Skip to main content
Springer Nature Link
Log in

Threshold implementations of small S-boxes

  • Published:
Cryptography and Communications Aims and scope Submit manuscript

Abstract

Threshold implementation (TI) is a masking method that provides security against first-order DPA with minimal assumptions on the hardware. It is based on multi-party computation and secret sharing. In this paper, we provide an efficient technique to find TIs for all 3 and 4-bit permutations which also covers the set of 3×3 and 4×4 invertible S-boxes. We also discuss alternative methods to construct shared functions by changing the number of variables or shares. Moreover, we further consider the TI of 5-bit almost bent and 6-bit almost perfect nonlinear permutations. Finally, we compare the areas of these various TIs.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Subscribe and save

Springer+ Basic
$34.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3

Similar content being viewed by others

Notes

  1. The component function defined for shared functions in this paper is different than the definition provided in [16]

References

  1. Akkar, M.-L., Giraud, C.: An implementation of DES and AES, secure against some attacks. In: Koç, Ç.K., Naccache, D., Paar, C. (eds.) Cryptographic Hardware and Embedded Systems - CHES 2001, volume 2162 of Lecture Notes in Computer Science, pp 309–318. Springer, Heidelberg (2001)

    Google Scholar 

  2. Andreeva, E.: Atul Luykx Florian Mendel Bart Mennink Nicky Mouha Qingju Wang Begül Bilgin, Andrey Bogdanov, and Kan Yasuda. PRIMATEs. Available at http://competitions.cr.yp.to/round1/primatesv1.pdf

  3. Batina, L., Gierlichs, B., Prouff, E., Rivain, M., Standaert, F.-X., Veyrat-Charvillon, N.: Mutual information analysis: a comprehensive study. J. Cryptol. 24(2), 269–291 (2011)

    Article  MATH  MathSciNet  Google Scholar 

  4. Bertoni, G., Daemen, J., Peeters, M., Van Assche, G.: Building power analysis resistant implementations of Keccak, Second SHA-3 candidate conference (2010)

  5. Bertoni, G., Daemen, J., Peeters, M., Van Assche, G.: The Keccak reference (2011)

  6. Bilgin, B., Bogdanov, A., Knezevic, M., Mendel, F., Wang, Q.: Fides: Lightweight authenticated cipher with side-channel resistance for constrained hardware. In: Bertoni, G., Coron, J.-S. (eds.) Cryptographic Hardware and Embedded Systems - CHES 2013, volume 8086 of Lecture Notes in Computer Science, pp 142–158. Springer, Heidelberg (2013)

    Google Scholar 

  7. Bilgin, B., Daemen, J., Nikov, V., Nikova, S., Rijmen, V., Van Assche, G.: Efficient and first-order DPA resistant implementations of Keccak. To appear in CARDIS (2013)

  8. Bilgin, B., Gierlichs, B., Nikova, S., Nikov, V., Rijmen, V.: A more efficient AES threshold implementation. In: Pointcheval, D., Vergnaud, D. (eds.) Progress in Cryptology AFRICACRYPT 2014, volume 8469 of Lecture Notes in Computer Science, pp 267–284. Springer International Publishing (2014)

  9. Bilgin, B., Nikova, S., Nikov, V., Rijmen, V.: TI toolkit. http://homes.esat.kuleuven.be/snikova/ti_tools.html (2013)

  10. Bilgin, B., Nikova, S., Nikov, V., Rijmen, V.: List of decompositions of 4-bit permutations. http://homes.esat.kuleuven.be/bbilgin/other.html (2014)

  11. Bilgin, B., Nikova, S., Nikov, V., Rijmen, V., Stütz, G.: Threshold implementations of all 3x3 and 4x4 s-boxes. In: Prouff, E., Schaumont, P. (eds.) Cryptographic Hardware and Embedded Systems - CHES 2012, volume 7428 of Lecture Notes in Computer Science, pp 76–91. Springer, Heidelberg (2012)

    Google Scholar 

  12. Biryukov, A., De Cannièere, C., Braeken, A., Preneel, B.: A toolbox for cryptanalysis: linear and affine equivalence algorithms. In: Proceedings of the 22Nd International Conference on Theory and Applications of Cryptographic Techniques, EUROCRYPT’03, pp. 33–50. Springer, Heidelberg (2003)

