| Popis: |
Bitslice block ciphers have the advantage of allowing parallel computation using bitwise logical operations, and Boolean masking can be applied efficiently. Thus, various bitslice block ciphers, such as $\textsf {Robin}$ , $\textsf {Fantomas}$ , $\textsf {RECTANGLE}$ , $\textsf {RoadRunneR}$ , $\textsf {PRIDE}$ , and $\textsf {CRAFT}$ , have been proposed previously. Additionally, a bitslice implementation for $\textsf {AES}$ , National Institute of Standards and Technology (NIST) standard block cipher, has been proposed. These ciphers construct an S-Box using only bitwise logical operators. They perform operations by storing the $i$ -th bits of each S-Box input/output value in one register, i.e., they have a feature that each bit of an S-Box output is stored in a different register. Because of this feature, in correlation power analysis (CPA) for bitslice block ciphers, a single-bit of the S-Box output should be selected as an intermediate value. Moreover, depending on which bit is selected as the intermediate value, there are differences in analysis performance. Consequently, we propose an algorithm that predicts the CPA performance of each single-bit and we describe the theoretical basis of this algorithm. The effectiveness of the proposed algorithm is verified experimentally by comparing actual CPA results and predicted results on various bitslice block ciphers. |
