基于秘密共享的SM4算法S盒实现方案
|
摘要
针对现有的SM4算法掩码方案不能完全抵抗差分功耗分析(DPA)攻击的现状,提出一种基于秘密共享抵抗DPA攻击的方案。通过将输入变换到复合域中求逆,结合秘密共享、门限方案构造一个新型S盒。S盒利用秘密共享函数代替仿射变换,在乘法器分组中采用虚拟值法,并在反相器中引入分解法,使得实现方案具有较少的运算次数和较低的空间占比。安全性分析与实验结果表明,该方案所构造的S盒可有效抵御高阶DPA攻击及glitch攻击,且具有较低的功率消耗。
Aiming at the current situation that the existing SM4 algorithm mask scheme cannot completely resist the Differential Power Analysis( DPA) attack,a scheme based on secret sharing resistance DPA attack is proposed. This method constructs a new S-box by transforming the input into the composite domain and combining with the secret sharing as well as the threshold scheme. The new S-box uses secret sharing function instead of affine transformation,adopts the virtual value method in the multiplier grouping, and introduces the decomposition method in the inverter,which makes the scheme have less computation times and lower space proportion. Security analysis and experimental results show that the S-box constructed by this scheme can effectively resist high-order DPA attacks and glitch attacks, and has low power consumption.
Aiming at the current situation that the existing SM4 algorithm mask scheme cannot completely resist the Differential Power Analysis( DPA) attack,a scheme based on secret sharing resistance DPA attack is proposed. This method constructs a new S-box by transforming the input into the composite domain and combining with the secret sharing as well as the threshold scheme. The new S-box uses secret sharing function instead of affine transformation,adopts the virtual value method in the multiplier grouping, and introduces the decomposition method in the inverter,which makes the scheme have less computation times and lower space proportion. Security analysis and experimental results show that the S-box constructed by this scheme can effectively resist high-order DPA attacks and glitch attacks, and has low power consumption.
引文
[1]吕述望,苏波展,王鹏,等.SM4分组密码算法综述[J].信息安全研究,2016(11):995-1007.
[2]LIU F,JI W,HU L,et al.Analysis of the SM4 block cipher[C]//Proceedings of ACISP’07.Townsville,Australia:[s.n.],2007:158-170.
[3]BAI X,GUO L,LI T.Differential power analysis attack on SM4 block cipher[C]//Proceedings of ICCSC’08.Washington D.C.,USA:IEEE Press,2008:613-617.
[4]BAI X,XU Y,GUO L.Securing SM4 cipher against differential power analysis and its VLSI implementation[C]//Proceedings of the 11th IEEE International Conference on Communications Systems.Washington D.C.,USA:IEEE Press,2008:167-172.
[5]LIANG H,WU L,ZHANG X,et al.Design of a masked Sbox for SM4 based on composite field[C]//Proceedings of the 20th International Conference on Computational Intelligence and Security.Washington D.C.,USA:IEEEPress,2014:387-391.
[6]NIKOVA S,RECHBERGER C,RIJMEN V.Threshold implementations against side-channel attacks and glitches[C]//Proceedings of International Conference on Information and Communications Security.Berlin,Germany:Springer,2006:529-545.
[7]MORADI A,POSCHMANN A,LING S,et al.Pushing the limits:a very compact and a threshold implementation of AES[C]//Proceedings of Advances in Cryptology-EUROCRYPT’11.Berlin,Germany:Springer,2011:69-88.
[8]BILDIN B,GIERLICHS B,NIKOVA S,et al.A more efficient AES threshold implementation[C]//Proceedings of International Conference on Cryptology.Berlin,Germany:Springer,2014:267-284.
[9]KOCHER P C,JAFFE J,JUN B.Differential power analysis[C]//Proceedings of International Cryptology Conference on Advances in Cryptology.Berlin,Germany:Springer,1999:388-397.
[10]MANGARD S,OSWALD E,POPP T.Power analysis attacks:revealing the secrets of smart cards[M].Berlin,Germany:Springer,2010.
[11]SLINKO A.Secret sharing[M].Berlin,Germany:Springer,2015.
[12]NIKOVA S,RIJMEN V,SCHLAFFER M.Secure hardware implementation of nonlinear functions in the presence of glitches[J].Journal of Cryptology,2011,24(2):292-321.
