Transparency order (
) is one of the indicators used to measure the resistance of
-function to differential power analysis. At present, there are three definitions:
, redefined transparency order (
...), and modified transparency order (
). For the first time, we give one necessary and sufficient condition for
-function reaching
and completely characterize
-functions reaching
for any
and
. We find that any
-function cannot reach
for odd
. Based on the matrix product, the necessary conditions for
-function reaching
or
are given, respectively. Finally, it is proved that any balanced
-function cannot reach the upper bound on
(or
,
).
Local Search Trajectories over S-box space Martínez-Díaz, Ismel; Legón-Pérez, Carlos Miguel; Rojas, Omar ...
Journal of information security and applications,
09/2022, Letnik:
69
Journal Article
Abstract
We revisit the definition of transparency order (TO) and that of modified transparency order (MTO) as well, which were proposed to measure the resistance of substitution boxes (S-boxes) ...against differential power analysis (DPA). We spot a definitional flaw in original TO, which is proved to significantly affect the soundness of TO. Regretfully, MTO overlooks this flaw, yet it happens to incur no bad effects on the correctness of MTO, even though the start point of this formulation is highly questionable. It is also this neglect that made MTO consider a variant of multi-bit DPA attack, which was mistakenly thought to appropriately serve as an alternative powerful attack. This implies the soundness of MTO is also more or less arguable. Therefore, we fix this definitional flaw and provide a revised definition named reVisited TO (VTO). For demonstrating validity and soundness of VTO, we present simulated and practical DPA attacks on implementations of $4\times 4$ and $8\times 8$ S-boxes. In addition, we also illustrate the soundness of VTO in masked S-boxes. Furthermore, as a concrete application of VTO, we present the distribution of VTO values of optimal affine equivalence classes of $4\times 4$ S-boxes and give some recommended guidelines on how to select $4\times 4$ S-boxes with higher DPA resistance at the identical level of implementation cost.
Abstract
The notion of confusion coefficient (CC) is a property that attempts to characterize the confusion property of cryptographic algorithms against differential power analysis. In this article, ...we establish a relationship between CC and the transparency order (TO) for any Boolean function and deduce some relationships between the sum-of-squares of CC, signal-to-noise ratio, and TO. We also give a tight upper bound and a tight lower bound on the sum-of-squares of CC for balanced s-plateaued functions. Finally, the results generalized a lower bound on the sum-of-squares of CC of Boolean functions with the Hamming weight
k
.
The Internet of Things is a resource-constrained device that demands lightweight cryptographic solutions to achieve high performance and optimal security. In lightweight ciphers Substitution Box ...(S-box) plays an important role as it enables confusion property. However, it is one of the costlier operations. The design and construction of such S-boxes for Internet of Things (IoT) devices are crucial..Hence, we propose a 4-bit, highly Nonlinear, Bijective, Balanced S-box called Feather S-box to enable confusion in lightweight ciphers. The hardware performance of Feather S-Box is analysed in terms of Area and Critical Path-Delay cost. While examining the Area Delay-Product and Power-Delay Product, it shows 23% and 19% lower than PRESENT cipher and 12% lesser than GIFT and KATAN ciphers. The security analysis of the proposed S-Box is also done in terms of Nonlinearity, Bijective, Balanced, Global Avalanche characteristics, resistance to Algebraic attack, Side-channel attacks, Differential and Linear Cryptanalysis. The Feather S-box also exhibts good cryptographic properties such as Nonlinearity and immunity against Algebraic attacks. Moreover, it offers good resistance against Side-channel attack, Differential and Linear Cryptanalysis. We also observed that the Feather S-box has the highest immunity against Differential and Linear Cryptanalysis except for the SKINNY cipher.
Many research focuses on finding S-boxes with good cryptographic properties applying a heuristic method and a balanced, objective function. The design of S-boxes with theoretical resistance against ...Side-Channel Attacks by power consumption is addressed with properties defined under one of these two models: the Hamming Distance leakage model and the Hamming Weight leakage model. As far as we know, a balanced search criterion that considers properties under both, at the same time, remains an open problem. We define two new optimal objective functions that can be used to obtain S-boxes with good cryptographic properties values, keeping high theoretical resistance for the two leakage models; we encourage using at least one of our objective functions. We apply a Hill Climbing heuristic method over the S-box's space to measure which objective function is better and to compare the obtained S-boxes with the S-boxes in the actual literature. We also confirm some key relationships between the properties and which property is more suitable to be used.
The notion of transparency order, proposed by Prouff (DPA attacks and S-boxes, FSE 2005, LNCS 3557, Springer, Berlin, 2005) and then redefined by Chakraborty et al. (Des Codes Cryptogr 82:95–115, ...2017), is a property that attempts to characterize the resilience of cryptographic algorithms against differential power analysis attacks. In this paper, we give a tight upper bound on the transparency order in terms of nonlinearity, inferring the worst possible transparency order of those functions with the same nonlinearity. We also give a lower bound between transparency order and nonlinearity. We study certain classes of Boolean functions for their transparency order and find that this parameter for some functions of low algebraic degree can be determined by their nonlinearity. Finally, we construct two infinite classes of balanced semibent Boolean functions with provably relatively good transparency order (this is the first time that an infinite class of highly nonlinear balanced functions with provably good transparency order is given).
The concept of transparency order (denoted by TO) is an important criterion of (n,m)-functions to resist against differential power analysis (DPA). In this paper, we give several transparency order ...relationships of some Boolean functions. We give the lower bound on the transparency order for Boolean function, and obtain the transparency order relationship between one Boolean function and its decomposition Boolean functions. Furthermore, we deduce one relationship among TO(f⊕g), TO(f), TO(g) and TO(fg) for any n-variable Boolean functions f,g. Finally, we study the transparency order for the sum function and for the product function between two variable-disjoint Boolean functions, and calculate the transparency order distributions of 4-variable and 5-variable balanced Boolean functions, respectively.
Redefining the transparency order Chakraborty, Kaushik; Sarkar, Sumanta; Maitra, Subhamoy ...
Designs, codes, and cryptography,
01/2017, Letnik:
82, Številka:
1-2
Journal Article
Recenzirano
Odprti dostop
In this paper, we consider the multi-bit Differential Power Analysis (DPA) in the Hamming weight model. In this regard, we revisit the definition of Transparency Order (
TO
) from the work of Prouff ...(FSE 2005) and find that the definition has certain limitations. Although this work has been quite well referred in the literature, surprisingly, these limitations remained unexplored for almost a decade. We analyse the definition from scratch, modify it and finally provide a definition with better insight that can theoretically capture DPA in Hamming weight model for hardware implementation with precharge logic. At the end, we confront the notion of (revised) transparency order with attack simulations in order to study to what extent the low transparency order of an s-box impacts the efficiency of a side channel attack against its processing. To the best of our knowledge, this is the first time that such a critical analysis is conducted (even considering the original notion of Prouff). It practically confirms that the transparency order is indeed related to the resistance of the s-box against side-channel attacks, but it also shows that it is not sufficient alone to directly achieve a satisfying level of security. Regarding this point, our conclusion is that the (revised) transparency order is a valuable criterion to consider when designing a cryptographic algorithm, and even if it does not preclude to also use classical countermeasures like masking or shuffling, it enables to improve their effectiveness.