Improving DPA resistance of S-boxes: How far can we go?

Side-channel analysis (SCA) is an important issue for numerous embedded cryptographic devices that carry out secure transactions on a daily basis. Consequently, it is of utmost importance to deploy efficient countermeasures. In this context, we investigate the intrinsic side-channel resistance of lightweight cryptographic S-boxes. We propose improved versions of S-boxes that offer increased power analysis resistance, whilst remaining secure against linear and differential cryptanalyses. To evaluate the side-channel resistance, we work under the Confusion Coefficient model [1] and employ heuristic techniques to produce those improved S-boxes. We evaluate the proposed components in software (AVR microprocessors) and hardware (SASEBO FPGA). Our conclusions show that the model and our approach are heavily platform-dependent and that different principles hold for software and hardware implementations.