(n,m)函数抗差分功耗攻击指标的研究综述

doi:10.19665/j.issn1001-2400.2021.01.006

Abstract

Abstract:

(n,m) functions (or S-boxes) are the most basic components in symmetric cryptography,and its cryptographic properties determine some security of symmetric cryptography.Therefore,how to design and analyze (n,m) functions which satisfy various cryptographic properties is an important problem in the research on symmetric cryptography.With the development of the research on the side channel of symmetric cipher algorithms,there are some indicators in the aspect of (n,m) functions resisting differential power attack:the signal-to-noise ratio,transparency order and confusion coefficient.These indicators have gradually become the main indicators to measure the cryptographic properties of (n,m) functions cryptography,and have been applied to the design and analysis of block cipher S-boxes.In this paper,the research results of the signal-to-noise ratio (SNR),transparency order (TO) and confusion coefficient (CC) of (n,m) functions are summarized,including:(1) some relationships between the signal-to-noise ratio of (n,m) functions and the traditional cryptographic indicators;(2) some relationships between the transparency order of (n,m) functions and the traditional cryptographic property;some relationships between the transparency order of a Boolean function and its decomposition functions;few distributions of the transparency order of small variable balance functions;(3) the confusion coefficient of (n,m) function(s);(4)a comprehensive analysis of three indicators of a S-box in some public algorithms.Finally,the research prospect of these three indicators is given.

Key words: (n,m)functions, boolean functions, differential power analysis, transparency order, signal-to-noise ratio, confusion coefficient

CLC Number:

TN918.1

ZHOU Yu,CHEN Zhixiong,ZHUO Zepeng,DU Xiaoni. Survey of results of (n,m)-functions against differential power attack[J].Journal of Xidian University, 2021, 48(1): 50-60.

