LIANG Hao,WU Li-ji,ZHANG Xiang-min

DOI: https://doi.org/10.19304/j.cnki.issn1000-7180.2015.05.004

2015-01-01

Abstract:In this paper, a new method based on composite field is proposed. Through isomorphism bit matrices, the calculation by changing finite field inversion from GF(28) to GF(((22)2)2) is simplified to reduce the computational difficulty and a more compact S-box is realized. The area decreases by 27% than Look-up Table. On the basis of that, the SM4 algorithm is implemented. The area of this IP core is only 7 612 gates synthesized under the smic0.13 μmCMOS process. Therefore this improved design is very helpful for area-limited condition such as IC cards.

Hailiang Fu,Guoqiang Bai,Xingjun Wu

DOI: https://doi.org/10.1007/978-3-319-59608-2_39

2016-01-01

Abstract:Implementations of the SM4 algorithm, including different hardware applications with limited resources, are vulnerable to Side-Channel Attacks. This paper presents a countermeasure against such attacks by adding a random “mask” to the input plaintext and protect all variables through the whole encryption process. As is known to all, the unique nonlinear step in each round of SM4 algorithm is the “S-Box” and the previous works using lookup-table method to implement the S-Box always incur large area and high power. Here we give the compact design of masked S-Box using the normal basis in the composite field (consisting of a Galois inversion and several affine transformations). Then we compute the different masks diffused to all the steps in the SM4 algorithm process. The proposed design results in ultra-low cost of hardware and capability to resist first-order differential power analysis (DPA), which is suitable for the resource constrained devices. The synthesis result of masked S-Box shows that the area under the SMIC 0.13 (upmu )m is only about 978-gates, 46.8% fewer than the other works. Further, we apply the pipeline technique to our proposed “masked S-Box”, thereby to the whole masked SM4 algorithm. The results of FPGA implementation present that our works have achieved an ultra-high speed with frequency nearly 551 MHz and the throughput over 70 Gbps.

ZHOU Zhou,HE Yi-fan,SHEN Hai-bin,ZHAO Xu-xin

DOI: https://doi.org/10.3969/j.issn.1005-9490.2007.04.089

2007-01-01

Abstract:SMS4 algorithm is the domestic encryption standard released for WLAN use.An inner-round pipelined,high-speed engine is proposed after analyzing the features of this algorithm.By using pipelined or parallel multi-engines,throughput and hardware cost can be easily adjusted according to different applications.Compared with the 32-stage pipelined structure,hardware cost is much lower under the same throughput.Moreover,the SMS4 encryption/decryption system can easily fit in a low-cost Spartan II XC2S50 FPGA in a single-engine implementation.

Ruolin Zhang,Zejun Xiang,Shasha Zhang,Xiangyong Zeng,Min Song

DOI: https://doi.org/10.1049/2024/7047055

2024-06-25

IET Information Security

Abstract:The SM4 block cipher is standardized in ISO/IEC, and it is also the national standard of commercial cryptography in China. In this paper, we propose two new techniques called "split‐and‐join" and "off‐peak and stagger" to make SM4 more applicable to resource‐constrained environments. The area optimization method uses a 1‐bit data path while reducing the number of registers from 64 to 8 and the number of XOR gates from 194 to 8. As a result, we report a 1‐bit‐serial SM4 encryption circuit that occupies 1771 GE with a latency of 2,336 cycles. Additionally, the "off‐peak and stagger" technique compresses all the operations within the state update and key schedule into 32 clock cycles to reduce the latency. In other words, it takes 32 clock cycles to complete one round encryption. The new circuit occupies 1861 GE with a latency of 1,344 cycles. Moreover, we also discuss how to further reduce the latency by increasing the data path with a small area overhead to provide wider area‐latency tradeoffs for SM4. Our designs make SM4 competitive with many ciphers specifically designed for lightweight cryptography.

computer science, information systems, theory & methods

LIANG Tian,SHEN Hai-bin,JIN Yi-er

2008-01-01

Abstract:New structures of bit-parallel multiplier based on shifted polynomial basis(SPB) and its weakly dual basis(WDB) over finite field are proposed.To the fields generated by trinomials,the structure of the proposed bit-parallel multiplier is easy for a designer to implement the proposed multipliers into hardware for their regular structures.Placement & Wire Routing using Encounter indicate that the proposal is thoroughly tested and proved to be good,and it balances the capability requirement and hardware consumption.

