Transparency order versus confusion coefficient: a case study of NIST lightweight cryptography S-Boxes
Tóm tắt
Side-channel resistance is nowadays widely accepted as a crucial factor in deciding the security assurance level of cryptographic implementations. In most cases, non-linear components (e.g. S-Boxes) of cryptographic algorithms will be chosen as primary targets of side-channel attacks (SCAs). In order to measure side-channel resistance of S-Boxes, three theoretical metrics are proposed and they are reVisited transparency order (VTO), confusion coefficients variance (CCV), and minimum confusion coefficient (MCC), respectively. However, the practical effectiveness of these metrics remains still unclear. Taking the 4-bit and 8-bit S-Boxes used in NIST Lightweight Cryptography candidates as concrete examples, this paper takes a comprehensive study of the applicability of these metrics. First of all, we empirically investigate the relations among three metrics for targeted S-boxes, and find that CCV is almost linearly correlated with VTO, while MCC is inconsistent with the other two. Furthermore, in order to verify which metric is more effective in which scenarios, we perform simulated and practical experiments on nine 4-bit S-Boxes under the non-profiled attacks and profiled attacks, respectively. The experiments show that for quantifying side-channel resistance of S-Boxes under non-profiled attacks, VTO and CCV are more reliable while MCC fails. We also obtain an interesting observation that none of these three metrics is suitable for measuring the resistance of S-Boxes against profiled SCAs. Finally, we try to verify whether these metrics can be applied to compare the resistance of S-Boxes with different sizes. Unfortunately, all of them are invalid in this scenario.
Tài liệu tham khảo
Andreeva E, Lallemand V, Purnal A, Reyhanitabar R, Roy A, Vizár D (2019) Forkae v. In: Submission to NIST lightweight cryptography project
Banik S, Bogdanov A, Peyrin T, Sasaki Y, Sim SM, Tischhauser E Todo Y (2019) Sundae-gift. In: Submission to NIST lightweight cryptography project 1
Banik S, Chakraborti A, Iwata T, Minematsu K, Nandi M, Peyrin T, Sasaki Y, Sim SM, Todo Y (2019) Gift-cofb. In: Submission to NIST lightweight cryptography project 1
Bao Z, Chakraborti A, Datta N, Guo J, Nandi M, Peyrin T, Yasuda K (2019) Photon-beetle authenticated encryption and hash family. Submiss NIST Lightweight Cryptogr Proj 1:115
Beierle C, Jean J, Kölbl S, Leander G, Moradi A, Peyrin T, Sasaki Y, Sasdrich P, Sim SM (2020) SKINNY-AEAD and skinny-hash. IACR Trans Symmetric Cryptol 2020(S1):88–131. https://doi.org/10.13154/tosc.v2020.iS1.88-131
Bellizia D, Berti F, Bronchain O, Cassiers G, Duval S, Guo C, Leander G, Leurent G, Levi I, Momin C et al (2020) Spook: Sponge-based leakage-resistant authenticated encryption with a masked tweakable block cipher. IACR Trans Symmetric Cryptol 2020(S1):295–349. https://doi.org/10.13154/tosc.v2020.iS1.295-349
Benadjila R, Prouff E, Strullu R, Cagli E, Dumas C (2020) Deep learning for side-channel analysis and introduction to ASCAD database. J Cryptogr Eng 10(2):163–188. https://doi.org/10.1007/s13389-019-00220-8
Brier E, Clavier C, Olivier F (2004) Correlation power analysis with a leakage model. In: Cryptographic hardware and embedded systems—CHES 2004: 6th international workshop Cambridge, vol 3156. MA, USA, August 11–13, 2004. Springer, Berlin, pp 16–29
