SM4 Algorithm

Abstract: With the growing popularity of smart integrated circuit IC cards, the chip security is attracting more and more attention. Researches on the attack and protection of smart IC cards have become increasingly hot. Side-channel attack is the practical and effective method, which has brought enormous threat. The efficiency of attack depends on the extent of the leakage model, which characterizes the practical applications. In the power analysis attack, the classical leakage model usually exploits the power consumption of single S-box, which is called divide and conquer. Taking data encryption standard DES algorithm, for example, the attack on each S-box needs to search the key space of 26 in a brute-force way. In this paper, we propose a novel leakage model, which is more flexible than the classical leakage model. The novel leakage model is based on the power consumption of multiple S-boxes, and the implementation of this method is combined with genetic algorithm. We can establish leakage model based on the Hamming distance of round output generated by eight S-boxes in DES algorithm. The experiment verifies the fact that the leakage model of eight S-boxes can decrease the traces number up to 52% than the classical one based on single S-box for DES algorithm. It also decreases the traces number up to 32% for SM4 algorithm. All the measurements of power data are acquired from a practical smart IC card. We also conclude that increasing noise, using variable clock, and limiting the lifetime of root key can be the choices of defensive strategy. Copyright © 2015 John Wiley & Sons, Ltd.

Abstract: The present invention discloses a security white box realizing method and device for the national cipher standard algorithm SM4, discloses essential components of equipment required by the white box SM4 algorithm, and belongs to the technical field of information security. With adoption of the method and the device, secret keys embedded into cipher software can be effectively protected in untrusted computer terminals. The white box SM4 password algorithm provided by the present invention achieves safe realization of the China commercial block cipher standard SM4. Secret keys are embedded into lookup tables, randomly selected affine codes are used for protecting the lookup tables, and thus the secret keys embedded in the lookup tables are protected. A TTC lookup table and a TRT lookup table are used in the algorithm, the last xor operation of output data of the TTC lookup table is embedded into the TRT lookup table, and output data of the TRT lookup table is protected by new 32-bit affine codes, so the situation of offsetting 32-bit affine codes embedded in the lookup tables by combining lookup tables can be prevented, thereby preventing reduction of code cracking difficulty, and realizing the protection aim.

Abstract: 【】A basic architecture is proposed for reducing the implementation complexity of SM4 block cipher. The architecture reuses the hardware of encryption/decryption and key expansion module because the encryption/decryption algorithm is very similar with the key expansion algorithm. Optimum trade-off among control-logic complexity, reused-module complexity and throughput is realized through careful analysis and choose of specific realization. A SM4 cipher IP is designed based on this architecture. The designed IP’s cost is only 55% of the traditional design in Field Programmable Gate Array(FPGA). The IP is also synthesized under the SMIC 0.18 μm CMOS process. Its area is 0.079 mm with 100 Mb/s throughput. Experimental results of synthesis show that the proposed architecture can reduce the implementation complexity of SM4 block cipher efficiently. 【Key words】SM4 algorithm; block cipher algorithm; low complexity; hardware reuse; Field Programmable Gate Array(FPGA); Application Specific Integrated Circuit(ASIC) implementation DOI: 10.3969/j.issn.1000-3428.2013.07.040 计 算 机 工 程 Computer Engineering 第 39卷 第 7期 Vol.39 No.7 2013年 7月 July 2013

Abstract: The invention discloses a template attack method in allusion to SM4 cipher algorithm round output. According to the method disclosed by the invention, special channel input is taken as a premise, the SM4 algorithm round output is used as an attack point, the hamming weight or the hamming distance of the round output is selected to establish a template, and template attack in allusion to the SM4 cipher algorithm round output can be realized by a small number of templates. Meanwhile, selective input is taken as a basis in a template matching stage, a support vector machine is used to act as a tool for judgment and analysis, a bit of linear transformation output can be broken by only two times of matching, and then a round sub-key is reversely derived by inverse transformation of nonlinear transformation and linear transformation. The method disclosed by the invention effectively solves a problem that template attack in allusion to the SM4 cipher algorithm round number is infeasible at the present stage.