On the Modified Transparency Order of <span class="nowrap"><svg xmlns:xlink="http://www.w3.org/1999/xlink" xmlns="http://www.w3.org/2000/svg" style="vertical-align:-2.9939pt" id="M1" height="15.2545pt" version="1.1" viewBox="-0.0657574 -12.2606 41.091 15.2545" width="41.091pt"><g transform="matrix(.017,0,0,-0.017,0,0)"><path id="g113-41" d="M300 -147C201 -63 143 98 143 270S200 602 300 686L282 710C136 610 70 450 70 271V270C70 89 136 -72 282 -170L300 -147Z"/></g><g transform="matrix(.017,0,0,-0.017,5.937,0)"><path id="g113-111" d="M495 86L479 114C446 82 419 66 409 66C401 66 401 72 406 97C420 166 436 231 453 297C489 435 454 448 428 448C406 448 384 439 354 422C305 394 222 327 161 247H159L183 345C200 415 194 448 173 448C143 448 82 410 23 351L38 325C64 349 95 371 105 371C111 371 116 365 109 336L25 -4L31 -12C50 -4 77 3 107 9C119 69 132 122 145 168C197 254 321 381 370 381C387 381 393 374 378 305L329 95C309 17 320 -12 345 -12C372 -12 430 19 495 86Z"/></g><g transform="matrix(.017,0,0,-0.017,14.552,0)"><path id="g113-45" d="M95 130C70 130 46 113 46 88C46 72 54 64 59 64C93 55 121 33 121 -3C121 -41 93 -68 44 -88L55 -117C117 -98 186 -56 186 22C186 91 131 130 95 130Z"/></g><g transform="matrix(.017,0,0,-0.017,21.34,0)"><path id="g113-110" d="M766 88L752 113C719 83 690 64 681 64C674 64 672 74 679 103L724 292C758 436 724 448 701 448C680 448 666 442 639 429C594 407 514 350 441 252H439L447 289C476 423 450 448 419 448C398 448 379 441 355 427C307 400 234 344 162 249H160L180 324C203 409 197 448 170 448C144 448 82 413 23 349L35 321C57 343 96 374 108 374C115 374 117 371 111 341C87 227 57 112 24 -6L32 -12C53 -4 81 4 108 6C119 68 134 128 149 171C177 229 309 383 364 383C387 383 388 355 373 282C354 190 330 92 303 -6L309 -12C332 -4 356 3 386 6C396 63 411 122 424 171C458 236 590 383 642 383C658 383 664 369 652 315L603 91C587 20 593 -12 619 -12C642 -12 708 23 766 88Z"/></g><g transform="matrix(.017,0,0,-0.017,34.881,0)"><path id="g113-42" d="M275 270C275 450 212 609 64 710L45 686C145 604 203 442 203 270S147 -63 45 -147L64 -170C213 -68 275 89 275 270Z"/></g></svg>-</span>Functions

Zhou, Yu; Wei, Yongzhuang; Zhang, Hailong; Zhang, Wenzheng

doi:https://doi.org/10.1155/2021/6640099

Security and Communication Networks

On this page

Abstract Introduction Preliminaries Conclusion Data Availability Conflicts of Interest Acknowledgments References Copyright Related Articles

Research Article | Open Access

Volume 2021 | Article ID 6640099 | https://doi.org/10.1155/2021/6640099

On the Modified Transparency Order of -Functions

Yu Zhou,¹Yongzhuang Wei,²Hailong Zhang,^3,4and Wenzheng Zhang¹

Academic Editor: Angel M. Del Rey

Received15 Dec 2020

Accepted08 Jul 2021

Published03 Aug 2021

Abstract

The concept of transparency order is introduced to measure the resistance of -functions against multi-bit differential power analysis in the Hamming weight model, including the original transparency order (denoted by ), redefined transparency order (denoted by ), and modified transparency order (denoted by ). In this paper, we firstly give a relationship between and and show that is less than or equal to for any -functions. We also give a tight upper bound and a tight lower bound on for balanced -functions. Secondly, some relationships between and the maximal absolute value of the Walsh transform (or the sum-of-squares indicator, algebraic immunity, and the nonlinearity of its coordinates) for -functions are obtained, respectively. Finally, we give and for (4,4) S-boxes which are commonly used in the design of lightweight block ciphers, respectively.

