Constrained Search for a Class of Good Bijective $S$ -Boxes With Improved DPA Resistivity

The transparency order is proposed as a parameter for the robustness of $S$ -boxes to differential power analysis (DPA): lower transparency order implying more resistance. However, most cryptographically strong $S$ -boxes have been found to have high transparency order. In this paper, we characterize transparency order for various classes of $S$ -boxes by computing the upper and lower bounds of transparency order for both even and odd numbers of variables. We find high transparency order values in the class of $S$ -boxes whose sum of autocorrelation spectra of the coordinate functions has zero value for a large number of vectors $a$ . Also instead of propagation characteristics, autocorrelation spectra of the $S$ -box function $F$ are found to be stronger in deciding the transparency order. With this characterization, we performed a constrained random generation and search of a class of balanced 8 $,\times,$ 8 $S$ -boxes with transparency order upper bounded by 7.8. The nonlinearity and absolute indicator values of global avalanche characteristics of the coordinate functions of the $S$ -boxes are in the range (98, 110) and (48, 88), respectively. A correlation analysis DPA on table look-up implementation of AES Rijndael $S$ -box revealed the last round key i- 700 power traces, while it took at least 1500 power traces with $S$ -boxes from our proposed class.