Cagli E, Dumas C, Prouff E (2017) Convolutional neural networks with data augmentation against jitter-based countermeasures—profiling attacks without pre-processing. In: Fischer W, Homma N (eds) Cryptographic hardware and embedded systems—CHES 2017—19th international conference, Taipei, Taiwan, September 25–28, 2017, vol 10529. Lecture Notes in Computer Science. Springer, Berlin, pp 45–68
Canteaut A, Duval S, Leurent G, Naya-Plasencia M, Perrin L, Pornin T, Schrottenloher A (2019) Saturnin: a suite of lightweight symmetric algorithms for post-quantum security
Carlet C (2005) On highly nonlinear s-Boxes and their inability to thwart DPA attacks. In: Progress in cryptology—INDOCRYPT 2005. 6th international conference on cryptology in India, Bangalore, India, December 10–12, 2005. Springer, Berlin, pp 49–62
Carlet C, de Chérisey É, Guilley S, Kavut S, Tang D (2021) Intrinsic resiliency of S-Boxes against side-channel attacks-best and worst scenarios. IEEE Trans Inf Forensics Secur 16:203–218. https://doi.org/10.1109/TIFS.2020.3006399
Chakraborti A, Datta N, Jha A, Mancillas-López C, Nandi M, Sasaki Y (2020) Estate: a lightweight and low energy authenticated encryption mode. IACR Trans Symmetric Cryptol 2020(S1):350–389. https://doi.org/10.13154/tosc.v2020.iS1.350-389
Chakraborti A, Datta N, Jha A, Lopez CM, Nandi M, Sasaki Y (2019) Lotus-aead and locus-aead. In: Submission to NIST lightweight cryptography project
Chakraborti A, Datta N, Jha A, Nandi M (2019) Hyena. In: Submission to NIST lightweight cryptography project
Chakraborty K, Sarkar S, Maitra S, Mazumdar B, Mukhopadhyay D, Prouff E (2017) Redefining the transparency order. Des Codes Crypt 82(1–2):95–115. https://doi.org/10.1007/s10623-016-0250-3
Chakraborty B, Nandi M (2019) mixFeed https://csrc.nist.gov/projects/lightweight-cryptography/round-2-candidates
Chakraborty B, Nandi M (2019) Orange. In: Submission to NIST lightweight cryptography project
Chari S, Rao JR, Rohatgi P (2002) Template attacks. In: Jr., B.S.K., Koç, Ç.K., Paar, C. (eds.) Cryptographic hardware and embedded systems—CHES 2002, 4th international workshop, Redwood Shores, CA, USA, August 13–15, 2002. Lecture Notes in Computer Science, vol. 2523. Springer, Berlin, pp. 13–28
Choudary O, Kuhn MG (2013) Efficient template attacks. In: Francillon, A., Rohatgi, P. (eds.) Smart card research and advanced applications—12th international conference, CARDIS 2013, Berlin, Germany, November 27–29, 2013. Lecture Notes in Computer Science, vol. 8419. Springer, Berlin, pp. 253–270. https://doi.org/10.1007/978-3-319-08302-5_17
de la Cruz Jiménez RA (2018) On some methods for constructing almost optimal s-boxes and their resilience against side-channel attacks. IACR Cryptol ePrint Arch 2018:618
Dobraunig C, Mennink B (2019) Elephant v1. In: Submission to NIST lightweight cryptography project
Doget J, Prouff E, Rivain M, Standaert F-X (2011) Univariate side channel attacks and leakage modeling. J Cryptogr Eng 1(2):123. https://doi.org/10.1007/s13389-011-0010-2
Duc A, Dziembowski S, Faust S (2019) Unifying leakage models: from probing attacks to noisy leakage. J Cryptol 32(1):151–177. https://doi.org/10.1007/s00145-018-9284-1
Ege B, Papagiannopoulos K, Batina L, Picek S (2015) Improving DPA resistance of S-Boxes: How far can we go? In: 2015 IEEE international symposium on circuits and systems. ISCAS 2015, Lisbon, Portugal, May 24–27, 2015. IEEE Press, Piscataway, NJ, pp 2013–2016
Fei Y, Luo Q, Ding AA (2012) A statistical model for DPA with novel algorithmic confusion analysis. In: Cryptographic hardware and embedded systems—CHES 2012—14th international workshop, vol 7428. Leuven, Belgium, September 9–12, 2012. Springer, Berlin, pp 233–250
