Advertisement

Generalized Polynomial Decomposition for S-boxes with Application to Side-Channel Countermeasures

  • Dahmun Goudarzi
  • Matthieu Rivain
  • Damien Vergnaud
  • Srinivas Vivek
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 10529)

Abstract

Masking is a widespread countermeasure to protect implementations of block-ciphers against side-channel attacks. Several masking schemes have been proposed in the literature that rely on the efficient decomposition of the underlying s-box(es). We propose a generalized decomposition method for s-boxes that encompasses several previously proposed methods while providing new trade-offs. It allows to evaluate \(n\lambda \)-bit to \(m\lambda \)-bit s-boxes for any integers \(n,m,\lambda \ge 1\) by seeing it a sequence of m n-variate polynomials over \(\mathbb {F}_{2^{\lambda }}\) and by trying to minimize the number of multiplications over \(\mathbb {F}_{2^{\lambda }}\).

Keywords

S-box decomposition Multiplicative complexity Side-channel countermeasure Masking Software implementation Block-cipher 

Notes

Acknowledgements

We would like to thank Jürgen Pulkus for helpful discussions regarding choosing basis elements as random products. We would also like to thank the anonymous reviewers of CHES 2017 for valuable feedback that helped to improve the paper. Srinivas Vivek’s work was partially supported by the European Union’s H2020 Programme under grant agreement number ICT-644209 (HEAT).

