Skip to main content
SpringerLink
Log in
Book cover

International Conference on Information Security and Cryptology

ICISC 2013: Information Security and Cryptology -- ICISC 2013 pp 91–108Cite as

Enabling 3-Share Threshold Implementations for all 4-Bit S-Boxes

  • Conference paper
  • First Online:

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 8565))

Abstract

Threshold Implementation (TI) is an elegant and promising lightweight countermeasure for hardware implementations to resist first order Differential Power Analysis (DPA) in the presence of glitches. Unfortunately, in its most efficient version with only three shares, it can only be applied to 50 % of all 4-bit S-boxes so far. In this paper, we introduce a new approach, called factorization, that enables us to protect all 4-bit S-boxes with a 3-share TI. This allows—for the first time—to protect numerous important ciphers to which the 3-share TI countermeasure was previously not applicable, such as CLEFIA, DES, DESL, GOST, HUMMINGBIRD1, HUMMINGBIRD2, LUCIFER, mCrypton, SERPENT, TWINE, TWOFISH among others. We verify the security and correctness with experiments on simulations and real world power traces and finally provide exemplary decompositions of all those S-boxes.

This is a preview of subscription content, log in via an institution.

Chapter
USD   29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD   39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD   54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions

Notes

  1. 1.

    See Sect. 5 for our detailed line of argumentation.

References

  1. NIST Special Publication 800-90A.: Recommendation for random number generation using deterministic random bit generators. Technical report (2012). http://csrc.nist.gov/publications/nistpubs/800-90A/SP800-90A.pdf

  2. Bertoni, G., Daemen, J., Debande, N., Le, T.-H., Peeters, M., Van Assche, G.: Power analysis of hardware implementations protected with secret sharing. Cryptology ePrint Archive, Report 2013/067 (2013). http://eprint.iacr.org/

  3. Bertoni, G., Daemen, J., Peeters, M., Van Assche, G.: Building power analysis resistant implementations of KECCAK. In: Second SHA-3 Candidate Conference (2010)

    Google Scholar 

  4. Biham, E., Anderson, R., Knudsen, L.R.: SERPENT: a new block cipher proposal. In: Vaudenay, S. (ed.) FSE 1998. LNCS, vol. 1372, pp. 222–238. Springer, Heidelberg (1998)

    Chapter  Google Scholar 

  5. Bilgin, B., Nikova, S., Nikov, V., Rijmen, V., Stütz, G.: Threshold implementations of all \(3 \times 3\) and \(4 \times 4\) s-boxes. In: Prouff, E., Schaumont, P. (eds.) CHES 2012. LNCS, vol. 7428, pp. 76–91. Springer, Heidelberg (2012)

    Chapter  Google Scholar 

  6. Brier, E., Clavier, C., Olivier, F.: Correlation power analysis with a leakage model. In: Joye, M., Quisquater, J.-J. (eds.) CHES 2004. LNCS, vol. 3156, pp. 16–29. Springer, Heidelberg (2004)

    Chapter  Google Scholar 

  7. Coron, J.-S., Goubin, L.: On Boolean and arithmetic masking against differential power analysis. In: Koç, Ç.K., Paar, C., et al. (eds.) CHES 2000. LNCS, vol. 1965, pp. 231–237. Springer, Heidelberg (2000)

    Chapter  Google Scholar 

  8. Engels, D., Saarinen, M.-J.O., Schweitzer, P., Smith, E.M.: The HUMMINGBIRD-2 lightweight authenticated encryption algorithm. In: Juels, A., Paar, C. (eds.) RFIDSec 2011. LNCS, vol. 7055, pp. 19–31. Springer, Heidelberg (2012)

    Chapter  Google Scholar 

  9. Fan, X., Hu, H., Gong, G., Smith, E.M., Engels, D.: Lightweight implementation of HUMMINGBIRD cryptographic algorithm on 4-bit microcontroller. In: ICITST 2009 (2009)

