LIANG Hao,WU Li-ji,ZHANG Xiang-min

DOI: https://doi.org/10.19304/j.cnki.issn1000-7180.2015.05.004

2015-01-01

Abstract:In this paper, a new method based on composite field is proposed. Through isomorphism bit matrices, the calculation by changing finite field inversion from GF(28) to GF(((22)2)2) is simplified to reduce the computational difficulty and a more compact S-box is realized. The area decreases by 27% than Look-up Table. On the basis of that, the SM4 algorithm is implemented. The area of this IP core is only 7 612 gates synthesized under the smic0.13 μmCMOS process. Therefore this improved design is very helpful for area-limited condition such as IC cards.

Hailiang Fu,Guoqiang Bai,Xingjun Wu

DOI: https://doi.org/10.1109/ITNEC.2016.7560361

2016-01-01

Abstract:This paper presents an iterative encryption architecture of SM4 arithmetic in combinational logic. Previous works using Lookup Tables to implement the Sbox function have relied on circuits with a large area. Using the Normal Basis in the Composite Field, the proposed design reduces the circuits' area. We test all feasible sets of Normal Basis and finally find 8 sets for correct encryption of SM4. Through the simulation in Modelsim, the proposed architecture achieves the right result within 32 rounds. Compared with the other designs, our design uses less hardware and has a big advantage in resource constrained applications.

Hailiang Fu,Guoqiang Bai,Xingjun Wu

DOI: https://doi.org/10.1007/978-3-319-59608-2_39

2016-01-01

Abstract:Implementations of the SM4 algorithm, including different hardware applications with limited resources, are vulnerable to Side-Channel Attacks. This paper presents a countermeasure against such attacks by adding a random “mask” to the input plaintext and protect all variables through the whole encryption process. As is known to all, the unique nonlinear step in each round of SM4 algorithm is the “S-Box” and the previous works using lookup-table method to implement the S-Box always incur large area and high power. Here we give the compact design of masked S-Box using the normal basis in the composite field (consisting of a Galois inversion and several affine transformations). Then we compute the different masks diffused to all the steps in the SM4 algorithm process. The proposed design results in ultra-low cost of hardware and capability to resist first-order differential power analysis (DPA), which is suitable for the resource constrained devices. The synthesis result of masked S-Box shows that the area under the SMIC 0.13 (upmu )m is only about 978-gates, 46.8% fewer than the other works. Further, we apply the pipeline technique to our proposed “masked S-Box”, thereby to the whole masked SM4 algorithm. The results of FPGA implementation present that our works have achieved an ultra-high speed with frequency nearly 551 MHz and the throughput over 70 Gbps.

Weijun Shan,Chi Zhang,Qing Li,Jun Yu

DOI: https://doi.org/10.1109/icnisc57059.2022.00103

2022-01-01

Abstract:This paper presents a lightweight countermeasure scheme of SM4 cryptographic algorithm against side channel analysis attacks. SM4 is one of the widely used block ciphers in information computing and data communication. However, as it is usually implemented in cryptographic devices, it is definitely under the threat of side channel analysis attacks. Some schemes of implementations have been provided as the countermeasures against the side channel analysis attacks, which leads to a relatively complicated realization on both cost and performance. This paper proposes a new mask scheme for SM4 implementation with lightweight cost and low performance loss. Experiment results show the effectiveness of the method against the side channel analysis attacks.

Wei Li,Xingjun Wu,Guoqiang Bai

DOI: https://doi.org/10.1109/edssc.2019.8754041

2019-01-01

Abstract:In this paper, we executed a power analysis of hardware implementation of SM4 algorithm using machine learning classifiers (support vector machine (SVMs), Decision Trees (DT), k-Nearest Neighbor, (KNN), Ensemble learning (EB), etc.). We first download hardware design to the FPGA in power acquisition platform based on SASEBO-G board to obtain the power traces of SM4 during its encryption process. Then we introduced a machine learning method to the Hamming-weight attack model of SM4 algorithm. In the data preprocessing phase, principal component analysis (PCA) method was applied, and we explored how many points of interested (PoIs) should we take to achieve the best test accuracy. We have tried different kinds of classifiers and their performance against Gaussian noise. The results show that for different classifiers, the number of PoIs selected when achieving maximum precision is different, PCA can reduce the dimensions of power trace effectively but probably decrease the test accuracy. Furthermore, most of these classifiers have excellent resolution (up to 100%) for Gaussian noise superimposed on the power traces, which means that machine learning classifiers such like SVM and Decision Trees can compete with template attacks based on Gaussian distribution.

