Reference : Fast Evaluation of Polynomials over Binary Finite Fields and Application to Side-Chan...
Scientific congresses, symposiums and conference proceedings : Paper published in a book
Engineering, computing & technology : Computer science
http://hdl.handle.net/10993/19541
Fast Evaluation of Polynomials over Binary Finite Fields and Application to Side-Channel Countermeasures
English
Coron, Jean-Sébastien [University of Luxembourg > Faculty of Science, Technology and Communication (FSTC) > Computer Science and Communications Research Unit (CSC) >]
Roy, Arnab [University of Luxembourg > Computer Science and Communications Research Unit > > ; Technical University of Denmark > Department of Applied Mathematics and Computer Science]
Venkatesh, Srinivas Vivek mailto [University of Luxembourg > Faculty of Science, Technology and Communication (FSTC) > Computer Science and Communications Research Unit (CSC) >]
2014
Cryptographic Hardware and Embedded Systems – CHES 2014
Batina, Lejla
Robshaw, Matthew
Springer
Lecture Notes in Computer Science, 8731
170-187
Yes
International
978-3-662-44708-6
16th Workshop on Cryptographic Hardware and Embedded Systems – CHES 2014
23-09-2014 to 26-09-2014
South Korea
[en] side-channel countermeasure ; masking ; polynomial evaluation ; finite field
[en] We describe a new technique for evaluating polynomials over binary finite fields. This is useful in the context of anti-DPA countermeasures when an S-box is expressed as a polynomial over a binary finite field. For n-bit S-boxes our new technique has heuristic complexity ${\cal O}(2^{n/2}/\sqrt{n})$ instead of ${\cal O}(2^{n/2})$ proven complexity for the Parity-Split
method. We also prove a lower bound of ${\Omega}(2^{n/2}/\sqrt{n})$ on the complexity of any method to evaluate $n$-bit S-boxes; this shows that our method is asymptotically optimal. Here, complexity refers to the number of non-linear multiplications required to evaluate the polynomial corresponding to an S-box.

In practice we can evaluate any 8-bit S-box in 10 non-linear multiplications instead of 16
in the Roy-Vivek paper from CHES 2013, and the DES S-boxes in 4 non-linear multiplications instead of 7. We also evaluate any 4-bit S-box in 2 non-linear multiplications instead of 3. Hence our method achieves optimal complexity for the PRESENT S-box.
Researchers ; Professionals ; Students
http://hdl.handle.net/10993/19541
10.1007/978-3-662-44709-3_10
http://eprint.iacr.org/2014/890
The final publication is available at www.springerlink.com

File(s) associated to this reference

Fulltext file(s):

FileCommentaryVersionSizeAccess
Open access
sboxdes-eprint.pdfFull versionAuthor postprint439.14 kBView/Open

Bookmark and Share SFX Query

All documents in ORBilu are protected by a user license.