Hao Liang,Liji Wu,Xiangmin Zhang,Jiabin Wang

DOI: https://doi.org/10.1109/cis.2014.59

2014-01-01

Abstract:This paper propose a new masking scheme for SM4 s-box based on composite field. Through isomorphism bit matrices, we simplify the calculation by changing finite field inversion from GF(28) toGF(((22)2)2) to reduce the computational difficulty. We carefully modify the inversion to ensure every intermediate value is masked during the process. The theoretical analysis and simulated CPA proves the effectiveness of this method. Thus our method can eliminate the need to pre-compute the s-box every time when the mask is updated, as a result, saves a lot of time and storage room. This method is suitable for implementations with limited resources such as smart cards.

XU Yan-hua,BAI Xue-fei,GUO Li

2009-01-01

Journal of University of Science and Technology of China

Abstract:In order to solve the problem of the implementation algorithm of S-box based on the inversion transformation over Galois field,methods such as composite field computation,altering calculation order and sharing factors have been used to optimize operations.A low hardware overhead implementation algorithm of S-box based on the inversion transformation approach from GF(28) to GF(22) was presented.Compared with the implementations based on look-up table method,this algorithm can reduce circuit area by 34%~68% using 0.18 μm and 0.35 μm CMOS technology.This design method can make SMS4 algorithm more suitable for area-critical devices.

Chao Jin,Zhejing Bao,Weiwei Miao,Zeng,Xiaogang Wei,Rui Zhang

DOI: https://doi.org/10.1109/access.2023.3290211

2021-01-01

Abstract:The white-box implementation of cryptography algorithm can hide key information even in the white-box attack context owing to the means of obfuscation. However, under the deliberately designed attack, there is still a risk of the information being recovered within a certain time complexity. In this paper, a lightweight nonlinear white-box SM4 implementation is proposed to prevent several typical attacks from extracting the secret key, which hides the encryption and decryption process in obfuscated lookup tables. Aiming to improve the diversity and ambiguity of the lookup tables as well as resist the different types of white-box attacks, the random bijective nonlinear mappings are applied as scrambling encodings of the lookup tables. Moreover, the memory occupation of the implementation doesn't increase significantly by simplifying the structure and using concatenation code. Through several quantitative indicators, including memory size, diversity, ambiguity, the time complexity required to extract the key, and the value space of the key and external encodings, it is proved that the security of the proposed implementation could been enhanced significantly, while no sacrificing the practicality, compared with the existing schemes.

Juhua Liu,Wei Lie,Guoqiang Bai

DOI: https://doi.org/10.1109/cstic.2018.8369335

2018-01-01

Abstract:Recently, the need for designing block ciphers targeting on resource constrained device has been repeatedly expressed by professionals. Currently, Roadrunner is one of the most software efficient lightweight ciphers. Its security is provable against linear and differential attacks. In this paper, we design a novel S-Box layer, in order to improve the performance for hardware implementation. Furthermore, the new S-Box layer has eight different 4-bit S-Boxes, which are decomposable. We decompose each 4-bit S-Box by exploiting affine transformations and a single shared quadratic permutation. After being decomposed, these eight 4-bit S-boxes can be merged into one component, sharing the same quadratic permutation. In this way, we can save the area consumption by 51%, compared to the traditional implementation of old S-box layer by using look up tables (LUTs).

Yongkang Xu,Feng Deng,Weihan Xu,Guanting Huo,Yang,Yufeng Jin,Xiaole Cui

DOI: https://doi.org/10.1109/iaeac54830.2022.9929737

2022-01-01

Abstract:In modern systems-on-chip, cryptographic coprocessors bring more flexibility to design, not only accelerating the encryption process but also compressing design resources by sharing algorithm units. A high- performance unified coprocessor for AES-128 and SM4 encryption is proposed in this paper. On the one hand, based on the similarities between the two types of algorithms, the multiplicative inverse (MI) unit of the Sbox is realized in the composite field, and by sharing the reconfigurable Sbox logic (RCSL), the hardware resource consumption of circuits compatible with both algorithms is reduced. On the other hand, global pipeline technology based on shared-RCSL is used to improve the throughput of the coprocessor. In TSMC 65nm 1.08V CMOS technology, compared to the synthesized results of independently AES-128 and SM4, the area and power at 500MHz of the unified coprocessor are reduced by 42% and 43%, respectively.

Youqi Li,Xingjun Wu,Guoqiang Bai

DOI: https://doi.org/10.1109/icsict.2018.8564874

2018-01-01

Abstract:Chips in Internet of Things devices require extremely low power consumption and excellent security. In this paper, we present the first implementation of the SM4 algorithm literally. Taking advantage of asynchronous dual-rail domino logic pipeline, which can naturally avoid abundant request signals and register flips, the power consumption of SM4 can be largely reduced. Prototyped on SMIC 0.18um technology, we designed an asynchronous pipeline architecture of SM4 encryption algorithm. Compared with synchronous designs [2], our design has smaller area and lower power consumption while possess strong resistance to side channel attack spontaneously. The circuit simulation results show that the full pipeline SM4 algorithm can achieve 21.26Gbps throughput, while a single round of encryption costs just 6.07mW on average with the delay 2.8ns. For comparison, we normalized the throughput to [2] and get a 20x improvement on power consumption.

