ZHOU Zhou,HE Yi-fan,SHEN Hai-bin,ZHAO Xu-xin

DOI: https://doi.org/10.3969/j.issn.1005-9490.2007.04.089

2007-01-01

Abstract:SMS4 algorithm is the domestic encryption standard released for WLAN use.An inner-round pipelined,high-speed engine is proposed after analyzing the features of this algorithm.By using pipelined or parallel multi-engines,throughput and hardware cost can be easily adjusted according to different applications.Compared with the 32-stage pipelined structure,hardware cost is much lower under the same throughput.Moreover,the SMS4 encryption/decryption system can easily fit in a low-cost Spartan II XC2S50 FPGA in a single-engine implementation.

Jin Yier,Shen Haibin,You Rongquan

DOI: https://doi.org/10.1109/CHINACOM.2006.344900

2007-01-01

Abstract:This paper describes two encryption designs of Chinese wireless local area network block cipher standard - SMS4 algorithm. Then these two designs are implemented on Xilinx Virtex-4 FPGA devices. The first (pipelined) design is optimized in order to reduce time delay and the encryption core has a throughput of 24Gb/s. The second (folded) design is optimized in order to minimize area coverage and the encryption core only needs 380 CLB slices with throughput of 740Mb/s. There are no known hardware implementations of an encryption SMS4 designs. © 2006 IEEE.

LI Gang,FANG Dong-bo,SHEN Hai-bin

DOI: https://doi.org/10.3969/j.issn.1000-3428.2011.21.032

2011-01-01

Abstract:Combined with the characteristic and practical working condition of SMS4 cipher algorithm,this paper proposes its low consumption implementation method.By comparative analyzing the secret keys of the front and back grouping encryption deciphering data,selectively reuse the previously generated intermediate data.Combined with dynamic clock switching,operator isolation,gated clock as well as other lower consumption design technic,the power consumption is greatly reduced.Experimental result shows that,this implementation method compared with the original algorithm,the consumption reduces by 65%,and equivalent door number reduces by 13%.

BAI Xue-fei,GUO Li,XU Yan-hua,LI Zhi-yuan

2009-01-01

Abstract:SMS4 algorithm is a block cipher used in WLAN products. In this paper, the differential power analysis attack on SMS4 algorithm is discussed. Based on analyses of the algorithm structure and principles of differential power analysis technologies, an attack method on every byte of round keys is presented. Through this attack, the round keys of the last four rounds of SMS4 can be obtained, and then the 128bit encryption key can be found out. The results of simulation experiments indicate that this attack method is effective and practical on SMS4 round operation. SMS4 algorithm is vulnerable to differential power analysis attacks, and cryptographic devices should be protected to prevent this kind of attacks.

Xuefei Bai,Li Guo,Tie Li

DOI: https://doi.org/10.1109/iccsc.2008.136

2008-01-01

Abstract:SMS4 is a 128-bit block cipher used in the WAPI standard for protecting data packets in WLAN. In this paper, a differential power analysis attack method on every byte of round keys is presented. Through this attack, the round keys of the last four rounds of SMS4 can be obtained, and then the 128- bit encryption key can be found out. The results of simulation experiments indicate that this attack is effective and practical on the SMS4 cipher.

Shuang Qiu,Guoqiang Bai

DOI: https://doi.org/10.1109/ICCCNT.2014.6963131

2014-01-01

Abstract:SM4 (SMS4) algorithm is a block cipher used in the Chinese National Standard for WLAN WAPI. In this paper we investigate the vulnerability of SM4 FPGA (Field Programmable Array) implementation to differential power analysis (DPA). To tackle this issue, we review the theory behind the conventional DPA on DES and AES first. By comparing the differences in algorithm structure, we show that SM4 is more difficult to attack than DES and AES. Then, we concentrate on showing how “chosen-text DPA” can be applied to attack SM4 successfully while the conventional DPA is hardly effective. Experimental results against a FPGA implementation of SM4 demonstrate the inefficient of conventional DPA and the effectiveness of “chosen-text DPA”. In addition, proper countermeasures for SM4 are also discussed according to its DPA-related properties.