    Google Scholar 

  10. Gandolfi, K., Mourtel, C., Olivier, F.: Electromagnetic analysis: concrete results. In: Koç, Ç.K., Naccache, D., Paar, C. (eds.) CHES 2001. LNCS, vol. 2162, pp. 251–261. Springer, Heidelberg (2001)

    Chapter  Google Scholar 

  11. Gierlichs, B., Batina, L., Tuyls, P., Preneel, B.: Mutual information analysis. In: Oswald, E., Rohatgi, P. (eds.) CHES 2008. LNCS, vol. 5154, pp. 426–442. Springer, Heidelberg (2008)

    Chapter  Google Scholar 

  12. Jacobson, N.: Basic Algebra, vol. 1, 2nd edn. Dover, Mineola (2009). ISBN 978-0-486-47189-1

    Google Scholar 

  13. Kocher, P.C.: Timing attacks on implementations of Diffie-Hellman, RSA, DSS, and other systems. In: Koblitz, N. (ed.) CRYPTO 1996. LNCS, vol. 1109, pp. 104–113. Springer, Heidelberg (1996)

    Google Scholar 

  14. Kocher, P.C., Jaffe, J., Jun, B.: Differential power analysis. In: Wiener, M. (ed.) CRYPTO 1999. LNCS, vol. 1666, pp. 388–397. Springer, Heidelberg (1999)

    Chapter  Google Scholar 

  15. Leander, G., Paar, C., Poschmann, A., Schramm, K.: New lightweight DES variants. In: Biryukov, A. (ed.) FSE 2007. LNCS, vol. 4593, pp. 196–210. Springer, Heidelberg (2007)

    Chapter  Google Scholar 

  16. Lim, C.H., Korkishko, T.: mCrypton – a lightweight block cipher for security of low-cost RFID tags and sensors. In: Song, J.-S., Kwon, T., Yung, M. (eds.) WISA 2005. LNCS, vol. 3786, pp. 243–258. Springer, Heidelberg (2006)

    Chapter  Google Scholar 

  17. Mangard, S., Oswald, E., Popp, T.: Power Analysis Attacks: Revealing the Secrets of Smart Cards. Advances in Information Security. Springer, New York (2007)

    Google Scholar 

  18. Mangard, S., Popp, T., Gammel, B.M.: Side-channel leakage of masked CMOS gates. In: Menezes, A. (ed.) CT-RSA 2005. LNCS, vol. 3376, pp. 351–365. Springer, Heidelberg (2005)

    Chapter  Google Scholar 

  19. Mangard, S., Pramstaller, N., Oswald, E.: Successfully attacking masked AES hardware implementations. In: Rao, J.R., Sunar, B. (eds.) CHES 2005. LNCS, vol. 3659, pp. 157–171. Springer, Heidelberg (2005)

    Chapter  Google Scholar 

  20. Moradi, A., Poschmann, A., Ling, S., Paar, C., Wang, H.: Pushing the limits: a very compact and a threshold implementation of AES. In: Paterson, K.G. (ed.) EUROCRYPT 2011. LNCS, vol. 6632, pp. 69–88. Springer, Heidelberg (2011)

    Chapter  Google Scholar 

  21. Moradi, A., Mischke, O., Paar, C., Li, Y., Ohta, K., Sakiyama, K.: On the power of fault sensitivity analysis and collision side-channel attacks in a combined setting. In: Preneel, B., Takagi, T. (eds.) CHES 2011. LNCS, vol. 6917, pp. 292–311. Springer, Heidelberg (2011)

    Chapter  Google Scholar 

  22. U.S. Department of Commerce National Bureau of Standards.: Data encryption standard. Technical report (1977). http://csrc.nist.gov/publications/fips/fips46-3/fips46-3.pdf

  23. National Security Agency.: TEMPEST: a signal problem. Cryptologic Spectrum, vol. 2(3) (1972) (declassified 2007)

    Google Scholar 

  24. Nikova, S., Rechberger, C., Rijmen, V.: Threshold implementations against side-channel attacks and glitches. In: Ning, P., Qing, S., Li, N. (eds.) ICICS 2006. LNCS, vol. 4307, pp. 529–545. Springer, Heidelberg (2006)