[13]冷建伟,李鹏.基于自适应特征分布更新的压缩跟踪算法[J].计算机工程,2018,44(2):264-270.
[14]WANG Y,YUAN Z,LI Z,et al.Secret sharing based countermeasure for AES S-box[C]//Proceedings of IEEE International Symposium on Integrated Circuits.Washington D.C.,USA:IEEE Press,2011:504-507.
[15]BILGIN B,NIKOVA S,NIKOVA V,et al.Threshold implementations of small S-boxes[J].Cryptography and Communications,2015,7(1):3-33.
[16]钟卫东,孟庆全,张帅伟,等.基于秘密共享的AES的S盒实现与优化[J].工程科学与技术,2017(1):191-196.
[17]袁征.功耗攻击防御技术在分组密码中的应用研究[D].长沙:湖南大学,2012.
[18]牛砚波,蒋安平.一种低功耗抗差分功耗分析攻击的SM4算法实现[J].微电子学与计算机,2014,31(9):28-32.
[2]LIU F,JI W,HU L,et al.Analysis of the SM4 block cipher[C]//Proceedings of ACISP’07.Townsville,Australia:[s.n.],2007:158-170.
[3]BAI X,GUO L,LI T.Differential power analysis attack on SM4 block cipher[C]//Proceedings of ICCSC’08.Washington D.C.,USA:IEEE Press,2008:613-617.
[4]BAI X,XU Y,GUO L.Securing SM4 cipher against differential power analysis and its VLSI implementation[C]//Proceedings of the 11th IEEE International Conference on Communications Systems.Washington D.C.,USA:IEEE Press,2008:167-172.
[5]LIANG H,WU L,ZHANG X,et al.Design of a masked Sbox for SM4 based on composite field[C]//Proceedings of the 20th International Conference on Computational Intelligence and Security.Washington D.C.,USA:IEEEPress,2014:387-391.
[6]NIKOVA S,RECHBERGER C,RIJMEN V.Threshold implementations against side-channel attacks and glitches[C]//Proceedings of International Conference on Information and Communications Security.Berlin,Germany:Springer,2006:529-545.
[7]MORADI A,POSCHMANN A,LING S,et al.Pushing the limits:a very compact and a threshold implementation of AES[C]//Proceedings of Advances in Cryptology-EUROCRYPT’11.Berlin,Germany:Springer,2011:69-88.
[8]BILDIN B,GIERLICHS B,NIKOVA S,et al.A more efficient AES threshold implementation[C]//Proceedings of International Conference on Cryptology.Berlin,Germany:Springer,2014:267-284.
[9]KOCHER P C,JAFFE J,JUN B.Differential power analysis[C]//Proceedings of International Cryptology Conference on Advances in Cryptology.Berlin,Germany:Springer,1999:388-397.
[10]MANGARD S,OSWALD E,POPP T.Power analysis attacks:revealing the secrets of smart cards[M].Berlin,Germany:Springer,2010.
[11]SLINKO A.Secret sharing[M].Berlin,Germany:Springer,2015.
[12]NIKOVA S,RIJMEN V,SCHLAFFER M.Secure hardware implementation of nonlinear functions in the presence of glitches[J].Journal of Cryptology,2011,24(2):292-321.
[13]冷建伟,李鹏.基于自适应特征分布更新的压缩跟踪算法[J].计算机工程,2018,44(2):264-270.
[14]WANG Y,YUAN Z,LI Z,et al.Secret sharing based countermeasure for AES S-box[C]//Proceedings of IEEE International Symposium on Integrated Circuits.Washington D.C.,USA:IEEE Press,2011:504-507.
[15]BILGIN B,NIKOVA S,NIKOVA V,et al.Threshold implementations of small S-boxes[J].Cryptography and Communications,2015,7(1):3-33.
[16]钟卫东,孟庆全,张帅伟,等.基于秘密共享的AES的S盒实现与优化[J].工程科学与技术,2017(1):191-196.
[17]袁征.功耗攻击防御技术在分组密码中的应用研究[D].长沙:湖南大学,2012.
[18]牛砚波,蒋安平.一种低功耗抗差分功耗分析攻击的SM4算法实现[J].微电子学与计算机,2014,31(9):28-32.