Constrained Search for a Class of Good Bijective $S$-Boxes With Improved DPA Resistivity

Abstract

The transparency order is proposed as a parameter for the robustness of S-boxes to differential power analysis (DPA): lower transparency order implying more resistance. However, most cryptographically strong S-boxes have been found to have high transparency order. In this paper, we characterize transparency order for various classes of S-boxes by computing the upper and lower bounds of transparency order for both even and odd numbers of variables. We find high transparency order values in the class of S-boxes whose sum of autocorrelation spectra of the coordinate functions has zero value for a large number of vectors a. Also instead of propagation characteristics, autocorrelation spectra of the S-box function F are found to be stronger in deciding the transparency order. With this characterization, we performed a constrained random generation and search of a class of balanced 8 × 8 S-boxes with transparency order upper bounded by 7.8. The nonlinearity and absolute indicator values of global avalanche characteristics of the coordinate functions of the S-boxes are in the range (98, 110) and (48, 88), respectively. A correlation analysis DPA on table look-up implementation of AES Rijndael S-box revealed the last round key in 700 power traces, while it took at least 1500 power traces with S-boxes from our proposed class.