Jia Zhao,Jun Han,Xiaoyang Zeng,Liang Li,Yunsong Deng

DOI: https://doi.org/10.1109/icasic.2007.4415761

2007-01-01

Abstract:This paper proposes a low cost VLSI implementation of a masked AES algorithm resistant to DPA (Differential Power Analysis) attack. In order to minimize the influence of the modification to the hardware cost while enabling it resistant to DPA, such methods as altering calculation order, module reuse and composite field computation are employed to reduce chip area and maintain its speed. Using the HHNEC 0.25 mum CMOS process, the scale of the design is about 48 K equivalent gates and its system frequency is up to 70 MHz. The throughput of the 128-bit data encryption and decryption are as high as 380 Mbit/s.

韩军,曾晓洋,赵佳

DOI: https://doi.org/10.3969/j.issn.1000-436x.2010.01.004

2010-01-01

Abstract:A VLSI implementation of AES algorithm against both differential power attack and differential fault attack was proposed. The main countermeasures employed in this hardware design are masking technique and two-dimensional parity-based concurrent error detection method. And exploits such methods as separating 128bit calculation into four 32bit calculations, module reuse and optimization of calculation order was exploited to reduce hardware cost. Moreover, a 3 level pipelined structure of AES encryption and decryption is used to improve hardware speed and throughput. The AES IP core based on these techniques can resist two kinds of side channel attacks with reasonable performance and cost.

XU Yan-hua,BAI Xue-fei,GUO Li

2009-01-01

Journal of University of Science and Technology of China

Abstract:In order to solve the problem of the implementation algorithm of S-box based on the inversion transformation over Galois field,methods such as composite field computation,altering calculation order and sharing factors have been used to optimize operations.A low hardware overhead implementation algorithm of S-box based on the inversion transformation approach from GF(28) to GF(22) was presented.Compared with the implementations based on look-up table method,this algorithm can reduce circuit area by 34%~68% using 0.18 μm and 0.35 μm CMOS technology.This design method can make SMS4 algorithm more suitable for area-critical devices.

Guoqiang Bai,Hailiang Fu,Wei Li,Xingjun Wu

DOI: https://doi.org/10.1109/trustcom/bigdatase.2018.00210

2018-01-01

Abstract:This paper presents a practicable method of differential power attack on SM4 block cipher. We build the power acquisition platform based on SASEBO-G board. Through the platform, the encryption of SM4 algorithm is implemented in hardware and the power curves are obtained by the Agilent oscilloscope at the same time. The hamming weight of 8-bit output of S-box is selected as the power model to realize the DPA attack on MATLAB. Only 2000 power traces are needed to crack the sub-key byte in the first round of standard SM4 algorithm. The cost of DPA attack has been reduced more than 60% compared with the references which need at least 5000 power traces.

Zijing Jiang,Wenhao Yan,Wei Ding,Linlin Yue,Qun Ding

DOI: https://doi.org/10.1142/s0218127422501103

IF: 2.45

2022-06-30

International Journal of Bifurcation and Chaos

Abstract:SCA is one of the biggest threats to the security of encryption chip. It can crack the unprotected encryption chip at lower cost and faster speed, which weakens the security of the SM4 encryption algorithm circuit without any protection. In this paper, the SM4 encryption algorithm is implemented on FPGA. The pseudo-random sequence generated by discrete chaotic system is used to randomly mask the intermediate value in the SM4 encryption process. This will disrupt the power consumption in the encryption process, thus preventing power analysis. Experimental results show that the proposed chaotic mask scheme can effectively prevent intermediate value leakage and protect the SM4 encryption system from power analysis attack.

mathematics, interdisciplinary applications,multidisciplinary sciences

Weiwei Yan,Kaidi You,Jun Han,Xiaoyang Zeng

DOI: https://doi.org/10.1109/asicon.2009.5351588

2009-01-01

Abstract:SMS4 algorithm is the first Chinese encryption standard for WLAN released by the Office of State Commercial Cryptography Administrator (OSCCA). AES is an international encryption standard substituting DES in wider range of applications. SMS4 and AES have the similar operation scheme, and both can be employed by the security protocols for robust network. To save cost and improve flexibility, a folded and reconfigurable architecture is proposed in this paper to implement the SMS4 and AES algorithm And it is demonstrated that the VLSI implementation of this design based on SMIC 0.13 um CMOS technology can achieve 200MHz working frequency at very low cost of 22k gates. The simulation results show that the throughput of the proposed design is 800Mbps and 512Mbps when SMS4 and AES are computed respectively, which stratifies the performance requirement of security application in WLAN.1