1. Introduction

Differential power analysis (DPA) was introduced by Kocher et al. in [1] and is a well-known and thoroughly studied threat for implementations of block ciphers, like DES and AES [2].

Beierle et al. [3] validated the correlation power analysis attack through the Hamming distance power model. Fischer et al. [4] presented efficient differential power analysis of Gain and Trivium through carefully chosen IVs to eliminate the algorithmic noise. In 2005, Prouff [5] gave the model of the DPA resilience of the S-boxes and proposed the definition of the transparency order (denoted by ) based on the autocorrelation coefficients for -functions. He obtained that S-boxes with smaller have higher DPA resilience and deduced the tightness of the upper bound and the lower bound on the . In the same year, Carlet [6] obtained the lower bound on the transparency order and gave the relationship between the transparency order and the nonlinearity for Boolean functions. Next, Fan et al. [7] gave a fast method for calculating the transparency order by optimization cycle of the original algorithm.

In 2012, Fei et al. [8] proposed the confusion coefficient and obtained some relations between the success rate and the cryptographic algorithm. For power analysis attacks, the side-channel characteristic of the physical implementation can be seen as the signal-to-noise ratio (denote by ) [9]. Experimental results of DPA on both DES or AES verified this model with high accuracy and demonstrated effectiveness of the algorithmic confusion analysis and extraction. Experimental results shown that the algorithm has better anti-noise performance than the original algorithm for present.

Chakraborty et al. [10] found the limitations of the definition in [5] and gave a redefined transparency order (denoted by ) based on the cross-correlation coefficients for -functions. Then, they were able to theoretically capture DPA in the Hamming weight model for hardware implementation with precharge logic. Picek et al. [11] proposed a technique for constructions using the modified transparency order as a guiding metric. Wang and Stănică [12] obtained an upper bound on the redefined transparency order in terms of nonlinearity for Boolean functions and constructed two infinite class of balanced semibent Boolean functions with provably good transparency order.

But in 2020, Li et al. [13] put up a flaw in original transparency order [10] and gave the modified transparency order denoted by , obtained a lower bound on based on the Walsh transform, and deduced the distribution of values for sixteen optimal affine equivalent classes of (4,4) S-boxes.

So far, little attempt has been made to study the relationship between and , and Li et al. [13] gave a lower bound on for any -functions based on Walsh spectrum, but not based on . Moreover, how to further investigate the in-depth relationships between and with other cryptography indicators still appears to be an important issue.

In this article, we focus on some unresolved problems related to both and . Firstly, we give the relationship between and , and this result implies that for any -functions . We also obtain the upper bound and the lower bound on . To design good S-boxes with respect to the [13], we deduce some important connections between and other cryptographic properties such as the sum-of-squares indicator, nonlinearity, the maximum absolute of Walsh transform, and algebraic immunity of the coordinate functions of S-boxes. In particular, it is shown that these results have a direct influence on the resistance to DPA attacks. More precisely, the smaller the sum-of-squares indicator (or the maximum absolute of Walsh transform) of the coordinate functions of a given -function, the larger the , whereas a higher nonlinearity (or algebraic immunity) of the coordinate functions of a given -function also implies a larger (not desirable). Furthermore, there is also a connection between the algebraic immunity and transparency order which essentially indicates (along with other trade-offs) that the design of cryptographically secure S-boxes is hardly achievable if the protection against DPA attacks is taken into account. Finally, we give the and for (4,4) S-boxes which are commonly used in some lightweight block ciphers, it implies that is better than from the perspective of information leakage.

This paper is organized as follows. In Section 2, we introduce the basic concepts and notions. In Section 3, the tightness of the upper bound and the lower bound on the modified transparency order of -functions is derived. In Section 4, some relationships between and other cryptographic properties are derived. Section 5 gives some data analysis results for some S-boxes. Section 6 concludes this paper.

