Minimizing S-Boxes in Hardware by Utilizing Linear Transformations

Countermeasures against side-channel analysis attacks are increasingly considered already during the design/implementation step of cryptographic algorithms for embedded devices. An important challenge is to reduce the overhead (area, time) introduced by the countermeasures, and, consequently, in the past years a lot of progress has been achieved in this direction. In this contribution we propose a further optimization of decomposing 4-bit S-boxes by exploiting affine transformations and a single shared quadratic permutation. Thereby many various S-boxes can be merged into one component and thus reduce the resource overhead. We applied our proposed scheme on a Threshold Implementation masked Present S-box and its inverse in order to construct a merged masked S-box, which can be used for both encryption and decryption. This design saves up to 24% resources on a Virtex-5 FPGA platform and up to 28% for an ASIC implementation compared to previously published designs. It is noteworthy to stress that our technique is not restricted to the TI countermeasure, but also allows to reduce the resource requirements of the non-linear layer of cryptographic algorithms with a set of different S-boxes, such as SERPENT or DES, amongst others.

[1]  Tor Helleseth,et al.  Advances in Cryptology — EUROCRYPT ’93 , 2001, Lecture Notes in Computer Science.

[2]  Christof Paar,et al.  Cryptographic Hardware and Embedded Systems - CHES 2002 , 2003, Lecture Notes in Computer Science.

[3]  Stefan Mangard,et al.  Successfully Attacking Masked AES Hardware Implementations , 2005, CHES.

[4]  Claude Carlet,et al.  Codes, Bent Functions and Permutations Suitable For DES-like Cryptosystems , 1998, Des. Codes Cryptogr..

[5]  Phuong Ha Nguyen,et al.  Enabling 3-share Threshold Implementations for any 4-bit S-box , 2012, IACR Cryptol. ePrint Arch..

[6]  Vincent Rijmen,et al.  Secure Hardware Implementation of Nonlinear Functions in the Presence of Glitches , 2011, Journal of Cryptology.

[7]  Gregor Leander,et al.  On the Classification of 4 Bit S-Boxes , 2007, WAIFI.

[8]  Ingrid Verbauwhede,et al.  Cryptographic Hardware and Embedded Systems - CHES 2007, 9th International Workshop, Vienna, Austria, September 10-13, 2007, Proceedings , 2007, CHES.

[9]  Michael Wiener,et al.  Advances in Cryptology — CRYPTO’ 99 , 1999 .

[10]  Patrick Schaumont,et al.  Cryptographic Hardware and Embedded Systems – CHES 2012 , 2012, Lecture Notes in Computer Science.

[11]  Marc Joye,et al.  Cryptographic Hardware and Embedded Systems - CHES 2004 , 2004, Lecture Notes in Computer Science.

[12]  C. Small Arithmetic of Finite Fields , 1991 .

[13]  Phuong Ha Nguyen,et al.  Enabling 3-Share Threshold Implementations for all 4-Bit S-Boxes , 2013, ICISC.

[14]  Thomas Eisenbarth,et al.  Correlation-Enhanced Power Analysis Collision Attack , 2010, CHES.

[15]  Stefan Mangard,et al.  Power analysis attacks - revealing the secrets of smart cards , 2007 .

[16]  Donald W. Davies,et al.  Advances in Cryptology — EUROCRYPT ’91 , 2001, Lecture Notes in Computer Science.

[17]  Kaisa Nyberg,et al.  Perfect Nonlinear S-Boxes , 1991, EUROCRYPT.

[18]  Andrey Bogdanov,et al.  PRESENT: An Ultra-Lightweight Block Cipher , 2007, CHES.

[19]  Kaisa Nyberg,et al.  Differentially Uniform Mappings for Cryptography , 1994, EUROCRYPT.

[20]  Vincent Rijmen,et al.  Threshold Implementations of all 3x3 and 4x4 S-boxes , 2012, IACR Cryptol. ePrint Arch..

[21]  Amir Moradi,et al.  Side-Channel Resistant Crypto for Less than 2,300 GE , 2011, Journal of Cryptology.

[22]  Berk Sunar,et al.  Cryptographic Hardware and Embedded Systems - CHES 2005, 7th International Workshop, Edinburgh, UK, August 29 - September 1, 2005, Proceedings , 2005, CHES.

[23]  Christophe Clavier,et al.  Correlation Power Analysis with a Leakage Model , 2004, CHES.

[24]  Emmanuel Prouff Constructive Side-Channel Analysis and Secure Design , 2014, Lecture Notes in Computer Science.

[25]  Wieland Fischer,et al.  Masking at Gate Level in the Presence of Glitches , 2005, CHES.

[26]  Huaxiong Wang,et al.  On 3-Share Threshold Implementations for 4-Bit S-boxes , 2013, COSADE.

[27]  Vincent Rijmen,et al.  Secure Hardware Implementation of Non-linear Functions in the Presence of Glitches , 2009, ICISC.

[28]  Stefan Mangard,et al.  Cryptographic Hardware and Embedded Systems, CHES 2010, 12th International Workshop, Santa Barbara, CA, USA, August 17-20, 2010. Proceedings , 2010, CHES.

[29]  Dakshi Agrawal,et al.  The EM Side-Channel(s) , 2002, CHES.

[30]  Neal Koblitz,et al.  Advances in Cryptology — CRYPTO ’96 , 2001, Lecture Notes in Computer Science.

[31]  Paul C. Kocher,et al.  Timing Attacks on Implementations of Diffie-Hellman, RSA, DSS, and Other Systems , 1996, CRYPTO.

[32]  Siva Sai Yerubandi,et al.  Differential Power Analysis , 2002 .