Hailiang Fu,Guoqiang Bai,Xingjun Wu

DOI: https://doi.org/10.1109/ITNEC.2016.7560361

2016-01-01

Abstract:This paper presents an iterative encryption architecture of SM4 arithmetic in combinational logic. Previous works using Lookup Tables to implement the Sbox function have relied on circuits with a large area. Using the Normal Basis in the Composite Field, the proposed design reduces the circuits' area. We test all feasible sets of Normal Basis and finally find 8 sets for correct encryption of SM4. Through the simulation in Modelsim, the proposed architecture achieves the right result within 32 rounds. Compared with the other designs, our design uses less hardware and has a big advantage in resource constrained applications.

Jin Yier,Shen Haibin,You Rongquan

DOI: https://doi.org/10.1109/CHINACOM.2006.344900

2007-01-01

Abstract:This paper describes two encryption designs of Chinese wireless local area network block cipher standard - SMS4 algorithm. Then these two designs are implemented on Xilinx Virtex-4 FPGA devices. The first (pipelined) design is optimized in order to reduce time delay and the encryption core has a throughput of 24Gb/s. The second (folded) design is optimized in order to minimize area coverage and the encryption core only needs 380 CLB slices with throughput of 740Mb/s. There are no known hardware implementations of an encryption SMS4 designs. © 2006 IEEE.

Hao Liang,Liji Wu,Xiangmin Zhang,Jiabin Wang

DOI: https://doi.org/10.1109/cis.2014.59

2014-01-01

Abstract:This paper propose a new masking scheme for SM4 s-box based on composite field. Through isomorphism bit matrices, we simplify the calculation by changing finite field inversion from GF(28) toGF(((22)2)2) to reduce the computational difficulty. We carefully modify the inversion to ensure every intermediate value is masked during the process. The theoretical analysis and simulated CPA proves the effectiveness of this method. Thus our method can eliminate the need to pre-compute the s-box every time when the mask is updated, as a result, saves a lot of time and storage room. This method is suitable for implementations with limited resources such as smart cards.

Ruolin Zhang,Zejun Xiang,Shasha Zhang,Xiangyong Zeng,Min Song

DOI: https://doi.org/10.1049/2024/7047055

2024-06-25

IET Information Security

Abstract:The SM4 block cipher is standardized in ISO/IEC, and it is also the national standard of commercial cryptography in China. In this paper, we propose two new techniques called "split‐and‐join" and "off‐peak and stagger" to make SM4 more applicable to resource‐constrained environments. The area optimization method uses a 1‐bit data path while reducing the number of registers from 64 to 8 and the number of XOR gates from 194 to 8. As a result, we report a 1‐bit‐serial SM4 encryption circuit that occupies 1771 GE with a latency of 2,336 cycles. Additionally, the "off‐peak and stagger" technique compresses all the operations within the state update and key schedule into 32 clock cycles to reduce the latency. In other words, it takes 32 clock cycles to complete one round encryption. The new circuit occupies 1861 GE with a latency of 1,344 cycles. Moreover, we also discuss how to further reduce the latency by increasing the data path with a small area overhead to provide wider area‐latency tradeoffs for SM4. Our designs make SM4 competitive with many ciphers specifically designed for lightweight cryptography.

computer science, information systems, theory & methods

ZHOU Zhou,HE Yi-fan,SHEN Hai-bin,ZHAO Xu-xin

DOI: https://doi.org/10.3969/j.issn.1005-9490.2007.04.089

2007-01-01

Abstract:SMS4 algorithm is the domestic encryption standard released for WLAN use.An inner-round pipelined,high-speed engine is proposed after analyzing the features of this algorithm.By using pipelined or parallel multi-engines,throughput and hardware cost can be easily adjusted according to different applications.Compared with the 32-stage pipelined structure,hardware cost is much lower under the same throughput.Moreover,the SMS4 encryption/decryption system can easily fit in a low-cost Spartan II XC2S50 FPGA in a single-engine implementation.

Hailiang Fu,Guoqiang Bai,Xingjun Wu

DOI: https://doi.org/10.1007/978-3-319-59608-2_39

2016-01-01

Abstract:Implementations of the SM4 algorithm, including different hardware applications with limited resources, are vulnerable to Side-Channel Attacks. This paper presents a countermeasure against such attacks by adding a random “mask” to the input plaintext and protect all variables through the whole encryption process. As is known to all, the unique nonlinear step in each round of SM4 algorithm is the “S-Box” and the previous works using lookup-table method to implement the S-Box always incur large area and high power. Here we give the compact design of masked S-Box using the normal basis in the composite field (consisting of a Galois inversion and several affine transformations). Then we compute the different masks diffused to all the steps in the SM4 algorithm process. The proposed design results in ultra-low cost of hardware and capability to resist first-order differential power analysis (DPA), which is suitable for the resource constrained devices. The synthesis result of masked S-Box shows that the area under the SMIC 0.13 (upmu )m is only about 978-gates, 46.8% fewer than the other works. Further, we apply the pipeline technique to our proposed “masked S-Box”, thereby to the whole masked SM4 algorithm. The results of FPGA implementation present that our works have achieved an ultra-high speed with frequency nearly 551 MHz and the throughput over 70 Gbps.

