Research On Threshold Implementation Of Block Cipher And Its Optimization

Cryptography is the fundamental supporting technology in the field of cyberspace security.Block ciphers have been widely used because of its advantage of being fast and efficient.Recently,side-channel analysis(SCA)has posed a serious threat to the security of block ciphers.With the combination of SCA and new technologies such as deep learning,some high-order power analysis methods have been proposed,which makes the first-order masking prone to be attacked.Generally,the circuit area,latency,and the consumption of randomness are the three factors that jointly determine the cost of TI masking.How to improve the performance of TI masking in resisting SCA,while balance the hardware consumption of implementation is currently a hot topic in the field of masking protection.In this thesis,a series of methods for the design,implementation and optimization of second-order TI masking are proposed.These methods are further applied to the SM4block cipher.The main research results are as follows:(1)An automated isomorphic mapping solver is proposed for solving the isomorphic mapping matrix based on fast exponentiation algorithm for polynomial.The isomorphic mapping matrix is an important tool for tower field decomposition of S-box.As traditional method requires a large number of manual calculations on polynomials,a solver tool is proposed in this chapter,which can automate the solution of the isomorphic mapping matrix by inputting the generated polynomials.The results show that the solver improves the efficiency and precision of the tower field decomposition.(2)A method for constructing second-order TI based on tower field decomposition is proposed,which is further applied to the SM4 block cipher.At first,by performing the tower field decomposition twice in the SM4 S-box,the inverse and multiplication operations on finite fieldGF(2~8)are transformed into inverse and multiplication operations on tower fieldGF(((2~2)~2)~2).The algebraic order of the decomposed S-box is reduced from 7 to 2,thus reducing the complexity of the masking design.Then,the design and implementation of each component in the TI masking are proposed.Finally,the performance of this method is illustrated.Experiments show that the S-box of SM4second-order TI masking has a circuit area of 11 k GE,and the fresh randomness consumed by a single round of encryption is 120 bits.Test vector leakage assessment(TVLA)results show that the masking scheme can effectively resist first-order and second-order power analysis.Compared with the existing results,the circuit area of S-box in this scheme is reduced by 48.6%,which indicates that this method has a less consumption in circuit area.(3)A low-latency SM4 second-order TI masking method is proposed based on the cubic Boolean function masking idea.This method combines the tower field decomposition technique for SM4 S-box with the cubic Boolean function second-order TI design method.TVLA results show that this scheme can effectively resist the first-order and second-order power analysis.Compared with the existing results,this method reduces the number of clock cycles in masking S-box by 40%,and the number of fresh randomness consumed in a single round of encryption is 156 bits.It indicates that this method has a large improvement in throughput rate.