Paper 2018/949

Constructing TI-Friendly Substitution Boxes using Shift-Invariant Permutations

Si Gao, Arnab Roy, and Elisabeth Oswald

Abstract

The threat posed by side channels requires ciphers that can be efficiently protected in both software and hardware against such attacks. In this paper, we proposed a novel Sbox construction based on iterations of shift-invariant quadratic permutations and linear diffusions. Owing to the selected quadratic permutations, all of our Sboxes enable uniform 3-share threshold implementations, which provide first order SCA protections without any fresh randomness. More importantly, because of the "shift-invariant" property, there are ample implementation trade-offs available, in software as well as hardware. We provide implementation results (software and hardware) for a four-bit and an eight-bit Sbox, which confirm that our constructions are competitive and can be easily adapted to various platforms as claimed. We have successfully verified their resistance to first order attacks based on real acquisitions. Because there are very few studies focusing on software-based threshold implementations, our software implementations might be of independent interest in this regard.

Note: Fixing incorrect data in Table 1, 28 contains 4 linear permutations.

Metadata
Available format(s)
PDF
Publication info
Published elsewhere. Major revision. CT-RSA 2019
Keywords
Shift-invariantThreshold implementationSbox
Contact author(s)
si gao @ bristol ac uk
History
2019-02-15: last of 4 revisions
2018-10-09: received
See all versions
Short URL
https://ia.cr/2018/949
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2018/949,
      author = {Si Gao and Arnab Roy and Elisabeth Oswald},
      title = {Constructing TI-Friendly Substitution Boxes using Shift-Invariant Permutations},
      howpublished = {Cryptology ePrint Archive, Paper 2018/949},
      year = {2018},
      note = {\url{https://eprint.iacr.org/2018/949}},
      url = {https://eprint.iacr.org/2018/949}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.