Method for securing a cryptographic process with sbox against high-order side-channel attacks

Abstract

The present invention relates to a method for securing against N-order side-channel attacks a cryptographic process using in a plurality of encryption rounds an initial Substitution box Scomprising the steps of: —generating (E) a first randomized substitution box Sby masking said initial substitution box Ssuch that S(x XOR m)=S(x) XOR m, with m, muniformly-distributed random values, for any input value x of the initial substitution box S, —generating (E) a first transrandomized Substitution box S(1,1) from the first randomized substitution box Sand from masks m, m'such that S(1, 1)[x]=S[x xor (mxor m)] xor (mxor m′) for any input value x of the first transrandomized Substitution box S(1,1), —generating (E) from the first transrandomized Substitution box S(1,1) a N−1th transrandomized Substitution box S(1, N−1) by performing iteratively N−2 times a step of generation of a ith transrandomized Substitution box S(1, i) from a i−1th transrandomized substitution box S(1, i−1) and from a plurality of masks m 1,i, m′, m, m′such that S(1, i)[x]=S(1, i−1)[x xor (mxor m)] xor (m′xor m′) for any input value x of the ith transrandomized substitution box S(1, i), with i an integer comprised in {2, . . . N−1}, —performing the cryptographic process using (E) the N−1th transrandomized Substitution box S(1, N−1) instead of the initial Substitution box Sin at least said first round of the cryptographic process.