Yue WANG,Shu-guo LI

DOI: https://doi.org/10.19304/j.cnki.issn1000-7180.2014.07.003

2014-01-01

Abstract:SBOX is the most time consuming part in block cipher SM4 algorithm ,so it′s of great importance to construct a sbox of high performance .In order to reduce latency of encryption algorithms in SM4 ,We introduce the N-dimensional hypercube method to construct SBOX ,the delay reduced six percent and the area reduced seventeen percent Compared with the traditional Sbox using look-up table method .what′s more ,this method is portable that it can apply to SBOX transformations of other algorithms .

Tian-shu FU,Shu-guo LI

DOI: https://doi.org/10.19304/j.cnki.issn1000-7180.2016.10.003

2016-01-01

Abstract:In CBC mode,pipeline technique does not work on SM4 algorithm to increase throughput,as there is a feedback path from output to input.Over this problem,a logic simplifying method is proposed,which can reduce delay of one stage of XOR gates in each round function of encryption algorithm of SM4.Based on this method,SM4 with a 4-round-in-1 structure is designed,in which,delay of 4 stages of XOR gates can be reduced in the critical path,and this design has a higher throughput per unit area than the other schemes in this paper.Synthesis results show that the ASIC implementation of SM4 with a 4-round-in-1 structure can achieve 5.24 Gb/s in throughput, which is higher than that of reported designs.

Xiaoqiang Zhang,Xinggan Zhang,Lan Tang,Xinxing Zheng,Tianming Ni,Ning Wu

DOI: https://doi.org/10.1587/elex.17.20200035

2020-01-01

IEICE Electronics Express

Abstract:In this paper, a low critical path delay (CPD) circuit structure is proposed for composite field S-box circuit. In the low CPD structure, multiplicative inverse over GF(2(4)) and multiplicative over GF(2(4)) are constructed by AND-XOR-networks. The XOR-networks in the last two multiplications over GF(2(4)) are further merged with the following constant matrix multiplication operation to shorten the CPD. Finally, hardware complexities of our designs are compared with previous works. The comparisons indicate that our proposed method is effective. Our design of S-box/InvS-box based on the proposed method has lower CPD.

Jian Zou,Liji Li,Zihao Wei,Yiyuan Luo,Qian Liu,Wenling Wu

DOI: https://doi.org/10.1007/s11128-022-03518-5

IF: 1.965

2022-05-15

Quantum Information Processing

Abstract:In this paper, we propose some new quantum circuit implementations of SM4 block cipher and SM3 hash function, which are based on the following ideas. Firstly, we propose an improved classical circuit of SM4's S-box, which requires less AND gates than the previous works. Our improved classical circuit of SM4's S-box can be used for constructing a new quantum circuit of SM4's S-box. Secondly, we propose a new implementation of the Feistel-like structure of SM4 so as to reduce the number of qubits and T -depth simultaneously. Thirdly, we reduce the number of qubits in our quantum circuit of SM3 by making use of linear message expansion algorithm of SM3. Fourthly, we propose some in-place implementations of the linear permutations of SM4 and SM3. Based on our new techniques, our stand-alone memory-efficient quantum circuit implementation of SM4 only requires 384 qubits, seven ancilla qubits and 33,024 T -depth, while our depth-efficient quantum circuit of SM4 requires 384 qubits, 1080 ancilla qubits and 455 T -depth. Furthermore, we propose a stand-alone memory-efficient quantum circuit implementation of SM3 with 768 qubits, 33 ancilla qubits and 144,768 T -depth, while our depth-efficient quantum circuit of SM3 requires 768 qubits, 202 ancilla qubits, and 25,344 T -depth. Compared to the previous work, our new quantum circuits of SM3 requires less qubits and T -depth.

physics, multidisciplinary,quantum science & technology, mathematical

Jingbin Zhang,Meng Ma,Ping Wang

DOI: https://doi.org/10.1007/978-3-030-05755-8_11

2018-01-01

Abstract:The SM4 block cipher algorithm used in IEEE 802.11i standard is released by the China National Cryptographic Authority and is one of the most important symmetric cryptographic algorithms in China. However, whether in the round encryption or key expansion phase of the SM4 algorithm, a large number of bit operations on the registers (e.g., circular shifting) are required. These operations are not effective to encryption in scenarios with large-scale data. In traditional implementations of SM4, different operands are assigned to different words and are processed serially, which can bring redundant operations in the process of encryption and decryption. Bit-slice technology places the same bit of multiple operands into one word, which facilitates bit-level operations in parallel. Bit-slice is actually a single instruction parallel processing technology for data, hence it can be accelerated by the CPU’s multimedia instructions. In this paper, we propose a fast implementation of the SM4 algorithm using bit-slice techniques. The experiment proves that the Bit-slice based SM4 is more efficient than the original version. It increases the encryption and decryption speed of the message by an average of 80%–120%, compared with the original approach.

