As SM4 block cipher has become an ISO/IEC international encryption standard in June 2020, the security of SM4 against side-channel analysis (SCA) is highly valued by academic community. Threshold implementation (TI) scheme is a common countermeasure against SCA. However, the implementation of a high-order TI scheme can be costly. How to improve the resistance of SM4 implementation against high-order SCA without significant increasing the cost appears to be an important task. In this article, a new SM4 second-order TI scheme is proposed based on the tower field decomposition of 8-bits inverter. In more detail, by performing the tower field decomposition twice in the SM4 S-box, the inverse and multiplication operations on finite field are transformed into inverse and multiplication operations on tower field, thus reducing the algebraic order of the decomposed S-box from 7 to 2. Then, the design and implementation of our scheme with 3 shares is illustrated based on the decomposed S-box. Compared with the best-known TI of the S-box in the SM4, our scheme uses smaller number of register stages. The circuit area of S-box is reduced by 48.6%. The number of fresh randomness required in a single round operation is 96 bits. Moreover, both the second-order t-test with 10 million power traces and the correlation power analysis are performed, thus verifying the second-order security of this scheme.

随着SM4分组密码于2020年6月成为ISO/IEC国际加密标准，SM4针对侧信道分析（SCA）的安全性受到学术界的高度重视。阈值实现（TI）方案是针对 SCA 的常见对策。然而，高阶 TI 方案的实现成本可能很高。如何在不显着增加成本的情况下提高SM4实现对高阶SCA的抵抗力似乎是一个重要的任务。本文提出了一种基于8位逆变器塔场分解的SM4二阶TI方案。更详细地说，通过在SM4 S盒中进行两次塔域分解，将有限域上的逆和乘法运算转化为塔域上的逆和乘法运算，从而将分解的S盒的代数阶从7减少到2。然后，基于分解的S盒说明了我们的3共享方案的设计和实现。与SM4中最著名的S盒TI相比，我们的方案使用了更少数量的寄存器级。S-box电路面积减少48.6%。单轮操作所需的新鲜随机数为 96 位。此外，还进行了1000万条幂迹的二阶t检验和相关幂分析，验证了该方案的二阶安全性。S-box电路面积减少48.6%。单轮操作所需的新鲜随机数为 96 位。此外，还进行了1000万条幂迹的二阶t检验和相关幂分析，验证了该方案的二阶安全性。S-box电路面积减少48.6%。单轮操作所需的新鲜随机数为 96 位。此外，还进行了1000万条幂迹的二阶t检验和相关幂分析，验证了该方案的二阶安全性。