2. Preliminaries

Let be the set of -variable Boolean functions. We denote by the addition modulo two performed in and the vector space . The support of a Boolean function is defined as . The Hamming weight of is denoted by and corresponds to the cardinality of its support . A Boolean function is said to be balanced if its truth table contains equal number of ones and zeros, i.e., . The set of affine functions, whose algebraic degree is denoted by . Especially, an affine function with the constant term equal to zero is called a linear function.

In this paper, let be the zero vector in .

Definition 1. Let . The Walsh spectrum of is defined bywhere , x = (), . The nonlinearity of can be computed usingLet . The cross-correlation function between and is defined byIn particular, when , then the autocorrelation function of is given byFor more research on the autocorrelation function and the cross-correlation function of Boolean functions, refer to reference [14].
Two functions are said to be perfectly uncorrelated if , for any . From [15], if and are perfectly uncorrelated, then for any .

Definition 2. (see [16]). The two indicators capturing the global avalanche characteristics (GACs) of a Boolean function are given byIn 2010, Zhou et al. [17] generalized and gave the global avalanche characteristics between two Boolean functions :For two positive integers and , a function is called an -function. Such a function can be viewed as a collection of its coordinate Boolean functions, and thus , where . An -function is balanced if and only if its component functions are balanced, meaning that for every nonzero , the Boolean function is balanced.
The original transparency order [5] and the redefining transparency order [10] are for balanced (n, m) functions. In this paper, in order to expand the research scope of -function, we extend the balanced -function to any -function, which makes our results more universal (see Definition 3 and Definition 4).

Definition 3. (see [10]). Let be an -function. The redefined transparency order of , based on the cross-correlation properties of , is defined bywhere .
In 2019, Li et al. gave the modified transparency order in [13].

Definition 4. (see [13]). Let be an -function. The modified transparency order of , based on the cross-correlation properties of , is defined byNote thatand for research convenience, letThus,

3. Bounds on the Modified Transparency Order

Based on Definition 4, a lower bound on was derived in [13] in terms of the Walsh spectrum of the coordinate functions of , but this lower bound is very complex. In order to obtain a tight lower and upper bounds on , we firstly give a relationship between and .

Lemma 1 (see [17]). Let . Then,

Theorem 1. Let be an -function. Then,

Proof. By using the inequality for any , we haveFor any , we haveBased on the above equation, we have .

Remark 1. From the proof process, we can know that for any -function , including balanced functions and unbalanced functions.
Although at present we cannot theoretically give the condition on of -functions , we can give an example with (see Example 1).
In the following, we give a tight upper bound and a tight lower bound on by using the perfectly uncorrelated functions.

Theorem 2. Let be a balanced -function. If the coordinate functions and are perfectly uncorrelated for , then

Proof. On the one hand, from Definition 4 and Lemma 1, we haveSince is a balanced -function, then and are balanced functions. That is, for any and . We have and for any , .
Thus, , that is, .
On the other hand, if the coordinate functions and are perfectly uncorrelated for , then for any and .
From Definition 4, we haveBy Cauchy’s inequality and for any in [16], we haveThus,From equation (20), we haveThat is, .
In the following, we give two examples for reaching the upper and lower bounds on , respectively.

Example 1. Let be an -function and be a bent function. Its coordinate functions are specified asThen, and are bent functions. We know and for any and . We haveand thus . We also obtain .

Example 2. Let be a -function. Its coordinate functions are specified asThen, is balanced (). We know and for any and . Then, we haveand thus .
In particular, we give the modified transparency order for any -function.

Corollary 1. Let . Then,

Proof. If in Definition 4, thenNote that for any . Then, . if and only if for any , that is, is an affine function. if and only if for any , that is, is a bent function.

Remark 2. Corollary 1 is a special case of Theorem 2. It also shows that both the upper bound and the lower bound on can be reached.

4. The Relationships between and Some Cryptographic Properties

In this section, we use the sum-of-squares indicator to establish some links between and some cryptographic indicators. These links can help us understand more deeply and lay a foundation for designing and analyzing S-boxes. In the following, we give a relationship between and the sum-of-squares indicator, and this result is the basic of Corollaries 3 and 4.