Figures/Tables 9

References 50

[1]	GUILLEY S, HOOGVORST P, PACALET R. Differential Power Analysis Model and Some Results [C]//IFIP Advances in Information and Communication Technology:153.Heidelberg:Springer, 2004: 127-142.
[2]	PROUFF E. DPA Attacks and S-boxes [C]//Lecture Notes in Computer Science:3557.Heidelberg:Springer, 2005: 424-441.
[3]	FEI Y, DING A A, LAO J, et al.A Statistics-based Fundamental Model for Side-channel Attack Analysis:Cryptology ePrint Archive:Report 2014/152[R/OL]. [2020-07-12].https://eprint.iacr.org/2014/152.
[4]	KOCHER P, JAFFE J, JUN B. Differential Power Analysis [C]//Lecture Notes in Computer Science:1666.Heidelberg:Springer Verlag, 1999: 388-397.
[5]	MESSERGES T S, DABBISH E A, SLOAN R H. Examining Smart-card Security Under the Threat of Power Analysis Attacks[J]. IEEE Transactions on Computers, 2002,51(5):541-552. doi: 10.1109/TC.2002.1004593
[6]	BRIER E, CLAVIER C, OLIVIER F. Correlation Power Analysis with a Leakage Model [C]//Lecture Notes in Computer Science:3156.Heidelberg:Springer Verlag, 2004: 16-29.
[7]	ZHOU Y, ZHAO W, CHEN Z, et al. On the Signal-to-noise Ratio for Boolean Functions[J]. IEICE Transactions on Fundamentals of Electronics,Communications and Computer Sciences, 2020,DOI: 10.1587/transfun.2020EAL2037.
[8]	CHAKRABORTY K, SARKAR S, MAITRA S, et al. Redefining the Transparency Order[J]. Designs,Codes and Cryptography, 2017,82(1/2):95-115. doi: 10.1007/s10623-016-0250-3
[9]	LI H, ZHOU Y, MING J, et al.The Notion of Transparency Order,Revisited:Cryptology ePrint Archive:Report 2019[R/OL].[ 2020-07-12]. https://eprint.iacr.org/2019/683.
[10]	程让. 具有较低透明阶值S盒的分析与构造[D]. 西安:西安电子科技大学, 2017.
[11]	WANG Q, STANICA P. Transparency Order for Boolean Functions:Analysis and Construction[J]. Designs,Codes and Cryptography, 2019,87(9):2043-2059. doi: 10.1007/s10623-019-00604-1
[12]	CARLET C.DE CHERISEYE, GUILLEY S, et al. Intrinsic Resiliency of S-boxes against Side-channel Attacks—Best and Worst Scenarios[J]. IEEE Transactions on Information Forensics and Security, 2021,16:203-218. doi: 10.1109/TIFS.10206
[13]	FEI Y, LUO Q, DING A A. A Statistical Model for DPA with Novel Algorithmic Confusion Analysis [C]//Lecture Notes in Computer Science:7428.Heidelberg:Springer Verlag, 2012: 233-250.
[14]	PICEK S, PAPAGIANNOPOULOS K, EGE B, et al. Confused by Confusion:Systematic Evaluation of DPA Resistance of Various S-boxes [C]//Lecture Notes in Computer Science:8885.Heidelberg:Springer Verlag, 2014: 374-390.
[15]	邱爽, 白国强, 陈弘毅. 针对分组算法的改进混乱系数[J]. 密码学报, 2014,1(2):124-133.
	QIU Shuang, BAI Guoqiang, CHEN Hongyi. One-dimensional Confusion Coefficient for Block Cipher[J]. Journal of Cryptologic Research, 2014,1(2):124-133.
[16]	周宇, 胡予濮, 董新锋. 布尔函数的设计与分析[M]. 北京: 国防工业出版社, 2015.
[17]	LEANDER G, POSCHMANN A. On the Classification of 4 Bit S-boxes [C]//Lecture Notes in Computer Science:4547.Heidelberg:Springer Verlag, 2007: 159-176.
[18]	WU W L, ZHANG L. LBlock:a Lightweight Block Cipher [C]//Lecture Notes in Computer Science:6715.Heidelberg:Springer Verlag, 2011: 327-344.
[19]	BOGDANOV A, KNUDSEN L R, LEANDER G, et al. PRESENT:an Ultra-lightweight Block Cipher [C]//Lecture Notes in Computer Science:4727.Heidelberg:Springer Verlag, 2007: 450-466.
[20]	SHIBUTANI K, ISOBE T, HIWATARI H, et al. Piccolo:an Ultra-lightweight Blockcipher [C]//Lecture Notes in Computer Science:6917.Heidelberg:Springer Verlag, 2011: 342-357.
[21]	BEIERLE C, JEAN J, KOLBL S, et al. The SKINNY Family of Block Ciphers and Its Low-latency Variant MANTIS [C]//Lecture Notes in Computer Science:9815.Heidelberg:Springer Verlag, 2016: 123-153.
[22]	SIMPLICIO M A, PEDRO AQUINO B, BARRETO P S L M, et al.The Marvin Message Authentication Code and the Letter Soup Authenticated Encryption Scheme[J]. Security and Communication Networks, 2009,2(2):165-180. doi: 10.1002/sec.v2:2
[23]	BANIK S, BOGDANOV A, ISOBE T, et al. Midori:a Block Cipher for Low Energy [C]//Lecture Notes in Computer Science:9453.Heidelberg:Springer Verlag, 2015: 411-436.
[24]	BANIK S, PANDEY S K, PEYRIN T, et al. GIFT:a Small Present - towards Reaching the Limit of Lightweight Encryption [C]//Lecture Notes in Computer Science:10529.Heidelberg:Springer Verlag, 2017: 321-345.
[25]	DE CANNIERE C. Analysis and Design of Symmetric Encryption Algorithms[D]. Leuven:Katholieke Universiteit Leuven, 2007.
[26]	CARLET C. On Highly Nonlinear S-boxes and Their Inability to Thwart DPA Attacks [C]//Lecture Notes in Computer Science:3797.Heidelberg:Springer Verlag, 2005: 49-62.
