Provably Secure S-Box Implementation Based on Fourier Transform

Abstract: Abstract. Cryptographic algorithms implemented in embedded devices must withstand Side Channel Attacks such as the Differential Power Analysis (DPA). A common method of protecting symmetric cryptographic implementations against DPA is to use masking techniques. However, clever masking of non-linear parts such as S-Boxes is difficult and has been the flaw of many countermeasures. In this article, we take advantage of some remarkable properties of the Fourier Transform to propose a new method to thwart DPA on th… Show more

“…One of the most studied countermeasures is masking [9,12,25,35], which by randomizing the secret internals aims at cutting the relation between the side-channel leakages and predictable processes. Realization of masking in hardware platforms faces many challenges due to the uncontrolled glitches happening inside the masked circuits.…”

Detecting Hidden Leakages

“…One of the most studied countermeasures is masking [9,12,25,35], which by randomizing the secret internals aims at cutting the relation between the side-channel leakages and predictable processes. Realization of masking in hardware platforms faces many challenges due to the uncontrolled glitches happening inside the masked circuits.…”

Detecting Hidden Leakages

“…Moreover, the solution is provided together with a proof of security that allows the reader to formally validate its security. In this paper, we show that contrary to what is claimed in [11], a DPA attack can be successfully mounted against this countermeasure. We exhibit the flaw upon which our attack is based and we present how to successfully exploit it to recover the value of a secret parameter.…”

“…A DPA (also called first order DPA in the literature when it is compared to higher order DPA) exploits the leakage about a single intermediate sensitive variable. Hereafter, we recall the formal definition of the security against DPA (see for instance [2,4,11]). …”

“…We exhibit the flaw upon which our attack is based and we present how to successfully exploit it to recover the value of a secret parameter. Finally, we propose an improvement of the countermeasure proposed in [11] and we prove its security versus DPA in a realistic model.…”

“…Many papers have been published that aim at providing a solution to this problem (see for instance [1,7,10,11,12]). At CHES 2006, Prouff, Giraud and Aumônier proposed in [11] a solution that may be of particular interest when the input/output dimensions of the function to protect are small and when the masks values are regenerated many times during the algorithm processing. Moreover, the solution is provided together with a proof of security that allows the reader to formally validate its security.…”

Attack and Improvement of a Secure S-Box Calculation Based on the Fourier Transform

A Generic Method for Secure SBox Implementation