CN106936569A - A kind of implementation method of the SM4 algorithm mask S boxes of anti-power consumption attack - Google Patents
A kind of implementation method of the SM4 algorithm mask S boxes of anti-power consumption attack Download PDFInfo
- Publication number
- CN106936569A CN106936569A CN201710353396.1A CN201710353396A CN106936569A CN 106936569 A CN106936569 A CN 106936569A CN 201710353396 A CN201710353396 A CN 201710353396A CN 106936569 A CN106936569 A CN 106936569A
- Authority
- CN
- China
- Prior art keywords
- mask
- inverse
- boxes
- data
- power consumption
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/002—Countermeasures against attacks on cryptographic mechanisms
- H04L9/003—Countermeasures against attacks on cryptographic mechanisms for power analysis, e.g. differential power analysis [DPA] or simple power analysis [SPA]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/06—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
- H04L9/0618—Block ciphers, i.e. encrypting groups of characters of a plain text message using fixed encryption transformation
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Complex Calculations (AREA)
Abstract
The invention discloses a kind of implementation method of the SM4 algorithm mask S boxes of anti-power consumption attack, it is related to cryptographic algorithm realization technology field.The method, is the S box implementations based on compositum, specifically, by isomorphism mapping matrix, by GF (28) finite field inversions computing change to GF ((22)2)2) compositum carry out, reduce design difficulty, reduce chip area;In addition, on the basis of the mode of inverting based on Cohomology group under compositum, mask technology treatment is carried out by S boxes, data are hidden using random number, effectively defendd to implement power consumption attack to SM4.
Description
Technical field
Covered the present invention relates to cryptographic algorithm realization technology field, more particularly to a kind of SM4 algorithms of anti-power consumption attack
The implementation method of code S boxes.
Background technology
For block cipher, its security is main to be ensured by nonlinear S boxes, thus S boxes implementation
Become that is even more important
At present, the S boxes of the SM4 algorithms in the block cipher given by official are represented in the way of look-up table, and are pressed
If being realized according to this mode, area is larger, less efficient, so, urgent need finds a kind of implementation, can reach saving hard
The purpose of part resource.
The content of the invention
It is an object of the invention to provide a kind of implementation method of the SM4 algorithm mask S boxes of anti-power consumption attack, so as to solve
Foregoing problems present in prior art.
To achieve these goals, the technical solution adopted by the present invention is as follows:
A kind of implementation method of the SM4 algorithm mask S boxes of anti-power consumption attack, comprises the following steps:
S1, obtains the algebraic expression of S boxes:S (x)=I (xA1+C1)A2+C2;
In formula, A1, A2It is 8x8 matrixes;C1, C2It is row vector;
C1=C2=(11001011)
I (x) is represented in GF (28) inversion operation in finite field, 8 times corresponding irreducible functions are:
F (x)=x8+x7+x6+x5+x4+x3+x2+1;
S2, isomorphism mapping is carried out using isomorphism mapping matrix, by finite field gf (28) in element from canonical representation change
It is compositum GF ((22)2)2) method represent;
S3, the data that isomorphism mapping is produced, in GF ((22)2)2) inversion operation is carried out on domain;
S4, carries out inverse isomorphism and maps using the inverse matrix of isomorphism mapping matrix in S2, and the inverse element that will be obtained in S3 is from compound
Expression in domain is converted to finite field gf (28) in canonical representation;
S5, by output result by affine transformation, obtains S (x).
Preferably, in S2, the isomorphism mapping matrix is:
S2 comprises the following steps:
S201, by GF (28) element representation be GF (24) on once linear multinomial:G=(a1Y16+a0Y), wherein,
All coefficients belong to GF (24);
Then, the mould irreducible function of multiplying needs is:R (y)=y2+ τ y+ η, [Y16, Y] and it is a group under the domain
Cohomology group, [Y16, Y] and it is two roots of r (y)=0;
S202, by GF (24) element representation be GF (22) on once linear multinomial:A=(b1Z4+b0Z), wherein, institute
There is coefficient to belong to GF (22);
Then, the mould irreducible function of multiplying needs is:T (z)=z2+ μ z+ ρ, [Z4, Z] be one group under the domain just
Then base, [Z4, Z] and it is two roots of t (z)=0;
S203, by GF (22) element representation be the once linear multinomial on GF (2):B=(c1W2+c0W), wherein, institute
There is coefficient to belong to GF (2);
Then, the mould irreducible function of multiplying needs is:S (w)=w2+ w+1, [W2, W] be one group under the domain just
Then base, [W2, W] and it is two roots of s (w)=0.
