Intrinsic Resiliency of S-Boxes Against Side-Channel Attacks–Best and Worst Scenarios

Constructing S-boxes that are inherently resistant against side-channel attacks is an important problem in cryptography. By using an optimal distinguisher under an additive Gaussian noise assumption, we clarify how a defender (resp., an attacker) can make side-channel attacks as difficult (resp., easy) as possible, in relation with the auto-correlation spectrum of Boolean functions. We then construct balanced Boolean functions that are optimal for each of these two scenarios. Generalizing the objectives for an S-box, we analyze the auto-correlation spectra of some well-known S-box constructions in dimensions at most 8 and compare their intrinsic resiliency against side-channel attacks. Finally, we perform several simulations of side-channel attacks against the aforementioned constructions, which confirm our theoretical approach.

[1]  Sylvain Guilley,et al.  Portability of templates , 2012, Journal of Cryptographic Engineering.

[2]  Claude Carlet,et al.  Vectorial Boolean Functions for Cryptography , 2006 .

[3]  Moti Yung,et al.  A Unified Framework for the Analysis of Side-Channel Key Recovery Attacks (extended version) , 2009, IACR Cryptol. ePrint Arch..

[4]  Sylvain Guilley,et al.  Good is Not Good Enough: Deriving Optimal Distinguishers from Communication Theory , 2014, IACR Cryptol. ePrint Arch..

[5]  Adrian Thillard,et al.  Private Multiplication over Finite Fields , 2017, CRYPTO.

[6]  Claude Carlet,et al.  On Highly Nonlinear S-Boxes and Their Inability to Thwart DPA Attacks , 2005, INDOCRYPT.

[7]  Michael A. Temple,et al.  Improving cross-device attacks using zero-mean unit-variance normalization , 2012, Journal of Cryptographic Engineering.

[8]  Christof Paar,et al.  A Stochastic Model for Differential Side Channel Cryptanalysis , 2005, CHES.

[9]  Siva Sai Yerubandi,et al.  Differential Power Analysis , 2002 .

[10]  Sylvain Guilley,et al.  A Theoretical Study of Kolmogorov-Smirnov Distinguishers: Side-Channel Analysis vs. Differential Cryptanalysis , 2014, IACR Cryptol. ePrint Arch..

[11]  Yongqiang Li,et al.  Constructing differentially 4-uniform permutations over GF(22m) from quadratic APN permutations over GF(22m+1) , 2014, Des. Codes Cryptogr..

[12]  Elisabeth Oswald,et al.  A Comprehensive Evaluation of Mutual Information Analysis Using a Fair Evaluation Framework , 2011, CRYPTO.

[13]  Sylvain Guilley,et al.  Comparison between Side-Channel Analysis Distinguishers , 2012, ICICS.

[14]  Hui Zhao,et al.  Systematic Construction and Comprehensive Evaluation of Kolmogorov-Smirnov Test Based Side-Channel Distinguishers , 2013, ISPEC.

[15]  Sylvain Guilley,et al.  Detecting Hidden Leakages , 2014, ACNS.

[16]  Vincent Rijmen,et al.  Threshold Implementations Against Side-Channel Attacks and Glitches , 2006, ICICS.

[17]  Pascale Charpin,et al.  On Propagation Characteristics of Resilient Functions , 2002, Selected Areas in Cryptography.

[18]  Stefan Mangard,et al.  Formal Verification of Masked Hardware Implementations in the Presence of Glitches , 2018, IACR Cryptol. ePrint Arch..

[19]  Sihem Mesnager,et al.  Bent Functions: Fundamentals and Results , 2016 .

[20]  Claude Carlet,et al.  Boolean Functions for Cryptography and Error-Correcting Codes , 2010, Boolean Models and Methods.

[21]  Andrey Bogdanov,et al.  PRESENT: An Ultra-Lightweight Block Cipher , 2007, CHES.

[22]  Sylvain Guilley,et al.  Best Information is Most Successful Mutual Information and Success Rate in Side-Channel Analysis , 2019, IACR Trans. Cryptogr. Hardw. Embed. Syst..

[23]  Kaisa Nyberg,et al.  Differentially Uniform Mappings for Cryptography , 1994, EUROCRYPT.