LIANG Tian,SHEN Hai-bin,JIN Yi-er

2008-01-01

Abstract:New structures of bit-parallel multiplier based on shifted polynomial basis(SPB) and its weakly dual basis(WDB) over finite field are proposed.To the fields generated by trinomials,the structure of the proposed bit-parallel multiplier is easy for a designer to implement the proposed multipliers into hardware for their regular structures.Placement & Wire Routing using Encounter indicate that the proposal is thoroughly tested and proved to be good,and it balances the capability requirement and hardware consumption.

Jingbin Zhang,Meng Ma,Ping Wang

DOI: https://doi.org/10.1007/978-3-030-05755-8_11

2018-01-01

Abstract:The SM4 block cipher algorithm used in IEEE 802.11i standard is released by the China National Cryptographic Authority and is one of the most important symmetric cryptographic algorithms in China. However, whether in the round encryption or key expansion phase of the SM4 algorithm, a large number of bit operations on the registers (e.g., circular shifting) are required. These operations are not effective to encryption in scenarios with large-scale data. In traditional implementations of SM4, different operands are assigned to different words and are processed serially, which can bring redundant operations in the process of encryption and decryption. Bit-slice technology places the same bit of multiple operands into one word, which facilitates bit-level operations in parallel. Bit-slice is actually a single instruction parallel processing technology for data, hence it can be accelerated by the CPU’s multimedia instructions. In this paper, we propose a fast implementation of the SM4 algorithm using bit-slice techniques. The experiment proves that the Bit-slice based SM4 is more efficient than the original version. It increases the encryption and decryption speed of the message by an average of 80%–120%, compared with the original approach.

XU Yan-hua,BAI Xue-fei,GUO Li

2009-01-01

Journal of University of Science and Technology of China

Abstract:In order to solve the problem of the implementation algorithm of S-box based on the inversion transformation over Galois field,methods such as composite field computation,altering calculation order and sharing factors have been used to optimize operations.A low hardware overhead implementation algorithm of S-box based on the inversion transformation approach from GF(28) to GF(22) was presented.Compared with the implementations based on look-up table method,this algorithm can reduce circuit area by 34%~68% using 0.18 μm and 0.35 μm CMOS technology.This design method can make SMS4 algorithm more suitable for area-critical devices.

Zhao-Huei Wang,Xiao Zhang,Sitao Wang,Zhisong Hao,Zhiming Zheng

2014-01-01

Abstract:The hardware implementation of the Substitution-Box (S-box) of the Advanced Encryption Standard (AES) always employs composite field GF ((2)) to obtain better efficiency. In this paper, an improved class of S-boxes by direct inversion in composite field is presented, and the choice of the subfield leading to the most efficient implementation is discussed. Eliminating the field isomorphic transformations, such a composite field is easier to fix and the resulting hardware implementation is more efficient than that of AES S-box. Some common cryptographic characteristics for the composite field based S-boxes are examined, and it turns out that direct inversion in composite field does not weaken the cryptographic characteristics. In addition, a demonstration for the immunity against the potential algebraic attack on AES with the replacement of our S-box is given, and it is proven that the revised AES is even more secure than the original AES against the algebraic attack. As a result of this work, it could be predicted that the isomorphism implies equal immunity from certain cryptanalysis. Our S-box is suitable for the area-limited hardware production. Keywords–AES; Composite field; S-box; Hardware implementation.

Chao Jin,Zhejing Bao,Weiwei Miao,Zeng,Xiaogang Wei,Rui Zhang

DOI: https://doi.org/10.1109/access.2023.3290211

2021-01-01

Abstract:The white-box implementation of cryptography algorithm can hide key information even in the white-box attack context owing to the means of obfuscation. However, under the deliberately designed attack, there is still a risk of the information being recovered within a certain time complexity. In this paper, a lightweight nonlinear white-box SM4 implementation is proposed to prevent several typical attacks from extracting the secret key, which hides the encryption and decryption process in obfuscated lookup tables. Aiming to improve the diversity and ambiguity of the lookup tables as well as resist the different types of white-box attacks, the random bijective nonlinear mappings are applied as scrambling encodings of the lookup tables. Moreover, the memory occupation of the implementation doesn't increase significantly by simplifying the structure and using concatenation code. Through several quantitative indicators, including memory size, diversity, ambiguity, the time complexity required to extract the key, and the value space of the key and external encodings, it is proved that the security of the proposed implementation could been enhanced significantly, while no sacrificing the practicality, compared with the existing schemes.

