International Association for Cryptologic Research

International Association
for Cryptologic Research

CryptoDB

Paper: On highly nonlinear S-boxes and their inability to thwart DPA attacks (completed version)

Authors:
C. Carlet
Download:
URL: http://eprint.iacr.org/2005/387
Search ePrint
Search Google
Abstract: Prouff has introduced recently, at FSE 2005, the notion of transparency order of S-boxes. This new characteristic is related to the ability of an S-box, used in a cryptosystem in which the round keys are introduced by addition, to thwart single-bit or multi-bit DPA attacks on the system. If this parameter has sufficiently small value, then the S-box is able to withstand DPA attacks without that ad-hoc modifications in the implementation be necessary (these modifications make the encryption about twice slower). We prove lower bounds on the transparency order of highly nonlinear S-boxes. We show that some highly nonlinear functions (in odd or even numbers of variables) have very bad transparency orders: the inverse functions (used as S-box in the AES), the Gold functions and the Kasami functions (at least under some assumption).
BibTeX
@misc{eprint-2005-12721,
  title={On highly nonlinear S-boxes and their inability to thwart DPA attacks (completed version)},
  booktitle={IACR Eprint archive},
  keywords={secret-key cryptography /},
  url={http://eprint.iacr.org/2005/387},
  note={completed version of a paper presented at INDOCRYPT 2005 claude.carlet@inria.fr 13122 received 28 Oct 2005, last revised 5 Dec 2005},
  author={C. Carlet},
  year=2005
}