[24]  Elisabeth Oswald,et al.  A fair evaluation framework for comparing side-channel distinguishers , 2011, Journal of Cryptographic Engineering.

[25]  Satoshi Goto,et al.  Correlation Power Analysis Based on Switching Glitch Model , 2010, WISA.

[26]  A. Adam Ding,et al.  A Statistical Model for DPA with Novel Algorithmic Confusion Analysis , 2012, CHES.

[27]  Christophe Clavier,et al.  Correlation Power Analysis with a Leakage Model , 2004, CHES.

[28]  Stefan Mangard,et al.  Power analysis attacks - revealing the secrets of smart cards , 2007 .

[29]  Debdeep Mukhopadhyay,et al.  Redefining the transparency order , 2015, Designs, Codes and Cryptography.

[30]  J. Dillon Elementary Hadamard Difference Sets , 1974 .

[31]  Selçuk Kavut,et al.  Results on rotation-symmetric S-boxes , 2012, Inf. Sci..

[32]  Ingrid Verbauwhede,et al.  A Note on the Use of Margins to Compare Distinguishers , 2014, COSADE.

[33]  Wieland Fischer,et al.  Masking at Gate Level in the Presence of Glitches , 2005, CHES.

[34]  Claude Carlet,et al.  Trade-Offs for S-Boxes: Cryptographic Properties and Side-Channel Resilience , 2017, ACNS.

[35]  Debdeep Mukhopadhyay,et al.  Modified Transparency Order Property: Solution or Just Another Attempt , 2015, SPACE.

[36]  Werner Schindler Sorin A. Huss,et al.  Constructive Side-Channel Analysis and Secure Design , 2012, Lecture Notes in Computer Science.

[37]  Robert L. McFarland,et al.  A Family of Difference Sets in Non-cyclic Groups , 1973, J. Comb. Theory A.

[38]  Sylvain Guilley,et al.  Confused yet Successful: - Theoretical Comparison of Distinguishers for Monobit Leakages in Terms of Confusion Coefficient and SNR , 2018, Inscrypt.

[39]  Domagoj Jakobovic,et al.  Cellular automata based S-boxes , 2018, Cryptography and Communications.

[40]  Emmanuel Prouff,et al.  DPA Attacks and S-Boxes , 2005, FSE.

[41]  Vincent Rijmen,et al.  Secure Hardware Implementation of Non-linear Functions in the Presence of Glitches , 2009, ICISC.

[42]  Stefan Mangard,et al.  Pinpointing the Side-Channel Leakage of Masked AES Hardware Implementations , 2006, CHES.

[43]  Hans Dobbertin,et al.  Construction of Bent Functions and Balanced Boolean Functions with High Nonlinearity , 1994, FSE.

[44]  James L. Massey,et al.  SAFER K-64: A Byte-Oriented Block-Ciphering Algorithm , 1993, FSE.

[45]  Paulo S. L. M. Barreto,et al.  Rotation symmetry in algebraically generated cryptographic substitution tables , 2008, Inf. Process. Lett..

[46]  Sylvain Guilley,et al.  RSM: A small and fast countermeasure for AES, secure against 1st and 2nd-order zero-offset SCAs , 2012, 2012 Design, Automation & Test in Europe Conference & Exhibition (DATE).

[47]  Sylvain Guilley,et al.  A Key to Success - Success Exponents for Side-Channel Distinguishers , 2015, IACR Cryptol. ePrint Arch..

[48]  François-Xavier Standaert,et al.  Mutual Information Analysis: How, When and Why? , 2009, CHES.

[49]  Sylvain Guilley,et al.  Differential Power Analysis Model and Some Results , 2004, CARDIS.

[50]  Selçuk Kavut,et al.  Generalized Rotation Symmetric and Dihedral Symmetric Boolean Functions - 9 Variable Boolean Functions with Nonlinearity 242 , 2007, AAECC.

[51]  Claude E. Shannon,et al.  Communication theory of secrecy systems , 1949, Bell Syst. Tech. J..

[52]  Yuliang Zheng,et al.  GAC - the Criterion for Global Avalance Characteristics of Cryptographic Functions , 1995, J. Univers. Comput. Sci..