FIPS PUB 197: Advanced encryption standard. National Institute of Standards and Technology, Gaithersburg, Maryland, USA (2001)
Freyre-Echevarría A, Martínez-Díaz I, Legón-Pérez CM, Gómez GS, Rojas O (2020) Evolving nonlinear S-Boxes with improved theoretical resilience to power attacks. IEEE Access 8:202728–202737. https://doi.org/10.1109/ACCESS.2020.3035163
Goudarzi D, Jean J, Kölbl S, Peyrin T, Rivain M, Sasaki Y, Sim SM (2019) Pyjamask v1. 0. In: Submission to NIST lightweight cryptography project
Gueron S, Jha A, Nandi M (2019) Comet: counter mode encryption with authentication tag. In: Submission to NIST lightweight cryptography project
Guilley S, Heuser A, Rioul O (2015) A key to success—success exponents for side-channel distinguishers. In: Biryukov A, Goyal V (eds) Progress in cryptology—INDOCRYPT 2015—16th international conference on cryptology in India, Bangalore, India, December 6–9, 2015, vol 9462. Springer, Berlin, pp 270–290
Guilley S, Hoogvorst P, Pacalet R (2004) Differential power analysis model and some results. In: Smart card research and advanced applications VI, IFIP 18th world computer congress, TC8/WG8.8 and TC11/WG11.2 Sixth international conference on smart card research and advanced applications (CARDIS), 22–27 August 2004, Toulouse, France, vol. 153. Springer, Berlin, pp 127–142
Heuser A, Picek S, Guilley S, Mentens N (2020) Lightweight ciphers and their side-channel resilience. IEEE Trans Comput 69(10):1434–1448. https://doi.org/10.1109/TC.2017.2757921
Heuser A, Picek S, Guilley S, Mentens N (2016) Side-channel analysis of lightweight ciphers: Does lightweight equal easy? In: Radio frequency identification and IoT security—12th international workshop, vol 10155. RFIDSec 2016, Hong Kong, China, November 30–December 2, 2016. Springer, Berlin, pp 91–104
Iwata T, Khairallah M, Minematsu K, Peyrin T (2019) Romulus v1. 2. In: Submission to NIST lightweight cryptography project
Kavut S, Baloğlu S (2016) Classification of \(6 \times 6\) S-boxes obtained by concatenation of RSSBs. In: Lightweight cryptography for security and privacy—5th international workshop, vol 10098. LightSec 2016, Aksaray, Turkey, September 21–22, 2016. Springer, Berlin, pp 110–127
Kocher P, Jaffe J, Jun B (1999) Differential power analysis. In: Advances in cryptology—CRYPTO ’99. 19th annual international cryptology conference, Santa Barbara, California, USA, August 15–19, 1999. Springer, Berlin, pp 388–397
Li H, Zhou Y, Ming J, Yang G, Jin C (2020) The notion of transparency order, revisited. Comput J 63(12):1915–1938. https://doi.org/10.1093/comjnl/bxaa069
Maghrebi H, Portigliatti T, Prouff E (2016) Breaking cryptographic implementations using deep learning techniques. In: Carlet C, Hasan MA, Saraswat V (eds) Security, privacy, and applied cryptography engineering—6th international conference, SPACE 2016, Hyderabad, India, December 14–18, 2016, vol 10076. Lecture Notes in Computer Science. Springer, Berlin, pp 3–26
Mangard S (2004) Hardware countermeasures against DPA ? In: A statistical analysis of their effectiveness. Topics in Cryptology—CT-RSA 2004, vol 2964. The cryptographers’ track at the RSA conference 2004, San Francisco, CA, USA, February 23–27, 2004. Springer, Berlin, pp 222–235
Martínez-Díaz I, Freyre-Echevarria A (2020) S-boxes with theoretical resistance against power attacks under Hamming leakage models. https://www.researchgate.net/publication/344233977_S-boxes_with_theoretical_resistance_against_power_attacks_under_Hamming_leakage_models. Accessed 7 June 2021
Naito Y, Matsui M, Sakai Y, Suzuki D, Sakiyama K, Sugawara T (2019) Saeaes. In: Submission to NIST lightweight cryptography project
