Comparing Sboxes of ciphers from the perspective of side-channel attacks

Lerman, Liran; Markowitch, Olivier; Veshchikov, Nikita

doi:10.1109/asianhost.2016.7835556

Cited by 6 publications

(6 citation statements)

References 17 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…We refer the interested readers to [6], [35], where the authors use machine learning techniques to determine the best moment of transition between each part of the hybrid algorithm. From the practical experiments conducted in [13], [29], [36], we have some reference on the influence of confusion coefficient variance in side-channel scenarios. Under the Hamming-Weight power model, high confusion coefficient variance values imply better resistance to correlation power attacks as shown in [13], [29].…”

Section: A Experimental Resultsmentioning

confidence: 99%

Evolving Nonlinear S-Boxes With Improved Theoretical Resilience to Power Attacks

et al. 2020

View full text Add to dashboard Cite

Substitution boxes are the main nonlinear component of block ciphers. The security of these ciphers against linear, differential, or side-channel attacks is dependent on the design of such component and their intrinsic properties. There are several methods that aim to cryptographically define, generate, or search for strong substitution boxes. The application of combinatorial optimization algorithms is one of the most useful methodologies in this research area. In this paper, we present a novel hybrid method based on the Leaders and Followers and hill-climbing over Hamming Weight Classes metaheuristics, coupled with a new trade-off fitness function that generates 8-bit bijective substitution boxes with good resisting properties towards classical cryptanalysis and side-channel attacks by power consumption. We address the best Pareto optimal solutions for the multi-objective optimization of non-linearity and confusion coefficient variance.

show abstract

Section: A Experimental Resultsmentioning

confidence: 99%

Evolving Nonlinear S-Boxes With Improved Theoretical Resilience to Power Attacks

et al. 2020

View full text Add to dashboard Cite

show abstract

“…The first, Hamming Distance (HD) model, includes properties like Modified Transparency Order (MTO) [3] and Revised Transparency Order (RTO) [10]. For the second group, Hamming Weight (HW) leakage model, properties like Transparency Order (TO) [2] 1 , Confusion Coefficient Variance (CCV) [7], Modified Transparency Order for the zero logic precharge (M T O 0 ) [8] and Revised Transparency Order for the zero logic precharge (RT O 0 ) [10] can be found in the literature.…”

Section: Introductionmentioning

confidence: 99%

Improved Objective Functions to Search for 8 × 8 Bijective S-Boxes With Theoretical Resistance Against Power Attacks Under Hamming Leakage Models

et al. 2022

View full text Add to dashboard Cite

Many research focuses on find S-boxes with good cryptographic properties applying a heuristic method and a balanced, objective function. The design of S-boxes with theoretical resistance against Side-Channel Attacks by power consumption is addressed with properties defined under one of these two models: the Hamming Distance leakage model and the Hamming Weight leakage model. As far as we know, a balanced search criterion that considers properties under both, at the same time, remains an open problem. We define two new optimal objective functions that can be used to obtain S-boxes with good cryptographic properties values, keeping high theoretical resistance for the two leakage models; we encourage using at least one of our objective functions. We apply a Hill Climbing heuristic method over the S-box's space to measure which objective function is better and to compare the obtained S-boxes with the S-boxes in the actual literature. We also confirm some key relationships between the properties and which property is more suitable to be used.

show abstract

“…All Ascon family members provide 128-bit security in the notion of nonce-based authenticated encryption with associated data (AEAD), that is, they protect the confidentiality of the plaintext (except its length) and the integrity of ciphertext including the associated data (under adaptive forgery attempts). The number of processed plaintext and associated data blocks protected by the encryption algorithm is limited to a total of 2 64 blocks per key, which corresponds to 2 67 bytes (for Ascon-128, Ascon-80pq) or 2 68 bytes (for Ascon-128a). We consider this as more than sufficient for lightweight applications in practice.…”

Section: Authenticated Encryptionmentioning

confidence: 99%

“…Next, we give a list of papers that either evaluate the side-channel and fault resistance of Ascon or elaborate protection mechanisms against side-channel and fault attacks [4,7,12,[28][29][30]50,51,55,60,68,[77][78][79]83].…”

Section: Implementation Security and Robustnessmentioning

confidence: 99%

Ascon v1.2: Lightweight Authenticated Encryption and Hashing

et al. 2021

View full text Add to dashboard Cite

Authenticated encryption satisfies the basic need for authenticity and confidentiality in our information infrastructure. In this paper, we provide the specification of Ascon-128 and Ascon-128a. Both authenticated encryption algorithms provide efficient authenticated encryption on resource-constrained devices and on high-end CPUs. Furthermore, they have been selected as the “primary choice” for lightweight authenticated encryption in the final portfolio of the CAESAR competition. In addition, we specify the hash function Ascon-Hash, and the extendable output function Ascon-Xof. Moreover, we complement the specification by providing a detailed overview of existing cryptanalysis and implementation results.

show abstract

Comparing Sboxes of ciphers from the perspective of side-channel attacks

Cited by 6 publications

References 17 publications

Evolving Nonlinear S-Boxes With Improved Theoretical Resilience to Power Attacks

Evolving Nonlinear S-Boxes With Improved Theoretical Resilience to Power Attacks

Improved Objective Functions to Search for 8 × 8 Bijective S-Boxes With Theoretical Resistance Against Power Attacks Under Hamming Leakage Models

Ascon v1.2: Lightweight Authenticated Encryption and Hashing

Contact Info

Product

Resources

About