[27]	FAN L, ZHOU Y, FENG D. A Fast Implementation of Computing the Transparency Order of S-boxes [C]//Proceedings of the 2008 9th International Conference for Young Computer Scientists.Washington:IEEE Computer Society, 2008: 206-211.
[28]	MAZUMDAR B, MUKHOPADHYAY D, SENGUPTA I. Constrained Search for a Class of Good Bijective S-boxes with Improved DPA Resistivity[J]. IEEE Transactions on Information Forensics and Security, 2013,8(12):2154-2163. doi: 10.1109/TIFS.2013.2285522
[29]	PICEKS, EGE B, PAPAGIANOPOULOS K, et al. Optimality and beyond:the Case of 4*4 S-boxes [C]//Proceedings of the 2014 IEEE International Symposium on Hardware-Oriented Security and Trust.Piscataway:IEEE, 2014: 80-83.
[30]	SARKAR S, MAITRA S, CHAKRABORTY K. Differential Power Analysis in Hamming Weight Model:How to Choose Among (Extend) Affine Equivalent S-boxes [C]//Lecture Notes in Computer Science:8885.Heidelberg:Springer Verlag, 2014: 360-373.
[31]	MAZUMDAR B. Some RSSB Constructions with Improved Resistance towards Differential Power Analysis [C]// Proceedings of the 2014 9th Workshop on Embedded Systems Security.New York:ACM, 2014: 2668330.
[32]	DE LACRUZ JIMENEZ R A.On Some Methods for Constructing almost Optimal S-boxes and Their Resilience against Side-channel Attacks:IACR Cryptology ePrint Archive:Report 2018-618[R/OL]. [2020-07-12].https://eprint.iacr.org/2018/618.pdfhttps://eprint.iacr.org/2018/618.pdf.
[33]	NIST. Advanced Encryption Standard:Federal Information Processing Standard (FIPS) 197[S]. November 2001.
[34]	Belarusian State University National Research Center for Applied Problems of Mathematics and Informatics. Encryption Algorithm and Hash Function Implementations:State Standard of Republic of Belarus:STB 34.101.31-2011[S]. 2011.
[35]	SHIRAI T, SHIBUTANI K, AKISHITA T, et al. The 128-bit Blockcipher CLEFIA [C]//Lecture Notes in Computer Science:4593.Heidelberg:Springer Verlag, 2007: 181-195.
[36]	VAUDENAY S, JUNOD P.Device and Method for Encrypting and Decrypting a Block of Data:USP20040247117A1[P]. 2004-12-09.
[37]	STANDAERT F X, PIRET G, ROUVROY G, et al. ICEBERG:an Involutional Cipher Efficient for Block Encryption in Reconfigurable Hardware [C]//Lecture Notes in Computer Science:3017.Heidelberg:Springer Verlag, 2004: 279-298.
[38]	BARRETO P S L M, RIJMEN V.The Khazad Legacy-level Block Cipher[C/OL].[2020-07-12].https://www.researchgate.net/profile/Vincent_Rijmen/publication/228924670_The_Khazad_legacy-level_block_cipher/links/0912f50c0517db7739000000/The-Khazad-legacy-level-block-cipher.pdf.
[39]	RFC.Hash Function:RFC 6986-GOST R 34.11-2012[S/OL].[ 2020- 07- 12]. http://www.faqs.org/rfcs/rfc6986.html.
[40]	PIRET G, ROCHE T, CARLET C. PICARO - a Block Cipher Allowing Efficient Higher-order Side-channel Resistance [C]//Lecture Notes in Computer Science:7341.Heidelberg:Springer Verlag, 2012: 311-328.
[41]	GROSSO V, LEURENT G, STANDAERT F X, et al. SCREAM and iSCREAM Side-channel Resistant Authenticated Encryption with Masking[EB/OL].[2020-07-12].https://hal.inria.fr/hal-01093512.
[42]	GERARD B, GROSSO V, NAYA-PLASENCIA M, et al. Block Ciphers That are Easier to Mask:How Far Can We Go? [C]//Lecture Notes in Computer Science:8086.Heidelberg:Springer, 2013: 383-399.
[43]	KAZYMYROV O V, KAZYMYROVA V N, OLIYNYKOV R V. A Method for Generation of High-nonlinear S-boxes Based on Gradient Descent[J]. Mathematical Aspects of Cryptography, 2014,5(2):71-78.
[44]	IVANOV G, NIKOLOV N, NIKOVA S. Reversed Genetic Algorithms for Generation of Bijective S-boxes with Good Cryptographic Properties[J]. Cryptography and Communications, 2016,8(2):247-276.
[45]	ISA H, JAMIL N, Z'ABA M R.Hybrid Heuristic Methods in Constructing Cryptographically Strong S-boxes[J]. International Journal of Cryptology Research, 2016,6(1):1-15.
[46]	IVANOV G, NIKOLOV N, NIKOVA S. Cryptographically Strong S-boxes Generated by Modified Immune Algorithm [C] //Lecture Notes in Computer Science:9540.Heidelberg:Springer Verlag, 2016: 31-42.
[47]	FULLER J, MILLAN W. Linear Redundancy in S-boxes [C]//Lecture Notes in Computer Science:2887.Heidelberg:Springer Verlag, 2003: 74-86.
[48]	DEY S, CHAKRABARTI A, GHOSH R. 4-bit Boolean Functions in Generation and Cryptanalysis of Secure 4-bit Crypto S-boxes[J]. Security and Privacy, 2020,3(1):e90.
[49]	SIMS M.Differential Power Analysis on (Non-)Linear Feedback Shift Registers:IACR Cryptology ePrint Archive:Report 2020-349[R/OL].[ 2020- 07- 12]. http://eprint.iacr.org/2020/349.pdf.
[50]	TANG D. A Note on the Fast Algebraic Immunity and Its Consequences on Modified Majority Functions[J]. Advances in Mathematics of Communications, 2020,14(1):111-125.

