Unbalanced Sharing: a Threshold Implementation of SM4

Unbalanced Sharing: a Threshold Implementation of SM4

SCIENCE CHINA Information Sciences May 2021, Vol. 64 159102:1–159102:3 . LETTER . https://doi.org/10.1007/s11432-018-9794-6 Unbalanced sharing: a threshold implementation of SM4 Man WEI1,2,3, Siwei SUN1,2,3*, Zihao WEI1,2,3 & Lei HU1,2,3 1State Key Laboratory of Information Security, Institute of Information Engineering, Chinese Academy of Sciences, Beijing 100093, China; 2Data Assurance and Communication Security Research Center, Chinese Academy of Sciences, Beijing 100093, China; 3 School of Cyber Security, University of Chinese Academy of Sciences, Beijing 100049, China Received 3 November 2018/Accepted 20 February 2019/Published online 19 March 2021 Citation Wei M, Sun S W, Wei Z H, et al. Unbalanced sharing: a threshold implementation of SM4. Sci China Inf Sci, 2021, 64(5): 159102, https://doi.org/10.1007/s11432-018-9794-6 Dear editor, ent input variables are split into different numbers of shares In recent years, we have witnessed a rapid development still maintains the three essential properties for TIs. Such of the side-channel attacks, which deviate from the tradi- a scheme is named an unbalanced sharing scheme. Taking the multiplication function y = f(x1,x2) = x1x2 as an ex- tional block-box model and exploit the leakages of crypto- 1 1 1 1 2 ample, we split x into 3 shares (x1,x2,x3), and x into 5 graphic devices. Among those attacks, the so-called differen- 2 2 2 2 2 tial power analysis (DPA) exploiting the correlation between shares (x1,x2,x3,x4,x5), and the sharing is given by the instantaneous power consumption and the sensitive in- 1 1 2 2 2 2 2 2 y1 = x2 + x3x2 + x3 + x4 + x5 + x4 + x5, termediate values of a cryptographic algorithm is one of the 1 2 2 2 2 1 2 2 most powerful techniques [1]. Various countermeasures have y2 = x1x1 + x3 + x4 + x5 + x3x1 + x5, (1) been proposed in the literature to make the implementa- 1 2 1 2 2 y3 = x1x2 + x2x1 + x4. tion of cryptographic algorithms immune to DPA. In this study, we focus on the approach called threshold implemen- It is obvious that Eq. (1) satisfies the non-completeness tation (TI) initially proposed by Nikova et al. [2] at ICICS property. For correctness, the reader can check that f1 + 1 1 1 2 2 2 2 2 2006, which is provable secure against first-order DPA un- f2 + f3 = (x1 + x2 + x3)(x1 + x2 + x3 + x4 + x5). For der certain leakage assumptions. The TI technique divides uniformity, if the input masking is uniform, the distribution the input into several shares by Boolean masking, and the of output masking is also uniform. In general, the unbal- sharing scheme should satisfy three properties: correctness, anced sharing not only enlarges the design space of TIs, but non-completeness, and uniformity. Correctness states that also can be regarded as a new method for achieving unifor- the sum of output shares equals the correct output. Non- mity. Therefore, we could have more candidate TI schemes completeness requires each output share to be computed in- for the given cryptographic algorithm, which typically leads dependent of at least one input share such that the unshared to more flexible area-randomness trade-offs. intermediate results are not revealed. Uniformity requires TI of the SM4 S-box. We apply the TI technique with the input shares to be uniformly distributed. Moreover, unbalanced sharing to SM4, an internationally standardized for an iterative cryptographic algorithm, the output shares block cipher. For any linear operation, it can be shared should also be uniform for subsequent computations. The in a straight-forward way. Therefore, we only focus on the TI technique has been widely applied to many symmetric- S-box in SM4. The SM4 S-box is affine equivalent to the key cryptographic algorithms. After a series of work, the AES S-box, which is affine equivalent to the inverse opera- technique of TI has been largely extended and generalized. tion over F28 [3]. We also use the tower field approach [4] to The minimum number of shares required for a TI scheme divide the S-box