    Chapter  Google Scholar 

  25. Nikova, S., Rijmen, V., Schläffer, M.: Secure hardware implementation of nonlinear functions in the presence of glitches. J. Cryptol. 24(2), 292–321 (2011)

    Article  MATH  Google Scholar 

  26. Nikova, S., Rijmen, V., Schläffer, M.: Secure hardware implementation of non-linear functions in the presence of glitches. In: Lee, P.J., Cheon, J.H. (eds.) ICISC 2008. LNCS, vol. 5461, pp. 218–234. Springer, Heidelberg (2009)

    Chapter  Google Scholar 

  27. Popp, T., Mangard, S.: Masked dual-rail pre-charge logic: DPA-resistance without routing constraints. In: Rao, J.R., Sunar, B. (eds.) CHES 2005. LNCS, vol. 3659, pp. 172–186. Springer, Heidelberg (2005)

    Chapter  Google Scholar 

  28. Poschmann, A., Moradi, A., Khoo, K., Lim, C., Wee, C., Wang, H., Ling, S.: Side-channel resistant crypto for less than 2,300 GE. J. Cryptol. 24(2), 322–345 (2011)

    Article  MATH  Google Scholar 

  29. Saarinen, M.-J.O.: Cryptographic analysis of all \(4 \times 4\)-bit s-boxes. In: Miri, A., Vaudenay, S. (eds.) SAC 2011. LNCS, vol. 7118, pp. 118–133. Springer, Heidelberg (2012)

    Chapter  Google Scholar 

  30. Schindler, W.: Random number generators for cryptographic applications. In: Koç, Ç.K. (ed.) Cryptographic Engineering. Springer, New York (2009)

    Google Scholar 

  31. Schneier, B., Kelsey, J., Whiting, D., Wagner, D., Hall, C., Ferguson, N.: The TWOFISH encryption algorithm. Technical report (1998)

    Google Scholar 

  32. Shirai, T., Shibutani, K., Akishita, T., Moriai, S., Iwata, T.: The 128-bit blockcipher CLEFIA (extended abstract). In: Biryukov, A. (ed.) FSE 2007. LNCS, vol. 4593, pp. 181–195. Springer, Heidelberg (2007)

    Chapter  Google Scholar 

  33. Sorkin, A.: LUCIFER, a cryptographic algorithm. Cryptologia 8(1), 22–41 (1984)

    Article  Google Scholar 

  34. Suzaki, T., Minematsu, K., Morioka, S., Kobayashi, E.: TWINE: a lightweight block cipher for multiple platforms. In: Knudsen, L.R., Wu, H. (eds.) SAC 2012. LNCS, vol. 7707, pp. 339–354. Springer, Heidelberg (2013)

    Chapter  Google Scholar 

  35. Zabotin, I.A., Glazkov, G.P., Isaeva, V.B.: Cryptographic protection for information processing systems, Government Standard of the USSR, GOST 28147-89. Government Committee of the USSR for Standards. Technical report (1989)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. PACE Temasek Laboratories, Nanyang Technological University, Singapore, Singapore

    Sebastian Kutzner, Phuong Ha Nguyen & Axel Poschmann

  2. Division of Mathematical Sciences, SPMS, Nanyang Technological University, Singapore, Singapore

    Sebastian Kutzner, Phuong Ha Nguyen & Axel Poschmann

Authors
  1. Sebastian Kutzner
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Phuong Ha Nguyen
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Axel Poschmann
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Phuong Ha Nguyen .

