Abstract
As SM4 block cipher has become an ISO/IEC international encryption standard in June 2020, the security of SM4 against side-channel analysis (SCA) is highly valued by academic community. Threshold implementation (TI) scheme is a common countermeasure against SCA. However, the implementation of a high-order TI scheme can be costly. How to improve the resistance of SM4 implementation against high-order SCA without significant increasing the cost appears to be an important task. In this article, a new SM4 second-order TI scheme is proposed based on the tower field decomposition of 8-bits inverter. In more detail, by performing the tower field decomposition twice in the SM4 S-box, the inverse and multiplication operations on finite field are transformed into inverse and multiplication operations on tower field, thus reducing the algebraic order of the decomposed S-box from 7 to 2. Then, the design and implementation of our scheme with 3 shares is illustrated based on the decomposed S-box. Compared with the best-known TI of the S-box in the SM4, our scheme uses smaller number of register stages. The circuit area of S-box is reduced by 48.6%. The number of fresh randomness required in a single round operation is 96 bits. Moreover, both the second-order t-test with 10 million power traces and the correlation power analysis are performed, thus verifying the second-order security of this scheme.
Similar content being viewed by others
Data Availability
The datasets generated during and analyzed during the current study are available from the corresponding author on reasonable request.
References
Akkar ML, Giraud C (2001) An implementation of DES and AES, secure against some attacks. In: Proc. International Workshop on Cryptographic Hardware and Embedded Systems, pp. 309–318. Springer
Bai XF, Guo L, Li T (2008) Differential power analysis attack on SMS4 block cipher. In: Proc. 2008 4th IEEE International Conference on Circuits and Systems for Communications, pp. 613–617. IEEE
Bilgin B, Gierlichs B, Nikova S, Nikov V, Rijmen V (2014) Higher-order threshold implementations. In: Proc. International Conference on the Theory and Application of Cryptology and Information Security, pp. 326–343. Springer
Brier E, Clavier C, Olivier F (2004) Correlation power analysis with a leakage model. In: Proc. International Workshop on Cryptographic Hardware and Embedded Systems, pp. 16–29. Springer
Canright D (2005) A very compact S-box for AES. In: Proc. International Workshop on Cryptographic Hardware and Embedded Systems, pp. 441–455. Springer
Daemen J (2017) Changing of the guards: a simple and efficient method for achieving uniformity in threshold sharing. In: Proc. International Conference on Cryptographic Hardware and Embedded Systems, pp. 137–153. Springer
Dhooghe S, Nikova S, Rijmen V (2021) First-order hardware sharings of the AES. IACR Cryptol ePrint Arch 734
Geng H, Wu J, Liu JM, Choi M, Shi YY (2012) Utilizing random noise in cryptography: where is the tofu? In: Proc. 2012 IEEE/ACM International Conference on Computer-Aided Design (ICCAD), pp. 163–167. IEEE
Gross H, Mangard S, Korak T (2016) Domain-oriented masking: Compact masked hardware implementations with arbitrary protection order. In: Proc. 2016 ACM Workshop on Theory of Implementation Security, p. 3. Association for Computing Machinery, New York, NY, USA
He W, Jap D (2015) Dual-rail active protection system against side-channel analysis in FPGAs. In: Proc. 2015 IEEE 26th International Conference on Application-specific Systems, Architectures and Processors (ASAP), pp. 64–65. IEEE
Ishai Y, Sahai A, Wagner D (2003) Private circuits: Securing hardware against probing attacks. In: Proc. Annual International Cryptology Conference, pp. 463–481. Springer
ISO/IEC: 18033-3 (2021) Information technology-Security techniques-Encryption algorithms-Part 3: Block ciphers-Amendment 1: SM4. Available at https://www.iso.org/standard/81564.html
