一种SM4算法S盒的门限实现方案  被引量：7

作　　者：李新超 钟卫东[1] 张帅伟 杨晓元[1] LI Xin-Chao;ZHONG Wei-Dong;ZHANG Shuai-Wei;YANG Xiao-Yuan(Key Laboratory of Network and Information Security of the Chinese Armed Police,Department of Electronic Technology,Engineering University of PAP,Xi'an 710086,China)

机构地区：[1]武警工程大学电子技术系网络与信息安全武警部队重点实验室,西安710086

出　　处：《密码学报》2018年第6期641-650,共10页Journal of Cryptologic Research

基　　金：国家自然科学基金(U1636114);国家重点研发计划(2017YFB0802000)~~

摘　　要：侧信道攻击自诞生以来,对密码算法的实现安全产生了巨大的威胁.以DPA攻击为代表的功耗攻击作为典型的侧信道攻击方法之一,由于具有攻击性强,实施简单的特点,已成为侧信道攻击领域研究最多,应用最广的攻击方法. SM4算法作为我国的分组密码标准,自公布之日起就受到了业界的广泛关注,其安全性也迅速成为密码算法领域的研究热点.在SM4算法公布后不久,即被业内学者利用DPA攻击成功破解密钥, SM4算法的实现安全面临重大挑战.本文针对SM4算法如何防御二阶DPA攻击的问题,提出了一种基于门限实现理论抵抗二阶DPA攻击的新方案.该方案通过利用正规基将S盒的输入变换到复合域中求逆,再结合门限实现理论构造了一个新型S盒.新的S盒通过将输入分成3组,保证了本文方案具有抵抗二阶DPA攻击的能力;通过引入环掩码结构和分解法求逆,减小了方案的实现面积.经过安全性分析,本文方案所构造的S盒可以有效地抵御二阶DPA攻击.实验结果表明,与常规复合域掩码方案相比,本文方案的面积减小6%,所需随机掩码数处于较低水平.Since its birth,side channel attack has posed a great threat to the security of crypto- graphic algorithms.As one of the typical side channel attack methods,DPA attack has become the most popular and widely used attack method in the field of side channel attack because of its high effectiveness and simple implementation.As a block cipher standard in China,SM4 algorithm has attracted wide attention,and its security has become a research hotspot.Shortly after the publication of SM4 algorithm,it was successfully cracked by the industry scholars using DPA attack.The security of SM4 algorithm in its implementation is facing severe challenges.In this study,a new threshold im- plementation scheme of SM4 is proposed to resist second-order DPA attack.In this scheme,the input of S-box is transformed into composite field by normal basis,and then a new S-box is constructed by combining threshold implementation theory.By dividing the input into three groups,the new S-box guarantees the resistance against second-order DPA attacks,and reduces the implementation area of the scheme by introducing ring mask structure and decomposition method for inversion.Analysis shows that the S-box constructed in this scheme can effectively resist second-order DPA attack.The experimental results show that the area of the proposed scheme is reduced by 6% and the required number of random masks is at a low level compared with the conventional masking schemes based on composite field.

关 键 词：SM4 S盒 DPA 门限实现 正规基 环掩码 

分 类 号：TP309.7[自动化与计算机技术—计算机系统结构]