CN106936569A - A kind of implementation method of the SM4 algorithm mask S boxes of anti-power consumption attack - Google Patents

A kind of implementation method of the SM4 algorithm mask S boxes of anti-power consumption attack Download PDF

Info

Publication number
CN106936569A
CN106936569A CN201710353396.1A CN201710353396A CN106936569A CN 106936569 A CN106936569 A CN 106936569A CN 201710353396 A CN201710353396 A CN 201710353396A CN 106936569 A CN106936569 A CN 106936569A
Authority
CN
China
Prior art keywords
mask
inverse
boxes
data
power consumption
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201710353396.1A
Other languages
Chinese (zh)
Other versions
CN106936569B (en
Inventor
李艳华
张玉禄
律博
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
WISE SECURITY TECHNOLOGY (BEIJNG) Co Ltd
Original Assignee
WISE SECURITY TECHNOLOGY (BEIJNG) Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by WISE SECURITY TECHNOLOGY (BEIJNG) Co Ltd filed Critical WISE SECURITY TECHNOLOGY (BEIJNG) Co Ltd
Priority to CN201710353396.1A priority Critical patent/CN106936569B/en
Publication of CN106936569A publication Critical patent/CN106936569A/en
Application granted granted Critical
Publication of CN106936569B publication Critical patent/CN106936569B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/002Countermeasures against attacks on cryptographic mechanisms
    • H04L9/003Countermeasures against attacks on cryptographic mechanisms for power analysis, e.g. differential power analysis [DPA] or simple power analysis [SPA]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/06Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
    • H04L9/0618Block ciphers, i.e. encrypting groups of characters of a plain text message using fixed encryption transformation

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Complex Calculations (AREA)

Abstract

The invention discloses a kind of implementation method of the SM4 algorithm mask S boxes of anti-power consumption attack, it is related to cryptographic algorithm realization technology field.The method, is the S box implementations based on compositum, specifically, by isomorphism mapping matrix, by GF (28) finite field inversions computing change to GF ((22)2)2) compositum carry out, reduce design difficulty, reduce chip area;In addition, on the basis of the mode of inverting based on Cohomology group under compositum, mask technology treatment is carried out by S boxes, data are hidden using random number, effectively defendd to implement power consumption attack to SM4.