Hyeokdong Kwon,Hyunjun Kim,Siwoo Eum,Minjoo Sim,Hyunji Kim,Wai-Kong Lee,Zhi Hu,Hwajeong Seo

DOI: https://doi.org/10.1109/access.2022.3195217

IF: 3.9

2022-08-10

IEEE Access

Abstract:At 2003, the SM4 block cipher was introduced that is a Chinese domestic cryptographic. It is mandated in the Chinese National Standard for Wireless LAN Wired Authentication and Privacy Infrastructure (WAPI), because the algorithm was developed for use in wireless sensor networks to provide safety network environment. The SM4 block cipher uses a 128-bit block size and a 32-bit round key. It consists of 32 rounds and one reverse translation R. In this paper, we present the optimized implementation of the SM4 block cipher on 8-bit AVR microcontrollers, which are widely used in wireless sensor devices; the optimized implementation of the SM4 block cipher on 32-bit RISC-V processors, which are open-source-based computer architectures, and the optimized implementation of SM4 on 64-bit ARM processors with parallel computation, which are widely used in smartphones and tablets. In the AVR microcontroller, three versions are implemented for various purposes, including speed-optimization, memory-optimization, and code size-optimization. As a result, the speed-optimization, memory-optimization, and code size-optimization versions achieved 205.2 cycles per byte, 213.3 cycles per byte, and 207.4 cycles per byte, respectively. This is faster than the reference implementation written in C language (1670.7 cycles per byte). The implementation on 32-bit RISC-V processors achieved 128.8 cycles per byte. This is faster than the reference implementation written in C language (345.7 cycles per byte). The implementation on 64-bit ARM processors achieved 8.62 cycles per byte. This is faster than the reference implementation written in C language (120.07 cycles per byte).

computer science, information systems,telecommunications,engineering, electrical & electronic

Yue WANG,Shu-guo LI

DOI: https://doi.org/10.19304/j.cnki.issn1000-7180.2014.07.003

2014-01-01

Abstract:SBOX is the most time consuming part in block cipher SM4 algorithm ,so it′s of great importance to construct a sbox of high performance .In order to reduce latency of encryption algorithms in SM4 ,We introduce the N-dimensional hypercube method to construct SBOX ,the delay reduced six percent and the area reduced seventeen percent Compared with the traditional Sbox using look-up table method .what′s more ,this method is portable that it can apply to SBOX transformations of other algorithms .

Weijun Shan,Chi Zhang,Qing Li,Jun Yu

DOI: https://doi.org/10.1109/icnisc57059.2022.00103

2022-01-01

Abstract:This paper presents a lightweight countermeasure scheme of SM4 cryptographic algorithm against side channel analysis attacks. SM4 is one of the widely used block ciphers in information computing and data communication. However, as it is usually implemented in cryptographic devices, it is definitely under the threat of side channel analysis attacks. Some schemes of implementations have been provided as the countermeasures against the side channel analysis attacks, which leads to a relatively complicated realization on both cost and performance. This paper proposes a new mask scheme for SM4 implementation with lightweight cost and low performance loss. Experiment results show the effectiveness of the method against the side channel analysis attacks.

Yongkang Xu,Feng Deng,Weihan Xu,Guanting Huo,Yang,Yufeng Jin,Xiaole Cui

DOI: https://doi.org/10.1109/iaeac54830.2022.9929737

2022-01-01

Abstract:In modern systems-on-chip, cryptographic coprocessors bring more flexibility to design, not only accelerating the encryption process but also compressing design resources by sharing algorithm units. A high- performance unified coprocessor for AES-128 and SM4 encryption is proposed in this paper. On the one hand, based on the similarities between the two types of algorithms, the multiplicative inverse (MI) unit of the Sbox is realized in the composite field, and by sharing the reconfigurable Sbox logic (RCSL), the hardware resource consumption of circuits compatible with both algorithms is reduced. On the other hand, global pipeline technology based on shared-RCSL is used to improve the throughput of the coprocessor. In TSMC 65nm 1.08V CMOS technology, compared to the synthesized results of independently AES-128 and SM4, the area and power at 500MHz of the unified coprocessor are reduced by 42% and 43%, respectively.