  13. Blömer, J., Guajardo, J., Krummel, V.: Provably secure masking of AES. In: Handschuh, H., Hasan, M.A. (eds.) Proceedings of the 11th International Conference on Selected Areas in Cryptography - SAC’04, Lecture Notes in Computer Science, pp 69–83. Springer, Heidelberg (2005)

    Google Scholar 

  14. Boura, C., Canteaut, A.: On the influence of the algebraic degree of f −1 on the algebraic degree of gf. Cryptology ePrint Archive, Report 2011/503. http://eprint.iacr.org/ (2011)

  15. Brinkmann, M., Leander, G.: On the classification of APN functions up to dimension five. Des. Codes Crypt. 49(1–3), 273–288 (2008)

    Article  MATH  MathSciNet  Google Scholar 

  16. Carlet, C.: Vectorial boolean functions for cryptography. In: Crama, Y., Hammer, P.L. (eds.) Boolean Models and Methods in Mathematics, Computer Science, and Engineering. Cambridge University Press, New York (2010)

    Google Scholar 

  17. Carlet, C., Charpin, P., Zinoviev, V.: Codes, bent functions and permutations suitable for DES-like cryptosystems. Des. Codes Crypt. 15(2), 125–156 (1998)

    Article  MATH  MathSciNet  Google Scholar 

  18. Coron, J.-S.: Higher order masking of look-up tables. In: Nguyen, P.Q., Oswald, E. (eds.) Advances in Cryptology - EUROCRYPT 2014, volume 8441 of Lecture Notes in Computer Science, pp 441–458. Springer, Heidelberg (2014)

    Google Scholar 

  19. Daemen, J., Govaerts, R., Vandewalle, J.: A new approach to block cipher design. In: Anderson, R. (ed.) Fast Software Encryption, volume 809 of Lecture Notes in Computer Science, pp 18–32. Springer, Heidelberg (1994)

    Google Scholar 

  20. Daemen, J., Peeters, M., Assche, G.: Bitslice ciphers and power analysis attacks. In: Goos, G., Hartmanis, J., Leeuwen, J., Schneier, B. (eds.) Fast Software Encryption, volume 1978 of Lecture Notes in Computer Science, pp 134–149. Springer, Heidelberg (2001)

    Google Scholar 

  21. De Canniere, C.: Analysis and Design of Symmetric Encryption Algorithms. PhD thesis (2007)

  22. De Canniere, C., Nikov, V., Nikova, S., Rijmen, V.: S-box decompositions for SCA-resisting implementations. Poster presented at CHES 2011, Nara, Japan (2012)

  23. DES: Data encryption standard. In: FIPS PUB 46, Federal Information Processing Standards Publication, pp. 46–2 (1977)

  24. Dillon, J.F.: APN polynomials: an update (2009)

  25. Duc, A., Dziembowski, S., Faust, S.: Unifying leakage models: from probing attacks to noisy leakage. In: Nguyen, P.Q., Oswald, E. (eds.) Advances in Cryptology - EUROCRYPT 2014, volume 8441 of Lecture Notes in Computer Science, pp 423–440. Springer, Heidelberg (2014)

    Google Scholar 

  26. Golic, J.D., Tymen, C.: Multiplicative masking and power analysis of AES. In: Kaliski, B.S., Koç, Ç.K., Paar, C. (eds.) Cryptographic Hardware and Embedded Systems - CHES 2002, volume 2523 of Lecture Notes in Computer Science, pp 198–212. Springer, Heidelberg (2003)

    Google Scholar 

  27. Ishai, Y., Sahai, A., Wagner, D.: Private circuits: Securing hardware against probing attacks. In: Boneh, D. (ed.) Advances in Cryptology - CRYPTO 2003, volume 2729 of Lecture Notes in Computer Science, pp 463–481. Springer, Heidelberg (2003)

    Google Scholar 

  28. Knudsen, L., Leander, G., Poschmann, A., Robshaw, M.J.B.: PRINTcipher: A block cipher for IC-printing. In: Mangard, S., Standaert, F.-X. (eds.) Cryptographic Hardware and Embedded Systems, CHES 2010, volume 6225 of Lecture Notes in Computer Science, pp 16–32. Springer, Heidelberg (2010)