Jiang Jiuxing,Zhao Yuying,Huang Hai,Xie Guanghui,Hou Jiao,Feng Xinxin

DOI: https://doi.org/10.11999/jeit190257

2020-01-01

Abstract:Based on the in-depth research on the S-box constitution arithmetic of composite, an area optimized generic low-entropy higher-order masking scheme is proposed in this paper. The low entropy masking method is introduced on GF(2(4)), and the partial module reusing design is adopted, which reduces effectively the number of multiplications based on the S-box inversion operation of the composite. The algorithm can be applied to any order masking scheme of arbitrary S-box composed of inversion operation. This scheme is applied to AES, gives detailed simulation results and optimizes the layout area, compared with the traditional masking scheme, reduces effectively the use of logical resources. In addition, the security is theoretically proved.

Zhao-Huei Wang,Xiao Zhang,Sitao Wang,Zhisong Hao,Zhiming Zheng

2014-01-01

Abstract:The hardware implementation of the Substitution-Box (S-box) of the Advanced Encryption Standard (AES) always employs composite field GF ((2)) to obtain better efficiency. In this paper, an improved class of S-boxes by direct inversion in composite field is presented, and the choice of the subfield leading to the most efficient implementation is discussed. Eliminating the field isomorphic transformations, such a composite field is easier to fix and the resulting hardware implementation is more efficient than that of AES S-box. Some common cryptographic characteristics for the composite field based S-boxes are examined, and it turns out that direct inversion in composite field does not weaken the cryptographic characteristics. In addition, a demonstration for the immunity against the potential algebraic attack on AES with the replacement of our S-box is given, and it is proven that the revised AES is even more secure than the original AES against the algebraic attack. As a result of this work, it could be predicted that the isomorphism implies equal immunity from certain cryptanalysis. Our S-box is suitable for the area-limited hardware production. Keywords–AES; Composite field; S-box; Hardware implementation.

Weijun Shan,Chi Zhang,Qing Li,Jun Yu

DOI: https://doi.org/10.1109/icnisc57059.2022.00103

2022-01-01

Abstract:This paper presents a lightweight countermeasure scheme of SM4 cryptographic algorithm against side channel analysis attacks. SM4 is one of the widely used block ciphers in information computing and data communication. However, as it is usually implemented in cryptographic devices, it is definitely under the threat of side channel analysis attacks. Some schemes of implementations have been provided as the countermeasures against the side channel analysis attacks, which leads to a relatively complicated realization on both cost and performance. This paper proposes a new mask scheme for SM4 implementation with lightweight cost and low performance loss. Experiment results show the effectiveness of the method against the side channel analysis attacks.

Nengyuan Sun,Wenrui Liu,Jiafeng Cheng,Zhaokang Peng,Chunyang Wang,Caiban Sun,Heng Sha,Zhiyuan Pan,Ming Jin,Hongyang Zhao,Jinghe Wang,Yiming Wen,Pengliang Kong,Yunfeng Zhao,Yaoqiang Wang,Selcuk Kose,Weize Yu

DOI: https://doi.org/10.1002/cta.3962

IF: 2.378

2024-02-02

International Journal of Circuit Theory and Applications

Abstract:Regular SM4 cryptographic circuit is pretty vulnerable to higher order power attacks. The robustness of the proposed SM4 architecture against fourth‐order power attacks can be reinforced significantly by embedding four random number generators. In this letter, a novel secret merchant‐4 (SM4) cryptographic circuit implementation is proposed against higher order power analysis attacks (PAAs). Four different random number generators (RNGs) are embedded into the SM4 architecture for breaking the correlation between the processed data and monitored power dissipation against PAAs. Firstly, fake keys are created by the first RNG to scramble the critical information related with the actual secret key. Furthermore, the second RNG controls the implementations of substitution boxes (Sboxes) with composite fields or look‐up tables randomly while the third RNG randomizes the substitution locations with respect to these Sboxes. Ultimately, the fourth RNG randomly swaps the behaviors of the fake SM4 and true SM4 to further break the critical correlation. Under the assistance of the four embedded RNGs, the proposed SM4 cryptographic architecture is capable of resisting against fourth‐order PAAs effectively with a 300 Mbps throughput and 165,354 μ m2 area after synthesizing in the TSMC 90 nm process design kits (PDK).

engineering, electrical & electronic