Abstract
At CHES 2006, Prouff et al. proposed a novel S-box calculation based on the discrete Fourier transform as a first-order DPA countermeasure. At CHES 2008, Coron et al. showed that the original countermeasure can be broken by first-order DPA due to a biased mask and they proposed an improved algorithm. This paper shows that there is still a flaw in the Coron’s S-box algorithm with respect to a practical software implementation. We pre-process the power traces to separate them into two subgroups, each has a biased mask. For the separated power traces, we propose two post analysis methods to identify the key. One is based on CPA attack against one subgroup, and the other is utilizing the difference of means for two subgroups and a pattern matching. Finally, we compare these two attack methods and propose an algorithm level countermeasure to enhance the security of Coron’s S-box.
Chapter PDF
Similar content being viewed by others
References
Brier, E., Clavier, C., Oliver, F.: Correlation power analysis with a leakage model. In: Joye, M., Quisquater, J.-J. (eds.) CHES 2004. LNCS, vol. 3156, pp. 16–29. Springer, Heidelberg (2004)
Coron, J.-S.: Resistance against differential power analysis for elliptic curve cryptosystems. In: Koç, Ç.K., Paar, C. (eds.) CHES 1999. LNCS, vol. 1717, pp. 292–302. Springer, Heidelberg (1999)
Coron, J.-S., Giraud, C., Prouff, E.: Attack and improvement of a secure S-box calculation based on the Fourier transform. In: Oswald, E., Rohatgi, P. (eds.) CHES 2008. LNCS, vol. 5154, pp. 1–14. Springer, Heidelberg (2008)
Coron, J.-S., Goubin, L.: On boolean and arithmetic masking against differential power analysis. In: Paar, C., Koç, Ç.K. (eds.) CHES 2000. LNCS, vol. 1965, pp. 231–237. Springer, Heidelberg (2000)
Research Center for Information Security (RCIS). Side-channel attack standard evaluation board (SASEBO), http://www.rcis.aist.go.jp/special/SASEBO/index-en.html
Itoh, K., Takenaka, M., Torii, N.: DPA countermeasure based on the masking method. In: Kim, K.-c. (ed.) ICISC 2001. LNCS, vol. 2288, pp. 440–456. Springer, Heidelberg (2002)
Kocher, P.: Timing attacks on implementations of Diffie-Hellman, RSA, DSS and other systems. In: Koblitz, N. (ed.) CRYPTO 1996. LNCS, vol. 1109, pp. 104–113. Springer, Heidelberg (1996)
Prouff, E., Giraud, C., Aumônier, S.: Provably secure S-box implementation based on Fourier transform. In: Goubin, L., Matsui, M. (eds.) CHES 2006. LNCS, vol. 4249, pp. 216–230. Springer, Heidelberg (2006)
Rijmen, V.: Efficient implementation of the Rijndael S-box, citeseer.ist.psu.edu/293912.html
Schaumont, P., Tiri, K.: Masking and dual-rail logic don’t add up. In: Paillier, P., Verbauwhede, I. (eds.) CHES 2007. LNCS, vol. 4727, pp. 95–106. Springer, Heidelberg (2007)
Suzuki, D., Saeki, M., Ichikawa, T.: Random switching logic: A new countermeasure against DPA and second-order DPA at the logic level. IEICE Transaction on Fundamentals E90-A(1), 160–169 (2007)
Tiri, K., Schaumont, P.: Changing the odds against masked logic. In: Biham, E., Youssef, A.M. (eds.) SAC 2006. LNCS, vol. 4356, pp. 134–146. Springer, Heidelberg (2007)
Tiri, K., Verbauwhede, I.: A logic level design methodology for a secure DPA resistant ASIC or FPGA implementation. In: Proceedings of Design, Automation and Test in Europe Conference (DATE), pp. 246–251 (2004)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2009 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Li, Y., Sakiyama, K., Kawamura, S., Komano, Y., Ohta, K. (2009). Security Evaluation of a DPA-Resistant S-Box Based on the Fourier Transform. In: Qing, S., Mitchell, C.J., Wang, G. (eds) Information and Communications Security. ICICS 2009. Lecture Notes in Computer Science, vol 5927. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-11145-7_3
Download citation
DOI: https://doi.org/10.1007/978-3-642-11145-7_3
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-11144-0
Online ISBN: 978-3-642-11145-7
eBook Packages: Computer ScienceComputer Science (R0)