and Affine Equivalence Algorithms , 2003, EUROCRYPT.

[17]  Gregor Leander,et al.  On the Classification of 4 Bit S-Boxes , 2007, WAIFI.

[18]  Debdeep Mukhopadhyay,et al.  Redefining the transparency order , 2015, Designs, Codes and Cryptography.