    Google Scholar 

  29. Kutzner, S., Nguyen, P.H.: Axel Poschmann. Enabling 3-share threshold implementations for any 4-bit S-box. Cryptology ePrint Archive, Report 2012/510. http://eprint.iacr.org/ (2012)

  30. Leander, G., Poschmann, A.: On the classification of 4 bit S-Boxes. In: Carlet, C., Sunar, B. (eds.) Arithmetic of Finite Fields, volume 4547 of Lecture Notes in Computer Science, pp 159–176. Springer, Heidelberg (2007)

    Google Scholar 

  31. Lidl, R., Niederreiter, H.: Finite fields, volume 20 of Encyclopedia of Mathematics and its Applications, 2nd edn. Cambridge University Press, Cambridge (1997)

    Google Scholar 

  32. Mangard, S., Oswald, E., Popp, T.: Power Analysis Attacks: Revealing the Secrets of Smart Cards (Advances in Information Security). Springer-Verlag, New York (2007)

    Google Scholar 

  33. Mangard, S., Pramstaller, N., Oswald, E.: Successfully attacking masked AES hardware implementations. In: Rao, J.R., Sunar, B. (eds.) Cryptographic Hardware and Embedded Systems - CHES 2005, volume 3659 of Lecture Notes in Computer Science, pp 157–171. Springer, Heidelberg (2005)

    Google Scholar 

  34. Moradi, A.: Statistical tools flavor side-channel collision attacks. In: Pointcheval, D., Johansson, T. (eds.) EUROCRYPT, volume 7237 of Lecture Notes in Computer Science, pp 428–445. Springer (2012)

  35. Moradi, A., Mischke, O., Eisenbarth, T.: Correlation-enhanced power analysis collision attack . In: Mangard, S., Standaert, F.-X. (eds.) CHES, volume 6225 of Lecture Notes in Computer Science, pp 125–139. Springer (2010)

  36. Moradi, A., Poschmann, A., Ling, S., Paar, C., Wang, H.: Pushing the limits: A very compact and a threshold implementation of AES. In: Paterson, K. (ed.) Advances in Cryptology - EUROCRYPT 2011, volume 6632 of Lecture Notes in Computer Science, pp 69–88. Springer, Heidelberg (2011)

    Google Scholar 

  37. NANGATE. The NanGate 45nm Open Cell Library. Available at, http://www.nangate.com

  38. Nikova, S., Rechberger, C., Rijmen, V.: Threshold implementations against side-channel attacks and glitches. In: Ning, P., Qing, S., Li, N. (eds.) Information and Communications Security, volume 4307 of Lecture Notes in Computer Science, pp 529–545. Springer, Heidelberg (2006)

    Google Scholar 

  39. Nikova, S., Rijmen, V., Schläffer, M.: Secure hardware implementation of non-linear functions in the presence of glitches. In: Lee, P.J., Cheon, J.H. (eds.) Information Security and Cryptology - ICISC 2008, volume 5461 of Lecture Notes in Computer Science, pp 218–234. Springer, Heidelberg (2009)

    Google Scholar 

  40. Nikova, S., Rijmen, V., Schläffer, M.: Secure hardware implementation of nonlinear functions in the presence of glitches. J. Cryptol. 24, 292–321 (2011)

    Article  MATH  Google Scholar 

  41. Oswald, E., Mangard, S., Pramstaller, N., Rijmen, V.: A side-channel analysis resistant description of the AES s-box. In: Gilbert, H., Handschuh, H. (eds.) Fast Software Encryption, volume 3557 of Lecture Notes in Computer Science, pp 413–423. Springer, Heidelberg (2005)

    Google Scholar 

  42. Popp, T., Mangard, S.: Masked dual-rail pre-charge logic: DPA-resistance without routing constraints. In: Rao, J.R., Sunar, B. (eds.) Cryptographic Hardware and Embedded Systems - CHES 2005, volume 3659 of Lecture Notes in Computer Science, pp 172–186. Springer, Heidelberg (2005)

    Google Scholar 

  43. Poschmann, A., Moradi, A., Khoo, K., Lim, C.-W., Wang, H., Ling, S.: Side-channel resistant crypto for less than 2,300 GE. J. Cryptol. 24(2), 322–345 (2011)