Editor information

Editors and Affiliations

  1. EWHA Womans University, Seoul, Korea, Republic of (South Korea)

    Hyang-Sook Lee

  2. Kookmin University, Seoul, Korea, Republic of (South Korea)

    Dong-Guk Han

A Appendix: 3-Share TIs of S-Boxes in \(B_{16}\)

A Appendix: 3-Share TIs of S-Boxes in \(B_{16}\)

In this section, we present the 3-share TIs of some S-boxes or important permutations which are in \(B_{16}\) by using a hybrid structure. All examples use the odd permutation \(M=[0, 1, 2, 3, 4, 5, 6, 15, 8, 9, 10, 11, 12, 13, 14, 7]\) which is also used in previous sections. Recall, that \(M\) can be any odd permutation of which the shared version is a 12-bit permutation, i.e., satisfying the uniformity property without using remasking.

Fig. 5.
figure 5

Decompositions of S-boxes.

Full size image

For the sake of convenience, a given permutation is described in hexadecimal representation. For example, if a permutation \(F=[15, 5, 6, 14, 13, 7, 2, 10, 8, 0, 11, 1, 12, 4, 9, b],\) then \(F\) is written as follows: \(\mathrm{F}=\mathrm{f56ed72a80b1c493}\). All S-boxes in this section can be found in [5, 29] or from their respective specifications.

All S-boxes below belong to \(B_{16}\) and they can be decomposed in two different ways (see Fig. 5):

  • type 1: \(S(\cdot )=M(F(G(G(\cdot ))))\)

  • type 2: \(S(\cdot )=M(F(G(\cdot )))\)

In fact nearly all S-boxes belong to type 1 and only two S-boxes (\(iS_4\) of HUMMINGBIRD2 and \(S_5\) of SERPENT) belong to type 2. The 3-share TIs of all \(F\) and \(G\) by using direct sharing are 12-bit permutations.

CLEFIA [32]

  1. 1.

    \(SS_0\): \(\mathrm{F}=\mathrm{e6ca89d24b10537f},\; \mathrm{G}=\mathrm{021346fda89bce57}\);

  2. 2.

    \(SS_1\): \(\mathrm{F}=\mathrm{6f29a5e3781cd4b0},\; \mathrm{G}=\mathrm{053f8db72694ae1c}\);

  3. 3.

    \(SS_2\): \(\mathrm{F}=\mathrm{b56e7302da981cf4},\; \mathrm{G}=\mathrm{094c187f2b6e3a5d}\);

  4. 4.

    \(SS_3\): \(\mathrm{F}=\mathrm{a6d295c37bf048e1},\; \mathrm{G}=\mathrm{02319b8a57ec46df}\);

DES [22]. Actually, the \(i\)-th DES S-box (\(DESi\)) contains a set of four 4-bit S-boxes. Notation \(DESi_j\) means the \(j\)-th row (i.e., 4-bit S-box) of the \(i\)-th DES S-box.

  1. 1.

    \(DES2_0\): \(\mathrm{F}=\mathrm{f986bda42c710e35},\;\mathrm{G}=\mathrm{4c28a0f7d539b16e}\);

  2. 2.

    \(DES2_1\): \(\mathrm{F}=\mathrm{acd1265b97403fe8},\;\mathrm{G}=\mathrm{1c593a7f0d482b6e}\);

  3. 3.

    \(DES2_2\): \(\mathrm{F}=\mathrm{d3f0c481b596a2e7},\; \mathrm{G}=\mathrm{9d26a78503cf4e1b}\);

  4. 4.

    \(DES2_3\): \(\mathrm{F}=\mathrm{dc8b37421f6a5e09},\;\mathrm{G}=\mathrm{0b1a46579382decf}\);

  5. 5.

    \(DES3_0\): \(\mathrm{F}=\mathrm{d69e75a410f2b3c8},\; \mathrm{G}=\mathrm{168c079d24be35af}\);

  6. 6.

    \(DES3_1\): \(\mathrm{F}=\mathrm{803a46ed952f17bc},\;\mathrm{G}=\mathrm{17069a8b5243dfce}\);

  7. 7.

