Confused by Confusion: Systematic Evaluation of DPA Resistance of Various S-boxes

  • Stjepan Picek
  • Kostas Papagiannopoulos
  • Barış Ege
  • Lejla Batina
  • Domagoj Jakobovic
Conference paper
First Online:
Part of the Lecture Notes in Computer Science book series (LNCS, volume 8885)

Abstract

When studying the DPA resistance of S-boxes, the research community is divided in their opinions on what properties should be considered. So far, there exist only a few properties that aim at expressing the resilience of S-boxes to side-channel attacks. Recently, the confusioncoefficient property was defined with the intention to characterize the resistance of an S-box. However, there exist no experimental results or methods for creating S-boxes with a “good” confusion coefficient property. In this paper, we employ a novel heuristic technique to generate S-boxes with “better” values of the confusion coefficient in terms of improving their side-channel resistance. We conduct extensive side-channel analysis and detect S-boxes that exhibit previously unseen behavior. For the \(4\times 4\) size we find S-boxes that belong to optimal classes, but they exhibit linear behavior when running a CPA attack, therefore preventing an attacker from achieving 100% success rate on recovering the key.

Keywords

Boolean Function Smart Card Block Cipher Optimal Classis Leakage Model 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.
This is a preview of subscription content, log in to check access.

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. 1.
    Carlet, C.: On Highly Nonlinear S-Boxes and Their Inability to Thwart DPA Attacks. In: Maitra, S., Veni Madhavan, C.E., Venkatesan, R. (eds.) INDOCRYPT 2005. LNCS, vol. 3797, pp. 49–62. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  2. 2.
    Matsui, M., Yamagishi, A.: A New Method for Known Plaintext Attack of FEAL Cipher. In: Rueppel, R.A. (ed.) EUROCRYPT 1992. LNCS, vol. 658, pp. 81–91. Springer, Heidelberg (1993)CrossRefGoogle Scholar
  3. 3.
    Biham, E., Shamir, A.: Differential Cryptanalysis of DES-like Cryptosystems. In: Menezes, A., Vanstone, S.A. (eds.) CRYPTO 1990. LNCS, vol. 537, pp. 2–21. Springer, Heidelberg (1991)Google Scholar
  4. 4.
    Mangard, S., Oswald, E., Popp, T.: Power Analysis Attacks: Revealing the Secrets of Smart Cards (Advances in Information Security). Springer-Verlag New York Inc., Secaucus (2007)Google Scholar
  5. 5.
    Leander, G., Poschmann, A.: On the Classification of 4 Bit S-Boxes. In: Carlet, C., Sunar, B. (eds.) WAIFI 2007. LNCS, vol. 4547, pp. 159–176. Springer, Heidelberg (2007)CrossRefGoogle Scholar
  6. 6.
    Guilley, S., Pacalet, R.: Differential Power Analysis Model and Some Results. In: Proceedings of CARDIS. Kluwer Academic Publishers, pp. 127–142 (2004)Google Scholar
  7. 7.
    Prouff, E.: DPA Attacks and S-Boxes. In: Gilbert, H., Handschuh, H. (eds.) FSE 2005. LNCS, vol. 3557, pp. 424–441. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  8. 8.
    Guilley, S., Hoogvorst, P., Pacalet, R., Schmidt, J.: Improving Side-Channel Attacks by Exploiting Substitution Boxes Properties. In: International Workshop on Boolean Functions: Cryptography and Applications, ser. BFCA 2014, pp. 1–25 (2007)Google Scholar
