Probabilistic Evaluation of the Exploration–Exploitation Balance during the Search, Using the Swap Operator, for Nonlinear Bijective S-Boxes, Resistant to Power Attacks
Abstract
:1. Introduction
2. Preliminaries
3. Main Contribution: Probabilistic Evaluation of the Effect of the Swap Operator on the Exploration-Exploitation Balance during the Search in the Space of Permutations of Integers of Bits
3.1. Theoretical Probabilities of Staying in the Same Hamming Weight Class, after Applying Once, Randomly, the Swap Operator in a Permutation of the Integers of n Bits
3.2. Properties of the Probabilities
- 1.
- Limit expression of the probabilities as n increases. It allows for approximating the value of by a more compact limit expression , which facilitates the theoretical analysis of its properties and also its approximate practical calculation:
- a.
- .
- b.
Proof.- For large values of n and for all k, this expression can be approximated superiorly, by means of a very close upper bound:For , the differences between and , determine the precision of this approximation. This approximation is accurate even for small values of n, which can be verified numerically. On the other hand, for values of n, such that and this expression converges very quickly to:, whose proof can be seen in Appendix A, it remains:
- Substituting, for large n, the Catalan number by its limit expression [33]: .It remains thatFor , it can be approximated by:The principal value of this new expression is that it is even more compact and facilitates the visualization and theoretical analysis of the properties of this probability. Another practical advantage of this limiting expression is that, for arbitrarily large values of n, it substantially simplifies the calculation of this probability.
□By giving values to n, this expression can be calculated and compared with the previous results.Table 2 and Figure 4 show that there is a great coincidence between the two limit expressions of , since the difference is in the order of the thousandths.Although the difference is minimal, it can be seen that the limit probabilities are always less than those obtained by the limit of the numbers in Catalan. - 2.
- Recursive Formula for . Monotony of .It is another way for the recursive and approximate calculation of and allows for determining its monotony.is monotonic decreasing function of n.The limit expression obtained using the Catalan numbers (part b of Proposition 2) allows us to easily observe the decreasing monotony of these probabilities since the numerator is constant and when increasing n and therefore its root. This quotient is the approximate value of probability.Proof. The decreasing monotony of is demonstrated, which allows us to demonstrate its convergence for large values of n and to find the exact limit.Be part of the Property # 1 of the Proposition 2.Since , then, for , we get:□
- 3.
- Convergence from to .As n increases, the difference between successive probabilities becomes smaller and smaller, so that the value of their quotient converges to 1.Proof. Property # 2 (Proposition 2) indicates that the values of decrease with increasing n, which suggests that they could converge to zero with increasing n, but Property # 3 (Proposition 2) indicates that the speed of convergence decreases with increasing n (see Figure 3). The values of decrease as n increases, but at an increasingly slower rate, so that consecutive values tend to be very close to (Figure 5). □
3.2.1. Comparison of and with
- for all values of n.
- for ,
- for . From , the limit coincides with the exact up to 2 decimal places ( = ); therefore, the error .
3.2.2. Improving the Accuracy of the Recursive Calculation of
3.3. Experimental Validation of Propositions 1 and 2
3.4. Generalization of Proposition 1, for Two Random Swaps
3.5. Experimental Validation of Proposition 3
3.6. Results of Experiment 3
3.7. Modification of the Swap Operator (Selection Criteria of the Elements to Be Exchanged)
- Set the proportion that controls the balance of exploration, exploitation in the Hamming Weight class space. (The Hamming Weight class is changed with probability .)
- Generate a random number in the interval
- If , then swap between elements of different Hamming weight to explore between classes.
- If , then swap between elements of equal weight to exploit within classes.
- Advantage. This modification allows the exploration/exploitation ratio to be easily controlled by the researcher’s decision, through the proportion of pairs of elements of different weight that are selected, that is, the class is changed with probability .Comparison with the antecedents. For , it coincides with the swap applied in [10]. In comparison, the strategy proposed in [23] consists of taking , when Confusion Coefficient Variance (CCV) is less than the preset value (the class is changed) and , when CCV is greater than or equal to the preset value (moves within the class). As already mentioned, in the case , the check of the condition of the equal weight could be eliminated and replaced by the increase in the NS number of swaps. However, the determination of the minimum value of NS (to reduce the number of operations required by the NS swaps) that guarantees with high probability that the change of class HW is an open problem.The selection of the optimal parameter is a problem of great interest, but it is beyond the objectives of this work and will be investigated in future works.
3.8. Application in Search of Nonlinear S-Boxes Resistant to Power Attacks
4. Conclusions
Author Contributions
Funding
Institutional Review Board Statement
Informed Consent Statement
Data Availability Statement
Conflicts of Interest
Appendix A. Proof of Identity
Appendix B. AES S-Box
0 | 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | A | B | C | D | E | F | |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
0 | 4 | 5 | 6 | 6 | 5 | 5 | 6 | 4 | 2 | 1 | 5 | 4 | 7 | 6 | 5 | 5 |
1 | 4 | 2 | 4 | 6 | 6 | 4 | 4 | 4 | 5 | 4 | 3 | 6 | 4 | 3 | 4 | 2 |
2 | 6 | 7 | 4 | 3 | 4 | 6 | 7 | 4 | 3 | 4 | 5 | 5 | 4 | 4 | 3 | 3 |
3 | 1 | 5 | 3 | 4 | 2 | 4 | 2 | 4 | 3 | 2 | 1 | 4 | 6 | 4 | 4 | 5 |
4 | 2 | 3 | 3 | 3 | 4 | 5 | 4 | 2 | 3 | 5 | 5 | 5 | 3 | 5 | 5 | 2 |
5 | 4 | 4 | 0 | 6 | 1 | 6 | 4 | 5 | 4 | 5 | 6 | 4 | 3 | 3 | 3 | 6 |
6 | 3 | 7 | 4 | 7 | 3 | 4 | 4 | 3 | 3 | 6 | 1 | 7 | 2 | 4 | 6 | 3 |
7 | 3 | 4 | 1 | 5 | 3 | 5 | 3 | 6 | 5 | 5 | 5 | 2 | 1 | 8 | 6 | 4 |
8 | 5 | 2 | 3 | 5 | 6 | 5 | 2 | 4 | 3 | 5 | 6 | 5 | 3 | 5 | 3 | 5 |
9 | 2 | 2 | 5 | 5 | 2 | 3 | 2 | 2 | 3 | 6 | 4 | 2 | 6 | 5 | 3 | 6 |
A | 3 | 3 | 4 | 2 | 3 | 2 | 2 | 4 | 3 | 5 | 4 | 3 | 3 | 4 | 4 | 5 |
B | 6 | 3 | 5 | 5 | 4 | 5 | 4 | 4 | 4 | 4 | 5 | 5 | 4 | 5 | 5 | 1 |
C | 5 | 4 | 3 | 4 | 3 | 4 | 4 | 4 | 4 | 6 | 4 | 5 | 4 | 6 | 4 | 3 |
D | 3 | 5 | 5 | 4 | 2 | 2 | 6 | 3 | 3 | 4 | 5 | 5 | 3 | 3 | 4 | 5 |
E | 4 | 5 | 3 | 2 | 4 | 5 | 4 | 3 | 5 | 4 | 4 | 5 | 5 | 4 | 2 | 7 |
F | 3 | 3 | 3 | 3 | 7 | 5 | 2 | 3 | 2 | 4 | 4 | 4 | 3 | 3 | 6 | 3 |
References
- Kim, J.; Picek, S.; Heuser, A.; Bhasin, S.; Hanjalic, A. Make some noise. unleashing the power of convolutional neural networks for profiled side-channel analysis. IACR Trans. Cryptogr. Hardw. Embed. Syst. 2019, 2019, 148–179. [Google Scholar] [CrossRef]
- Bhasin, S.; Chattopadhyay, A.; Heuser, A.; Jap, D.; Picek, S.; Ranjan, R. Mind the portability: A warriors guide through realistic profiled side-channel analysis. In Proceedings of the NDSS, San Diego, CA, USA, 23–26 February 2020; Volume 2020. [Google Scholar] [CrossRef]
- Batina, L.; Djukanovic, M.; Heuser, A.; Picek, S. It Started with Templates: The Future of Profiling in Side-Channel Analysis. In Security of Ubiquitous Computing Systems; Springer: Berlin/Heidelberg, Germany, 2021; pp. 133–145. [Google Scholar]
- Van Tilborg, H.C.; Jajodia, S. Encyclopedia of Cryptography and Security; Springer Science & Business Media: Berlin, Germany, 2014. [Google Scholar]
- Behera, P.K.; Gangopadhyay, S. An improved hybrid genetic algorithm to construct balanced Boolean function with optimal cryptographic properties. Evol. Intell. 2021, 1–15. [Google Scholar] [CrossRef]
- Knežević, K. Combinatorial optimization in cryptography. In Proceedings of the 2017 40th International Convention on Information and Communication Technology, Electronics and Microelectronics (MIPRO), Opatija, Croatia, 22–26 May 2017; pp. 1324–1330. [Google Scholar]
- Freyre-Echevarría, A.; Martínez-Díaz, I.; Pérez, C.M.L.; Sosa-Gómez, G.; Rojas, O. Evolving Nonlinear S-Boxes with Improved Theoretical Resilience to Power Attacks. IEEE Access 2020, 8, 202728–202737. [Google Scholar] [CrossRef]
- Wood, C.A. Large Substitution Boxes with Efficient Combinational Implementations. Master’s Thesis, Rochester Institute of Technology, Rochester, NY, USA, 2013. [Google Scholar]
- Xu, Y.; Wang, Q. Searching for Balanced S-Boxes with High Nonlinearity, Low Differential Uniformity, and Improved DPA-Resistance. In International Conference on Information Security; Springer: Berlin/Heidelberg, Germany, 2020; pp. 95–106. [Google Scholar]
- Díaz, I.M. Búsqueda Local de S-Cajas con Alta Varianza del Coeficiente de Confusión. Master’s Thesis, Universidad de la Habana, Havana, Cuba, 2019. [Google Scholar]
- Picek, S. Applications of Evolutionary Computation to Cryptology. Ph.D. Thesis, Faculty of Electrical Engineering and Computing, University of Zagreb, Zagreb, Croatia, 2015. [Google Scholar]
- Behera, P.K.; Gangopadhyay, S. Evolving bijective S-Boxes using hybrid adaptive genetic algorithm with optimal cryptographic properties. J. Ambient. Intell. Humaniz. Comput. 2021, 1–18. [Google Scholar] [CrossRef]
- Khadem, B.; Rajavzade, S. Construction of Side Channel Attacks Resistant S-boxes using Genetic Algorithms based on Coordinate Functions. arXiv 2021, arXiv:2102.09799. [Google Scholar]
- Zahid, A.H.; Iliyasu, A.M.; Ahmad, M.; Shaban, M.M.U.; Arshad, M.J.; Alhadawi, H.S.; Abd El-Latif, A.A. A Novel Construction of Dynamic S-Box With High Nonlinearity Using Heuristic Evolution. IEEE Access 2021, 9, 67797–67812. [Google Scholar] [CrossRef]
- Ivanov, G.; Nikolov, N.; Nikova, S. Cryptographically strong S-boxes generated by modified immune algorithm. In Proceedings of the International Conference on Cryptography and Information Security in the Balkans, Koper, Slovenia, 3–4 September 2015; Springer: Berlin/Heidelberg, Germany, 2015; pp. 31–42. [Google Scholar]
- Isa, H.; Jamil, N.; Z’aba, M. Hybrid heuristic methods in constructing cryptographically strong S-boxes. Int. J. Cryptol. Res. 2016, 6, 1–15. [Google Scholar]
- Xu, J.; Zhang, J. Exploration-exploitation trade-offs in metaheuristics: Survey and analysis. In Proceedings of the 33rd Chinese Control Conference, Nanjing, China, 28–30 July 2014; pp. 8633–8638. [Google Scholar]
- Yang, X.S.; Deb, S.; Fong, S. Metaheuristic algorithms: Optimal balance of intensification and diversification. Appl. Math. Inf. Sci. 2014, 8, 977. [Google Scholar] [CrossRef]
- Morales-Castañeda, B.; Zaldivar, D.; Cuevas, E.; Fausto, F.; Rodríguez, A. A better balance in metaheuristic algorithms: Does it exist? Swarm Evol. Comput. 2020, 54, 100671. [Google Scholar] [CrossRef]
- Črepinšek, M.; Liu, S.H.; Mernik, M. Exploration and exploitation in evolutionary algorithms: A survey. ACM Comput. Surv. (CSUR) 2013, 45, 1–33. [Google Scholar] [CrossRef]
- Cuevas, E.; Diaz, P.; Camarena, O. Experimental Analysis Between Exploration and Exploitation. In Metaheuristic Computation: A Performance Perspective; Springer: Berlin/Heidelberg, Germany, 2021; pp. 249–269. [Google Scholar]
- Sánchez, R. Generación de s-Cajas Equivalentes según su Resistencia a los Ataques por Análisis Diferencial de Potencia; Technical Report; Facultad de Ingeniería Informática, Universidad Tecnologica de la Habana, CUJAE: La Habana, Cuba, 2016. [Google Scholar]
- Legón-Pérez, C.M.; Sánchez-Muiña, R.; Miyares-Moreno, D.; Bardaji-López, Y.; Martínez-Díaz, I.; Rojas, O.; Sosa-Gómez, G. Search-Space Reduction for S-Boxes Resilient to Power Attacks. Appl. Sci. 2021, 11, 4815. [Google Scholar] [CrossRef]
- Nyberg, K. Differentially uniform mappings for cryptography. In Workshop on the Theory and Application of of Cryptographic Techniques; Springer: Berlin/Heidelberg, Germany, 1993; pp. 55–64. [Google Scholar]
- Picek, S.; Papagiannopoulos, K.; Ege, B.; Batina, L.; Jakobovic, D. Confused by confusion: Systematic evaluation of DPA resistance of various s-boxes. In Proceedings of the International Conference on Cryptology in India, New Delhi, India, 14–17 December 2014; Springer: Berlin/Heidelberg, Germany, 2014; pp. 374–390. [Google Scholar]
- Prouff, E. DPA attacks and S-boxes. In International Workshop on Fast Software Encryption; Springer: Berlin/Heidelberg, Germany, 2005; pp. 424–441. [Google Scholar]
- Chakraborty, K.; Sarkar, S.; Maitra, S.; Mazumdar, B.; Mukhopadhyay, D.; Prouff, E. Redefining the transparency order. Des. Codes Cryptogr. 2017, 82, 95–115. [Google Scholar] [CrossRef] [Green Version]
- Li, H.; Zhou, Y.; Ming, J.; Yang, G.; Jin, C. The Notion of Transparency Order, Revisited. Comput. J. 2020, 63, 1915–1938. [Google Scholar] [CrossRef]
- Talbi, E.G. Metaheuristics: From Design to Implementation; John Wiley & Sons: Hoboken, NJ, USA, 2009; Volume 74. [Google Scholar]
- Wang, Y.; Zhang, Z.; Zhang, L.Y.; Feng, J.; Gao, J.; Lei, P. A genetic algorithm for constructing bijective substitution boxes with high nonlinearity. Inf. Sci. 2020, 523, 152–166. [Google Scholar] [CrossRef]
- Bilgin, B.; Nikova, S.; Nikov, V.; Rijmen, V.; Tokareva, N.; Vitkup, V. Threshold implementations of small S-boxes. Cryptogr. Commun. 2015, 7, 3–33. [Google Scholar] [CrossRef] [Green Version]
- Khadem, B.; Ghasemi, R. Improved algorithms in parallel evaluation of large cryptographic S-boxes. Int. J. Parallel Emergent Distrib. Syst. 2020, 35, 461–472. [Google Scholar] [CrossRef]
- Qi, F. Some properties of the Catalan numbers. Ars Comb. 2021, 2022, 1–9. [Google Scholar]
n | Theoretical Probability | Theoretical Probability | Entropy |
---|---|---|---|
3 | 0.214 | 0.786 | 0.75 |
4 | 0.225 | 0.775 | 0.77 |
5 | 0.222 | 0.778 | 0.76 |
6 | 0.213 | 0.787 | 0.75 |
7 | 0.203 | 0.797 | 0.73 |
8 | 0.193 | 0.807 | 0.71 |
9 | 0.184 | 0.816 | 0.69 |
10 | 0.175 | 0.825 | 0.670 |
11 | 0.168 | 0.832 | 0.653 |
12 | 0.161 | 0.839 | 0.637 |
13 | 0.155 | 0.845 | 0.622 |
14 | 0.149 | 0.851 | 0.608 |
15 | 0.144 | 0.856 | 0.596 |
16 | 0.140 | 0.860 | 0.584 |
n | |||
---|---|---|---|
3 | 0.3125 | 0.325735 | 0.01323500 |
4 | 0.273438 | 0.282095 | 0.00865729 |
5 | 0.246094 | 0.252313 | 0.00621950 |
6 | 0.225586 | 0.230329 | 0.00474350 |
7 | 0.209473 | 0.213244 | 0.00377096 |
8 | 0.196381 | 0.199471 | 0.00309052 |
9 | 0.185471 | 0.188063 | 0.00259261 |
10 | 0.176197 | 0.178412 | 0.00221536 |
11 | 0.168188 | 0.17011 | 0.00192146 |
12 | 0.16118 | 0.162868 | 0.00168725 |
13 | 0.154981 | 0.156478 | 0.00149702 |
14 | 0.149446 | 0.150786 | 0.00134003 |
15 | 0.144464 | 0.145673 | 0.00120868 |
16 | 0.13995 | 0.141047 | 0.00109746 |
n | Theoretical Probability | Theoretical Probability Limit | Recursive Theoretical Probability | ||
---|---|---|---|---|---|
3 | 0.2143 | 0.3125 | 0.2143 | 0.0982 | 0.0000 |
4 | 0.2250 | 0.2734 | 0.1929 | 0.0484 | 0.0321 |
5 | 0.2218 | 0.2461 | 0.1768 | 0.0243 | 0.0450 |
6 | 0.2133 | 0.2256 | 0.1642 | 0.0123 | 0.0491 |
7 | 0.2032 | 0.2095 | 0.1539 | 0.0063 | 0.0493 |
8 | 0.1932 | 0.1964 | 0.1453 | 0.0032 | 0.0479 |
9 | 0.1839 | 0.1855 | 0.1381 | 0.0016 | 0.0458 |
10 | 0.1754 | 0.1762 | 0.1318 | 0.0008 | 0.0436 |
11 | 0.1678 | 0.1682 | 0.1263 | 0.0004 | 0.0415 |
12 | 0.1610 | 0.1612 | 0.1215 | 0.0002 | 0.0395 |
13 | 0.1549 | 0.1550 | 0.1171 | 0.0001 | 0.0378 |
14 | 0.1494 | 0.1494 | 0.1132 | 0.0000 | 0.0362 |
15 | 0.1444 | 0.1445 | 0.1097 | 0.0001 | 0.0347 |
16 | 0.1399 | 0.1399 | 0.1064 | 0.0000 | 0.0335 |
Range of n | ||
---|---|---|
0.0140 | 0.0013 | |
0.0008 | 0.0000 |
Range of n | ||
---|---|---|
0.0383 | 0.0410 | |
0.0002 | 0.0000 |
n | Theoretical Probability | Estimation | |
---|---|---|---|
3 | 0.2143 | 0.3125 | 0.0982 |
4 | 0.2250 | 0.2734 | 0.0493 |
5 | 0.2218 | 0.2461 | 0.0243 |
6 | 0.2133 | 0.2256 | 0.0123 |
7 | 0.2032 | 0.2095 | 0.0063 |
8 | 0.1932 | 0.1964 | 0.0032 |
9 | 0.1839 | 0.1855 | 0.0016 |
10 | 0.1754 | 0.1762 | 0.0008 |
11 | 0.1678 | 0.1682 | 0.0004 |
12 | 0.1610 | 0.1612 | 0.0002 |
13 | 0.1549 | 0.1550 | 0.0001 |
14 | 0.1494 | 0.1494 | 0.0000 |
15 | 0.1444 | 0.1445 | 0.0001 |
16 | 0.1399 | 0.1399 | 0.0000 |
n | Theoretical Probability | Estimation of | |
---|---|---|---|
3 | 0.2143 | 0.2149 | 0.0006 |
4 | 0.225 | 0.2263 | 0.0013 |
5 | 0.2218 | 0.2217 | −0.0001 |
6 | 0.2133 | 0.2133 | 0 |
7 | 0.2032 | 0.2029 | −0.0003 |
8 | 0.1932 | 0.1935 | 0.0003 |
9 | 0.1839 | 0.1849 | 0.001 |
10 | 0.1754 | 0.1758 | 0.0004 |
11 | 0.1678 | 0.1677 | −0.0001 |
12 | 0.161 | 0.1611 | 0.0001 |
13 | 0.1549 | 0.1553 | 0.0004 |
14 | 0.1494 | 0.1495 | 0.0001 |
15 | 0.1444 | 0.1442 | 0.0002 |
16 | 0.1399 | 0.1396 | −0.0003 |
n | Theoretical Probability | Estimation of |
---|---|---|
3 | 0.0214 | 0.0428 |
4 | 0.0374 | 0.0486 |
5 | 0.0437 | 0.0485 |
6 | 0.0435 | 0.0449 |
7 | 0.0406 | 0.0413 |
8 | 0.0371 | 0.0371 |
9 | 0.0337 | 0.0338 |
10 | 0.0307 | 0.0311 |
11 | 0.0281 | 0.0283 |
12 | 0.0259 | 0.0259 |
13 | 0.0240 | 0.0241 |
14 | 0.0223 | 0.0222 |
15 | 0.0209 | 0.0208 |
16 | 0.0196 | 0.0196 |
Publisher’s Note: MDPI stays neutral with regard to jurisdictional claims in published maps and institutional affiliations. |
© 2021 by the authors. Licensee MDPI, Basel, Switzerland. This article is an open access article distributed under the terms and conditions of the Creative Commons Attribution (CC BY) license (https://creativecommons.org/licenses/by/4.0/).
Share and Cite
Legón-Pérez, C.M.; Menéndez-Verdecía, J.A.; Martínez-Díaz, I.; Sosa-Gómez, G.; Rojas, O.; Veloz-Remache, G.d.R. Probabilistic Evaluation of the Exploration–Exploitation Balance during the Search, Using the Swap Operator, for Nonlinear Bijective S-Boxes, Resistant to Power Attacks. Information 2021, 12, 509. https://doi.org/10.3390/info12120509
Legón-Pérez CM, Menéndez-Verdecía JA, Martínez-Díaz I, Sosa-Gómez G, Rojas O, Veloz-Remache GdR. Probabilistic Evaluation of the Exploration–Exploitation Balance during the Search, Using the Swap Operator, for Nonlinear Bijective S-Boxes, Resistant to Power Attacks. Information. 2021; 12(12):509. https://doi.org/10.3390/info12120509
Chicago/Turabian StyleLegón-Pérez, Carlos Miguel, Jorge Ariel Menéndez-Verdecía, Ismel Martínez-Díaz, Guillermo Sosa-Gómez, Omar Rojas, and Germania del Roció Veloz-Remache. 2021. "Probabilistic Evaluation of the Exploration–Exploitation Balance during the Search, Using the Swap Operator, for Nonlinear Bijective S-Boxes, Resistant to Power Attacks" Information 12, no. 12: 509. https://doi.org/10.3390/info12120509