Research On Attacks Resistant SMS4 Cipher VLSI Design Technology

As one kind of side-channel attacks, power analysis attack can recover the secret keys stored in cryptographic hardware devices by analyzing the input and output data combining with the power consumption during the cipher processing. Since power analysis attacks are easily performed and the attack effects are very well, they are researched on and applied widely.SMS4 block cipher, as the first commercial cipher published by China, was released to protect data packets in wireless network. So, it is very important for the application and development of Chinese cipher standards. But to date, there is no study presented on countermeasures of power analysis attacks and differential fault analysis on SMS4 cipher。In this thesis, VLSI design optimization technology, analysis attacks and countermeasures on SMS4 cipher are studied. We present several new methods about SMS4 VLSI design, fault analysis, power analysis attacks and countermeasures on SMS4, and give the theory derivations, experiment approaches, results and the analyses. To sum up, the main innovation and creative points are as follows:1. Completed the algorithm derivation for S-box construction on the composite field GF ((( 22)2)2) and the circuit implementation optimization. As a result, the multiplicative inverse operation on GF ( 28) is transformed to logic AND and XOR operation adapt to circuit implementations. Then a compact SMS4 cipher VLSI design based on composite field operation was presented.2. In this study, we analysis the architecture and characters of SMS4 cipher and its linear transformation L, and present a differential power analysis (DPA) attack method on SMS4 cipher for the first time. Experiment results indicate that the DPA attack is effective on SMS4 round operations.3. Using random mask technology, we present two power analysis resistant SMS4 circuit designs based on multiplicative and additive masking. Experiments result indicate that these two masking method can both withstand the first-order DPA and CPA attacks effectively. And the additive masking method can also withstand the zero-value attacks and leads a smaller circuit area than the multiplicative method. Moreover, we completed a power analysis resistant SMS4 cipher VLSI chip design based on additive masking method and taped out. 4. Differential Fault Analysis on SMS4 cipher has been preliminary studied, and a modified SMS4 cipher is presented by adding fault detection circuit in the last four round of cryptographic algorithm, to protect SMS4 cipher against Differential Fault Analysis.The dissertation was supported by National Natural Science Foundation of China (No. 60606005).