Description

A kind of implementation method of the SM4 algorithm mask S boxes of anti-power consumption attack
Technical field
Covered the present invention relates to cryptographic algorithm realization technology field, more particularly to a kind of SM4 algorithms of anti-power consumption attack The implementation method of code S boxes.
Background technology
For block cipher, its security is main to be ensured by nonlinear S boxes, thus S boxes implementation Become that is even more important
At present, the S boxes of the SM4 algorithms in the block cipher given by official are represented in the way of look-up table, and are pressed If being realized according to this mode, area is larger, less efficient, so, urgent need finds a kind of implementation, can reach saving hard The purpose of part resource.
The content of the invention
It is an object of the invention to provide a kind of implementation method of the SM4 algorithm mask S boxes of anti-power consumption attack, so as to solve Foregoing problems present in prior art.
To achieve these goals, the technical solution adopted by the present invention is as follows:
A kind of implementation method of the SM4 algorithm mask S boxes of anti-power consumption attack, comprises the following steps:
S1, obtains the algebraic expression of S boxes:S (x)=I (xA1+C1)A2+C2
In formula, A1, A2It is 8x8 matrixes;C1, C2It is row vector;
C1=C2=(11001011)
I (x) is represented in GF (28) inversion operation in finite field, 8 times corresponding irreducible functions are:
F (x)=x8+x7+x6+x5+x4+x3+x2+1;
S2, isomorphism mapping is carried out using isomorphism mapping matrix, by finite field gf (28) in element from canonical representation change It is compositum GF ((22)2)2) method represent;
S3, the data that isomorphism mapping is produced, in GF ((22)2)2) inversion operation is carried out on domain;
S4, carries out inverse isomorphism and maps using the inverse matrix of isomorphism mapping matrix in S2, and the inverse element that will be obtained in S3 is from compound Expression in domain is converted to finite field gf (28) in canonical representation;
S5, by output result by affine transformation, obtains S (x).
Preferably, in S2, the isomorphism mapping matrix is:
S2 comprises the following steps:
S201, by GF (28) element representation be GF (24) on once linear multinomial:G=(a1Y16+a0Y), wherein, All coefficients belong to GF (24);
Then, the mould irreducible function of multiplying needs is:R (y)=y2+ τ y+ η, [Y16, Y] and it is a group under the domain Cohomology group, [Y16, Y] and it is two roots of r (y)=0;
S202, by GF (24) element representation be GF (22) on once linear multinomial:A=(b1Z4+b0Z), wherein, institute There is coefficient to belong to GF (22);
Then, the mould irreducible function of multiplying needs is:T (z)=z2+ μ z+ ρ, [Z4, Z] be one group under the domain just Then base, [Z4, Z] and it is two roots of t (z)=0;
S203, by GF (22) element representation be the once linear multinomial on GF (2):B=(c1W2+c0W), wherein, institute There is coefficient to belong to GF (2);
Then, the mould irreducible function of multiplying needs is:S (w)=w2+ w+1, [W2, W] be one group under the domain just Then base, [W2, W] and it is two roots of s (w)=0.
Preferably, S3 comprises the following steps:
S301, takes τ=μ=1, if g=(a1Y16+a0Y) inverse is h=(d1Y16+d0Y), according to the definition that multiplication is inverse: (a1Y16+a0Y)(d1Y16+d0Y)mod(y2+ y+ η)=1, a1a0d1d0∈GF(24), because of [Y16, Y] and it is two roots of r (y)=0, Y16+ Y=1, Y16X Y=η;(d can be drawn1Y16+d0Y)=(θ- 1a0)Y16+(θ- 1a1) Y, θ=(a1a0+(a1 2+a0 2)η);
S302, if a=(b1Z4+b0Z) inverse is (e1Z4+e0Z), according to the definition that multiplication is inverse:(e1Z4+e0Z)(b1Z4+ b0Z) mod t (z)=1, b1b0e1e0∈GF(22), because of [Z4, Z] and it is two roots of t (z)=0, Z4+ Z=1, Z4X Z=ρ, can obtain Go out (e1Z4+e0Z)=(σ- 1b0)Z4+(σ- 1b1) Z, σ=(b1b0+(b1 2+b0 2)ρ);
S303, if b=(c1W2+c0W) inverse is (f1W2+f0W), according to the definition that multiplication is inverse:(f1W2+f0W)(c1W2+ c0W) mod s (w)=1, c0c1f1f0∈ GF (2), [W2, W] and it is two roots of s (w)=0, W2+ W=1, W2X W=1, in GF (22) comultiplication inverts equivalent to square operation, can draw (f1W2+f0W)=(c1W2+c0W)2=c1 2W4+c0 2W2+2c1c0W3, On GF (2), c1 2=c1,c0 2=c0,2c0c1=0, and W3=1;It can thus be concluded that (f1W2+f0W)=(c0W2+c1W)。
