Impact of Sboxes Size upon Side Channel Resistance and Block Cipher Design
Designing a cryptographic algorithm requires to take into account various cryptanalytic threats. Since the 90’s, Side Channel Analysis (SCA) has become a major threat against cryptographic algorithms embedded on physical devices. Protecting implementation of ciphers against such attacks is a very dynamic topic of research and many countermeasures have been proposed to thwart these attacks. The most common countermeasure for block cipher implementations is masking, which randomizes the variables by combining them with one or several random values. In this paper, we propose to investigate the impact of the size of the words processed by an algorithm on the security against SCA. For this matter we describe two AES-like algorithms operating respectively on 4 and 16-bit words. We then compare them with the regular AES (8 bits) both in terms of complexity and security with respect to various masking schemes. Our results show that SCA is a determinant criterion for algorithms design and that cryptographers may have various possibilities depending on their security and complexity requirements.
KeywordsSide Channel Analysis (SCA) S-boxes Word size Masking Countermeasure Higher-Order SCA AES Implementation FPGA
Unable to display preview. Download preview PDF.
- 2.Anderson, R., Biham, E., Knudsen, L.: Serpent: A Proposal for the Advanced Encryption Standard (1998)Google Scholar
- 3.Ben-Or, M., Goldwasser, S., Wigderson, A.: Completeness theorems for non-cryptographic fault-tolerant distributed computation (extended abstract). In: STOC, pp. 1–10. ACM (1988)Google Scholar
- 9.Daemen, J., Rijmen, V.: AES Proposal: Rijndael (September 1999)Google Scholar
- 10.Daemen, J.: Cipher and hash function design strategies based on linear and differential cryptanalysis. PhD thesis, K.U.Leuven (1995)Google Scholar
- 11.FIPS PUB 46-3. Data Encryption Standard (DES). National Institute of Standards and Technology (October 1999)Google Scholar
- 13.Gierlichs, B., Batina, L., Preneel, B., Verbauwhede, I.: Revisiting Higher-Order DPA Attacks: Multivariate Mutual Information Analysis. Cryptology ePrint Archive, Report 2009/228 (2009), http://eprint.iacr.org/
- 16.Goubin, L., Martinelli, A.: Protecting aes with shamir’s secret sharing scheme - extended version. IACR Cryptology ePrint Archive 2011, 516 (2011)Google Scholar