Rusi Wang,Hua Guo,Jiqiang Lu,Jianwei Liu

DOI: https://doi.org/10.1049/ise2.12045

2021-01-01

IET Information Security

Abstract:White-box cryptography is to primarily protect the key of a cipher from being extracted in a white-box scenario, where an adversary has full access to the execution environment of software implementation. Since the introduction of white-box cryptography, a number of white-box implementations of the Chinese SM4 block cipher standard have been proposed, and all of them have been attacked based on Billet et al.'s attack. In this study, we show that collision-based attack can work more efficiently on Shi et al.'s white-box SM4 implementation than the previously published attacks, by devising an attack with a time complexity of 223, significantly reducing the previously known time complexity of 249 to a very practical level. Our attack can also be similarly applied to some other white-box SM4 implementations.

Chao Jin,Zhejing Bao,Weiwei Miao,Zeng,Xiaogang Wei,Rui Zhang

DOI: https://doi.org/10.1109/access.2023.3290211

2021-01-01

Abstract:The white-box implementation of cryptography algorithm can hide key information even in the white-box attack context owing to the means of obfuscation. However, under the deliberately designed attack, there is still a risk of the information being recovered within a certain time complexity. In this paper, a lightweight nonlinear white-box SM4 implementation is proposed to prevent several typical attacks from extracting the secret key, which hides the encryption and decryption process in obfuscated lookup tables. Aiming to improve the diversity and ambiguity of the lookup tables as well as resist the different types of white-box attacks, the random bijective nonlinear mappings are applied as scrambling encodings of the lookup tables. Moreover, the memory occupation of the implementation doesn't increase significantly by simplifying the structure and using concatenation code. Through several quantitative indicators, including memory size, diversity, ambiguity, the time complexity required to extract the key, and the value space of the key and external encodings, it is proved that the security of the proposed implementation could been enhanced significantly, while no sacrificing the practicality, compared with the existing schemes.

Hao Liang,Liji Wu,Xiangmin Zhang,Jiabin Wang

DOI: https://doi.org/10.1109/cis.2014.59

2014-01-01

Abstract:This paper propose a new masking scheme for SM4 s-box based on composite field. Through isomorphism bit matrices, we simplify the calculation by changing finite field inversion from GF(28) toGF(((22)2)2) to reduce the computational difficulty. We carefully modify the inversion to ensure every intermediate value is masked during the process. The theoretical analysis and simulated CPA proves the effectiveness of this method. Thus our method can eliminate the need to pre-compute the s-box every time when the mask is updated, as a result, saves a lot of time and storage room. This method is suitable for implementations with limited resources such as smart cards.

Ruolin Zhang,Zejun Xiang,Shasha Zhang,Xiangyong Zeng,Min Song

DOI: https://doi.org/10.1049/2024/7047055

2024-06-25

IET Information Security

Abstract:The SM4 block cipher is standardized in ISO/IEC, and it is also the national standard of commercial cryptography in China. In this paper, we propose two new techniques called "split‐and‐join" and "off‐peak and stagger" to make SM4 more applicable to resource‐constrained environments. The area optimization method uses a 1‐bit data path while reducing the number of registers from 64 to 8 and the number of XOR gates from 194 to 8. As a result, we report a 1‐bit‐serial SM4 encryption circuit that occupies 1771 GE with a latency of 2,336 cycles. Additionally, the "off‐peak and stagger" technique compresses all the operations within the state update and key schedule into 32 clock cycles to reduce the latency. In other words, it takes 32 clock cycles to complete one round encryption. The new circuit occupies 1861 GE with a latency of 1,344 cycles. Moreover, we also discuss how to further reduce the latency by increasing the data path with a small area overhead to provide wider area‐latency tradeoffs for SM4. Our designs make SM4 competitive with many ciphers specifically designed for lightweight cryptography.

computer science, information systems, theory & methods

Qing-bin Luo,Qiang Li,Xiaoyü Li,Guowu Yang,Jinan Shen,Minghui Zheng

DOI: https://doi.org/10.21203/rs.3.rs-3105531/v1

2023-01-01

Abstract:Abstract SM4 cryptographic algorithm is a block cipher algorithm issued by China's state cryptographic administration and has become an international standard. we implement the quantum circuits of SM4 Block cipher by optimizing the number of qubits and the value of depth-times-width. When the S-box is implemented, four kind of improved quantum circuits of S-box are presented for different phases in SM4 based on composite field arithmetic. When optimizing the number of qubits, we implement the quantum circuit of SM4 by connecting the quantum subcircuits in series. The implemented quantum circuit of SM4 only uses 260 qubits, which is the least number of qubits used not only in implementing the SM4 quantum circuit, but also in implementing the block cipher algorithms with 8-bit S-box, 128-bit plaintext and 128-bit secret key. When optimizing the value of depth-times-width, we achieve it through parallel implementation. The trade-off quantum circuit uses a total of 288 quantum bits and the Toffoli depth is 1716. The depth-times-width is 494208, which is less than the existing best value 825792.