Preferably, mask technology treatment is carried out to data, is hidden data using random number, specifically include following step Suddenly:
S1 ', the mask input A^M to S boxes carries out affine transformation, and utilizes the modifying factor of the first amending unit to affine The result of conversion is modified, and obtains correcting data;
S2 ', the amendment data that will be obtained and mask M carry out isomorphism mapping using isomorphism mapping matrix, by finite field gf (28) in element be converted to compositum GF ((2 from canonical representation2)2)2) method represent;
S3 ', the data that isomorphism mapping is produced, in GF ((22)2)2) inversion operation is carried out on domain;
S4 ', carries out inverse isomorphism and maps using the inverse matrix of isomorphism mapping matrix in S2 ', and the inverse element that will be obtained in S3 ' is from again The expression closed in domain is converted to finite field gf (28) in canonical representation;
S5 ', by output result and mask M by affine transformation, and utilizes the modifying factor of the second amending unit to imitative The result for penetrating conversion is modified, and obtains amendment data and amendment mask M;
S6 ', the amendment data that will be obtained and amendment mask M XORs, obtain SBOX (A) ^M.
Preferably, first amending unit is an XOR unit, and the modifying factor therein is a preset parameter, is used The correctness of data after mask is adjusted.
Preferably, second amending unit is an XOR unit, and the modifying factor therein is a preset parameter, is used The correctness of data after mask is adjusted.
The beneficial effects of the invention are as follows:The embodiment of the invention provides a kind of SM4 algorithm mask S boxes of anti-power consumption attack Implementation method, is the S box implementations based on compositum, specifically, by isomorphism mapping matrix, by GF (28) finite field ask Inverse operation changes to GF ((22)2)2) compositum carry out, reduce design difficulty, reduce chip area;In addition, in compositum Down on the basis of the mode of inverting based on Cohomology group, mask technology treatment is carried out by S boxes, hidden data using random number Get up, effectively defendd to implement power consumption attack to SM4.
Brief description of the drawings
Fig. 1 is that the S boxes without mask realize schematic flow sheet under compositum;
Fig. 2 is the GF (2 based on Cohomology group8) device structural representation of inverting;
Fig. 3 is that the S boxes of compositum lower band mask realize schematic flow sheet.
Specific embodiment
In order to make the purpose , technical scheme and advantage of the present invention be clearer, below in conjunction with accompanying drawing, the present invention is entered Row is further described.It should be appreciated that specific embodiment described herein is only used to explain the present invention, it is not used to Limit the present invention.
As shown in figure 1, a kind of implementation method of the SM4 algorithm mask S boxes of anti-power consumption attack is the embodiment of the invention provides, Comprise the following steps:
S1, obtains the algebraic expression of S boxes:S (x)=I (xA1+C1)A2+C2
In formula, A1, A2It is 8x8 matrixes;C1, C2It is row vector;
C1=C2=(11001011)
I (x) is represented in GF (28) inversion operation in finite field, 8 times corresponding irreducible functions are:
F (x)=x8+x7+x6+x5+x4+x3+x2+1;
S2, isomorphism mapping is carried out using isomorphism mapping matrix, by finite field gf (28) in element from canonical representation change It is compositum GF ((22)2)2) method represent;
S3, the data that isomorphism mapping is produced, in GF ((22)2)2) inversion operation is carried out on domain;
S4, carries out inverse isomorphism and maps using the inverse matrix of isomorphism mapping matrix in S2, and the inverse element that will be obtained in S3 is from compound Expression in domain is converted to finite field gf (28) in canonical representation;
S5, by output result by affine transformation, obtains S (x).
In above method S1, from the algebraic expression of S boxes, the computing of S boxes is made up of two parts:Linear affine change Change and nonlinear finite field inversions.S2-S4 provides the mode of inverting based on Cohomology group under compositum;Nothing is covered under compositum Code S box implementation process can be found in Fig. 1;
