Study And Application Of Power Analysis On SM4 And SM2 Algorithms

Technologies of data encryption and decryption are widely used in the transmission of information. Therefore, the security of relevant algorithmsplays an extremely important role in the financial and other areas. Considering of the national financial security and other factors, the Chinese government requires that Smart IC cardsapplied inthe financial area have to support the SM4 and SM2 algorithms based on national standards.Sidechannel attack, which is known as a new method of cryptanalysis, makes use of the physical information leaked during the operation of cryptographic chip to crack the password of system.This attack has constituted a serious practical threat to the security of cryptographic systems.By now,SM4 and SM2 algorithms are lack of the related research in the side channel attack area. So the purpose of this thesis is to implement the method of power analysis attack on these two algorithms. And we also propose the corresponding protection strategy.Firstly, we designed the attack platform for SM4 algorithm in the sidechannel analysis equipment named Riscure from Netherlands. We usedthree different smart IC cards to verify the validity and effectiveness of the attack platforms. After that, this thesis analyzes some commonprotective measures such as software redundancy operation, redundancy round operation,clock randomizationand masking technology. And we put forward the sidechannel attack method used in frequency domain. Against these attacks, we compared the security performances of related protective measures.Secondly,this thesis analyzesthe classicalleakage model in power analysis attack and put forward a novel leakage model. This model is based on the power consumption leaked by multiple S-boxes, and the implementation of this method is combined with genetic algorithm. It makes the leakage model characterizethe real energy consumption moreaccurately. The novel model takes advantage of multiple S-boxes to improve the efficiency of attack. Through the verificationon SM4 algorithm and DES algorithm, attack based on the novel leakage model decreasesthe 52% of traces at most.Finally,thethesisexploits the template attack to analyze the decryption of SM2 used in a smart IC card. As the establishment of template library for attack is finished, the attackers just need one power measurement of the SM2 decryption to get the correct decryption key. The maximum success rate of template matching can be 88%, whichmeans 225 bits can be recovered out of a 256-bit private key of SM2, in average.Some common countermeasures are not safe enough for template attack. Defensive strategiessuch as key blinding, base point blinding, dummy operation and clock randomization could be exploited as a combination of multiple countermeasures.