Reference : Fast Evaluation of Polynomials over Binary Finite Fields and Application to Side-Chan... |

Scientific congresses, symposiums and conference proceedings : Paper published in a book | |||

Engineering, computing & technology : Computer science | |||

http://hdl.handle.net/10993/19541 | |||

Fast Evaluation of Polynomials over Binary Finite Fields and Application to Side-Channel Countermeasures | |

English | |

Coron, Jean-Sébastien [University of Luxembourg > Faculty of Science, Technology and Communication (FSTC) > Computer Science and Communications Research Unit (CSC) >] | |

Roy, Arnab [University of Luxembourg > Computer Science and Communications Research Unit > > ; Technical University of Denmark > Department of Applied Mathematics and Computer Science] | |

Venkatesh, Srinivas Vivek [University of Luxembourg > Faculty of Science, Technology and Communication (FSTC) > Computer Science and Communications Research Unit (CSC) >] | |

2014 | |

Cryptographic Hardware and Embedded Systems – CHES 2014 | |

Batina, Lejla | |

Robshaw, Matthew | |

Springer | |

Lecture Notes in Computer Science, 8731 | |

170-187 | |

Yes | |

International | |

978-3-662-44708-6 | |

16th Workshop on Cryptographic Hardware and Embedded Systems – CHES 2014 | |

23-09-2014 to 26-09-2014 | |

South Korea | |

[en] side-channel countermeasure ; masking ; polynomial evaluation ; finite field | |

[en] We describe a new technique for evaluating polynomials over binary finite fields. This is useful in the context of anti-DPA countermeasures when an S-box is expressed as a polynomial over a binary finite field. For n-bit S-boxes our new technique has heuristic complexity ${\cal O}(2^{n/2}/\sqrt{n})$ instead of ${\cal O}(2^{n/2})$ proven complexity for the Parity-Split
method. We also prove a lower bound of ${\Omega}(2^{n/2}/\sqrt{n})$ on the complexity of any method to evaluate $n$-bit S-boxes; this shows that our method is asymptotically optimal. Here, complexity refers to the number of non-linear multiplications required to evaluate the polynomial corresponding to an S-box. In practice we can evaluate any 8-bit S-box in 10 non-linear multiplications instead of 16 in the Roy-Vivek paper from CHES 2013, and the DES S-boxes in 4 non-linear multiplications instead of 7. We also evaluate any 4-bit S-box in 2 non-linear multiplications instead of 3. Hence our method achieves optimal complexity for the PRESENT S-box. | |

Researchers ; Professionals ; Students | |

http://hdl.handle.net/10993/19541 | |

10.1007/978-3-662-44709-3_10 | |

http://eprint.iacr.org/2014/890 | |

The final publication is available at www.springerlink.com |

File(s) associated to this reference | ||||||||||||||

| ||||||||||||||

All documents in ORBi^{lu} are protected by a user license.