Preferably, S3 comprises the following steps:
S301, takes τ=μ=1, if g=(a1Y16+a0Y) inverse is h=(d1Y16+d0Y), according to the definition that multiplication is inverse:
(a1Y16+a0Y)(d1Y16+d0Y)mod(y2+ y+ η)=1, a1a0d1d0∈GF(24), because of [Y16, Y] and it is two roots of r (y)=0,
Y16+ Y=1, Y16X Y=η;(d can be drawn1Y16+d0Y)=(θ- 1a0)Y16+(θ- 1a1) Y, θ=(a1a0+(a1 2+a0 2)η);
S302, if a=(b1Z4+b0Z) inverse is (e1Z4+e0Z), according to the definition that multiplication is inverse:(e1Z4+e0Z)(b1Z4+
b0Z) mod t (z)=1, b1b0e1e0∈GF(22), because of [Z4, Z] and it is two roots of t (z)=0, Z4+ Z=1, Z4X Z=ρ, can obtain
Go out (e1Z4+e0Z)=(σ- 1b0)Z4+(σ- 1b1) Z, σ=(b1b0+(b1 2+b0 2)ρ);
S303, if b=(c1W2+c0W) inverse is (f1W2+f0W), according to the definition that multiplication is inverse:(f1W2+f0W)(c1W2+
c0W) mod s (w)=1, c0c1f1f0∈ GF (2), [W2, W] and it is two roots of s (w)=0, W2+ W=1, W2X W=1, in GF
(22) comultiplication inverts equivalent to square operation, can draw (f1W2+f0W)=(c1W2+c0W)2=c1 2W4+c0 2W2+2c1c0W3,
On GF (2), c1 2=c1,c0 2=c0,2c0c1=0, and W3=1;It can thus be concluded that (f1W2+f0W)=(c0W2+c1W)。
Preferably, mask technology treatment is carried out to data, is hidden data using random number, specifically include following step
Suddenly:
S1 ', the mask input A^M to S boxes carries out affine transformation, and utilizes the modifying factor of the first amending unit to affine
The result of conversion is modified, and obtains correcting data;
S2 ', the amendment data that will be obtained and mask M carry out isomorphism mapping using isomorphism mapping matrix, by finite field gf
(28) in element be converted to compositum GF ((2 from canonical representation2)2)2) method represent;
S3 ', the data that isomorphism mapping is produced, in GF ((22)2)2) inversion operation is carried out on domain;
S4 ', carries out inverse isomorphism and maps using the inverse matrix of isomorphism mapping matrix in S2 ', and the inverse element that will be obtained in S3 ' is from again
The expression closed in domain is converted to finite field gf (28) in canonical representation;
S5 ', by output result and mask M by affine transformation, and utilizes the modifying factor of the second amending unit to imitative
The result for penetrating conversion is modified, and obtains amendment data and amendment mask M;
S6 ', the amendment data that will be obtained and amendment mask M XORs, obtain SBOX (A) ^M.
Preferably, first amending unit is an XOR unit, and the modifying factor therein is a preset parameter, is used
The correctness of data after mask is adjusted.
Preferably, second amending unit is an XOR unit, and the modifying factor therein is a preset parameter, is used
The correctness of data after mask is adjusted.
The beneficial effects of the invention are as follows:The embodiment of the invention provides a kind of SM4 algorithm mask S boxes of anti-power consumption attack
Implementation method, is the S box implementations based on compositum, specifically, by isomorphism mapping matrix, by GF (28) finite field ask
Inverse operation changes to GF ((22)2)2) compositum carry out, reduce design difficulty, reduce chip area;In addition, in compositum
Down on the basis of the mode of inverting based on Cohomology group, mask technology treatment is carried out by S boxes, hidden data using random number
Get up, effectively defendd to implement power consumption attack to SM4.