Inversion process based on compositum Cohomology group includes:
1) by GF (28) on element be mapped to GF ((2 by isomorphism mapping matrix2)2)2);
2) in GF ((22)2)2) inversion operation is carried out on domain;
3) result inverted is mapped back by the inverse matrix in (1).
It can be seen that, the implementation method of S boxes provided in an embodiment of the present invention is the S box implementations based on compositum, specifically Ground, by isomorphism mapping matrix, by GF (28) finite field inversions computing change to GF ((22)2)2) compositum carry out, reduce Design difficulty, reduces chip area.
In a preferred embodiment of the invention, in S2, the isomorphism mapping matrix can be:
S2 may include steps of:
S201, by GF (28) element representation be GF (24) on once linear multinomial:G=(a1Y16+a0Y), wherein, All coefficients belong to GF (24);
Then, the mould irreducible function of multiplying needs is:R (y)=y2+ τ y+ η, [Y16, Y] and it is a group under the domain Cohomology group, [Y16, Y] and it is two roots of r (y)=0;
S202, by GF (24) element representation be GF (22) on once linear multinomial:A=(b1Z4+b0Z), wherein, institute There is coefficient to belong to GF (22);
Then, the mould irreducible function of multiplying needs is:T (z)=z2+ μ z+ ρ, [Z4, Z] be one group under the domain just Then base, [Z4, Z] and it is two roots of t (z)=0;
S203, by GF (22) element representation be the once linear multinomial on GF (2):B=(c1W2+c0W), wherein, institute There is coefficient to belong to GF (2);
Then, the mould irreducible function of multiplying needs is:S (w)=w2+ w+1, [W2, W] be one group under the domain just Then base, [W2, W] and it is two roots of s (w)=0.
In a preferred embodiment of the invention, S3 may include steps of:
S301, takes τ=μ=1, if g=(a1Y16+a0Y) inverse is h=(d1Y16+d0Y), according to the definition that multiplication is inverse: (a1Y16+a0Y)(d1Y16+d0Y)mod(y2+ y+ η)=1, a1a0d1d0∈GF(24), because of [Y16, Y] and it is two roots of r (y)=0, Y16+ Y=1, Y16X Y=η;(d can be drawn1Y16+d0Y)=(θ- 1a0)Y16+(θ- 1a1) Y, θ=(a1a0+(a1 2+a0 2)η);It is asked Inverse device structure chart is as shown in Figure 2;
S302, if a=(b1Z4+b0Z) inverse is (e1Z4+e0Z), according to the definition that multiplication is inverse:(e1Z4+e0Z)(b1Z4+ b0Z) mod t (z)=1, b1b0e1e0∈GF(22), because of [Z4, Z] and it is two roots of t (z)=0, Z4+ Z=1, Z4X Z=ρ, can obtain Go out (e1Z4+e0Z)=(σ- 1b0)Z4+(σ- 1b1) Z, σ=(b1b0+(b1 2+b0 2)ρ);
S303, if b=(c1W2+c0W) inverse is (f1W2+f0W), according to the definition that multiplication is inverse:(f1W2+f0W)(c1W2+ c0W) mod s (w)=1, c0c1f1f0∈ GF (2), [W2, W] and it is two roots of s (w)=0, W2+ W=1, W2X W=1, in GF (22) comultiplication inverts equivalent to square operation, can draw (f1W2+f0W)=(c1W2+c0W)2=c1 2W4+c0 2W2+2c1c0W3, On GF (2), c1 2=c1,c0 2=c0,2c0c1=0, and W3=1;It can thus be concluded that (f1W2+f0W)=(c0W2+c1W);
As shown in figure 3, in a preferred embodiment of the invention, on the basis of the S boxes based on compositum are realized, logarithm According to mask technology treatment is carried out, data are hidden using random number, specifically include following steps:
S1 ', the mask input A^M to S boxes carries out affine transformation, and utilizes the modifying factor of the first amending unit to affine The result of conversion is modified, and obtains correcting data;
S2 ', the amendment data that will be obtained and mask M carry out isomorphism mapping using isomorphism mapping matrix, by finite field gf (28) in element be converted to compositum GF ((2 from canonical representation2)2)2) method represent;
S3 ', the data that isomorphism mapping is produced, in GF ((22)2)2) inversion operation is carried out on domain;
S4 ', carries out inverse isomorphism and maps using the inverse matrix of isomorphism mapping matrix in S2 ', and the inverse element that will be obtained in S3 ' is from again The expression closed in domain is converted to finite field gf (28) in canonical representation;
S5 ', by output result and mask M by affine transformation, and utilizes the modifying factor of the second amending unit to imitative The result for penetrating conversion is modified, and obtains amendment data and amendment mask M;
S6 ', the amendment data that will be obtained and amendment mask M XORs, obtain SBOX (A) ^M.
