Improving DPA resistance of S-boxes: How far can we go?

Side-channel analysis (SCA) is an important issue for numerous embedded cryptographic devices that carry out secure transactions on a daily basis. Consequently, it is of utmost importance to deploy efficient countermeasures. In this context, we investigate the intrinsic side-channel resistance of lightweight cryptographic S-boxes. We propose improved versions of S-boxes that offer increased power analysis resistance, whilst remaining secure against linear and differential cryptanalyses. To evaluate the side-channel resistance, we work under the Confusion Coefficient model [1] and employ heuristic techniques to produce those improved S-boxes. We evaluate the proposed components in software (AVR microprocessors) and hardware (SASEBO FPGA). Our conclusions show that the model and our approach are heavily platform-dependent and that different principles hold for software and hardware implementations.

[1]  Stefan Mangard,et al.  Power analysis attacks - revealing the secrets of smart cards , 2007 .

[2]  Kostas Papagiannopoulos,et al.  Optimality and beyond: The case of 4×4 S-boxes , 2014, 2014 IEEE International Symposium on Hardware-Oriented Security and Trust (HOST).

[3]  Kostas Papagiannopoulos,et al.  Confused by Confusion: Systematic Evaluation of DPA Resistance of Various S-boxes , 2014, INDOCRYPT.

[4]  Sylvain Guilley,et al.  Differential Power Analysis Model and Some Results , 2004, CARDIS.

[5]  Sylvain Guilley,et al.  A Theoretical Study of Kolmogorov-Smirnov Distinguishers: Side-Channel Analysis vs. Differential Cryptanalysis , 2014, IACR Cryptol. ePrint Arch..

[6]  Debdeep Mukhopadhyay,et al.  Constrained Search for a Class of Good Bijective $S$-Boxes With Improved DPA Resistivity , 2013, IEEE Transactions on Information Forensics and Security.

[7]  Debdeep Mukhopadhyay,et al.  Design and implementation of rotation symmetric S-boxes with high nonlinearity and high DPA resilience , 2013, 2013 IEEE International Symposium on Hardware-Oriented Security and Trust (HOST).

[8]  Moti Yung,et al.  A Unified Framework for the Analysis of Side-Channel Key Recovery Attacks (extended version) , 2009, IACR Cryptol. ePrint Arch..

[9]  A. Adam Ding,et al.  A Statistical Model for DPA with Novel Algorithmic Confusion Analysis , 2012, CHES.

[10]  Anne Canteaut,et al.  PRINCE - A Low-latency Block Cipher for Pervasive Computing Applications (Full version) , 2012, IACR Cryptol. ePrint Arch..

[11]  Paul C. Kocher,et al.  Differential Power Analysis , 1999, CRYPTO.

[12]  Debdeep Mukhopadhyay,et al.  Redefining the transparency order , 2015, Designs, Codes and Cryptography.

[13]  Eli Biham,et al.  Differential cryptanalysis of DES-like cryptosystems , 1990, Journal of Cryptology.

[14]  Mitsuru Matsui,et al.  A New Method for Known Plaintext Attack of FEAL Cipher , 1992, EUROCRYPT.

[15]  Noen Given On Using Genetic Algorithms for Intrinsic Side-Channel Resistance : The Case of AES S-Box , 2013 .

[16]  Gregor Leander,et al.  On the Classification of 4 Bit S-Boxes , 2007, WAIFI.

[17]  Liwei Zhang,et al.  A Statistics-based Fundamental Model for Side-channel Attack Analysis , 2014, IACR Cryptol. ePrint Arch..

[18]  Andrey Bogdanov,et al.  PRESENT: An Ultra-Lightweight Block Cipher , 2007, CHES.