Youqi Li,Xingjun Wu,Guoqiang Bai

DOI: https://doi.org/10.1109/icsict.2018.8564874

2018-01-01

Abstract:Chips in Internet of Things devices require extremely low power consumption and excellent security. In this paper, we present the first implementation of the SM4 algorithm literally. Taking advantage of asynchronous dual-rail domino logic pipeline, which can naturally avoid abundant request signals and register flips, the power consumption of SM4 can be largely reduced. Prototyped on SMIC 0.18um technology, we designed an asynchronous pipeline architecture of SM4 encryption algorithm. Compared with synchronous designs [2], our design has smaller area and lower power consumption while possess strong resistance to side channel attack spontaneously. The circuit simulation results show that the full pipeline SM4 algorithm can achieve 21.26Gbps throughput, while a single round of encryption costs just 6.07mW on average with the delay 2.8ns. For comparison, we normalized the throughput to [2] and get a 20x improvement on power consumption.

Juhua Liu,Wei Lie,Guoqiang Bai

DOI: https://doi.org/10.1109/cstic.2018.8369335

2018-01-01

Abstract:Recently, the need for designing block ciphers targeting on resource constrained device has been repeatedly expressed by professionals. Currently, Roadrunner is one of the most software efficient lightweight ciphers. Its security is provable against linear and differential attacks. In this paper, we design a novel S-Box layer, in order to improve the performance for hardware implementation. Furthermore, the new S-Box layer has eight different 4-bit S-Boxes, which are decomposable. We decompose each 4-bit S-Box by exploiting affine transformations and a single shared quadratic permutation. After being decomposed, these eight 4-bit S-boxes can be merged into one component, sharing the same quadratic permutation. In this way, we can save the area consumption by 51%, compared to the traditional implementation of old S-box layer by using look up tables (LUTs).

Jian Zou,Liji Li,Zihao Wei,Yiyuan Luo,Qian Liu,Wenling Wu

DOI: https://doi.org/10.1007/s11128-022-03518-5

IF: 1.965

2022-05-15

Quantum Information Processing

Abstract:In this paper, we propose some new quantum circuit implementations of SM4 block cipher and SM3 hash function, which are based on the following ideas. Firstly, we propose an improved classical circuit of SM4's S-box, which requires less AND gates than the previous works. Our improved classical circuit of SM4's S-box can be used for constructing a new quantum circuit of SM4's S-box. Secondly, we propose a new implementation of the Feistel-like structure of SM4 so as to reduce the number of qubits and T -depth simultaneously. Thirdly, we reduce the number of qubits in our quantum circuit of SM3 by making use of linear message expansion algorithm of SM3. Fourthly, we propose some in-place implementations of the linear permutations of SM4 and SM3. Based on our new techniques, our stand-alone memory-efficient quantum circuit implementation of SM4 only requires 384 qubits, seven ancilla qubits and 33,024 T -depth, while our depth-efficient quantum circuit of SM4 requires 384 qubits, 1080 ancilla qubits and 455 T -depth. Furthermore, we propose a stand-alone memory-efficient quantum circuit implementation of SM3 with 768 qubits, 33 ancilla qubits and 144,768 T -depth, while our depth-efficient quantum circuit of SM3 requires 768 qubits, 202 ancilla qubits, and 25,344 T -depth. Compared to the previous work, our new quantum circuits of SM3 requires less qubits and T -depth.

physics, multidisciplinary,quantum science & technology, mathematical

Tian-shu FU,Shu-guo LI

DOI: https://doi.org/10.19304/j.cnki.issn1000-7180.2016.10.003

2016-01-01

Abstract:In CBC mode,pipeline technique does not work on SM4 algorithm to increase throughput,as there is a feedback path from output to input.Over this problem,a logic simplifying method is proposed,which can reduce delay of one stage of XOR gates in each round function of encryption algorithm of SM4.Based on this method,SM4 with a 4-round-in-1 structure is designed,in which,delay of 4 stages of XOR gates can be reduced in the critical path,and this design has a higher throughput per unit area than the other schemes in this paper.Synthesis results show that the ASIC implementation of SM4 with a 4-round-in-1 structure can achieve 5.24 Gb/s in throughput, which is higher than that of reported designs.

AP Jiang,SM Sheng,YL Fu,Y Liu,LJ Ji

DOI: https://doi.org/10.1109/icasic.2001.982571

2001-01-01

Abstract:With the rapid progress of information technology, security becomes one of the key factors in information storage, communication and processing. For the reason of speed and security, the requirement for VLSI chips or modules that support data encryption and decryption increases rapidly. The design and implementation of a data ciphering processor (DCP) chip adopting block cipher algorithm is demonstrated in this paper. The cipher algorithm is qualified for commercial use. The plaintext, ciphertext and key are all 64-bit long. A top-down design flow is used in the implementation. Several methods are employed to enhance the security of the chip. A standard-cell library is also developed in the design. All the design and implementation of this DCP are performed in China. A 0.9um double-layer-metal CMOS technology is adopted for manufacture. The chip achieves the required result in the first time implementation. The encryption/decryption processing speed reaches 40MBit/s