A Circuit Design of SMS4 against Chosen Plaintext Attack

摘要

As the first official published commercial block cipher standard of China, SMS4 has been widely used in local area wireless product. Although the algorithm is proved to be secure enough mathematically, when implemented in hardware, it is vulnerable to differential power analysis (DPA), especially using chosen plaintext method. In order to discuss countermeasures against DPA, we present a secure circuit design of SMS4 combining hiding and masking techniques in this paper. For the trade-off between area and speed, we use additive masking and fix masking for the linear operations and S-box respectively. Hiding technique is applied to make power traces harder to align to increase the difficulty of attacking. We implement our scheme in a side channel evaluation board and analyze the collected power traces. Our experimental results show that the designed circuit has a good performance in DPA-resistance.