基于塔域的SM4算法快速软件实现

Fast Software Implementation of SM4 Based on Tower Field

传统上的SM4软件优化采用查表法,其性能受到cache大小制约,而且易遭到缓存-计时攻击.本文给出了面向SIMD实现的SM4的S盒优化实现,基于塔域优化技术,将SM4的8比特S盒布尔表达式结果的比特切片门复杂度从497降低到115.使用SIMD技术的AVX512指令集和比特切片技术实现512组SM4分组消息的并行加解密.基于OpenSSL开源库完成了快速SM4不同工作模式和多线程下加密的性能测速.在Intel Core i7-11800H@2.3 GHz处理器上使用本方案对SM4算法进行的软件优化实现,其ECB模式在单线程下的加密峰值速度达到了6671 Mbps.同已公开文献中的最优实现性能2580 Mbps(Intel Core i7-7700HQ@2.8 GHz)/3306 Mbps(Intel Core i7-11800H@2.3 GHz)相比,性能提升了159%/101%.

The traditional SM4 software implementation generally adopts the look-up table(LUT)method.The performance of LUT is restricted by cache size,and it is also vulnerable to cache-timing attacks.Based on the tower field optimization,this study proposes an efficient SIMD-oriented SM4 S-box optimization,which reduces the bitslice gate complexity of the S-box Boolean expression from 497 to 115.By using the AVX512 instruction set of SIMD and bitslicing,a parallel block encryption and decryption mode of SM4 is implemented.Furthermore,the performance comparison amongst the fast SM4 software implementations is analyzed with different cipher modes and multi-threads.The proposed optimization is tested on the Intel Core i7-11800H(2.3 GHz)processor to optimize the software implementation,and its ECB encryption peak speed reaches 6671 Mbps with single thread.Compared with the best result known so far in public literatures which is 2580 Mbps(Intel Core i7-7700HQ@2.8 GHz)/3306 Mbps(Intel Core i7-11800H@2.3 GHz),the encryption speed is increased by 159%/101%.