Provably Secure S-Box Implementation Based on Fourier Transform

  • Emmanuel Prouff
  • Christophe Giraud
  • Sébastien Aumônier
Part of the Lecture Notes in Computer Science book series (LNCS, volume 4249)


Cryptographic algorithms implemented in embedded devices must withstand Side Channel Attacks such as the Differential Power Analysis (DPA). A common method of protecting symmetric cryptographic implementations against DPA is to use masking techniques. However, clever masking of non-linear parts such as S-Boxes is difficult and has been the flaw of many countermeasures. In this article, we take advantage of some remarkable properties of the Fourier Transform to propose a new method to thwart DPA on the implementation of every S-Box. After introducing criteria so that an implementation is qualified as DPA-resistant, we prove the security of our scheme. Finally, we apply the method to FOX and AES S-Boxes and we show in the latter case that the resulting implementation is one of the most efficient.


Differential Power Analysis Provably Secure Countermeasure Fourier Transform Symmetric Cryptosystems S-Box AES FOX 


  1. 1.
    Akkar, M.-L., Giraud, C.: An Implementation of DES and AES, Secure against Some Attacks. In: Koç, Ç.K., Naccache, D., Paar, C. (eds.) CHES 2001. LNCS, vol. 2162, pp. 309–318. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  2. 2.
    Akkar, M.-L., Goubin, L.: A Generic Protection against High-Order Differential Power Analysis. In: Johansson, T. (ed.) FSE 2003. LNCS, vol. 2887, pp. 192–205. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  3. 3.
    Blömer, J., Merchan, J.G., Krummel, V.: Provably Secure Masking of AES. In: Handschuh, H., Hasan, M.A. (eds.) SAC 2004. LNCS, vol. 3357, pp. 69–83. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  4. 4.
    Brier, E., Clavier, C., Olivier, F.: Correlation Power Analysis with a Leakage Model. In: Joye, M., Quisquater, J.-J. (eds.) CHES 2004. LNCS, vol. 3156, pp. 16–29. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  5. 5.
    Chari, S., Jutla, C., Rao, J., Rohatgi, P.: A Cautionary Note Regarding Evaluation of AES Candidates on Smart-Cards. In: AES 2 (March 1999)Google Scholar
  6. 6.
    Chari, S., Jutla, C., Rao, J., Rohatgi, P.: Towards Sound Approaches to Counteract Power-Analysis Attacks. In: Wiener, M. (ed.) CRYPTO 1999. LNCS, vol. 1666, pp. 398–412. Springer, Heidelberg (1999)Google Scholar
  7. 7.
    Coron, J.-S., Tchulkine, A.: A New Algorithm for Switching from Arithmetic to Boolean Masking. In: Walter, C.D., Koç, Ç.K., Paar, C. (eds.) CHES 2003. LNCS, vol. 2779, pp. 89–97. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  8. 8.
    Courtois, N., Goubin, L.: An Algebraic Masking Method to Protect Against Power Attacks. In: Won, D.H., Kim, S. (eds.) ICISC 2005. LNCS, vol. 3935, pp. 199–209. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  9. 9.
    Daemen, J., Rijmen, V.: Resistance Against Implementation Attacks: A Comparative Study of the AES Proposals. In: AES 2 (March 1999)Google Scholar
  10. 10.
    FIPS PUB 197. Advanced Encryption Standard. National Institute of Standards and Technology (2001)Google Scholar
  11. 11.
    FIPS PUB 46. The Data Encryption Standard. National Bureau of Standards (January 1977)Google Scholar
  12. 12.
    Golić, J., Tymen, C.: Multiplicative Masking and Power Analysis of AES. In: Kaliski Jr., B.S., Koç, Ç.K., Paar, C. (eds.) CHES 2002. LNCS, vol. 2523, pp. 198–212. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  13. 13.
    Goubin, L., Patarin, J.: DES and Differential Power Analysis – The Duplication Method. In: Koç, Ç.K., Paar, C. (eds.) CHES 1999. LNCS, vol. 1717, pp. 158–172. Springer, Heidelberg (1999)CrossRefGoogle Scholar
  14. 14.
    Goubin, L.: A Sound Method for Switching between Boolean and Arithmetic Masking. In: Koç, Ç.K., Naccache, D., Paar, C. (eds.) CHES 2001. LNCS, vol. 2162, pp. 3–15. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  15. 15.