Brief description of the drawings
Fig. 1 is that the S boxes without mask realize schematic flow sheet under compositum;
Fig. 2 is the GF (2 based on Cohomology group8) device structural representation of inverting;
Fig. 3 is that the S boxes of compositum lower band mask realize schematic flow sheet.
Specific embodiment
In order to make the purpose , technical scheme and advantage of the present invention be clearer, below in conjunction with accompanying drawing, the present invention is entered
Row is further described.It should be appreciated that specific embodiment described herein is only used to explain the present invention, it is not used to
Limit the present invention.
As shown in figure 1, a kind of implementation method of the SM4 algorithm mask S boxes of anti-power consumption attack is the embodiment of the invention provides,
Comprise the following steps:
S1, obtains the algebraic expression of S boxes:S (x)=I (xA1+C1)A2+C2;
In formula, A1, A2It is 8x8 matrixes;C1, C2It is row vector;
C1=C2=(11001011)
I (x) is represented in GF (28) inversion operation in finite field, 8 times corresponding irreducible functions are:
F (x)=x8+x7+x6+x5+x4+x3+x2+1;
S2, isomorphism mapping is carried out using isomorphism mapping matrix, by finite field gf (28) in element from canonical representation change
It is compositum GF ((22)2)2) method represent;
S3, the data that isomorphism mapping is produced, in GF ((22)2)2) inversion operation is carried out on domain;
S4, carries out inverse isomorphism and maps using the inverse matrix of isomorphism mapping matrix in S2, and the inverse element that will be obtained in S3 is from compound
Expression in domain is converted to finite field gf (28) in canonical representation;
S5, by output result by affine transformation, obtains S (x).
In above method S1, from the algebraic expression of S boxes, the computing of S boxes is made up of two parts:Linear affine change
Change and nonlinear finite field inversions.S2-S4 provides the mode of inverting based on Cohomology group under compositum;Nothing is covered under compositum
Code S box implementation process can be found in Fig. 1;
Inversion process based on compositum Cohomology group includes:
1) by GF (28) on element be mapped to GF ((2 by isomorphism mapping matrix2)2)2);
2) in GF ((22)2)2) inversion operation is carried out on domain;
3) result inverted is mapped back by the inverse matrix in (1).
It can be seen that, the implementation method of S boxes provided in an embodiment of the present invention is the S box implementations based on compositum, specifically
Ground, by isomorphism mapping matrix, by GF (28) finite field inversions computing change to GF ((22)2)2) compositum carry out, reduce
Design difficulty, reduces chip area.
In a preferred embodiment of the invention, in S2, the isomorphism mapping matrix can be:
S2 may include steps of:
S201, by GF (28) element representation be GF (24) on once linear multinomial:G=(a1Y16+a0Y), wherein,
All coefficients belong to GF (24);
Then, the mould irreducible function of multiplying needs is:R (y)=y2+ τ y+ η, [Y16, Y] and it is a group under the domain
Cohomology group, [Y16, Y] and it is two roots of r (y)=0;
S202, by GF (24) element representation be GF (22) on once linear multinomial:A=(b1Z4+b0Z), wherein, institute
There is coefficient to belong to GF (22);
Then, the mould irreducible function of multiplying needs is:T (z)=z2+ μ z+ ρ, [Z4, Z] be one group under the domain just
Then base, [Z4, Z] and it is two roots of t (z)=0;
S203, by GF (22) element representation be the once linear multinomial on GF (2):B=(c1W2+c0W), wherein, institute
There is coefficient to belong to GF (2);
Then, the mould irreducible function of multiplying needs is:S (w)=w2+ w+1, [W2, W] be one group under the domain just
Then base, [W2, W] and it is two roots of s (w)=0.
