Threshold Implementations of All 3 x 3 and 4 x 4 S-Boxes
Side-channel attacks have proven many hardware implementations of cryptographic algorithms to be vulnerable. A recently proposed masking method, based on secret sharing and multi-party computation methods, introduces a set of sufficient requirements for implementations to be provably resistant against first-order DPA with minimal assumptions on the hardware. The original paper doesn't describe how to construct the Boolean functions that are to be used in the implementation. In this paper, the authors derive the functions for all invertible 3 x 3, 4 x 4 S-boxes and the 6 x 4 DES S-boxes. Their methods and observations can also be used to accelerate the search for sharings of larger (e.g. 8 x 8) S-boxes. Finally, they investigate the cost of such protection.