    Article  MATH  MathSciNet  Google Scholar 

  44. Rivain, M., Prouff, E.: Provably secure higher-order masking of AES. In: Mangard, S., Standaert, F.-X. (eds.) Cryptographic Hardware and Embedded Systems - CHES 2010, volume 6225 of Lecture Notes in Computer Science, pp 413–427. Springer, Heidelberg (2010)

    Google Scholar 

  45. Rotman, J.J.: An introduction to the theory of groups. Springer-Verlag, Heidelberg (1999)

    Google Scholar 

  46. Saarinen, M.-J.O.: Cryptographic analysis of all 4 x 4-bit s-boxes. In: Miri, A., Vaudenay, S. (eds.) Selected Areas in Cryptography, volume 7118 of Lecture Notes in Computer Science, pp 118–133. Springer, Heidelberg (2012)

    Google Scholar 

  47. Tiri, K., Verbauwhede, I.: A logic level design methodology for a secure DPA resistant ASIC or FPGA implementation. In: Proceedings of the Conference on Design, Automation and Test in Europe - volume 1, DATE ’04, pp. 10246–. IEEE Computer Society, Washington (2004)

  48. Trichina, E., Korkishko, T., Lee, K.: Small size, low power, side channel-immune AES coprocessor: design and synthesis results. In: Dobbertin, H., Rijmen, V., Sowa, A. (eds.) Advanced Encryption Standard - AES, volume 3373 of Lecture Notes in Computer Science, pp 113–127. Springer, Heidelberg (2005)

    Google Scholar 

  49. Wernsdorf, R.: The round functions of rijndael generate the alternating group. In: Daemen, J., Rijmen, V. (eds.) Fast Software Encryption, volume 2365 of Lecture Notes in Computer Science, pp 143–148. Springer, Heidelberg (2002)

    Google Scholar 

Download references

Acknowledgments

We would like to thank the reviewers for their detailed comments, Christophe De Cannière for the fruitful discussions and for sharing part of his toolkit for affine equivalent classes with us, Georg Stütz for contributing to the proof of Theorem 1 and Anastasiya Gorodilova for kind assistance with APN permutations.

This work has been supported in part by the Research Council of KU Leuven (OT/13/071), B. Bilgin was partially supported by the FWO project G0B4213N, V. Nikov was supported by the European Commission (FP7) within the Tamper Resistant Sensor Node (TAMPRES) project with contract number 258754 and N. Tokareva and V. Vitkup were supported by the Russian Foundation for Basic Research (project 120131097) and by Grant NSh1939.2014.1 of President of Russia for Leading Scientific Schools.

Author information

Authors and Affiliations

  1. Katholieke Universiteit Leuven, ESAT-COSIC and iMinds, Leuven, Belgium

    Begül Bilgin, Svetla Nikova & Vincent Rijmen

  2. NXP Semiconductors, Leuven, Belgium

    Ventzislav Nikov

  3. Sobolev Institute of Mathematics and Novosibirsk State University, Novosibirsk, Russia

    Natalia Tokareva & Valeriya Vitkup

Authors
  1. Begül Bilgin
    View author publications

    You can also search for this author inPubMed Google Scholar

  2. Svetla Nikova
    View author publications

    You can also search for this author inPubMed Google Scholar

  3. Ventzislav Nikov
    View author publications

    You can also search for this author inPubMed Google Scholar

  4. Vincent Rijmen
    View author publications

    You can also search for this author inPubMed Google Scholar

  5. Natalia Tokareva
    View author publications

    You can also search for this author inPubMed Google Scholar

  6. Valeriya Vitkup
    View author publications

    You can also search for this author inPubMed Google Scholar

Corresponding author

Correspondence to Begül Bilgin.

Appendix Tables

Appendix Tables

Table 9 The 4 classes of 3-bit permutations
Full size table
Table 10 The 302 classes of 4-bit permutations
Full size table
Table 11 The 302 classes of 4-bit permutations
Full size table
Table 12 The 302 classes of 4-bit permutations
Full size table
Table 13 The 302 classes of 4-bit permutations
Full size table
Table 14 Known S-boxes and their classes
Full size table
Table 15 Quadratic decomposition length 2
Full size table

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Bilgin, B., Nikova, S., Nikov, V. et al. Threshold implementations of small S-boxes. Cryptogr. Commun. 7, 3–33 (2015). https://doi.org/10.1007/s12095-014-0104-7

Download citation

  • Received:

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s12095-014-0104-7

Keywords