References

  1. [BBP+16]
    Belaïd, S., Benhamouda, F., Passelègue, A., Prouff, E., Thillard, A., Vergnaud, D.: Randomness complexity of private circuits for multiplication. In: Fischlin, M., Coron, J.-S. (eds.) EUROCRYPT 2016. LNCS, vol. 9666, pp. 616–648. Springer, Heidelberg (2016). doi: 10.1007/978-3-662-49896-5_22 CrossRefGoogle Scholar
  2. [BKL+07]
    Bogdanov, A., Knudsen, L.R., Leander, G., Paar, C., Poschmann, A., Robshaw, M.J.B., Seurin, Y., Vikkelsoe, C.: PRESENT: an ultra-lightweight block cipher. In: Paillier, P., Verbauwhede, I. (eds.) CHES 2007. LNCS, vol. 4727, pp. 450–466. Springer, Heidelberg (2007). doi: 10.1007/978-3-540-74735-2_31 CrossRefGoogle Scholar
  3. [BMP13]
    Boyar, J., Matthews, P., Peralta, R.: Logic minimization techniques with applications to cryptology. J. Cryptol. 26(2), 280–312 (2013)MathSciNetCrossRefzbMATHGoogle Scholar
  4. [BR00]
    Barreto, P., Rijmen, V.: The Khazad legacy-level block cipher. First Open NESSIE Workshop, KU-Leuven (2000). http://www.cosic.esat.kuleuven.ac.be/nessie/
  5. [CGP+12]
    Carlet, C., Goubin, L., Prouff, E., Quisquater, M., Rivain, M.: Higher-order masking schemes for S-Boxes. In: Canteaut, A. (ed.) FSE 2012. LNCS, vol. 7549, pp. 366–384. Springer, Heidelberg (2012). doi: 10.1007/978-3-642-34047-5_21 CrossRefGoogle Scholar
  6. [CJRR99]
    Chari, S., Jutla, C.S., Rao, J.R., Rohatgi, P.: Towards sound approaches to counteract power-analysis attacks. In: Wiener, M. (ed.) CRYPTO 1999. LNCS, vol. 1666, pp. 398–412. Springer, Heidelberg (1999). doi: 10.1007/3-540-48405-1_26 CrossRefGoogle Scholar
  7. [CRV14]
    Coron, J.-S., Roy, A., Vivek, S.: Fast evaluation of polynomials over binary finite fields and application to side-channel countermeasures. In: Batina, L., Robshaw, M. (eds.) CHES 2014. LNCS, vol. 8731, pp. 170–187. Springer, Heidelberg (2014). doi: 10.1007/978-3-662-44709-3_10 Google Scholar
  8. [DDF14]
    Duc, A., Dziembowski, S., Faust, S.: Unifying leakage models: from probing attacks to noisy leakage. In: Nguyen, P.Q., Oswald, E. (eds.) EUROCRYPT 2014. LNCS, vol. 8441, pp. 423–440. Springer, Heidelberg (2014). doi: 10.1007/978-3-642-55220-5_24 CrossRefGoogle Scholar
  9. [DES77]
    Data encryption standard. National Bureau of Standards, NBS FIPS PUB 46, U.S. Department of Commerce, January 1977Google Scholar
  10. [GP99]
    Goubin, L., Patarin, J.: DES and differential power analysis the “Duplication” method. In: Koç, Ç.K., Paar, C. (eds.) CHES 1999. LNCS, vol. 1717, pp. 158–172. Springer, Heidelberg (1999). doi: 10.1007/3-540-48059-5_15 CrossRefGoogle Scholar
  11. [GR16]
    Goudarzi, D., Rivain, M.: On the multiplicative complexity of boolean functions and bitsliced higher-order masking. In: Gierlichs, B., Poschmann, A.Y. (eds.) CHES 2016. LNCS, vol. 9813, pp. 457–478. Springer, Heidelberg (2016). doi: 10.1007/978-3-662-53140-2_22 Google Scholar
  12. [GR17]
    Goudarzi, D., Rivain, M.: How fast can higher-order masking be in software? In: Coron, J.-S., Nielsen, J.B. (eds.) EUROCRYPT 2017. LNCS, vol. 10210, pp. 567–597. Springer, Cham (2017). doi: 10.1007/978-3-319-56620-7_20 CrossRefGoogle Scholar
  13. [ISW03]
    Ishai, Y., Sahai, A., Wagner, D.: Private circuits: securing hardware against probing attacks. In: Boneh, D. (ed.) CRYPTO 2003. LNCS, vol. 2729, pp. 463–481. Springer, Heidelberg (2003). doi: 10.1007/978-3-540-45146-4_27 CrossRefGoogle Scholar
  14. [KJJ99]
    Kocher, P., Jaffe, J., Jun, B.: Differential power analysis. In: Wiener, M. (ed.) CRYPTO 1999. LNCS, vol. 1666, pp. 388–397. Springer, Heidelberg (1999). doi: 10.1007/3-540-48405-1_25 CrossRefGoogle Scholar
  15. [Koc96]
    Kocher, P.C.: Timing attacks on implementations of Diffie-Hellman, RSA, DSS, and other systems. In: Koblitz, N. (ed.) CRYPTO 1996. LNCS, vol. 1109, pp. 104–113. Springer, Heidelberg (1996). doi: 10.1007/3-540-68697-5_9 Google Scholar
  16. [PR13]
    Prouff, E., Rivain, M.: Masking against side-channel attacks: a formal security proof. In: Johansson, T., Nguyen, P.Q. (eds.) EUROCRYPT 2013. LNCS, vol. 7881, pp. 142–159. Springer, Heidelberg (2013). doi: 10.1007/978-3-642-38348-9_9 CrossRefGoogle Scholar
  17. [PS73]
    Paterson, M., Stockmeyer, L.J.: On the number of nonscalar multiplications necessary to evaluate polynomials. SIAM J. Comput. 2(1), 60–66 (1973)MathSciNetCrossRefzbMATHGoogle Scholar
  18. [PV16]
    Pulkus, J., Vivek, S.: Reducing the number of non-linear multiplications in masking schemes. In: Gierlichs, B., Poschmann, A.Y. (eds.) CHES 2016. LNCS, vol. 9813, pp. 479–497. Springer, Heidelberg (2016). doi: 10.1007/978-3-662-53140-2_23 Google Scholar
  19. [RP10]
    Rivain, M., Prouff, E.: Provably secure higher-order masking of AES. In: Mangard, S., Standaert, F.-X. (eds.) CHES 2010. LNCS, vol. 6225, pp. 413–427. Springer, Heidelberg (2010). doi: 10.1007/978-3-642-15031-9_28 CrossRefGoogle Scholar
  20. [RV13]
    Roy, A., Vivek, S.: Analysis and improvement of the generic higher-order masking scheme of FSE 2012. In: Bertoni, G., Coron, J.-S. (eds.) CHES 2013. LNCS, vol. 8086, pp. 417–434. Springer, Heidelberg (2013). doi: 10.1007/978-3-642-40349-1_24 CrossRefGoogle Scholar
  21. [SSA+07]
    Shirai, T., Shibutani, K., Akishita, T., Moriai, S., Iwata, T.: The 128-bit blockcipher CLEFIA (Extended Abstract). In: Biryukov, A. (ed.) FSE 2007. LNCS, vol. 4593, pp. 181–195. Springer, Heidelberg (2007). doi: 10.1007/978-3-540-74619-5_12 CrossRefGoogle Scholar
  22. [SYY+02]
    Shimoyama, T., Yanami, H., Yokoyama, K., Takenaka, M., Itoh, K., Yajima, J., Torii, N., Tanaka, H.: The block cipher SC2000. In: Matsui, M. (ed.) FSE 2001. LNCS, vol. 2355, pp. 312–327. Springer, Heidelberg (2002). doi: 10.1007/3-540-45473-X_26 CrossRefGoogle Scholar

Copyright information

© International Association for Cryptologic Research 2017

Authors and Affiliations

  • Dahmun Goudarzi
    • 1
    • 2
  • Matthieu Rivain
    • 1
  • Damien Vergnaud
    • 2
  • Srinivas Vivek
    • 3
  1. 1.CryptoExpertsParisFrance
  2. 2.ENS, CNRS, INRIA, PSL Research UniversityParisFrance
  3. 3.University of BristolBristolUK

Personalised recommendations