In the above method, in S1 ', the input of S boxes is A^M, and by being input into after M masks, wherein M is random data;S boxes S (A) ^M is output as, wherein M is random data.
Wherein, first amending unit is an XOR unit, and the modifying factor therein is a preset parameter, is used for The correctness of data after adjustment mask.
Wherein, second amending unit is an XOR unit, and the modifying factor therein is a preset parameter, is used for The correctness of data after adjustment mask.
The security of S boxes is also particularly important while area is saved, the input data of the S boxes of security mainly utilize with Machine number hides data, i.e., the data for being processed by mask technology, for example, initial data is x, increases random data m, will Original data mask is y=x^m, so as to ensure the security of system.
In the above method of the invention, S boxes are realized using algebraic fashion based on compositum, while mask is carried out to it preventing Shield, not only reduces design difficulty, saves chip area, and has effectively defendd to implement power consumption attack to SM4.
By using above-mentioned technical proposal disclosed by the invention, following beneficial effect has been obtained:The embodiment of the present invention is carried A kind of implementation method of the SM4 algorithm mask S boxes of anti-power consumption attack is supplied, has been the S box implementations based on compositum, specifically Ground, by isomorphism mapping matrix, by GF (28) finite field inversions computing change to GF ((22)2)2) compositum carry out, reduce Design difficulty, reduces chip area;In addition, on the basis of the mode of inverting based on Cohomology group under compositum, by S boxes Mask technology treatment is carried out, data is hidden using random number, has effectively defendd to implement power consumption attack to SM4.
Each embodiment in this specification is described by the way of progressive, what each embodiment was stressed be with The difference of other embodiment, between each embodiment identical similar part mutually referring to.
Those skilled in the art should be understood that the sequential of the method and step that above-described embodiment is provided can be entered according to actual conditions Row accommodation, is concurrently carried out also dependent on actual conditions.
All or part of step in the method that above-described embodiment is related to can be instructed by program correlation hardware come Complete, described program can be stored in the storage medium that computer equipment can read, for performing the various embodiments described above side All or part of step described in method.The computer equipment, for example:Personal computer, server, the network equipment, intelligent sliding Dynamic terminal, intelligent home device, wearable intelligent equipment, vehicle intelligent equipment etc.;Described storage medium, for example:RAM、 ROM, magnetic disc, tape, CD, flash memory, USB flash disk, mobile hard disk, storage card, memory stick, webserver storage, network cloud storage Deng.
Finally, in addition it is also necessary to explanation, herein, such as first and second or the like relational terms be used merely to by One entity or operation make a distinction with another entity or operation, and not necessarily require or imply these entities or operation Between there is any this actual relation or order.And, term " including ", "comprising" or its any other variant meaning Covering including for nonexcludability, so that process, method, commodity or equipment including a series of key elements not only include that A little key elements, but also other key elements including being not expressly set out, or also include for this process, method, commodity or The intrinsic key element of equipment.In the absence of more restrictions, the key element limited by sentence "including a ...", does not arrange Except also there is other identical element in the process including the key element, method, commodity or equipment.
The above is only the preferred embodiment of the present invention, it is noted that for the ordinary skill people of the art For member, under the premise without departing from the principles of the invention, some improvements and modifications can also be made, these improvements and modifications also should Depending on protection scope of the present invention.

