机构地区:[1]School of Information Security, Shanghai Jiao Tong University [2]School of Computer Science, South China Normal University [3]State Key Laboratory of Information Security, Institute of Information Engineering, Chinese Academy of Sciences
出 处:《Chinese Journal of Electronics》2017年第1期93-100,共8页电子学报(英文版)
基 金:supported by New Century Excellent Talents in University of Ministry of Education(No.NCET-12-0358);Technology Innovation Research Program in Shanghai Municipal Education Commission(No.12ZZ019);Supporting Program of the Twelfth Five-year Plan for Sci. and Tech. Research of China(No.2011BAK13B05,No.2014BAK06B00);the National Natural Sciences Foundation of China(No.61572028);the Foundation for Distinguished Young Teachers in Higher Education of Guangdong(No.Yq2013051);the Project of Science and Technology New Star of Guangzhou Pearl River(No.2014J2200006);the Natural Science Foundation of Guangdong(No.2014A030313439)
摘 要:The threshold implementation method of Substitution box(S-box) has been proposed by Nikova et al. for resisting first-order Differential power attacks with glitches. To lower the time complexity for a threshold implementation of a specific non-linear function, one needs to decompose the function first and then search possible share methods for it. However, the time complexity for this search process is still non-trivial. In this paper, an effective method of searching threshold implementations of4-bit S-boxes is proposed. It mainly consists of two stages.For the decomposing stage, an efficient way of decomposing an S-box is introduced. For the sharing stage, the search complexity is lowered by the technique of time memory trade-off. As a result, threshold implementations of various lightweight block ciphers' S-boxes are given. Moreover, our method is applied to each 4-bit involutive S-box and some candidates of threshold implementations are presented.The threshold implementation method of Substitution box(S-box) has been proposed by Nikova et al. for resisting first-order Differential power attacks with glitches. To lower the time complexity for a threshold implementation of a specific non-linear function, one needs to decompose the function first and then search possible share methods for it. However, the time complexity for this search process is still non-trivial. In this paper, an effective method of searching threshold implementations of4-bit S-boxes is proposed. It mainly consists of two stages.For the decomposing stage, an efficient way of decomposing an S-box is introduced. For the sharing stage, the search complexity is lowered by the technique of time memory trade-off. As a result, threshold implementations of various lightweight block ciphers' S-boxes are given. Moreover, our method is applied to each 4-bit involutive S-box and some candidates of threshold implementations are presented.
关 键 词:S-box Differential power attacks Threshold implementation Time memory trade-off
分 类 号:TN918.2[电子电信—通信与信息系统]
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
