摘要
针对SM4门限实现(TI)面积大、随机数消耗多的问题,提出一种SM4门限实现的改进方案。在满足门限实现理论的情况下,对S盒非线性求逆进行了无随机共享,并引入面向域的乘法掩码方案,将S盒随机数消耗减少至12 bit;基于流水线思想,设计了新的8 bit数据位宽的SM4串行体系结构,复用门限S盒,并优化SM4线性函数,使SM4门限实现面积更加紧凑,仅6513 GE,相较于128 bit数据位宽的SM4门限实现方案,所提方案的面积减小了63.7%以上,并且更好地权衡了速度和面积。经侧信道检验,所提出的改进方案具备抗一阶差分功耗分析(DPA)能力。
Aiming at the problems of large area and large consumption of fresh randomness in Threshold Implementation(TI)of SM4,an improved threshold implementation scheme of SM4 was proposed.In the case of satisfying the threshold implementation theory,the operation of S-box nonlinear inversion was shared with no fresh randomness,and a domainoriented multiplication mask scheme was introduced to reduce the fresh randomness consumption of S-box to 12 bits.Based on the idea of the pipeline,a new SM4 serial architecture with 8-bit data width was designed.The threshold implementation of S-box was reused,and the linear function of SM4 was optimized to make the area of threshold implementation of SM4 more compact,only 6513 GE.In comparison with the TI scheme of SM4 with 128-bit data width,the area of the proposed scheme is reduced by more than 63.7%,and there is a better trade-off between speed and area.The side-channel experimental results show that the proposed scheme has the capability of anti-first-order Differential Power Analysis(DPA).
作者
蒲金伟
高倾健
郑欣
徐迎晖
PU Jinwei;GAO Qingjian;ZHENG Xin;XU Yinghui(School of Automation,Guangdong University of Technology,Guangzhou Guangdong 510006,China)
出处
《计算机应用》
CSCD
北大核心
2023年第11期3490-3496,共7页
journal of Computer Applications
基金
广东省基础与应用基础研究基金资助项目(2021A1515110777)。
关键词
SM4
差分功耗分析
门限实现
S盒
非线性求逆
无随机共享
面向域的乘法掩码方案
SM4
Differential Power Analysis(DPA)
Threshold Implementation(TI)
S-box
nonlinear inversion
shared with no fresh randomness
domain-oriented multiplication mask scheme