Claims (6)

1. the implementation method of the SM4 algorithm mask S boxes of a kind of anti-power consumption attack, it is characterised in that comprise the following steps:
S1, obtains the algebraic expression of S boxes:S (x)=I (xA1+C1)A2+C2
In formula, A1, A2It is 8x8 matrixes;C1, C2It is row vector;
A 1 = A 2 = 1 1 1 0 0 1 0 1 1 1 1 1 0 0 1 0 0 1 1 1 1 0 0 1 1 0 1 1 1 1 0 0 0 1 0 1 1 1 1 0 0 0 1 0 1 1 1 1 1 0 0 1 0 1 1 1 1 1 0 0 1 0 1 1
C1=C2=(11001011)
I (x) is represented in GF (28) inversion operation in finite field, 8 times corresponding irreducible functions are:
F (x)=x8+x7+x6+x5+x4+x3+x2+1;
S2, isomorphism mapping is carried out using isomorphism mapping matrix, by finite field gf (28) in element be converted to from canonical representation it is compound Domain GF ((22)2)2) method represent;
S3, the data that isomorphism mapping is produced, in GF ((22)2)2) inversion operation is carried out on domain;
S4, carries out inverse isomorphism and maps using the inverse matrix of isomorphism mapping matrix in S2, and the inverse element that will be obtained in S3 is from compositum Expression be converted to finite field gf (28) in canonical representation;
S5, by output result by affine transformation, obtains S (x).
2. the implementation method of the SM4 algorithm mask S boxes of anti-power consumption attack according to claim 1, it is characterised in that S2 In, the isomorphism mapping matrix is:
T = 1 1 1 1 0 0 0 1 1 0 0 0 1 0 1 1 1 1 0 0 1 0 1 1 1 0 1 1 0 0 1 1 1 1 1 1 1 1 1 1 0 0 0 0 1 0 1 1 0 0 1 1 0 1 1 1 1 0 0 1 1 1 1 1 ;
S2 comprises the following steps:
S201, by GF (28) element representation be GF (24) on once linear multinomial:G=(a1Y16+a0Y), wherein, own Coefficient belongs to GF (24);
Then, the mould irreducible function of multiplying needs is:R (y)=y2+ τ y+ η, [Y16, Y] and it is one group of canonical under the domain Base, [Y16, Y] and it is two roots of r (y)=0;
S202, by GF (24) element representation be GF (22) on once linear multinomial:A=(b1Z4+b0Z), wherein, all systems Number belongs to GF (22);
Then, the mould irreducible function of multiplying needs is:T (z)=z2+ μ z+ ρ, [Z4, Z] and it is one group of canonical under the domain Base, [Z4, Z] and it is two roots of t (z)=0;
S203, by GF (22) element representation be the once linear multinomial on GF (2):B=(c1W2+c0W), wherein, all systems Number belongs to GF (2);
Then, the mould irreducible function of multiplying needs is:S (w)=w2+ w+1, [W2, W] and it is one group of Cohomology group under the domain, [W2, W] and it is two roots of s (w)=0.
3. the implementation method of the SM4 algorithm mask S boxes of anti-power consumption attack according to claim 2, it is characterised in that S3 bags Include following steps:
S301, takes τ=μ=1, if g=(a1Y16+a0Y) inverse is h=(d1Y16+d0Y), according to the definition that multiplication is inverse:(a1Y16+ a0Y)(d1Y16+d0Y)mod(y2+ y+ η)=1, a1a0d1d0∈GF(24), because of [Y16, Y] and it is two roots of r (y)=0, Y16+ Y= 1, Y16X Y=η;(d can be drawn1Y16+d0Y)=(θ- 1a0)Y16+(θ- 1a1) Y, θ=(a1a0+(a1 2+a0 2)η);
S302, if a=(b1Z4+b0Z) inverse is (e1Z4+e0Z), according to the definition that multiplication is inverse:(e1Z4+e0Z)(b1Z4+b0Z)mod T (z)=1, b1b0e1e0∈GF(22), because of [Z4, Z] and it is two roots of t (z)=0, Z4+ Z=1, Z4X Z=ρ, can draw (e1Z4+ e0Z)=(σ- 1b0)Z4+(σ- 1b1) Z, σ=(b1b0+(b1 2+b0 2)ρ);
S303, if b=(c1W2+c0W) inverse is (f1W2+f0W), according to the definition that multiplication is inverse:(f1W2+f0W)(c1W2+c0W)mod S (w)=1, c0c1f1f0∈ GF (2), [W2, W] and it is two roots of s (w)=0, W2+ W=1, W2X W=1, in GF (22) comultiplication Invert equivalent to square operation, (f can be drawn1W2+f0W)=(c1W2+c0W)2=c1 2W4+c0 2W2+2c1c0W3, on GF (2), c1 2 =c1,c0 2=c0,2c0c1=0, and W3=1;It can thus be concluded that (f1W2+f0W)=(c0W2+c1W)。
4. the implementation method of the SM4 algorithm mask S boxes of the anti-power consumption attack according to claim any one of 1-3, its feature It is that mask technology treatment is carried out to data, is hidden data using random number, specifically includes following steps:
S1 ', the mask input A^M to S boxes carries out affine transformation, and utilizes the modifying factor of the first amending unit to affine transformation Result be modified, obtain correct data;
S2 ', the amendment data that will be obtained and mask M carry out isomorphism mapping using isomorphism mapping matrix, by finite field gf (28) in Element be converted to compositum GF ((2 from canonical representation2)2)2) method represent;
S3 ', the data that isomorphism mapping is produced, in GF ((22)2)2) inversion operation is carried out on domain;
S4 ', carries out inverse isomorphism and maps using the inverse matrix of isomorphism mapping matrix in S2 ', and the inverse element that will be obtained in S3 ' is from compositum In expression be converted to finite field gf (28) in canonical representation;
S5 ', by output result and mask M by affine transformation, and utilizes the modifying factor of the second amending unit to affine change The result changed is modified, and obtains amendment data and amendment mask M;
S6 ', the amendment data that will be obtained and amendment mask M XORs, obtain SBOX (A) ^M.
5. the implementation method of the SM4 algorithm mask S boxes of anti-power consumption attack according to claim 4, it is characterised in that described First amending unit is an XOR unit, and the modifying factor therein is a preset parameter, for adjusting data after mask Correctness.
6. the implementation method of the SM4 algorithm mask S boxes of anti-power consumption attack according to claim 4, it is characterised in that described Second amending unit is an XOR unit, and the modifying factor therein is a preset parameter, for adjusting data after mask Correctness.
CN201710353396.1A 2017-05-18 2017-05-18 Method for realizing SM4 algorithm mask S box for resisting power consumption attack Active CN106936569B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201710353396.1A CN106936569B (en) 2017-05-18 2017-05-18 Method for realizing SM4 algorithm mask S box for resisting power consumption attack

