A Circuit Design of SMS4 against Chosen Plaintext Attack

As the first official published commercial block cipher standard of China, SMS4 has been widely used in local area wireless product. Although the algorithm is proved to be secure enough mathematically, when implemented in hardware, it is vulnerable to differential power analysis (DPA), especially using chosen plaintext method. In order to discuss countermeasures against DPA, we present a secure circuit design of SMS4 combining hiding and masking techniques in this paper. For the trade-off between area and speed, we use additive masking and fix masking for the linear operations and S-box respectively. Hiding technique is applied to make power traces harder to align to increase the difficulty of attacking. We implement our scheme in a side channel evaluation board and analyze the collected power traces. Our experimental results show that the designed circuit has a good performance in DPA-resistance.

[1]  Kouichi Itoh,et al.  DPA Countermeasure Based on the "Masking Method" , 2001, ICISC.

[2]  Pankaj Rohatgi,et al.  Template Attacks , 2002, CHES.

[3]  Dawu Gu,et al.  A Power Analysis on SMS4 Using the Chosen Plaintext Method , 2013, 2013 Ninth International Conference on Computational Intelligence and Security.

[4]  Siva Sai Yerubandi,et al.  Differential Power Analysis , 2002 .

[5]  Xiaoyi Duan,et al.  Research and Implementation of DPA-resistant SMS4 Block Cipher , 2011, 2011 Seventh International Conference on Computational Intelligence and Security.

[6]  Christophe Clavier,et al.  Correlation Power Analysis with a Leakage Model , 2004, CHES.

[7]  Todd R. Andel,et al.  Design and Implementation of Hiding Techniques to Obfuscate Against Side-Channel Attacks on AES , 2014 .

[8]  Xuefei Bai,et al.  Differential Power Analysis Attack on SMS4 Block Cipher , 2008, 2008 4th IEEE International Conference on Circuits and Systems for Communications.