    Gueron, S., Parzanchevsky, O., Zuk, O.: Masked Inversion in GF(2n) Using Mixed Field Representations and its Efficient Implementation for AES. In: Embedded Cryptographic Hardware: Methodologies and Architectures, pp. 213–228. Nova Science Publishers (2004)Google Scholar
  16. 16.
    Junod, P., Vaudenay, S.: FOX: a new family of block ciphers. In: Handschuh, H., Hasan, M.A. (eds.) SAC 2004. LNCS, vol. 3357, pp. 114–129. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  17. 17.
    Kocher, P., Jaffe, J., Jun, B.: Differential Power Analysis. In: Wiener, M. (ed.) CRYPTO 1999. LNCS, vol. 1666, pp. 388–397. Springer, Heidelberg (1999)Google Scholar
  18. 18.
    Kocher, P.: Timing Attacks on Implementations of Diffie-Hellman, RSA, DSS, and Other Systems. In: Koblitz, N. (ed.) CRYPTO 1996. LNCS, vol. 1109, pp. 104–113. Springer, Heidelberg (1996)Google Scholar
  19. 19.
    Kunz-Jacques, S., Muller, F., Valette, F.: The Davies-Murphy Power Attack. In: Lee, P.J. (ed.) ASIACRYPT 2004. LNCS, vol. 3329, pp. 451–467. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  20. 20.
    Messerges, T.: Securing the AES Finalists Against Power Analysis Attacks. In: Schneier, B. (ed.) FSE 2000. LNCS, vol. 1978, pp. 150–164. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  21. 21.
    Messerges, T.: Using Second-Order Power Analysis to Attack DPA Resistant software. In: Paar, C., Koç, Ç.K. (eds.) CHES 2000. LNCS, vol. 1965, pp. 238–251. Springer, Heidelberg (2000)CrossRefGoogle Scholar
  22. 22.
    Oppligern, R.: Contemporary Cryptography. ARTECH House (2005)Google Scholar
  23. 23.
    Oswald, E., Mangard, S., Pramstaller, N., Rijmen, V.: A Side-Channel Analysis Resistant Description of the AES S-box. In: Gilbert, H., Handschuh, H. (eds.) FSE 2005. LNCS, vol. 3557, pp. 413–423. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  24. 24.
    Oswald, E., Mangard, S., Pramstaller, N.: Secure and Efficient Masking of AES – A Mission Impossible? Cryptology ePrint Archive, Report2004/134 (2004),
  25. 25.
    Oswald, E., Schramm, K.: An Efficient Masking Scheme for AES Software Implementations. In: Song, J.-S., Kwon, T., Yung, M. (eds.) WISA 2005. LNCS, vol. 3786, pp. 292–305. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  26. 26.
    Paar, C.: VLSI Architectures for Bit Parallel Computations in Galois Fields. PhD thesis, Universität Essen (1994)Google Scholar
  27. 27.
    Rijmen, V.: Efficient Implementation of the Rijndael S-box (2000), Available at:
  28. 28.
    Rudra, A., Bubey, P.K., Jutla, C.S., Kumar, V., Rao, J., Rohatgi, P.: Efficient Rijndael Encryption Implementation with Composite Field Arithmetic. In: Koç, Ç.K., Naccache, D., Paar, C. (eds.) CHES 2001. LNCS, vol. 2162, pp. 171–184. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  29. 29.
    Trichina, E., DeSeta, D., Germani, L.: Simplified Adaptive Multiplicative Masking for AES. In: Kaliski Jr., B.S., Koç, Ç.K., Paar, C. (eds.) CHES 2002. LNCS, vol. 2523, pp. 187–197. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  30. 30.
    Trichina, E., Korkishko, L., Lee, K.H.: Small Size, Low Power, Side Channel-Immune AES Coprocessor, Design and Synthesis Results. In: Dobbertin, H., Rijmen, V., Sowa, A. (eds.) AES 2005. LNCS, vol. 3373, pp. 113–127. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  31. 31.
    Trichina, E., Korkishko, L.: Secure and Efficient AES Software Implementation for Smart Cards. In: Lim, C.H., Yung, M. (eds.) WISA 2004. LNCS, vol. 3325, pp. 425–439. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  32. 32.
    Trichina, E.: Combinatorial Logic Design for AES SubByte Transformation on Masked Data. Cryptology ePrint Archive, Report2003/236 (2003),

Copyright information

© Springer-Verlag Berlin Heidelberg 2006

Authors and Affiliations

  • Emmanuel Prouff
    • 1
  • Christophe Giraud
    • 2
  • Sébastien Aumônier
    • 1
  1. 1.Oberthur Card SystemsNanterreFrance
  2. 2.Oberthur Card SystemsPessacFrance

Personalised recommendations