4.1. The Relationships between and the Sum-of-Squares Indicator

Theorem 3. Let be a balanced -function. Then,

Proof. By using the Cauchy–Schwarz inequality and for any , we haveSince is a balanced -function, is balanced for , that is, . Thus,Furthermore, we haveBecause for any [18], we haveFrom Definition 4, we know thatThus,

Remark 3. Theorem 3 gives one relationship between and , which implies that the smaller , the bigger the .
Based on Theorem 3, we give some lower bounds on by nonlinearity and algebraic immunity.

Corollary 2. Let be a balanced -function. Then,

Proof. Zheng and Zhang [19] obtained for any , where for any , and thus this result is easily proved.

Corollary 3. Let be a balanced -function. Then,

Proof. Since for , this result is easily proved.

Corollary 4. Let be a balanced -function. Then,where .

Proof. Carlet [20] obtained for , and thus this result is easily proved.

Remark 4. From Corollaries 3 and 4, we have(1)The larger the (or ) (), the larger the .(2)For the conventional attacks, S-boxes should have higher nonlinearity, algebraic immunity, good the sum-of-squares indicators, etc. For the differential power analysis, S-boxes should have lower the transparency order. Therefore, the trade-off among these indicators should be considered when designing cryptographic algorithm components in practice.

4.2. The Relationships between and Hamming Weight

In this section, we give an upper bound on by the Hamming weight of coordinate functions.

Theorem 4. Let be an -function and . Then, for any ,

Proof. Using the relation of absolute value inequality and Lemma 1, since is a balanced function for , we havewhich proves the result.

Remark 5. If for any , then . This implies that for balanced -functions .

Corollary 5. Let be a balanced -function. Then,

Wang and Stănică [12] gave a tight upper bound on the transparency order in terms of nonlinearity for a Boolean function and obtained a lower bound between transparency order and nonlinearity for a Boolean function. In the following, for a Boolean function, we also give one upper bound and some lower bounds on .

Corollary 6. Let . Then,(1).(2).(3).(4).

Remark 6. In this section, we have the following facts.(1)Theorem 3 and Corollaries 2–5 are all about balanced Boolean functions, but Corollary 6 is about Boolean function (including balanced and unbalanced Boolean functions).(2)Wang and Stănică [12] gave the upper bound on by the nonlinearity of Boolean function; here we give the lower bounds on by the nonlinearity, the sum-of-squares indicator, and the maximum absolute of Wash transform, respectively.(3)These results show that the smaller the sum-of-squares indicator (or the maximal absolute value of Walsh spectrum) of its coordinate, the bigger the modified transparency order, and the bigger the nonlinearity (or the algebraic immunity) of its coordinate, the bigger the modified transparency order.

5. Data Analysis of S-Boxes

In this section, we give or of three types of 4-bit S-boxes: (1) some lightweight S-boxes used in some well-known encryption algorithms, (2) 16 classes of optimal S-boxes, and (3) 302 affine equivalent S-boxes. Thus, we give the analysis results of S-boxes in three subsections.

5.1. and of Some Known S-Boxes in Well-Known Encryption Algorithms

We give the and of S-boxes in some well-known encryption algorithms (such as Pride [21], Midori [22], Gift [23], MANTIS [3], SKINNY [3], PRESENT [24], Prince [25], Marvin [26], Piccolo [27], and Lblock [28]) in Table 1.

The data in Table 1 show that for a given S-box. This is consistent with Theorem 1.

5.2. The of 16 Optimal S-Boxes

In 2007, Leander et al. gave 16 different optimal balanced (4,4) S-boxes based on affine equivalence in [29]. The representatives of the truth table are given in Table 2.

By Proposition 3 in [13], we know that means affine invariant only under certain affine transformations which are based on , where are two S-boxes, and is an invertible matrix, . This means that may change under the different affine transformations , and we only consider this case in the following. From the finite field, we know that the number of the invertible matrix in is Thus, the number of the invertible matrix in is 20160, i.e., the number of the affine S-boxes () of one S-boxes () is 20160, where is a 4-bit S-box and is an invertible matrix.

