CryptoDB
On highly nonlinear S-boxes and their inability to thwart DPA attacks (completed version)
| Authors: | |
|---|---|
| Download: | |
| Abstract: | Prouff has introduced recently, at FSE 2005, the notion of transparency order of S-boxes. This new characteristic is related to the ability of an S-box, used in a cryptosystem in which the round keys are introduced by addition, to thwart single-bit or multi-bit DPA attacks on the system. If this parameter has sufficiently small value, then the S-box is able to withstand DPA attacks without that ad-hoc modifications in the implementation be necessary (these modifications make the encryption about twice slower). We prove lower bounds on the transparency order of highly nonlinear S-boxes. We show that some highly nonlinear functions (in odd or even numbers of variables) have very bad transparency orders: the inverse functions (used as S-box in the AES), the Gold functions and the Kasami functions (at least under some assumption). |
BibTeX
@misc{eprint-2005-12721,
title={On highly nonlinear S-boxes and their inability to thwart DPA attacks (completed version)},
booktitle={IACR Eprint archive},
keywords={secret-key cryptography /},
url={http://eprint.iacr.org/2005/387},
note={completed version of a paper presented at INDOCRYPT 2005 claude.carlet@inria.fr 13122 received 28 Oct 2005, last revised 5 Dec 2005},
author={C. Carlet},
year=2005
}