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201710353396.1A CN106936569B (en) 2017-05-18 2017-05-18 Method for realizing SM4 algorithm mask S box for resisting power consumption attack

Publications (2)

Publication Number Publication Date
CN106936569A true CN106936569A (en) 2017-07-07
CN106936569B CN106936569B (en) 2020-05-19

Family

ID=59429665

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201710353396.1A Active CN106936569B (en) 2017-05-18 2017-05-18 Method for realizing SM4 algorithm mask S box for resisting power consumption attack

Country Status (1)

Country Link
CN (1) CN106936569B (en)

Cited By (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107797790A (en) * 2017-11-03 2018-03-13 深圳职业技术学院 A kind of finite field inverter based on a full irreducible function
CN107800530A (en) * 2017-11-28 2018-03-13 聚辰半导体(上海)有限公司 A kind of S box mask methods of SMS4
CN107994981A (en) * 2017-11-28 2018-05-04 哈尔滨理工大学 The computational methods of low entropy Universal High Order mask based on compositum
CN108874367A (en) * 2018-06-29 2018-11-23 深圳职业技术学院 Compound finite field inverter based on power operation and inversion method thereof
CN109274482A (en) * 2018-08-24 2019-01-25 广东工业大学 A kind of aes algorithm hardware circuit implementation method based on the optimization of S box
CN110278070A (en) * 2018-03-13 2019-09-24 中国科学技术大学 The implementation method and device of S box in a kind of SM4 algorithm
CN111030820A (en) * 2019-12-17 2020-04-17 成都三零嘉微电子有限公司 Mask SM4 algorithm-based method for selecting plaintext correlation collision attack
CN111786775A (en) * 2020-07-28 2020-10-16 山东省计算中心(国家超级计算济南中心) Realization method and system of SM4 algorithm S box based on basis conversion
CN112883395A (en) * 2021-02-25 2021-06-01 山东华翼微电子技术股份有限公司 High-performance GFN mask method for enhancing anti-attack capability
CN113691363A (en) * 2021-08-24 2021-11-23 广东工业大学 AES & SM4 reconfigurable mask S box hardware circuit

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104065473A (en) * 2014-06-25 2014-09-24 成都信息工程学院 Compact realization method of SM4 block cipher algorithm S box
CN104639502A (en) * 2013-11-08 2015-05-20 国家电网公司 Mask method and device for resisting power attack in SM4 algorithm
CN106330429A (en) * 2016-08-24 2017-01-11 中国信息安全测评中心 Generation method and device for S box of SM4 algorithm

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104639502A (en) * 2013-11-08 2015-05-20 国家电网公司 Mask method and device for resisting power attack in SM4 algorithm
CN104065473A (en) * 2014-06-25 2014-09-24 成都信息工程学院 Compact realization method of SM4 block cipher algorithm S box
CN106330429A (en) * 2016-08-24 2017-01-11 中国信息安全测评中心 Generation method and device for S box of SM4 algorithm