    \(DES3_2\): \(\mathrm{F}=\mathrm{df47ae50b921c836},\;\mathrm{G}=\mathrm{0d861c972ea53fb4}\);

  8. 8.

    \(DES3_3\): \(\mathrm{F}=\mathrm{9716fac0b8e4d532},\;\mathrm{G}=\mathrm{fb647ec318a59d02}\);

  9. 9.

    \(DES4_0\): \(\mathrm{F}=\mathrm{fd3402cb75168ae9},\;\mathrm{G}=\mathrm{419b03c8de62fa57}\);

  10. 10.

    \(DES4_1\): \(\mathrm{F}=\mathrm{3edf68ba70c41592},\;\mathrm{G}=\mathrm{125ac68e9bd34f07}\);

  11. 11.

    \(DES4_2\): \(\mathrm{F}=\mathrm{abc4fd928375e610},\;\mathrm{G}=\mathrm{094b6a285d1f3e7c}\);

  12. 12.

    \(DES4_3\): \(\mathrm{F}=\mathrm{36dea581b2f047c9},\;\mathrm{G}=\mathrm{02d64f135e8a9bc7}\);

  13. 13.

    \(DES5_0\): \(\mathrm{F}=\mathrm{28fc1b569a7d304e},\;\mathrm{G}=\mathrm{0e1f869725bcad34}\);

  14. 14.

    \(DES6_0\): \(\mathrm{F}=\mathrm{792bd3c54a81e06f},\;\mathrm{G}=\mathrm{4e396f18a0d7c5b2}\);

  15. 15.

    \(DES6_3\): \(\mathrm{F}=\mathrm{48ac537b2e9f601d},\;\mathrm{G}=\mathrm{0a7c1e68295f3d4b}\);

  16. 16.

    \(DES7_0\): \(\mathrm{F}=\mathrm{6b3d719c2e5a8f40},\;\mathrm{G}=\mathrm{21e74da903c56f8b}\);

  17. 17.

    \(DES7_1\): \(\mathrm{F}=\mathrm{68f143bc970ead52},\;\mathrm{G}=\mathrm{be364f290c1d57a8}\);

  18. 18.

    \(DES7_2\): \(\mathrm{F}=\mathrm{abd4c93e671805f2},\;\mathrm{G}=\mathrm{1a084e5c293b7d6f}\);

  19. 19.

    \(DES8_0\): \(\mathrm{F}=\mathrm{d572c908143be6af},\;\mathrm{G}=\mathrm{0eb4962c1da7853f}\);

  20. 20.

    \(DES8_1\): \(\mathrm{F}=\mathrm{fd963b2745c01ae8},\;\mathrm{G}=\mathrm{1c0d3a2b59487f6e}\);

  21. 21.

    \(DES8_2\): \(\mathrm{F}=\mathrm{fa41e5830b6d72c9},\; \mathrm{G}=\mathrm{048c9d152f6b3e7a}\);

DESL [15]

  1. 1.

    \(Row_0\): \(\mathrm{F}=\mathrm{e6a3d4197f2b5c80},\;\mathrm{G}=\mathrm{091d7f6b5c482a3e}\);

  2. 2.

    \(Row_1\): \(\mathrm{F}=\mathrm{51ebc9378d6204af},\;\mathrm{G}=\mathrm{02cf1b5e93d68a47}\);

  3. 3.

    \(Row_2\): \(\mathrm{F}=\mathrm{15dbef74c2a63809},\;\mathrm{G}=\mathrm{17ad358f269c04be}\);

  4. 4.

    \(Row_3\): \(\mathrm{F}=\mathrm{dae51379f80b64c2},\;\mathrm{G}=\mathrm{af53269e8d7104bc}\);

GOST [35]

  1. 1.

    \(k_3\): \(\mathrm{F}=\mathrm{52840cadb79e613f},\; \mathrm{G}=\mathrm{063d1f24acb5978e}\);

  2. 2.

    \(k_4\): \(\mathrm{F}=\mathrm{f93457dec1a62b08},\; \mathrm{G}=\mathrm{0e7d1b4a2c5f3968}\);

  3. 3.

    \(k_7\): \(\mathrm{F}=\mathrm{d7954f6b2c08e1a3},\;\mathrm{G}=\mathrm{0a6f384c1b7e295d}\);

  4. 4.

    \(k_8\): \(\mathrm{F}=\mathrm{5b79d3f104ae62c8},\;\mathrm{G}=\mathrm{179fda52e46cb038}\);

HUMMINGBIRD1 [9]

  1. 1.

    \(S_0\): \(\mathrm{F}=\mathrm{82f7e639c40ab1d5},\;\mathrm{G}=\mathrm{0f1e9687bd24ac35}\);

  2. 2.

    \(S_1\): \(\mathrm{F}=\mathrm{063b7f42d1eca895},\;\mathrm{G}=\mathrm{0f861e97ad24bc35}\);

  3. 3.

    \(S_2\): \(\mathrm{F}=\mathrm{21430895dbeca76f},\;\mathrm{G}=\mathrm{0ad7b16c92e54f38}\);

  4. 4.

    \(S_3\): \(\mathrm{F}=\mathrm{0f2e7d5c4a6b3819},\;\mathrm{G}=\mathrm{0a7f295c6e1b4d38}\);

HUMMINGBIRD2 [8]

  1. 1.

    \(S_1\): \(\mathrm{F}=\mathrm{f56ed72a80b1c493},\;\mathrm{G}=\mathrm{0a5bd38217ce469f}\);

  2. 2.

    \(S_2\): \(\mathrm{F}=\mathrm{a8034ce7b61d52f9},\;\mathrm{G}=\mathrm{14860d9fae3cb725}\);

  3. 3.

    \(S_3\): \(\mathrm{F}=\mathrm{2f6e5d1c4a380b79},\;\mathrm{G}=\mathrm{0f5bc78293d64a1e}\);

  4. 4.

    \(S_4\): \(\mathrm{F}=\mathrm{0819ae37c4d562fb},\;\mathrm{G}=\mathrm{853b29a47ed1f06c}\);

The inverse S-boxes of HUMMINGBIRD2:

  1. 1.

    \(iS_1\): \(\mathrm{F}=\mathrm{0d42ca8597eb631f},\;\mathrm{G}=\mathrm{3c4b21de56a9780f}\);

  2. 2.

    \(iS_2\): \(\mathrm{F}=\mathrm{de8c94b162305f7a},\;\mathrm{G}=\mathrm{14a69d2fcbe05378}\);

  3. 3.

    \(iS_3\): \(\mathrm{F}=\mathrm{c36740b18e5d2fa9},\;\mathrm{G}=\mathrm{0c6f2a583b491d7e}\);

  4. 4.

    \(iS_4\): \(\mathrm{F}=\mathrm{f5ac403b16927ed8},\;\mathrm{G}=\mathrm{209a8b3164fced75}\); (type 2)

Inversion ( \(\varvec{x}^{{\mathbf {-1}}}\) ) in \({\varvec{GF}}\mathbf (2 ^\mathbf{4}\mathbf ). \) The function \(x^{-1}=\mathrm{019edb76f2c5a438}\) which is defined over \(GF(2)/(x^4 \oplus x \oplus 1).\)

\(F=\mathrm{843dae67f25bc91}\) and \(G=\mathrm{059dbf278e3416ac}\).

LUCIFER [33]

  1. 1.

    \(S_0\): \(\mathrm{F}=\mathrm{a2fde8b7906534c1},\;\mathrm{G}=\mathrm{1e482c6b0f593d7a}\);

  2. 2.

    \(S_1\): \(\mathrm{F}=\mathrm{f21deb047c93658a},\;\mathrm{G}=\mathrm{068f9e174bd3c25a}\);

mCrypton [16]

  1. 1.

    \(S_0\): \(\mathrm{F}=\mathrm{4af0827c3516b9de},\;\mathrm{G}=\mathrm{0a7c5e28396d4f1b}\);

  2. 2.