NIST (2021) Lightweight cryptography standardization process. https://csrc.nist.gov/projects/lightweight-cryptography. Accessed 7 June 2021
O’Flynn C, Chen ZD (2014) Chipwhisperer: an open-source platform for hardware embedded security research. In: Constructive side-channel analysis and secure design—5th international workshop, COSADE 2014, Paris, France, April 13–15, 2014, vol. 8622. Springer, Berlin, pp 243–260
Patranabis S, Roy DB, Chakraborty A, Nagar N, Singh A, Mukhopadhyay D, Ghosh S (2019) Lightweight design-for-security strategies for combined countermeasures against side channel and fault analysis in IoT applications. J Hardw Syst Secur 3(2):103–131. https://doi.org/10.1007/s41635-018-0049-y
Picek S, Batina L, Jakobovic D (2014) Evolving DPA-resistant Boolean functions. In: Parallel problem solving from nature—PPSN XIII—13th international conference, vol 8672. Ljubljana, Slovenia, September 13–17, 2014. Springer, Berlin, pp 812–821
Picek S, Papagiannopoulos K, Ege B, Batina L, Jakobovic D (2014) Confused by confusion: systematic evaluation of DPA resistance of various S-Boxes. In: Progress in cryptology—INDOCRYPT 2014—15th international conference on cryptology in India, vol 8885. New Delhi, India, December 14–17, 2014. Springer, Berlin, pp 374–390
Picek S, Yang B, Mentens N (2016) A search strategy to optimize the affine variant properties of S-Boxes. In: Arithmetic of finite fields—6th international workshop, vol 10064. WAIFI 2016, Ghent, Belgium, July 13–15, 2016. Springer, Berlin, pp 208–223
Prouff E (2005) DPA attacks and S-Boxes. In: Fast software encryption: 12th international workshop, vol 3557. FSE 2005, Paris, France, February 21–23, 2005. Springer, Berlin, pp 424–441
Rivain M, Prouff E, Doget J (2009) Higher-order masking and shuffling for software implementations of block ciphers. In: Cryptographic hardware and embedded systems—CHES 2009, vol 5747. 11th international workshop, Lausanne, Switzerland, September 6–9, 2009. Springer, Berlin, pp 171–188
Runlian Z, Yaping S, Yongzhuang W, Yingxin L (2020) A new automatic search method for cryptographic S-Box. J Comput Res Dev 57(7):1415. https://doi.org/10.7544/issn1000-1239.2020.20190537
Smith LN (2017) Cyclical learning rates for training neural networks. In: 2017 IEEE winter conference on applications of computer vision, WACV 2017, Santa Rosa, CA, USA, March 24–31, 2017, pp. 464–472. IEEE Computer Society, Piscataway, NJ. https://doi.org/10.1109/WACV.2017.58
Standaert F-X, Peeters E, Quisquater J-J (2005) On the masking countermeasure and higher-order power analysis attacks. In: International symposium on information technology: coding and computing (ITCC 2005), vol 1. Las Vegas, Nevada, USA,4–6 April 2005. IEEE Computer Society, Piscataway, NJ, pp 562–567
Valiveti A, Vivek S (2020) Second-order masked lookup table compression scheme. IACR Trans Cryptogr Hardw Embed Syst 2020(4):129–153. https://doi.org/10.13154/tches.v2020.i4.129-153
Wouters L, Arribas V, Gierlichs B, Preneel B (2020) Revisiting a methodology for efficient CNN architectures in profiling attacks. IACR Trans Cryptogr Hardw Embed Syst 2020(3):147–168. https://doi.org/10.13154/tches.v2020.i3.147-168
Zhang W, Ding T, Yang B, Bao Z, Xiang Z, Ji F, Zhao X (2019) Knot: algorithm specifications and supporting document. In: Submission to NIST lightweight cryptography project
Zhu Y, Reddi VJ (2017) Optimizing general-purpose CPUs for energy-efficient mobile web computing. ACM Trans Comput Syst 35(1):1–1131. https://doi.org/10.1145/3041024