Srinivas Vivek

Fast Evaluation of Polynomials over Binary Finite Fields and Application to Side-Channel Countermeasures

We describe a new technique for evaluating polynomials over binary finite fields. This is useful in the context of anti-DPA countermeasures when an S-box is expressed as a polynomial over a binary finite field. For n-bit S-boxes our new technique has heuristic complexity

Analysis and improvement of the generic higher-order masking scheme of FSE 2012

{cal O}2^{n/2}/sqrt{n}

Fixed-Point Arithmetic in SHE Schemes.

instead of

A Practical Leakage-Resilient Signature Scheme in the Generic Group Model

{cal O}2^{n/2}

Leakage-Resilient Authentication and Encryption from Symmetric Cryptographic Primitives

proven complexity for the Parity-Split method. We also prove a lower bound of

Fast evaluation of polynomials over binary finite fields and application to side-channel countermeasures

{Omega}2^{n/2}/sqrt{n}

A Leakage-Resilient Pairing-Based Variant of the Schnorr Signature Scheme

on the complexity of any method to evaluate n-bit S-boxes; this shows that our method is asymptotically optimal. Here, complexity refers to the number of non-linear multiplications required to evaluate the polynomial corresponding to an S-box. n nIn practice we can evaluate any 8-bit S-box in 10 non-linear multiplications instead of 16 in the Roy-Vivek paper from CHES 2013, and the DES S-boxes in 4 non-linear multiplications instead of 7. We also evaluate any 4-bit S-box in 2 non-linear multiplications instead of 3. Hence our method achieves optimal complexity for the PRESENT S-box.

Faster Homomorphic Evaluation of Discrete Fourier Transforms

Masking is a well-known technique used to prevent block cipher implementations from side-channel attacks. Higher-order side channel attacks (e.g. higher-order DPA attack) on widely used block cipher like AES have motivated the design of efficient higher-order masking schemes. Indeed, it is known that as the masking order increases, the difficulty of side-channel attack increases exponentially. However, the main problem in higher-order masking is to design an efficient and secure technique for S-box computations in block cipher implementations. At FSE 2012, Carlet et al. proposed a generic masking scheme that can be applied to any S-box at any order. This is the first generic scheme for efficient software implementations. Analysis of the running time, or masking complexity, of this scheme is related to a variant of the well-known problem of efficient exponentiation (addition chain), and evaluation of polynomials. n nIn this paper we investigate optimal methods for exponentiation in

Reducing the Number of Non-linear Multiplications in Masking Schemes

mathbb{F}_{2^{n}}

Limits of a conjecture on a leakage-resilient cryptosystem

by studying a variant of addition chain, which we call cyclotomic-class addition chain, or CC-addition chain. Among several interesting properties, we prove lower bounds on min-length CC-addition chains. We define the notion of