At the same time, bounds and the frequency distribution of are given for all affine transformations of 16 optimal classes in [13]. But from these data, we cannot find out what the distribution of , is, and how many s boxes there are in each distribution value. For example, in the algorithm design, we want to know the exact value of , not the range of in [13]. Therefore, we need to give specific data values for every (), and Tables 3–6 provide support for us to select S-box. Meanwhile, these data further improve the data in [13].

In Table 3, we calculate of 20160 S-boxes for . We find the following facts:(1)The of has 11 values, if .(2)The of has 10 values, if .(3)The of has 9 values, if .(4)The of has 8 values, if .(5)The of has 7 values, if .(6)The of has 4 values, if .

Furthermore, we give the corresponding mean and variance in each optimal class in Table 4.

The mean value of for () belongs to the range of [3.195714, 3.264286], and the variance belongs to range of [0.007448, 0.021143]. The distribution of its value is concentrated in a relatively small interval.

Especially, we get the detailed distribution of of and in Tables 5 and 6, respectively. The calculation results of other are similar to Table 5, which is ignored due to the limited length of this paper.

5.3. The and of 302 Affine Equivalent S-Boxes

There are 302 affine equivalence classes of 4-bit S-boxes [30]. We compute and of all 302 S-boxes of size . Our simulations show that the modified transparency order is confined within the range , but in Table 7–9. We summarize the comparison of modified transparency order and the redefined transparency order in Tables 7–9 and find that , and these data show that Theorem 1 is correct.

Remark 7. In Table 10, the number of affine equivalence classes whose modified transparency order lies in the range is equal to , which corresponds to about of their total number. This simply means that for a randomly selected S-box, the probability that its transparency order is in the range is approximately , which is quite high. This again questions the whole idea of embedding the protection against DPA attacks directly in the design of S-boxes, since a more natural option is to implement such a protection through some masking technique.

6. Conclusion

This paper further studies some unresolved problems related to the modified transparency order for -functions. Our result implies that is less than or equal to for any -function. In addition, a useful characterization of the modified transparency order is derived in terms of its tight bounds and its relation to other important cryptographic properties. These results show that the smaller the sum-of-squares indicator (or the nonlinearity and the algebraic immunity) of its coordinate, the bigger the modified transparency order. Although some results of have been given in this paper, there are still few studies on . The design of -functions with small modified transparent order and good cryptographic indicators remains an open problem. At the same time, we will focus on the experimental verification of -functions for differential power attack and investigate the relationship between transparency order and confusion coefficient.

Data Availability

The data used to support the findings of this study are included within the article.

Conflicts of Interest

The authors declare that they have no conflicts of interest.

Acknowledgments

The first author was supported by the National Key R&D Program of China (nos. 2017YFB0802000 and 2017YFB0802004) and in part by the Sichuan Science and Technology Program (no. 2020JDJQ0076). The second author was supported in part by the National Natural Science Foundation of China (61872103), Guangxi Science and Technology Foundation (Guike AB18281019), and Guangxi Natural Science Foundation (2019GXNSFGA245004). The third author was supported in part by the National Cryptography Development Fund (grant no. MMJJ 20180223).

