Improved Objective Functions to Search for 8 × 8 Bijective S-Boxes With Theoretical Resistance Against Power Attacks Under Hamming Leakage Models

Ismel Martinez-Diaz,Carlos Miguel Legon-Perez,Alejandro Freyre-Echevarria,Guillermo Sosa-Gomez,Omar Rojas

doi:10.1109/access.2022.3145990

Ismel Martinez-Diaz, Carlos Miguel Legon-Perez + Show 3 more

Open Access

https://doi.org/10.1109/access.2022.3145990

Copy DOI

Abstract

Many research focuses on finding S-boxes with good cryptographic properties applying a heuristic method and a balanced, objective function. The design of S-boxes with theoretical resistance against Side-Channel Attacks by power consumption is addressed with properties defined under one of these two models: the Hamming Distance leakage model and the Hamming Weight leakage model. As far as we know, a balanced search criterion that considers properties under both, at the same time, remains an open problem. We define two new optimal objective functions that can be used to obtain S-boxes with good cryptographic properties values, keeping high theoretical resistance for the two leakage models; we encourage using at least one of our objective functions. We apply a Hill Climbing heuristic method over the S-box’s space to measure which objective function is better and to compare the obtained S-boxes with the S-boxes in the actual literature. We also confirm some key relationships between the properties and which property is more suitable to be used.

Highlights

S UBSTITUTION boxes (S-boxes) are a principal component of block ciphers [1]
PROPERTIES OF S-BOXES In this subsection we review some relevant properties of Sboxes with respect to classical and side-channel attacks
The newly created property was known as Modified Transparency Order (MTO), and it takes into account the cross-correlation spectrum of the coordinate functions of the S-box F = (f1, ..., fm), denoted by

Summary

INTRODUCTION

S UBSTITUTION boxes (S-boxes) are a principal component of block ciphers [1]. Since they are involved in the encryption/decryption process, S-boxes represent a target of Side-Channel Attacks (SCA) by power consumption. Some S-box properties have been defined to measure the theoretical resistance against these types of attacks These properties can be classified into two groups according to the leakage model of the power consumption. The design of S-boxes with optimal theoretical resistance towards both Hamming power models is an open issue that we addressed in this work. Ismel et al.: Improved objective functions to search for 8 × 8 bijective S-boxes with theoretical resistance against Power Attacks under Hamming le MTO, low M T O0, low RTO, low RT O0, and high CCV. The results we addressed using the hill-climbing method -a basic metaheuristic [18]- and the proposed optimal objective function reinforces the correlation notion under the same model of power consumption. We briefly resume this work and give some new lines of research in the Conclusions

PRELIMINARIES AND METHODS

SIDE-CHANNEL ANALYSIS BY POWER CONSUMPTION

HILL CLIMBING ALGORITHM

CONCLUSIONS