    \(S_1\): \(\mathrm{F}=\mathrm{19df3b647580cea2},\;\mathrm{G}=\mathrm{06d71fce8a5b9342}\);

  3. 3.

    \(S_2\): \(\mathrm{F}=\mathrm{31078f46ec25ad9b},\;\mathrm{G}=\mathrm{2b5f097d4e186c3a}\);

  4. 4.

    \(S_3\): \(\mathrm{F}=\mathrm{b420af918c7e3d65},\;\mathrm{G}=\mathrm{041d3f26ac97b58e}\);

SERPENT [4]

  1. 1.

    \(S_3\): \(\mathrm{F}=\mathrm{072e351c9db4af86},\;\mathrm{G}=\mathrm{0c792f5a3e4b1d68}\);

  2. 2.

    \(S_4\): \(\mathrm{F}=\mathrm{53bd19f708e6ca24},\;\mathrm{G}=\mathrm{ea5d69cf0873214b}\);

  3. 3.

    \(S_5\): \(\mathrm{F}=\mathrm{7c4b259a3e6f01d8},\;\mathrm{G}=\mathrm{05432761c89feabd}\); (type 2)

  4. 4.

    \(S_7\): \(\mathrm{F}=\mathrm{18679d3f5acb024e},\;\mathrm{G}=\mathrm{0d87961c3fa4b52e}\);

The inverse S-boxes of \(S_3\), \(S_4\), \(S_5\), \(S_7\):

  1. 1.

    \(iS_3\): \(\mathrm{F}=\mathrm{09dacef3b1624578},\;\mathrm{G}=\mathrm{0c483e7a6f2b195d}\);

  2. 2.

    \(iS_4\): \(\mathrm{F}=\mathrm{98b7406fac5e21d3},\;\mathrm{G}=\mathrm{1a0bc2d34e5f8796}\);

  3. 3.

    \(iS_5\): \(\mathrm{F}=\mathrm{87f6dc43b915e2a0},\;\mathrm{G}=\mathrm{0eb63c95842da71f}\);

  4. 4.

    \(iS_7\): \(\mathrm{F}=\mathrm{35f921edc60a874b},\;\mathrm{G}=\mathrm{0c489d5173bfa6e2}\);

TWINE [34]

  1. 1.

    \(S\): \(\mathrm{F}=\mathrm{d2305ebc7a98f614},\;\mathrm{G}=\mathrm{bda5e92c0687431f}\);

TWOFISH [31]

  1. 1.

    \(q1, t1\): \(\mathrm{F}=\mathrm{a0f2d785c139b64e},\;\mathrm{G}=\mathrm{0c483e7a6f2b195d}\);

  2. 2.

    \(q1, t0\): \(\mathrm{F}=\mathrm{2847ba6e1c9d350f},\;\mathrm{G}=\mathrm{069c8d1734aebf25}\);

  3. 3.

    \(q0, t0\): \(\mathrm{F}=\mathrm{50d87b3fa6e29c14},\;\mathrm{G}=\mathrm{b4ace16058732f9d}\);

  4. 4.

    \(q0, t2\): \(\mathrm{F}=\mathrm{456f09ba23e781dc},\;\mathrm{G}=\mathrm{0d841cb73e952fa6}\);

Rights and permissions

Reprints and permissions

Copyright information

© 2014 Springer International Publishing Switzerland

About this paper

Cite this paper

Kutzner, S., Nguyen, P.H., Poschmann, A. (2014). Enabling 3-Share Threshold Implementations for all 4-Bit S-Boxes. In: Lee, HS., Han, DG. (eds) Information Security and Cryptology -- ICISC 2013. ICISC 2013. Lecture Notes in Computer Science(), vol 8565. Springer, Cham. https://doi.org/10.1007/978-3-319-12160-4_6

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-12160-4_6

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-12159-8

  • Online ISBN: 978-3-319-12160-4

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation