From minutes to millennia: enhancing power analysis resistance in AES and ASCON

Cryptographic algorithms are an important pillar in the digital world because they protect the content of sensitive data ensuring security in communication. Their strength lies in the mathematical complexity that underlies them. Thanks to it, the encryption of data is performed in a very simple way, while the reverse operation requires a huge amount of work in the case in which all the parameters used to perform it are not known. This peculiarity ensures strong protection against direct attacks such as brute force attacks or more advanced techniques such as linear or differential cryptanalysis, which would require millennia to recover with certainty the value of the cryptographic key. However, with the advent of a new class of attacks, known as side-channel attacks (SCA), this security has disappeared, since they no longer aim to discover the key based on the mathematical structure on which they are based, but they exploit weaknesses in the physical implementation of the algorithm, such as execution time or power consumed. The study that has been done in this thesis has the aim of investigating the behavior of two encryption algorithms subjected to power analysis attacks. The first is the Advanced Encryption Standard (AES), which at the time it was designed had as its main focus to be very robust against linear and differential cryptanalysis. This strength, however, makes it very weak against power analysis attacks. ASCON, its lightweight counterpart that has also recently become a standard, on the other hand has been conceived since its creation with the aim of being resistant against this type of attacks. With the right techniques, however, power analysis can still be a threat to this algorithm. This study, in addition to investigating the vulnerabilities of AES and ASCON, also aims to test a lightweight solution to increase resistance to power analysis. In particular, one of the most critical blocks regarding this type of cryptanalysis, the substitution box (S-box), is replaced with alternative S-boxes. Their choice is made by comparing with the original one of these algorithms their cryptographic properties, such as the confusion coefficient (CC) and the transparency order (TO). However, these metrics bring to light a very important consequence, namely finding the best trade-off between cryptanalytic security and power resistance. The effectiveness of these proposed S-boxes is tested on a physical implementation to evaluate their actual effectiveness in this balancing.