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
梁浩: ""基于复合域的SM4算法的设计与实现"", 《微电子学与计算机》 *

Cited By (13)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107797790A (en) * 2017-11-03 2018-03-13 深圳职业技术学院 A kind of finite field inverter based on a full irreducible function
CN107800530B (en) * 2017-11-28 2020-09-18 聚辰半导体股份有限公司 S-box mask method of SMS4
CN107800530A (en) * 2017-11-28 2018-03-13 聚辰半导体(上海)有限公司 A kind of S box mask methods of SMS4
CN107994981A (en) * 2017-11-28 2018-05-04 哈尔滨理工大学 The computational methods of low entropy Universal High Order mask based on compositum
CN110278070A (en) * 2018-03-13 2019-09-24 中国科学技术大学 The implementation method and device of S box in a kind of SM4 algorithm
CN108874367A (en) * 2018-06-29 2018-11-23 深圳职业技术学院 Compound finite field inverter based on power operation and inversion method thereof
CN109274482A (en) * 2018-08-24 2019-01-25 广东工业大学 A kind of aes algorithm hardware circuit implementation method based on the optimization of S box
CN111030820A (en) * 2019-12-17 2020-04-17 成都三零嘉微电子有限公司 Mask SM4 algorithm-based method for selecting plaintext correlation collision attack
CN111030820B (en) * 2019-12-17 2023-12-19 成都三零嘉微电子有限公司 Mask SM4 algorithm-based method for selecting plaintext related collision attack
CN111786775A (en) * 2020-07-28 2020-10-16 山东省计算中心(国家超级计算济南中心) Realization method and system of SM4 algorithm S box based on basis conversion
CN112883395A (en) * 2021-02-25 2021-06-01 山东华翼微电子技术股份有限公司 High-performance GFN mask method for enhancing anti-attack capability
CN113691363A (en) * 2021-08-24 2021-11-23 广东工业大学 AES & SM4 reconfigurable mask S box hardware circuit
CN113691363B (en) * 2021-08-24 2023-06-09 广东工业大学 AES & SM4 reconfigurable mask S box hardware circuit

Also Published As

Publication number Publication date
CN106936569B (en) 2020-05-19

Similar Documents

Publication Publication Date Title
CN106936569A (en) A kind of implementation method of the SM4 algorithm mask S boxes of anti-power consumption attack
US10673613B2 (en) Polynomial fully homomorphic encryption system based on coefficient mapping transform
Peng et al. Dynamics of a higher dimensional fractional-order chaotic map
CN106850221A (en) Information encryption and decryption method and device
US10142105B2 (en) Hypersphere-based multivariable public key encryption/decryption system and method
CN104065473A (en) Compact realization method of SM4 block cipher algorithm S box
CN102006161B (en) Nonlinear transformation method for symmetric key encryption and implementation method thereof
EP3570488A1 (en) Online/offline signature system and method based on multivariate cryptography
CN103888247B (en) Resist the data handling system and its data processing method of Differential power attack analysis
CN107579813A (en) information encryption and decryption method and device
CN110138752A (en) A kind of public key encryption method based on lattice
CN103916248A (en) Fully homomorphic encryption public key space compression method
Zha et al. Further results on differentially 4-uniform permutations over
Dawahdeh et al. Modified ElGamal elliptic curve cryptosystem using hexadecimal representation
CN114117502B (en) Data encryption and decryption method, system, equipment and computer readable storage medium
Li et al. Keyed hash function based on a dynamic lookup table of functions
CN109190395B (en) Fully homomorphic encryption method and system based on data transformation
CN105933101A (en) Fully homomorphic encryption public key compression method based on parameter high power offset
Jiang et al. Si’lnikov homoclinic orbits in a new chaotic system
Chen et al. Note on scalar multiplication using division polynomials
CN101969374B (en) Method for realizing confusing layer in block cipher algorithm
US20220021541A1 (en) An online and offline circulating unbalanced oil and vinegar signature method
CN101860796A (en) Network multicast information encryption method against conspiracy attack
Aung et al. Implementation of elliptic curve arithmetic operations for prime field and binary field using java BigInteger class
CN102064938A (en) Public key encrypting method based on multivariable and uncertainty

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant