Research On Power Analysis Attack Resistant SMS4 Cipher VLSI Design Technology

Power analysis attacks can recover the secret keys stored in cryptographic hardware devices by analyzing the input and output data combining with the power consumption during the cipher processing. Because they are easily performed and the attack effects are very well, power analysis attacks are researched on and applied widely.SMS4 block cipher is the first commercial cipher published by China and was employed in WAPI standard to protect the data packages in WLAN. So, it is very important for the application and development of Chinese cipher standards. But to date, there is no study presented on power analysis attacks on SMS4 and its countermeasures.In this thesis, VLSI design optimization technology, power analysis attacks and countermeasures on SMS4 cipher are studied. Several new method about SMS4 VLSI design and power analysis attacks and countermeasures on SMS4 are presented, and the theory derivations, experiment approaches, results and the analyses are given. To sum up, the main innovation and creative points are as follows:1. Complete and evaluate several circuit architectures of S-box in SMS4 cipher. The experiment results indicate that, the S-box circuit based on composite field operation is the smallest and the one based on twisted BDD architecture has the fastest speed.2. Complete the algorithm derivation for S-box construction on the composite field CF(((2~2)~2)~2) and the circuit implementation optimization. As a result, the multiplicative inverse operation on GF(2~8) is transformed to logic AND and XOR operation adapt to circuit implementations. A compact SMS4 cipher VLSI design based on composite field operation is presented. Also, the parameter value in twisted BDD is optimized and a fast SMS4 circuit based on twisted BDD architecture is completed.3. Construct a power analysis simulation platform and provide three different simulation strategies and flows for various requirements about target ciphers, circuit scales and simulation time. By selecting and configuring the simulation platform, the best balance can be got between simulation durations, computer resources and simulation precision.4. Analysis the architecture and characters of SMS4 cipher and its linear transformation L, and present a differential power analysis (DPA) attack method on SMS4 cipher for the first time. Experiment results indicate that the DPA attack is effective on SMS4 round operations. Moreover, a correlation power analysis (CPA) attack method on SMS4 is presented and this method can get a better attack effect than the DPA attack.5. Using random mask technology, two power analysis resistant SMS4 circuit designs based on multiplicative and additive masking are presented. Experiments result indicate that these two masking method can both withstand the first-order DPA and CPA attacks effectively. And the additive masking method can also withstand the zero-value attacks and leads a smaller circuit area than the multiplicative method. Moreover, a power analysis resistant SMS4 cipher VLSI chip design based on additive masking method was completed and taped out.