| Summary: | The search of bijective <inline-formula><math xmlns="http://www.w3.org/1998/Math/MathML" display="inline"><semantics><mrow><mi>n</mi><mo>×</mo><mi>n</mi></mrow></semantics></math></inline-formula> S-boxes resilient to power attacks in the space of dimension <inline-formula><math xmlns="http://www.w3.org/1998/Math/MathML" display="inline"><semantics><mrow><mo>(</mo><msup><mn>2</mn><mi>n</mi></msup><mo>)</mo><mo>!</mo></mrow></semantics></math></inline-formula> is a controversial topic in the cryptology community nowadays. This paper proposes partitioning the space of <inline-formula><math xmlns="http://www.w3.org/1998/Math/MathML" display="inline"><semantics><mrow><mo>(</mo><msup><mn>2</mn><mi>n</mi></msup><mo>)</mo><mo>!</mo></mrow></semantics></math></inline-formula> S-boxes into equivalence classes using the hypothetical power leakage according to the Hamming weights model, which ensures a homogeneous theoretical resistance within the class against power attacks. We developed a fast algorithm to generate these S-boxes by class. It was mathematically demonstrated that the theoretical metric confusion coefficient variance takes constant values within each class. A new search strategy—jumping over the class space—is justified to find S-boxes with high confusion coefficient variance in the space partitioned by Hamming weight classes. In addition, a decision criterion is proposed to move quickly between or within classes. The number of classes and the number of S-boxes within each class are calculated, showing that, as <i>n</i> increases, the class space dimension is an ever-smaller fraction of the space of S-boxes, which significantly reduces the space of search of S-boxes resilient to power attacks, when the search is performed from class to class.
|
|---|