Sihang Pu,Zheng Guo,Junrong Liu,Dawu Gu,Yingxuan Yang,Xiaoke Tang,Jie Gan

DOI: https://doi.org/10.1109/cis.2017.00059

2017-01-01

Abstract:SM4, a proposed commercial block cipher to be used in IEEE 802.11i standard, has been widely performed in the Chinese National Standard for Wireless LAN WAPI (Wired Authentication and Privacy Infrastructure). Although it provides mathematical security in theory, implementation of the algorithm can be vulnerable to some side-channel analysis, especially Differential Power Analysis (DPA). To counter this kind of attacks, various masking schemes and other countermeasures have been well developed. In this paper, we propose and implement a new masking scheme for SM4 to defend DPA-like attacks. This countermeasure is based on Boolean matrix product masking which is a provable security masking scheme and consists of both additive Boolean masking and inner product masking directions. We develop a first variant version of this full-masking scheme on SM4 and implement it particularly on ATMega2560 in pure C language. Though the security potential of this matrix masking scheme has been proved, we evaluate performance and efficiency of this masking scheme through experiments in the paper.

Jingbin Zhang,Meng Ma,Ping Wang

DOI: https://doi.org/10.1007/978-3-030-05755-8_11

2018-01-01

Abstract:The SM4 block cipher algorithm used in IEEE 802.11i standard is released by the China National Cryptographic Authority and is one of the most important symmetric cryptographic algorithms in China. However, whether in the round encryption or key expansion phase of the SM4 algorithm, a large number of bit operations on the registers (e.g., circular shifting) are required. These operations are not effective to encryption in scenarios with large-scale data. In traditional implementations of SM4, different operands are assigned to different words and are processed serially, which can bring redundant operations in the process of encryption and decryption. Bit-slice technology places the same bit of multiple operands into one word, which facilitates bit-level operations in parallel. Bit-slice is actually a single instruction parallel processing technology for data, hence it can be accelerated by the CPU’s multimedia instructions. In this paper, we propose a fast implementation of the SM4 algorithm using bit-slice techniques. The experiment proves that the Bit-slice based SM4 is more efficient than the original version. It increases the encryption and decryption speed of the message by an average of 80%–120%, compared with the original approach.

Yue WANG,Shu-guo LI

DOI: https://doi.org/10.19304/j.cnki.issn1000-7180.2014.07.003

2014-01-01

Abstract:SBOX is the most time consuming part in block cipher SM4 algorithm ,so it′s of great importance to construct a sbox of high performance .In order to reduce latency of encryption algorithms in SM4 ,We introduce the N-dimensional hypercube method to construct SBOX ,the delay reduced six percent and the area reduced seventeen percent Compared with the traditional Sbox using look-up table method .what′s more ,this method is portable that it can apply to SBOX transformations of other algorithms .

Guoqiang Bai,Hailiang Fu,Wei Li,Xingjun Wu

DOI: https://doi.org/10.1109/trustcom/bigdatase.2018.00210

2018-01-01

Abstract:This paper presents a practicable method of differential power attack on SM4 block cipher. We build the power acquisition platform based on SASEBO-G board. Through the platform, the encryption of SM4 algorithm is implemented in hardware and the power curves are obtained by the Agilent oscilloscope at the same time. The hamming weight of 8-bit output of S-box is selected as the power model to realize the DPA attack on MATLAB. Only 2000 power traces are needed to crack the sub-key byte in the first round of standard SM4 algorithm. The cost of DPA attack has been reduced more than 60% compared with the references which need at least 5000 power traces.

Qing-bin Luo,Qiang Li,Xiao-yu Li,Guo-wu Yang,Jinan Shen,Minghui Zheng

DOI: https://doi.org/10.1007/s11128-024-04394-x

IF: 1.965

2024-01-01

Quantum Information Processing

Abstract:SM4 cryptographic algorithm is a block cipher algorithm issued by China’s state cryptographic administration and has become an international standard. We implement the quantum circuits of SM4 block cipher by optimizing the number of qubits and the value of depth-times-width. The quantum circuits of the S-box are first studied. According to the algebraic structure of the S-box, four kinds of improved quantum circuits of S-box are presented for different phases in SM4 based on composite field arithmetic. In order to optimize the number of qubits, we implement the quantum circuit of SM4 by connecting the quantum subcircuits in series. The implemented quantum circuit of SM4 only uses 260 qubits, which is the least number of qubits used not only in implementing the SM4 quantum circuit, but also in implementing the block cipher algorithms with 8-bit S-box, 128-bit plaintext and 128-bit secret key. When optimizing the value of depth-times-width, we achieve it through parallel implementation. The trade-off quantum circuit uses a total of 288 quantum bits, and the Toffoli depth is 1716. The depth-times-width is 49,4208, which is less than the existing best value 82,5792.