(n,m) 函数	SNR的上界或者下界	备注
非平衡(n,m) 函数	S_SNR≥1/m	非平衡 (n,m) 函数SNR下界
平衡(n,m) 函数	1≤S_SNR≤(2ⁿ)^1/2	并没有回答上界是否能达到
仿射(n,m) 函数	S_SNR=(m)^1/2	仿射(n,m) 函数SNR精确值
Bent(n,m) 函数	S_SNR≥(2ⁿ)¹^/²/m	若m=1,则SNR达到下界

序号	信噪比	个数	百分比
1	1.000 000	62	0.000 01
2	1.302 062	15 872	0.002 64
3	1.705 606	59 520	0.009 90
4	1.735 444	833 280	0.138 63
5	2.000 000	8 680	0.001 44
6	2.157 440	555 520	0.092 42
7	2.285 714	9 999 360	1.663 56
8	2.359 071	8 888 320	1.478 72
9	2.439 977	1 666 560	0.277 26
10	2.529 822	1 145 760	0.190 62
11	2.630 384	6 249 600	1.039 73
12	2.873 685	73 773 056	12.273 41
13	3.023 716	90 549 760	15.064 50
14	3.200 000	66 662 400	11.090 43
15	3.411 211	133 324 800	22.180 86
16	3.670 652	166 656 000	27.726 08
17	4.000 000	39 025 280	6.492 52
18	4.437 602	1 666 560	0.277 26

S盒	κ值
Present S盒	1.709
Present仿射变换S盒	3.070
G3,G4,G5,G6,G7,G11,G12,G13	3.020
G0,G1,G2,G8,G9,G10,G14,G15	3.070
AES S盒	0.111
AES仿射变换S盒	0.149

(4,4) S盒	非线性度	差分均匀度	透明阶	信噪比	κ值
Prince S盒	4	4	3.400 0	2.129	1.709
Present S盒	4	4	3.533 3	2.129	1.709
Nokekeon S盒	4	4	3.533 3	2.187	1.615
Klein S盒	4	4	3.467 0	1.691	2.742
Luffa S盒	4	4	3.733 3	2.530	1.191

(8,8) S盒	非线性度	差分均匀度	代数次数	代数免疫	改进透明阶	信噪比	混淆系数
AES S盒^[33]	112	4	7	2	7.860	9.600	0.111
Belt S盒^[34]	102	8	6	3	7.833	8.318	0.169
Clefia S盒^[35]	100	10	6	3	7.745	9.662	0.109
FOX S盒^[36]	96	16	6	3	7.788	9.342	0.121
Iceberg S盒^[37]	96	8	7	3	7.812	10.254	0.089
Khazad S盒^[38]	96	8	7	3	7.800	8.860	0.141
Kuznyechik S盒^[39]	100	8	7	3	7.835	9.571	0.112
Picaro S盒^[40]	94	4	2	3	7.843	8.557	0.147
Scream S盒^[41]	96	8	6	3	7.598	7.921	0.194
Zorro S盒^[42]	96	10	6	3	7.806	9.260	0.124

Survey of results of (n,m)-functions against differential power attack

RichHTML

PDF (PC)