  9. 9.
    Fei, Y., Luo, Q., Ding, A.A.: A Statistical Model for DPA with Novel Algorithmic Confusion Analysis. In: Prouff, E., Schaumont, P. (eds.) CHES 2012. LNCS, vol. 7428, pp. 233–250. Springer, Heidelberg (2012)CrossRefGoogle Scholar
  10. 10.
    Fei, Y., Ding, A.A., Lao, J., Zhang, L.: A Statistics-based Fundamental Model for Side-channel Attack Analysis. IACR Cryptology ePrint Archive 2014, 152 (2014)Google Scholar
  11. 11.
    Mazumdar, B., Mukhopadhyay, D., Sengupta, I.: Design and implementation of rotation symmetric S-boxes with high nonlinearity and high DPA resilience. In: 2013 IEEE International Symposium on Hardware-Oriented Security and Trust (HOST), pp. 87–92 (2013)Google Scholar
  12. 12.
    Mazumdar, B., Mukhopadhay, D., Sengupta, I.: Constrained Search for a Class of Good Bijective S-Boxes with Improved DPA Resistivity. IEEE Transactions on Information Forensics and Security (99), 1 (2013)Google Scholar
  13. 13.
    Picek, S., Ege, B., Batina, L., Jakobovic, D., Chmielewski, L., Golub, M.: On Using Genetic Algorithms for Intrinsic Side-channel Resistance: The Case of AES S-box. In: Proceedings of the First Workshop on Cryptography and Security in Computing Systems, ser. CS\(^2\) 2014, pp. 13–18. ACM, New York (2014)Google Scholar
  14. 14.
    Bogdanov, A.A., Knudsen, L.R., Leander, G., Paar, C., Poschmann, A., Robshaw, M., Seurin, Y., Vikkelsoe, C.: PRESENT: An Ultra-Lightweight Block Cipher. In: Paillier, P., Verbauwhede, I. (eds.) CHES 2007. LNCS, vol. 4727, pp. 450–466. Springer, Heidelberg (2007)CrossRefGoogle Scholar
  15. 15.
    Picek, S., Ege, B., Papagiannopoulos, K., Batina, L., Jakobovic, D.: Optimality and beyond: The case of 4x4 s-boxes. In: 2014 IEEE International Symposium on Hardware-Oriented Security and Trust, HOST 2014, Arlington, VA, USA, May 6-7, pp. 80–83 (2014)Google Scholar
  16. 16.
    Chakraborty, K., Maitra, S., Sarkar, S., Mazumdar, B., Mukhopadhyay, D.: Redefining the Transparency Order, Cryptology ePrint Archive, Report 2014/367 (2014), http://eprint.iacr.org/
  17. 17.
    Canright, D.: A Very Compact S-Box for AES. In: Rao, J.R., Sunar, B. (eds.) CHES 2005. LNCS, vol. 3659, pp. 441–455. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  18. 18.
    Canright, D., Batina, L.: A Very Compact “Perfectly Masked” S-Box for AES. In: Bellovin, S.M., Gennaro, R., Keromytis, A.D., Yung, M. (eds.) ACNS 2008. LNCS, vol. 5037, pp. 446–459. Springer, Heidelberg (2008)CrossRefGoogle Scholar
  19. 19.
    Luo, Q., Fei, Y.: Algorithmic collision analysis for evaluating cryptographic systems and side-channel attacks. In: HOST 2011, pp. 75–80 (2011)Google Scholar
  20. 20.
    Ding, A.A., Zhang, L., Fei, Y., Luo, P.: A Statistical Model for Higher Order DPA on Masked Devices. IACR Cryptology ePrint Archive 2014, 433 (2014)Google Scholar
  21. 21.
    Daemen, J., Rijmen, V.: The Design of Rijndael. Springer-Verlag New York Inc., Secaucus (2002)CrossRefMATHGoogle Scholar
  22. 22.
    Kocher, P.C.: Timing Attacks on Implementations of Diffie-Hellman, RSA, DSS, and Other Systems. In: Koblitz, N. (ed.) CRYPTO 1996. LNCS, vol. 1109, pp. 104–113. Springer, Heidelberg (1996)Google Scholar
  23. 23.