In a preferred embodiment of the invention, S3 may include steps of:
S301, takes τ=μ=1, if g=(a1Y16+a0Y) inverse is h=(d1Y16+d0Y), according to the definition that multiplication is inverse:
(a1Y16+a0Y)(d1Y16+d0Y)mod(y2+ y+ η)=1, a1a0d1d0∈GF(24), because of [Y16, Y] and it is two roots of r (y)=0,
Y16+ Y=1, Y16X Y=η;(d can be drawn1Y16+d0Y)=(θ- 1a0)Y16+(θ- 1a1) Y, θ=(a1a0+(a1 2+a0 2)η);It is asked
Inverse device structure chart is as shown in Figure 2;
S302, if a=(b1Z4+b0Z) inverse is (e1Z4+e0Z), according to the definition that multiplication is inverse:(e1Z4+e0Z)(b1Z4+
b0Z) mod t (z)=1, b1b0e1e0∈GF(22), because of [Z4, Z] and it is two roots of t (z)=0, Z4+ Z=1, Z4X Z=ρ, can obtain
Go out (e1Z4+e0Z)=(σ- 1b0)Z4+(σ- 1b1) Z, σ=(b1b0+(b1 2+b0 2)ρ);
S303, if b=(c1W2+c0W) inverse is (f1W2+f0W), according to the definition that multiplication is inverse:(f1W2+f0W)(c1W2+
c0W) mod s (w)=1, c0c1f1f0∈ GF (2), [W2, W] and it is two roots of s (w)=0, W2+ W=1, W2X W=1, in GF
(22) comultiplication inverts equivalent to square operation, can draw (f1W2+f0W)=(c1W2+c0W)2=c1 2W4+c0 2W2+2c1c0W3,
On GF (2), c1 2=c1,c0 2=c0,2c0c1=0, and W3=1;It can thus be concluded that (f1W2+f0W)=(c0W2+c1W);
As shown in figure 3, in a preferred embodiment of the invention, on the basis of the S boxes based on compositum are realized, logarithm
According to mask technology treatment is carried out, data are hidden using random number, specifically include following steps:
S1 ', the mask input A^M to S boxes carries out affine transformation, and utilizes the modifying factor of the first amending unit to affine
The result of conversion is modified, and obtains correcting data;
S2 ', the amendment data that will be obtained and mask M carry out isomorphism mapping using isomorphism mapping matrix, by finite field gf
(28) in element be converted to compositum GF ((2 from canonical representation2)2)2) method represent;
S3 ', the data that isomorphism mapping is produced, in GF ((22)2)2) inversion operation is carried out on domain;
S4 ', carries out inverse isomorphism and maps using the inverse matrix of isomorphism mapping matrix in S2 ', and the inverse element that will be obtained in S3 ' is from again
The expression closed in domain is converted to finite field gf (28) in canonical representation;
S5 ', by output result and mask M by affine transformation, and utilizes the modifying factor of the second amending unit to imitative
The result for penetrating conversion is modified, and obtains amendment data and amendment mask M;
S6 ', the amendment data that will be obtained and amendment mask M XORs, obtain SBOX (A) ^M.
In the above method, in S1 ', the input of S boxes is A^M, and by being input into after M masks, wherein M is random data;S boxes
S (A) ^M is output as, wherein M is random data.
Wherein, first amending unit is an XOR unit, and the modifying factor therein is a preset parameter, is used for
The correctness of data after adjustment mask.
Wherein, second amending unit is an XOR unit, and the modifying factor therein is a preset parameter, is used for
The correctness of data after adjustment mask.
The security of S boxes is also particularly important while area is saved, the input data of the S boxes of security mainly utilize with
Machine number hides data, i.e., the data for being processed by mask technology, for example, initial data is x, increases random data m, will
Original data mask is y=x^m, so as to ensure the security of system.
In the above method of the invention, S boxes are realized using algebraic fashion based on compositum, while mask is carried out to it preventing
Shield, not only reduces design difficulty, saves chip area, and has effectively defendd to implement power consumption attack to SM4.
By using above-mentioned technical proposal disclosed by the invention, following beneficial effect has been obtained:The embodiment of the present invention is carried
A kind of implementation method of the SM4 algorithm mask S boxes of anti-power consumption attack is supplied, has been the S box implementations based on compositum, specifically
Ground, by isomorphism mapping matrix, by GF (28) finite field inversions computing change to GF ((22)2)2) compositum carry out, reduce
Design difficulty, reduces chip area;In addition, on the basis of the mode of inverting based on Cohomology group under compositum, by S boxes
Mask technology treatment is carried out, data is hidden using random number, has effectively defendd to implement power consumption attack to SM4.
Each embodiment in this specification is described by the way of progressive, what each embodiment was stressed be with
The difference of other embodiment, between each embodiment identical similar part mutually referring to.
Those skilled in the art should be understood that the sequential of the method and step that above-described embodiment is provided can be entered according to actual conditions
Row accommodation, is concurrently carried out also dependent on actual conditions.
All or part of step in the method that above-described embodiment is related to can be instructed by program correlation hardware come
Complete, described program can be stored in the storage medium that computer equipment can read, for performing the various embodiments described above side
All or part of step described in method.The computer equipment, for example:Personal computer, server, the network equipment, intelligent sliding
Dynamic terminal, intelligent home device, wearable intelligent equipment, vehicle intelligent equipment etc.;Described storage medium, for example:RAM、
ROM, magnetic disc, tape, CD, flash memory, USB flash disk, mobile hard disk, storage card, memory stick, webserver storage, network cloud storage
Deng.
Finally, in addition it is also necessary to explanation, herein, such as first and second or the like relational terms be used merely to by
One entity or operation make a distinction with another entity or operation, and not necessarily require or imply these entities or operation
Between there is any this actual relation or order.And, term " including ", "comprising" or its any other variant meaning
Covering including for nonexcludability, so that process, method, commodity or equipment including a series of key elements not only include that
A little key elements, but also other key elements including being not expressly set out, or also include for this process, method, commodity or
The intrinsic key element of equipment.In the absence of more restrictions, the key element limited by sentence "including a ...", does not arrange
Except also there is other identical element in the process including the key element, method, commodity or equipment.
The above is only the preferred embodiment of the present invention, it is noted that for the ordinary skill people of the art
For member, under the premise without departing from the principles of the invention, some improvements and modifications can also be made, these improvements and modifications also should
Depending on protection scope of the present invention.
Claims (6)
1. the implementation method of the SM4 algorithm mask S boxes of a kind of anti-power consumption attack, it is characterised in that comprise the following steps:
S1, obtains the algebraic expression of S boxes:S (x)=I (xA1+C1)A2+C2;
In formula, A1, A2It is 8x8 matrixes;C1, C2It is row vector;
C1=C2=(11001011)
I (x) is represented in GF (28) inversion operation in finite field, 8 times corresponding irreducible functions are:
F (x)=x8+x7+x6+x5+x4+x3+x2+1;
S2, isomorphism mapping is carried out using isomorphism mapping matrix, by finite field gf (28) in element be converted to from canonical representation it is compound
Domain GF ((22)2)2) method represent;
S3, the data that isomorphism mapping is produced, in GF ((22)2)2) inversion operation is carried out on domain;
S4, carries out inverse isomorphism and maps using the inverse matrix of isomorphism mapping matrix in S2, and the inverse element that will be obtained in S3 is from compositum
Expression be converted to finite field gf (28) in canonical representation;
S5, by output result by affine transformation, obtains S (x).
2. the implementation method of the SM4 algorithm mask S boxes of anti-power consumption attack according to claim 1, it is characterised in that S2
In, the isomorphism mapping matrix is:
S2 comprises the following steps:
S201, by GF (28) element representation be GF (24) on once linear multinomial:G=(a1Y16+a0Y), wherein, own
Coefficient belongs to GF (24);
Then, the mould irreducible function of multiplying needs is:R (y)=y2+ τ y+ η, [Y16, Y] and it is one group of canonical under the domain
Base, [Y16, Y] and it is two roots of r (y)=0;
S202, by GF (24) element representation be GF (22) on once linear multinomial:A=(b1Z4+b0Z), wherein, all systems
Number belongs to GF (22);
Then, the mould irreducible function of multiplying needs is:T (z)=z2+ μ z+ ρ, [Z4, Z] and it is one group of canonical under the domain
Base, [Z4, Z] and it is two roots of t (z)=0;
S203, by GF (22) element representation be the once linear multinomial on GF (2):B=(c1W2+c0W), wherein, all systems
Number belongs to GF (2);
Then, the mould irreducible function of multiplying needs is:S (w)=w2+ w+1, [W2, W] and it is one group of Cohomology group under the domain,
[W2, W] and it is two roots of s (w)=0.
3. the implementation method of the SM4 algorithm mask S boxes of anti-power consumption attack according to claim 2, it is characterised in that S3 bags
Include following steps:
S301, takes τ=μ=1, if g=(a1Y16+a0Y) inverse is h=(d1Y16+d0Y), according to the definition that multiplication is inverse:(a1Y16+
a0Y)(d1Y16+d0Y)mod(y2+ y+ η)=1, a1a0d1d0∈GF(24), because of [Y16, Y] and it is two roots of r (y)=0, Y16+ Y=
1, Y16X Y=η;(d can be drawn1Y16+d0Y)=(θ- 1a0)Y16+(θ- 1a1) Y, θ=(a1a0+(a1 2+a0 2)η);
S302, if a=(b1Z4+b0Z) inverse is (e1Z4+e0Z), according to the definition that multiplication is inverse:(e1Z4+e0Z)(b1Z4+b0Z)mod
T (z)=1, b1b0e1e0∈GF(22), because of [Z4, Z] and it is two roots of t (z)=0, Z4+ Z=1, Z4X Z=ρ, can draw (e1Z4+
e0Z)=(σ- 1b0)Z4+(σ- 1b1) Z, σ=(b1b0+(b1 2+b0 2)ρ);
S303, if b=(c1W2+c0W) inverse is (f1W2+f0W), according to the definition that multiplication is inverse:(f1W2+f0W)(c1W2+c0W)mod
S (w)=1, c0c1f1f0∈ GF (2), [W2, W] and it is two roots of s (w)=0, W2+ W=1, W2X W=1, in GF (22) comultiplication
Invert equivalent to square operation, (f can be drawn1W2+f0W)=(c1W2+c0W)2=c1 2W4+c0 2W2+2c1c0W3, on GF (2), c1 2
=c1,c0 2=c0,2c0c1=0, and W3=1;It can thus be concluded that (f1W2+f0W)=(c0W2+c1W)。
4. the implementation method of the SM4 algorithm mask S boxes of the anti-power consumption attack according to claim any one of 1-3, its feature
It is that mask technology treatment is carried out to data, is hidden data using random number, specifically includes following steps:
S1 ', the mask input A^M to S boxes carries out affine transformation, and utilizes the modifying factor of the first amending unit to affine transformation
Result be modified, obtain correct data;
S2 ', the amendment data that will be obtained and mask M carry out isomorphism mapping using isomorphism mapping matrix, by finite field gf (28) in
Element be converted to compositum GF ((2 from canonical representation2)2)2) method represent;
S3 ', the data that isomorphism mapping is produced, in GF ((22)2)2) inversion operation is carried out on domain;
S4 ', carries out inverse isomorphism and maps using the inverse matrix of isomorphism mapping matrix in S2 ', and the inverse element that will be obtained in S3 ' is from compositum
In expression be converted to finite field gf (28) in canonical representation;
S5 ', by output result and mask M by affine transformation, and utilizes the modifying factor of the second amending unit to affine change
The result changed is modified, and obtains amendment data and amendment mask M;
S6 ', the amendment data that will be obtained and amendment mask M XORs, obtain SBOX (A) ^M.
5. the implementation method of the SM4 algorithm mask S boxes of anti-power consumption attack according to claim 4, it is characterised in that described
First amending unit is an XOR unit, and the modifying factor therein is a preset parameter, for adjusting data after mask
Correctness.
6. the implementation method of the SM4 algorithm mask S boxes of anti-power consumption attack according to claim 4, it is characterised in that described
Second amending unit is an XOR unit, and the modifying factor therein is a preset parameter, for adjusting data after mask
Correctness.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201710353396.1A CN106936569B (en) | 2017-05-18 | 2017-05-18 | Method for realizing SM4 algorithm mask S box for resisting power consumption attack |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201710353396.1A CN106936569B (en) | 2017-05-18 | 2017-05-18 | Method for realizing SM4 algorithm mask S box for resisting power consumption attack |
Publications (2)
Publication Number | Publication Date |
---|---|
CN106936569A true CN106936569A (en) | 2017-07-07 |
CN106936569B CN106936569B (en) | 2020-05-19 |
Family
ID=59429665
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201710353396.1A Active CN106936569B (en) | 2017-05-18 | 2017-05-18 | Method for realizing SM4 algorithm mask S box for resisting power consumption attack |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN106936569B (en) |
Cited By (10)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN107797790A (en) * | 2017-11-03 | 2018-03-13 | 深圳职业技术学院 | A kind of finite field inverter based on a full irreducible function |
CN107800530A (en) * | 2017-11-28 | 2018-03-13 | 聚辰半导体(上海)有限公司 | A kind of S box mask methods of SMS4 |
CN107994981A (en) * | 2017-11-28 | 2018-05-04 | 哈尔滨理工大学 | The computational methods of low entropy Universal High Order mask based on compositum |
CN108874367A (en) * | 2018-06-29 | 2018-11-23 | 深圳职业技术学院 | Compound finite field inverter based on power operation and inversion method thereof |
CN109274482A (en) * | 2018-08-24 | 2019-01-25 | 广东工业大学 | A kind of aes algorithm hardware circuit implementation method based on the optimization of S box |
CN110278070A (en) * | 2018-03-13 | 2019-09-24 | 中国科学技术大学 | The implementation method and device of S box in a kind of SM4 algorithm |
CN111030820A (en) * | 2019-12-17 | 2020-04-17 | 成都三零嘉微电子有限公司 | Mask SM4 algorithm-based method for selecting plaintext correlation collision attack |
CN111786775A (en) * | 2020-07-28 | 2020-10-16 | 山东省计算中心(国家超级计算济南中心) | Realization method and system of SM4 algorithm S box based on basis conversion |
CN112883395A (en) * | 2021-02-25 | 2021-06-01 | 山东华翼微电子技术股份有限公司 | High-performance GFN mask method for enhancing anti-attack capability |
CN113691363A (en) * | 2021-08-24 | 2021-11-23 | 广东工业大学 | AES & SM4 reconfigurable mask S box hardware circuit |
Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN104065473A (en) * | 2014-06-25 | 2014-09-24 | 成都信息工程学院 | Compact realization method of SM4 block cipher algorithm S box |
CN104639502A (en) * | 2013-11-08 | 2015-05-20 | 国家电网公司 | Mask method and device for resisting power attack in SM4 algorithm |
CN106330429A (en) * | 2016-08-24 | 2017-01-11 | 中国信息安全测评中心 | Generation method and device for S box of SM4 algorithm |
-
2017
- 2017-05-18 CN CN201710353396.1A patent/CN106936569B/en active Active
Patent Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN104639502A (en) * | 2013-11-08 | 2015-05-20 | 国家电网公司 | Mask method and device for resisting power attack in SM4 algorithm |
CN104065473A (en) * | 2014-06-25 | 2014-09-24 | 成都信息工程学院 | Compact realization method of SM4 block cipher algorithm S box |
CN106330429A (en) * | 2016-08-24 | 2017-01-11 | 中国信息安全测评中心 | Generation method and device for S box of SM4 algorithm |
Non-Patent Citations (1)
Title |
---|
梁浩: ""基于复合域的SM4算法的设计与实现"", 《微电子学与计算机》 * |
Cited By (13)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN107797790A (en) * | 2017-11-03 | 2018-03-13 | 深圳职业技术学院 | A kind of finite field inverter based on a full irreducible function |
CN107800530B (en) * | 2017-11-28 | 2020-09-18 | 聚辰半导体股份有限公司 | S-box mask method of SMS4 |
CN107800530A (en) * | 2017-11-28 | 2018-03-13 | 聚辰半导体(上海)有限公司 | A kind of S box mask methods of SMS4 |
CN107994981A (en) * | 2017-11-28 | 2018-05-04 | 哈尔滨理工大学 | The computational methods of low entropy Universal High Order mask based on compositum |
CN110278070A (en) * | 2018-03-13 | 2019-09-24 | 中国科学技术大学 | The implementation method and device of S box in a kind of SM4 algorithm |
CN108874367A (en) * | 2018-06-29 | 2018-11-23 | 深圳职业技术学院 | Compound finite field inverter based on power operation and inversion method thereof |
CN109274482A (en) * | 2018-08-24 | 2019-01-25 | 广东工业大学 | A kind of aes algorithm hardware circuit implementation method based on the optimization of S box |
CN111030820A (en) * | 2019-12-17 | 2020-04-17 | 成都三零嘉微电子有限公司 | Mask SM4 algorithm-based method for selecting plaintext correlation collision attack |
CN111030820B (en) * | 2019-12-17 | 2023-12-19 | 成都三零嘉微电子有限公司 | Mask SM4 algorithm-based method for selecting plaintext related collision attack |
CN111786775A (en) * | 2020-07-28 | 2020-10-16 | 山东省计算中心(国家超级计算济南中心) | Realization method and system of SM4 algorithm S box based on basis conversion |
CN112883395A (en) * | 2021-02-25 | 2021-06-01 | 山东华翼微电子技术股份有限公司 | High-performance GFN mask method for enhancing anti-attack capability |
CN113691363A (en) * | 2021-08-24 | 2021-11-23 | 广东工业大学 | AES & SM4 reconfigurable mask S box hardware circuit |
CN113691363B (en) * | 2021-08-24 | 2023-06-09 | 广东工业大学 | AES & SM4 reconfigurable mask S box hardware circuit |
Also Published As
Publication number | Publication date |
---|---|
CN106936569B (en) | 2020-05-19 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN106936569A (en) | A kind of implementation method of the SM4 algorithm mask S boxes of anti-power consumption attack | |
US10673613B2 (en) | Polynomial fully homomorphic encryption system based on coefficient mapping transform | |
Peng et al. | Dynamics of a higher dimensional fractional-order chaotic map | |
CN106850221A (en) | Information encryption and decryption method and device | |
US10142105B2 (en) | Hypersphere-based multivariable public key encryption/decryption system and method | |
CN104065473A (en) | Compact realization method of SM4 block cipher algorithm S box | |
CN102006161B (en) | Nonlinear transformation method for symmetric key encryption and implementation method thereof | |
EP3570488A1 (en) | Online/offline signature system and method based on multivariate cryptography | |
CN103888247B (en) | Resist the data handling system and its data processing method of Differential power attack analysis | |
CN107579813A (en) | information encryption and decryption method and device | |
CN110138752A (en) | A kind of public key encryption method based on lattice | |
CN103916248A (en) | Fully homomorphic encryption public key space compression method | |
Zha et al. | Further results on differentially 4-uniform permutations over | |
Dawahdeh et al. | Modified ElGamal elliptic curve cryptosystem using hexadecimal representation | |
CN114117502B (en) | Data encryption and decryption method, system, equipment and computer readable storage medium | |
Li et al. | Keyed hash function based on a dynamic lookup table of functions | |
CN109190395B (en) | Fully homomorphic encryption method and system based on data transformation | |
CN105933101A (en) | Fully homomorphic encryption public key compression method based on parameter high power offset | |
Jiang et al. | Si’lnikov homoclinic orbits in a new chaotic system | |
Chen et al. | Note on scalar multiplication using division polynomials | |
CN101969374B (en) | Method for realizing confusing layer in block cipher algorithm | |
US20220021541A1 (en) | An online and offline circulating unbalanced oil and vinegar signature method | |
CN101860796A (en) | Network multicast information encryption method against conspiracy attack | |
Aung et al. | Implementation of elliptic curve arithmetic operations for prime field and binary field using java BigInteger class | |
CN102064938A (en) | Public key encrypting method based on multivariable and uncertainty |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |