Threshold implementations of small S-boxes

Threshold implementations of small S-boxes Full article

Journal

Cryptography and Communications
ISSN: 1936-2447 , E-ISSN: 1936-2455

Output data

Year: 2014, Volume: 7, Number: 1, Pages: 3-33 Pages count : 31 DOI: 10.1007/s12095-014-0104-7

Tags

Decomposition; DPA; Glitches; Masking; Nonlinear functions; S-box; Sharing

Authors

Bilgin Begül ¹ , Nikova Svetla ¹ , Nikov Ventzislav ² , Rijmen Vincent ¹ , Tokareva Natalia ^3,4 , Vitkup Valeriya ^3,4

Affiliations

1	Katholieke Universiteit Leuven, ESAT-COSIC and iMinds, Leuven, Belgium
2	NXP Semiconductors, Leuven, Belgium
3	Sobolev Institute of Mathematics, Novosibirsk, Russian Federation
4	Novosibirsk State University, Novosibirsk, Russian Federation

Threshold implementation (TI) is a masking method that provides security against first-order DPA with minimal assumptions on the hardware. It is based on multi-party computation and secret sharing. In this paper, we provide an efficient technique to find TIs for all 3 and 4-bit permutations which also covers the set of 3×3 and 4×4 invertible S-boxes. We also discuss alternative methods to construct shared functions by changing the number of variables or shares. Moreover, we further consider the TI of 5-bit almost bent and 6-bit almost perfect nonlinear permutations. Finally, we compare the areas of these various TIs.

Bilgin B. , Nikova S. , Nikov V. , Rijmen V. , Tokareva N. , Vitkup V.
Threshold implementations of small S-boxes
Cryptography and Communications. 2014. V.7. N1. P.3-33. DOI: 10.1007/s12095-014-0104-7 WOS Scopus OpenAlex

Web of science:	WOS:000351306800002
Scopus:	2-s2.0-84937645070
OpenAlex:	W2166531223

DB	Citing
Scopus	54
OpenAlex	59
Web of science	36