Skip to content

Constructing TI-Friendly Substitution Boxes Using Shift-Invariant Permutations

Research output: Chapter in Book/Report/Conference proceedingConference contribution

  • Si Gao
  • Arnab Roy
  • Elisabeth Oswald
Original languageEnglish
Title of host publicationTopics in Cryptology – CT-RSA 2019 - The Cryptographers’ Track at the RSA Conference 2019, Proceedings
EditorsMitsuru Matsui
Publisher or commissioning bodySpringer Verlag
Number of pages20
ISBN (Print)9783030126117
DateAccepted/In press - 18 Nov 2018
DatePublished (current) - 3 Feb 2019
EventCryptographers Track at the RSA Conference 2019, CT-RSA 2019 - San Francisco, United States
Duration: 4 Mar 20198 Mar 2019

Publication series

NameLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume11405 LNCS
ISSN (Print)0302-9743
ISSN (Electronic)1611-3349


ConferenceCryptographers Track at the RSA Conference 2019, CT-RSA 2019
CountryUnited States
CitySan Francisco


The threat posed by side channels requires ciphers that can be efficiently protected in both software and hardware against such attacks. In this paper, we proposed a novel Sbox construction based on iterations of shift-invariant quadratic permutations and linear diffusions. Owing to the selected quadratic permutations, all of our Sboxes enable uniform 3-share threshold implementations, which provide first order SCA protections without any fresh randomness. More importantly, because of the \shift-invariant" property, there are ample implementation trade-offs available, in software as well as hardware. We provide implementation results (software and hardware) for a four-bit and an eight-bit Sbox, which confirm that our constructions are competitive and can be easily adapted to various platforms as claimed. We have successfully verified their resistance to first order attacks based on real acquisitions. Because there are very few studies focusing on software-based threshold implementations, our software implementations might be of independent interest in this regard.

    Research areas

  • Sbox, Shift-invariant, Threshold implementation


Cryptographers Track at the RSA Conference 2019, CT-RSA 2019

Duration4 Mar 20198 Mar 2019
CitySan Francisco
CountryUnited States

Event: Conference

Download statistics

No data available



  • Full-text PDF (accepted author manuscript)

    Rights statement: This is the accepted author manuscript (AAM). The final published version (version of record) is available online via Springer Verlag at . Please refer to any applicable terms of use of the publisher.

    Accepted author manuscript, 1.16 MB, PDF document

    Licence: Other


View research connections

Related faculties, schools or groups