Zhenyu Guan,Yunhao Li,Tao Shang,Jianwei Liu,Maopeng Sun,Yin Li

DOI: https://doi.org/10.1109/iisr.2018.8535613

2018-01-01

Abstract:The security of robot wireless communication has become increasingly important when it performs sensitive tasks. It is common to encrypt the control signal and data to avoid malicious monitoring. This paper studies SM4 block cipher algorithm and proposes multiple hardware designs based on FPGA to explore the trade-off between area and speed. Compared to published solutions on the same platform, the resource-first design improves the throughput rate by 54% at the expense of 25% resource utilization increased. The speed-first design with fully pipeline achieves 6% improvement in speed with 4% resource utilization saved. In addition, three balanced designs are implemented to analyze the relationship between area and speed. This work can define the upper and lower bound of performance of SM4 which provides guidance on choosing the proper hardware scheme for designers. At last, we encapsulate designs into the IP cores of SM4 for future work in robot network security.

Shuang Qiu,Guoqiang Bai

DOI: https://doi.org/10.1109/ICCCNT.2014.6963131

2014-01-01

Abstract:SM4 (SMS4) algorithm is a block cipher used in the Chinese National Standard for WLAN WAPI. In this paper we investigate the vulnerability of SM4 FPGA (Field Programmable Array) implementation to differential power analysis (DPA). To tackle this issue, we review the theory behind the conventional DPA on DES and AES first. By comparing the differences in algorithm structure, we show that SM4 is more difficult to attack than DES and AES. Then, we concentrate on showing how “chosen-text DPA” can be applied to attack SM4 successfully while the conventional DPA is hardly effective. Experimental results against a FPGA implementation of SM4 demonstrate the inefficient of conventional DPA and the effectiveness of “chosen-text DPA”. In addition, proper countermeasures for SM4 are also discussed according to its DPA-related properties.

Wen-jing HU,An WANG,Li-ji WU,Xin-jun XIE

DOI: https://doi.org/10.19304/j.cnki.issn1000-7180.2015.04.004

2015-01-01

Abstract:Currently ,in public researches about SM4 power attack ,the power traces are generated by computer simulation or software implementation .However ,this is different with hardware implementation which is used in actual .A research of a SM4 algorithm hardware implementation is given out ,which is applied in market .we download the Verilog code to a SAKURA‐G board , and collect the power traces when it actually operates . Correlation Power Analysis method is used to analyze the leakage of the input of the S‐box in the first round ,the output of the S‐box in the first round and the output registers of the first round .We recovered the sub‐key of the first round .By the same method ,we can recover the sub‐keys of round 2‐4 ,and eventually get the 128‐bit key .

Nengyuan Sun,Wenrui Liu,Jiafeng Cheng,Zhaokang Peng,Chunyang Wang,Caiban Sun,Heng Sha,Zhiyuan Pan,Ming Jin,Hongyang Zhao,Jinghe Wang,Yiming Wen,Pengliang Kong,Yunfeng Zhao,Yaoqiang Wang,Selcuk Kose,Weize Yu

DOI: https://doi.org/10.1002/cta.3962

IF: 2.378

2024-02-02

International Journal of Circuit Theory and Applications

Abstract:Regular SM4 cryptographic circuit is pretty vulnerable to higher order power attacks. The robustness of the proposed SM4 architecture against fourth‐order power attacks can be reinforced significantly by embedding four random number generators. In this letter, a novel secret merchant‐4 (SM4) cryptographic circuit implementation is proposed against higher order power analysis attacks (PAAs). Four different random number generators (RNGs) are embedded into the SM4 architecture for breaking the correlation between the processed data and monitored power dissipation against PAAs. Firstly, fake keys are created by the first RNG to scramble the critical information related with the actual secret key. Furthermore, the second RNG controls the implementations of substitution boxes (Sboxes) with composite fields or look‐up tables randomly while the third RNG randomizes the substitution locations with respect to these Sboxes. Ultimately, the fourth RNG randomly swaps the behaviors of the fake SM4 and true SM4 to further break the critical correlation. Under the assistance of the four embedded RNGs, the proposed SM4 cryptographic architecture is capable of resisting against fourth‐order PAAs effectively with a 300 Mbps throughput and 165,354 μ m2 area after synthesizing in the TSMC 90 nm process design kits (PDK).

engineering, electrical & electronic

Weiwei Miao,Chao Jin,Zeng Zeng,Zhejing Bao,Xiaogang Wei,Rui Zhang

DOI: https://doi.org/10.1109/AEEES54426.2022.9759711

2022-01-01

Abstract:With the widespread application of power Internet of Things (IoT), the edge IoT agents are often threatened by various attacks, among which the white-box attack is the most serious. The white-box implementation of the cryptography algorithm can hide key information even in the white-box attack context by means of obfuscation. However, under the specially designed attack, there is still a risk of t...