Side Channel Analysis Of SM4 White Box Implementation Scheme

The security of the traditional block cipher is based on the black box attack context,in which the attacker can only obtain the input and output of the cryptographic algorithm,but not the internal details of the cryptographic algorithm.In recent years,mobile communication devices and the Internet have been popularized rapidly,digital products have been widely spread,and digital products often run on untrusted terminals.Attackers in this environment can not only obtain the input or output of the cryptographic algorithm,but also arbitrarily observe or modify the internal details of the running time of the cryptographic algorithm.Therefore,this environment is a white box attack context.In this environment,the security of traditional block cipher can not be guaranteed,and the copyright protection of various digital products depends on the security of cryptographic algorithm.Therefore,the security problem of digital rights management needs to be solved urgently.In order to solve the problem of digital rights management under the new situation,the concept of white box cryptography is proposed.By modifying the process of traditional block cipher,hiding the key in the look-up table network,and adding confusion coding protection to each look-up table and the whole look-up table network to design white box cryptography,we can get the white box implementation of traditional block cipher.The differential computation analysis in recent years is a kind of side channel analysis,which is easier to implement in practical application.It has a high security threat to the real white box implementation scheme.It is important to evaluate the security of white box implementation scheme in practical application that the ability of existing white box implementation schemes to resist side channel analysis.In this thesis,the related contents of differential computation analysis and the SM4 white box implementation scheme of Bai Kunpeng and others are briefly discussed.The SM4 white box implementation scheme of Bai Kunpeng and others is successfully analyzed by using the differential computation analysis method.On this basis,a more efficient analysis method is proposed,and an SM4 white box implementation scheme which can resist differential computation analysis is designed.The main research contents include:(1)The SM4 white box implementation scheme proposed by Bai Kunpeng and others is successfully analyzed by using the differential computation analysis method.Based on the probability characteristics of Hamming weights of each row of n-order uniform random reversible matrix on GF(2)and the theoretical basis of differential computation analysis,this thesis selects the variant form of differential computation analysis for experiments.The results show that when the sample size is sufficient,the variant differential computation analysis can recover the highest byte of the first round key in about half a minute,while it takes about 8 minutes to recover the entire initial key.(2)An improved differential computation analysis with higher efficiency is proposed.The results show that by selectively reducing the traversal space and modifying the decision conditions,the analysis time can be greatly shortened on the premise that the analysis success rate is almost unchanged,and the demand for the number of samples does not increase significantly.(3)A SM4 white box implementation scheme which can resist differential computation analysis is proposed.The results show that by adding 8-bit nonlinear coding to the key related look-up tables in the first and last rounds,the scheme can resist differential computation analysis,attack of Pan Wenlun et al.,BGE attack,Lin-Lai attack,attack of De Mulder et al.,MGH attack and attack of Lepoint et al.,and its memory occupation is34.5MB.