References

P. Kocher, J. Jaffe, and B. Jun, “Differential power analysis,” Advances in Cryptology – CRYPTO’99, vol. 1666, Spring -Verlag, Berlin, Germany, 1999.
View at: Publisher Site | Google Scholar
S. Guilley, P. Hoogvorst, and R. Pacalet, “Differential power analysis model and some results, IFIP International Federation for Information Processing,” in Smart Card Research and Advanced Applications VI -CARDIS 2004, J. J. Quisquater, P. Paradinas, Y. Deswarte, and A. E. Kalam, Eds., pp. 127–142, Kluwer Academic Publishers, New York, NY, USA, 2004.
View at: Publisher Site | Google Scholar
C. Beierle, J. Jean, S. Kölbl et al., “The SKINNY family of block ciphers and its low-latency variant MANTIS,” in Advances in Cryptology - CRYPTO 2016, M. Robshaw and J. Katz, Eds., vol. 9815, pp. 123–153, Springer, Berlin, Heidelberg, 2016, Lecture Notes in Computer Science.
View at: Publisher Site | Google Scholar
W. Fischer, B. M. Gammel, O. Kniffler, and J. Velten, “Differential power analysis of stream ciphers,” in Proceedings of the Topics in Cryptology – CT - RSA2007, the Cryptographers Track at the RSA Conference 2007, vol. 257–270, San Francisco, CA, USA, February 5 -9, 2007.
View at: Google Scholar
E. Prouff, “DPA attacks and S-boxes,” in Fast Software Encryption - FSE 2005, H. Handschuh and H. Gilbert, Eds., vol. 3557, pp. 424–441, Springer, Berlin, Germanny, 2005.
View at: Publisher Site | Google Scholar
C. Carlet, “On highly nonlinear S-boxes and their inability to thwart DPA attacks,” in Progress in Cryptology – INDOCRYPT 2005, S. Maitra, C. E. Veni Madhavan, and R. Venkatesan, Eds., vol. 3797, pp. 49–62, Springer, Berlin, Germany, 2005, Lecture Notes in Computer Science.
View at: Publisher Site | Google Scholar
L. Fan, Y. Zhou, and D. Feng, “A fast implementation of computing the transparency order of S – boxes,” in Proceedings of the The 9th International Conference for Young Computer Scientists (ICYCS 2008), pp. 206–211, IEEE Computer Society, Hunan, China, November 2008.
View at: Google Scholar
Y. Fei, Q. Luo, and A. A. Ding, “A statistical model for DPA with novel algorithmic confusion analysis,” in Cryptographic Hardware and Embedded System -CHES 2012, E. Prouff and P. Schaumont, Eds., vol. 7428, pp. 233–250, Springer, Berlin, Germany, 2012, Lecture Notes in Computer Science.
View at: Publisher Site | Google Scholar
Y. Fei, A. A. Ding, J. Lao, and L. Zhang, A Statistics – Based Fundamental Model for Side -channel Attack Analysis, IACR Cryptology ePrint Archive, Lyon, France, 2014, Report 2014/152.
K. Chakraborty, S. Sarkar, S. Maitra, B. Mazumdar, D. Mukhopadhyay, and E. Prouff, “Redefining the transparency order,” Designs, Codes and Cryptography, vol. 82, no. 1 -2, pp. 95–115, 2017.
View at: Publisher Site | Google Scholar
S. Picek, B. Mazumdar, D. Mukhopadhyay, and L. Batina, “Modified transparency order property: solution or just another attempt,” in International Conference on Security , Privacy, and Appliced Cryptography Engineering (SPACE), vol. 9354, pp. 210–227, Springer International Publishing, Jaipur, India, October 2015.
View at: Publisher Site | Google Scholar
Q. Wang and P. Stănică, “Transparency order for boolean functions: analysis and construction,” Designs, Codes and Cryptography, vol. 87, no. 9, pp. 2043–2059, 2019.
View at: Publisher Site | Google Scholar
H. Li, Y. Zhou, J. Ming, G. Yang, and C. Jin, “The notion of transparency order, revisited,” The Computer Journal, vol. 63, no. 12, pp. 1915–1938, 2020.
View at: Publisher Site | Google Scholar
Y. Zhou, Y. Wei, and F. Zhang, “Measuring the sum-of-squares indicator of boolean functions in encryption algorithm for internet of things,” Security and Communication Networks, vol. 2019, no. 5, Article ID 1348639, 15 pages, 2019.
View at: Publisher Site | Google Scholar
P. Sarkar and S. Maitra, “Cross-correlation analysis of cryptographically useful boolean functions and S-boxes,” Theory of Computing Systems, vol. 35, no. 1, pp. 39–57, 2002.