Kocher P, Jaffe J, Jun B (1999) Differential power analysis. In: Proc. Annual International Cryptology Conference, pp. 388–397. Springer
Li XC, Zhong WD, Zhang SW, Yang XY (2018) A threshold implementation scheme for the SM4 S-box. J Cryptologic Res 6(5):641–650
Liang H, Wu LJ, Zhang XM, Wang JB (2014) Design of a masked S-box for SM4 based on composite field. In: Proc. 2014 Tenth International Conference on Computational Intelligence and Security, pp. 387–391. IEEE
Liu F, Ji W, Hu L, Ding JT, Lv SW, Pyshkin A, Weinmann RP (2007) Analysis of the SMS4 block cipher. In: Proc. Australasian Conference on Information Security and Privacy, pp. 158–170. Springer
Nikova S, Rijmen V, Schläffer M (2011) Secure hardware implementation of nonlinear functions in the presence of glitches. J Cryptol 24(2):292–321
Nikova S, Rechberger C, Rijmen V (2006) Threshold implementations against side-channel attacks and glitches. In: Proc. International Conference on Information and Communications Security, pp. 529–545. Springer
Pei C (2016) A method of masking SM4 and analysis against DPA attacks. J Cryptologic Res 3(1):79–90
Reparaz O, Bilgin B, Nikova S, Gierlichs B, Verbauwhede I (2015) Consolidating masking schemes. In: Proc. Annual Cryptology Conference, pp. 764–783. Springer
Schneider T, Moradi A (2015) Leakage assessment methodology - a clear roadmap for side-channel evaluations. In: Proc. Cryptographic Hardware and Embedded Systems, pp. 495–513. Springer, Berlin, Heidelberg
Shahmirzadi, A.R., Božilov, D., Moradi, A (2021) New first-order secure AES performance records. IACR Trans Cryptogr Hardw Embed Syst 2021(2), 304–327. https://doi.org/10.46586/tches.v2021.i2.304-327
Shahmirzadi AR, Moradi A (2021) Second-order SCA security with almost no fresh randomness. IACR Trans Cryptogr Hardw Embed Syst 2021(3):708–755
Shahmirzadi AR, Moradi A (2021) Re-consolidating first-order masking schemes: Nullifying fresh randomness. IACR Trans Cryptogr Hardw Embed Syst 2021(1):305–342
Trichina E (2003) Combinational logic design for AES subbyte transformation on masked data. IACR Cryptol ePrint Arch 236
Waddle J, Wagner D (2004) Towards efficient second-order power analysis. In: Proc. International Workshop on Cryptographic Hardware and Embedded Systems, pp. 1–15. Springer
Wei YZ, Yao F, Pasalic E, Wang A (2019) New second-order threshold implementation of AES. IET Inf Secur 13(2):117–124
Wei M, Sun SW, Wei ZH, Hu L (2021) Unbalanced sharing: a threshold implementation of SM4. Sci China Inf Sci 64(5):1–3
Funding
This work is supported by the Innovation Research Team Project of Guangxi Natural Science Foundation (2019GXNSFGA245004), the National Natural Science Foundation of China (62062026 and 62162016) and the Guangxi Key Research and Development Program (Guike AB23026131).
Author information
Authors and Affiliations
Corresponding author
Ethics declarations
Conflict of Interest
The authors declare that they have no known competing financial interests or personal relationships that could have appeared to influence the work reported in this paper.
Additional information
Responsible Editor: S. Bhunia
Publisher's Note
Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.
Rights and permissions
Springer Nature or its licensor (e.g. a society or other partner) holds exclusive rights to this article under a publishing agreement with the author(s) or other rightsholder(s); author self-archiving of the accepted manuscript version of this article is solely governed by the terms of such publishing agreement and applicable law.
About this article
Cite this article
Shao, T., Wei, B., Ou, Y. et al. New Second-order Threshold Implementation of Sm4 Block Cipher. J Electron Test 39, 435–445 (2023). https://doi.org/10.1007/s10836-023-06076-5
Received:
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s10836-023-06076-5