Like

Knowledge

Abstract

Cite this article

share this article

Figures/Tables 9

References 50

Related Articles 14

Metrics

Comments

Recommended 10

构造方法	非线性度	差分均匀度	代数次数	代数免疫	改进透明阶	信噪比	混淆系数
Gradient method^[43]	104	8	7	3	7.823	9.208	0.149
GA1^[44]	106	6	6	2	7.850	9.458	0.108
	108	6	6	2	7.849	9.768	0.119
GA2^[44]	110	6	7	2	7.855	9.850	0.109
	112	6	7	2	7.858	9.866	0.118
H-H method^[45]	102	6	4	3	7.833	8.650	0.102
	104	6	4	3	7.824	8.467	0.108
SpImmAlg^[46]	104	6	7	3	7.822	9.038	0.128
Tweaking^[47]	106	6	7	2	7.854	9.481	未知
F1^[32]	100	8	7	3	7.780	5.873	0.402
F2^[32]	102	8	7	3	7.758	6.384	0.331
G1^[32]	104	8	7	3	7.786	7.400	0.230
G2^[32]	104	6	7	3	7.800	8.380	0.165
H1^[32]	106	6	7	3	7.834	8.644	0.152
H2^[32]	108	6	7	3	7.838	9.335	0.121

[1]	ZHANG Min,JIA Hairong,ZHANG Gangmin,WANG Suying. Speech enhancement combining the self-adaptive soft mask and mixed features [J]. Journal of Xidian University, 2022, 49(2): 108-115.
[2]	ZHANG Yang,ZHENG Guotian,ZHANG Jian,PANG Lihua,LUAN Yingzi. Low complexity preamble detection algorithm in the low SNR region [J]. Journal of Xidian University, 2022, 49(2): 1-10.
[3]	LIN Hongbo,MA Yang. Spatially adaptive EPLL denoising for low-frequency seismic random noise [J]. Journal of Xidian University, 2021, 48(6): 204-211.
[4]	ZHAO Wei,CHOU Shengnan,YANG Shuo,LI Xiongfei. Anti-jamming algorithm for spread spectrum communication using blind source separation [J]. Journal of Xidian University, 2020, 47(1): 73-79.
[5]	ZHU Jia;LIU Hongxia. RF build-in self-test and key measurement processing for the low-cost system-on-chip [J]. Journal of Xidian University, 2017, 44(4): 29-33.
[6]	XU Dongdong;ZHANG Yu;NIE Ting;ZHANG Xingxiang;REN Jianyue. Design and hardware implementation of the small-size CMOS camera system [J]. Journal of Xidian University, 2016, 43(4): 117-122.
[7]	XUE Haiwei;FENG Dazheng. Fast subpixel registration method for InSAR images [J]. Journal of Xidian University, 2016, 43(3): 172-178.
[8]	ZHANG Junchang;ZHANG Dan;CUI Li. Robust adaptive threshold speech endpoint detection method [J]. J4, 2015, 42(5): 115-119.
[9]	ZHANG Junchang;HU Haitao;CUI Li. Robust voice endpoint detection fusing Burg spectrum estimate and signal variability [J]. J4, 2014, 41(3): 192-195+220.
[10]	ZHAO Yongbin;HU Yupu;JIA Yanyan. New design of LFSR based stream ciphers to resist power attack [J]. J4, 2013, 40(3): 172-179+200.
[11]	LI Zhaoxun;HU Hanying;REN Xiukun;CAO Wenkui. Influences of double-Rayleigh fading on transmission system performance [J]. J4, 2011, 38(5): 172-177.
[12]	LIU Fu-yun;XIAO Hong;XIAO Guo-zhen. Research on finding annihilators of Boolean functions based the algebraic normal form fast transformations [J]. J4, 2009, 36(5): 890-895.
[13]	CHEN Jie;HU Yu-pu;WEI Yong-zhuang. A new fast algorithm for constructing depressed functions [J]. J4, 2005, 32(5): 790-793.
[14]	ZHENG Lian-qing1;ZHANG Chuan-rong1;2;DONG Qing-kuan2;FU Xiao-tong2;XIAO Guo-zhen2. Study of nonlinearity bounds of Boolean functions [J]. J4, 2003, 30(2): 281-283.