View at: Publisher Site | Google Scholar
X. M. Zhang and Y. L. Zheng, “GAC -the criterion for global avalanche characteristics of cryptographic functions,” Journal of Universal Computer Science, vol. 1, no. 5, pp. 316–333, 1995.
View at: Google Scholar
Y. Zhou, M. Xie, and G. Xiao, “On the global avalanche characteristics between two Boolean functions and the higher order nonlinearity☆,” Information Sciences, vol. 180, no. 2, pp. 256–265, 2010.
View at: Publisher Site | Google Scholar
Y. Zhou, W. Zhang, S. Zhu, and G. Xiao, “The global avalanche characteristics of two boolean functions and algebraic immunity,” International Journal of Computer Mathematics, vol. 89, no. 16, pp. 2165–2179, 2012.
View at: Publisher Site | Google Scholar
Y. Zheng and X. M. Zhang, “On plateaued functions,” IEEE Transactions on Information Theory, vol. 47, no. 3, pp. 1215–1223, 2011.
View at: Publisher Site | Google Scholar
C. Carlet, in Boolean Functions for Cryptography and Error Correcting Codes, Cambridge University Press, cambridge, UK, 2010.
M. R. Albrecht, B. Driessen, E. B. Kavun, G. Leander, C. Paar, and T. Yalçın, “Block ciphers - focus on the linear layer (feat. PRIDE),” Advances in Cryptology – CRYPTO 2014, Springer, Berlin, Germany, 2014.
View at: Publisher Site | Google Scholar
S. Banik, A. Bogdanov, T. Isobe et al., “Midori: a block cipher for low energy,” in Proceedings of the Advances in Cryptology – ASIACRYPT 2015 - 21st International Conference on the Theory and Application of Cryptology and Information Security, pp. 411–436, Auckland, New Zealand, November 29, 2015.
View at: Google Scholar
S. Banik, S. K. Pandey, T. Peyrin et al., “GIFT: a small present - towards reaching the limit of lightweight encryption,” in Proceedings of the Cryptographic Hardware and Embedded Systems - CHES 2017 - 19th International Conference, pp. 321–345, Taipei, Taiwan, September 25–28, 2017.
View at: Google Scholar
A. Bogdanov, L. R. Knudsen, G. Leander et al., “PRESENT: an ultra – lightweight block cipher,” in Cryptographic Hardware and Embedded Systems – CHES 2007, 9th International Workshop, pp. 450–466, Vienna, Austria, September 10 -13, 2007.
View at: Google Scholar
J. Borghff, A. Canteaut, T. Guneysu et al., “Prince – a low – latency block cipher for pervasive computing applications – extended abstract,” in Proceedings of the Advances in Cryptology – ASIACRYPT 2012 - 18th International Conference on the Theory and Application of Cryptology and Information Security, pp. 208–225, Beijing, China, December 2–6, 2012.
View at: Google Scholar
A. MarcosJ. R. Simplicio, P. D. Barbuda et al., “The MARVIN message authentication code and the LETTERSOUP authenticated encryption scheme,” Security and Communication Networks, vol. 2, no. 2, pp. 165–180, 2009.
View at: Google Scholar
K. Shibutani, T. Isobe, H. Hiwatari, A. Mitsuda, T. Akishita, and T. Shirai, “Piccolo: an ultra-lightweight b,” in Cryptographic Hardware and Embedded Systems – CHES 2011 - 13th International Workshop, Nara, Japan, September 28 - October 1, 2011. Proceedings, pp. 342–357, Springer, Berlin, Germany, 2011.
View at: Publisher Site | Google Scholar
W. Wu and L. Zhang, “LBlock: a lightweight block cipher,” in Applied Cryptography and Network Security - ACNS 2011, J. Lopez and G. Tsudik, Eds., vol. 6715, pp. 327–344, Springer, Berlin, Germany, 2011, Lecture Notes in Computer Science.
View at: Publisher Site | Google Scholar
G. Leander and A. Poschmann, On the Classification of 4 Bit S -boxes, Arithmetic of Finite Fields, Springer, Berlin, Germany, 2007.
C. D. E. Canniere, “Analysis and design of symmetric encryption algorithms,” Katholieke Universiteit Leuven, Leuven, Belgium, 2007, PH.D.
View at: Google Scholar

Copyright

Copyright © 2021 Yu Zhou et al. This is an open access article distributed under the Creative Commons Attribution License, which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited.

PDF Download Citation

Download other formats

Order printed copies