Hailiang Fu,Guoqiang Bai,Xingjun Wu

DOI: https://doi.org/10.1007/978-3-319-59608-2_39

2016-01-01

Abstract:Implementations of the SM4 algorithm, including different hardware applications with limited resources, are vulnerable to Side-Channel Attacks. This paper presents a countermeasure against such attacks by adding a random “mask” to the input plaintext and protect all variables through the whole encryption process. As is known to all, the unique nonlinear step in each round of SM4 algorithm is the “S-Box” and the previous works using lookup-table method to implement the S-Box always incur large area and high power. Here we give the compact design of masked S-Box using the normal basis in the composite field (consisting of a Galois inversion and several affine transformations). Then we compute the different masks diffused to all the steps in the SM4 algorithm process. The proposed design results in ultra-low cost of hardware and capability to resist first-order differential power analysis (DPA), which is suitable for the resource constrained devices. The synthesis result of masked S-Box shows that the area under the SMIC 0.13 (upmu )m is only about 978-gates, 46.8% fewer than the other works. Further, we apply the pipeline technique to our proposed “masked S-Box”, thereby to the whole masked SM4 algorithm. The results of FPGA implementation present that our works have achieved an ultra-high speed with frequency nearly 551 MHz and the throughput over 70 Gbps.

Fen Liu,Wen Ji,Lei Hu,Jintai Ding,Shuwang Lv,Andrei Pyshkin,Ralf-Philipp Weinmann

DOI: https://doi.org/10.1007/978-3-540-73458-1_13

2007-01-01

Abstract:SMS4 is a 128-bit block cipher used in the WAPI standard for providing data confidentiality in wireless networks. In this paper we investigate and explain the origin of the S-Box employed by the cipher, show that an embedded cipher similar to BES can be obtained for SMS4 and demonstrate the fragility of the cipher design by giving variants that exhibit 2(64) weak keys. We also show attacks on reduced round versions of the cipher. The best practical attack we found is an integral attack that works on 10 rounds out of 32 rounds with a complexity of 2(18) operations; it can be extended to 13 rounds using round key guesses, resulting in a complexity of 2(114) operations and a data complexity of 2(16) chosen pairs.

Xiaowei Han,Beibei Wang,An Wang,Liji Wu,Woogeun Rhee

DOI: https://doi.org/10.1109/CIS.2014.116

2014-01-01

Abstract:SM2 is a public-key cryptography algorithm which is based on elliptic curves. Since the side channel leakage of devices can be used to deduce the information of secret keys, algorithms to implement SM2 need to be improved. In this paper, we propose an initialized masking scalar multiplication algorithm (IMSM), a modified atomic point doubling and point addition algorithm (MADA), and a transformed formula countermeasure (TFCS). Analysis shows they can resist Simple Power Analysis (SPA), Differential Power Analysis and Template Attacks. IMSM and MADA have been verified to resist SPA on FPGA board successfully. Compared to Binary Expansion with RIP algorithm, 28.6% calculations can be saved when the scalar is divided into four parts, which is rather fast.

Junrong Liu,Yu Yu,François-Xavier Standaert,Zheng Guo,Dawu Gu,Wei Sun,Yijie Ge,Xinjun Xie

DOI: https://doi.org/10.1007/978-3-319-24174-6_24

2015-01-01

Abstract:Side-channel attacks are an increasingly important concern for the security of cryptographic embedded devices, such as the SIM cards used in mobile phones. Previous works have exhibited such attacks against implementations of the 2G GSM algorithms (COMP-128, A5). In this paper, we show that they remain an important issue for USIM cards implementing the AES-based MILENAGE algorithm used in 3G/4G communications. In particular, we analyze instances of cards from a variety of operators and manufacturers, and describe successful Differential Power Analysis attacks that recover encryption keys and other secrets (needed to clone the USIM cards) within a few minutes. Further, we discuss the impact of the operator-defined secret parameters in MILENAGE on the difficulty to perform Differential Power Analysis, and show that they do not improve implementation security. Our results back up the observation that physical security issues raise long-term challenges that should be solved early in the development of cryptographic implementations, with adequate countermeasures.

Cong Chen,Xiangyu Li,Liji Wu,Xiangmin Zhang

DOI: https://doi.org/10.1109/ICSICT.2010.5667831

2010-01-01

Abstract:In this paper, an automatic general-purpose Differential Power Analysis (DPA) System for cryptographic devices is designed and implemented. This system aims at testing the security of cryptographic devices, e.g., Smart Card, FPGA and ASIC circuit against DPA attacks. To verify the effectiveness of the system, a DPA attack was successfully carried out by it on an AES cryptographic ASIC chip which had countermeasures implemented in it. The experimental results showed that the correct cipher key of this AES chip could be obtained during less than 3 hours of data processing time with at least 5000 power traces.

Nengyuan Sun,Wenrui Liu,Jiafeng Cheng,Zhaokang Peng,Chunyang Wang,Caiban Sun,Heng Sha,Zhiyuan Pan,Ming Jin,Hongyang Zhao,Jinghe Wang,Yiming Wen,Pengliang Kong,Yunfeng Zhao,Yaoqiang Wang,Selcuk Kose,Weize Yu

DOI: https://doi.org/10.1002/cta.3962

IF: 2.378

2024-02-02

International Journal of Circuit Theory and Applications

Abstract:Regular SM4 cryptographic circuit is pretty vulnerable to higher order power attacks. The robustness of the proposed SM4 architecture against fourth‐order power attacks can be reinforced significantly by embedding four random number generators. In this letter, a novel secret merchant‐4 (SM4) cryptographic circuit implementation is proposed against higher order power analysis attacks (PAAs). Four different random number generators (RNGs) are embedded into the SM4 architecture for breaking the correlation between the processed data and monitored power dissipation against PAAs. Firstly, fake keys are created by the first RNG to scramble the critical information related with the actual secret key. Furthermore, the second RNG controls the implementations of substitution boxes (Sboxes) with composite fields or look‐up tables randomly while the third RNG randomizes the substitution locations with respect to these Sboxes. Ultimately, the fourth RNG randomly swaps the behaviors of the fake SM4 and true SM4 to further break the critical correlation. Under the assistance of the four embedded RNGs, the proposed SM4 cryptographic architecture is capable of resisting against fourth‐order PAAs effectively with a 300 Mbps throughput and 165,354 μ m2 area after synthesizing in the TSMC 90 nm process design kits (PDK).

engineering, electrical & electronic

DENG Qiu-cheng,BAI Xue-fei,GUO Li,WANG Yao

DOI: https://doi.org/10.19304/j.cnki.issn1000-7180.2011.02.034

2011-01-01

Abstract:In this paper,we described a differential power analysis attack on the Montgomery Ladder algorithm based on the finite field GF(2m).We first implemented the algorithm with Verilog HDL,and then synthesized it to the netlist using the Charted 0.35μm CMOS technology,thus we can get the power information accurately.We performed a ZEMD differential power analysis attack on this algorithm subsequently,and use the abscissa of P2,a variable of the Montgomery Ladder algorithm,as the intermediate variable to classify the power curves,the result shows that the Montgomery Ladder algorithm couldn′t resist the ZEMD differential power analysis attack.So the algorithm is not secure enough,we need to take some more protective measures in practice.

Weijun Shan,Chi Zhang,Qing Li,Jun Yu

DOI: https://doi.org/10.1109/icnisc57059.2022.00103

2022-01-01

Abstract:This paper presents a lightweight countermeasure scheme of SM4 cryptographic algorithm against side channel analysis attacks. SM4 is one of the widely used block ciphers in information computing and data communication. However, as it is usually implemented in cryptographic devices, it is definitely under the threat of side channel analysis attacks. Some schemes of implementations have been provided as the countermeasures against the side channel analysis attacks, which leads to a relatively complicated realization on both cost and performance. This paper proposes a new mask scheme for SM4 implementation with lightweight cost and low performance loss. Experiment results show the effectiveness of the method against the side channel analysis attacks.