    Kocher, P.C., Jaffe, J., Jun, B.: Differential Power Analysis. In: Wiener, M. (ed.) CRYPTO 1999. LNCS, vol. 1666, pp. 388–397. Springer, Heidelberg (1999)CrossRefGoogle Scholar
  24. 24.
    Quisquater, J.-J., Samyde, D.: ElectroMagnetic Analysis (EMA): Measures and Counter-Measures for Smart Cards. In: Attali, S., Jensen, T. (eds.) E-smart 2001. LNCS, vol. 2140, pp. 200–210. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  25. 25.
    Crama, Y., Hammer, P.L.: Boolean Models and Methods in Mathematics, Computer Science, and Engineering, 1st edn. Cambridge University Press, New York (2010)CrossRefMATHGoogle Scholar
  26. 26.
    Braeken, A.: Cryptographic Properties of Boolean Functions and S-Boxes, Ph.D. dissertation, Katholieke Universiteit Leuven (2006)Google Scholar
  27. 27.
    Nyberg, K.: Perfect Nonlinear S-Boxes. In: Davies, D.W. (ed.) EUROCRYPT 1991. LNCS, vol. 547, pp. 378–386. Springer, Heidelberg (1991)CrossRefGoogle Scholar
  28. 28.
    Heuser, A., Guilley, S., Rioul, O.: A Theoretical Study of Kolmogorov-Smirnov Distinguishers: Side-Channel Analysis vs. Differential Cryptanalysis. IACR Cryptology ePrint Archive 2014, 8 (2014)Google Scholar
  29. 29.
    Weise, T.: Global Optimization Algorithms - Theory and Application, 2nd ed. Self-Published (January 14, 2009). http://www.it-weise.de/., http://www.it-weise.de/
  30. 30.
    Eiben, A.E., Smith, J.E.: Introduction to Evolutionary Computing. Springer, Heidelberg (2003)CrossRefMATHGoogle Scholar
  31. 31.
    Michalewicz, Z.: Genetic algorithms + data structures = evolution programs, 3rd edn. Springer, London (1996)CrossRefMATHGoogle Scholar
  32. 32.
    Borghoff, J., Canteaut, A., Güneysu, T., Kavun, E.B., Knezevic, M., Knudsen, L.R., Leander, G., Nikov, V., Paar, C., Rechberger, C., Rombouts, P., Thomsen, S.S., Yalçın, T.: PRINCE – A Low-Latency Block Cipher for Pervasive Computing Applications. In: Wang, X., Sako, K. (eds.) ASIACRYPT 2012. LNCS, vol. 7658, pp. 208–225. Springer, Heidelberg (2012)CrossRefGoogle Scholar
  33. 33.
    Standaert, F.-X., Malkin, T.G., Yung, M.: A Unified Framework for the Analysis of Side-Channel Key Recovery Attacks. In: Joux, A. (ed.) EUROCRYPT 2009. LNCS, vol. 5479, pp. 443–461. Springer, Heidelberg (2009)CrossRefGoogle Scholar
  34. 34.
    Gong, Z., Nikova, S., Law, Y.W.: KLEIN: A New Family of Lightweight Block Ciphers. In: Juels, A., Paar, C. (eds.) RFIDSec 2011. LNCS, vol. 7055, pp. 1–18. Springer, Heidelberg (2012)Google Scholar
  35. 35.
    Cannière, C., Sato, H., Watanabe, D.: Hash function Luffa: Specification 2.0.1. Submission to NIST (Round 2) (2009). http://www.sdl.hitachi.co.jp/crypto/luffa/
  36. 36.
    Daemen, J., Peeters, M., Assche, G.V., Rijmen, V.: Nessie proposal: the block cipher Noekeon, Nessie submission. (2000), http://gro.noekeon.org/

Copyright information

© Springer International Publishing Switzerland 2014

Authors and Affiliations

  • Stjepan Picek
    • 1
    • 3
  • Kostas Papagiannopoulos
    • 1
  • Barış Ege
    • 1
  • Lejla Batina
    • 1
    • 2
  • Domagoj Jakobovic
    • 3
  1. 1.ICIS - Digital Security GroupRadboud University NijmegenNijmegenThe Netherlands
  2. 2.ESAT/COSICKU LeuvenLeuvenBelgium
  3. 3.Faculty of Electrical Engineering and Computing University of ZagrebZagrebCroatia

Personalised recommendations