into three pipeline stages with operations is the algebraic degree of the function being shared plus 1 [2]. over F24 . The concrete architecture of our design is shown However, the uniform sharings for some degree-d functions in Figure 1. with d + 1 shares have not been found. Besides remasking Stage 1. Since the degree of the F24 multiplier is 2, the with fresh randomness, here we provide another technique minimum number of input shares is 3 to achieve 1st-order for achieving uniformity. security. Though there is no known TI with uniform output Unbalanced sharing. In existing sharing schemes, every with 3 input shares. To reduce the area cost, we implement input variable has the same number of shares. However, it the F24 multiplier directly with 3 input shares and 3 output is perfectly possible that a sharing scheme in which differ- shares. The output of the multiplier and the output of the * Corresponding author (email: [email protected]) c Science China Press and Springer-Verlag GmbH Germany, part of Springer Nature 2021 info.scichina.com link.springer.com Wei M, et al. Sci China Inf Sci May 2021 Vol. 64 159102:2 GF(24) GF(24) sq.sc multiplier r r 1 2 4 inv. lin. GF(2 ) lin. map inverter GF(24) map P1 (52-bit) P1 multiplier P2 (44-bit) GF (24) r r multiplier 8-bit 1 2 4-bit 1st phase 2nd phase 3rd phase Figure 1 The TI of the SM4 S-box. F24 square scalar (linear) form the input to the next stage. register arrays, and is selected to perform the XOR oper- Uniformity is achieved with 8 random bits by partial re- ations with the round key. Its output is stored in register masking [5], and the concrete remasking scheme is depicted from the 4th to the 6th clock cycles, since 3 clock cycles in Figure 1. are required to complete the TI-based S-box computation. Stage 2. For the F24 inverter with algebraic degree 3, After the shared S-box is operated 4 times, the forth output any uniform sharing has not been found using 4 shares un- together with the former three outputs performs the L linear less the inverter is decomposed into three stages, which costs transformation. two more cycles and much more area. Therefore, we use the From the above, 6 × 32 = 192 cycles are required to com- uniform sharing scheme proposed in [5] for the F24 inverter plete one SM4 encryption. Key expansion has the same with 5 shares. Then the output of the F24 inverter and the timing flow. To get the round key ready for the encryp- former output of the input linear transformation are stored tion round, key expansion is kept one round (6 clock cycles) in the registers as the input to the two multipliers in the ahead of encryption. The constant key CKi is generated next stage. It can be verified by simulation that the inputs dynamically. Thus, our complete implementations needed to the last two multipliers are uniform respectively. 198 clock cycles totally. Stage 3. We apply the unbalanced sharing scheme We synthesized the architecture of the serialized SM4 shown in Eq. (1) over F24 to the upper F24 multipliers in TI design with synopsys design compiler 2014.09-SP3 and Figure 1, and a new unbalanced sharing with uniform output UMC 180 nm standard cell library. We apply the compile to the other F24 multipliers as follows: and compile ultra commands to each component of the im- 1 1 2 2 2 2 2 plementation. The results in Appendix B show that our y1 x x x x x x x , = 2 + 3 2 + 3 + 4 + 5 + 5 shared SM4 S-box with unbalanced sharing only costs 2000 1 2 2 2 2 1 2 2 1 y2 = x1x1 + x3 + x4 + x5 + x3x1 + x4 + x1, GE, and our realization costs 7316 GE totally. Besides, our 1 2 1 2 2 2 1 SM4 TI only needs 8-bit randomness per S-box, less than y3 = x1x2 + x2x1 + x4 + x5 + x1. most AES TIs. Although the three 4-bit output shares of each F24 multi- Leakage analysis. The security evaluation is per- plier are uniform respectively, the concatenated three 8-bit formed with the SAKURA-G board, which includes a output shares are not uniform anymore. However, we ver- main FPGA (Xilinx Spartan-6 XC6SLX75) and a con- ified by simulation that each share individually is uniform, trol FPGA (Xilinx Spartan-6 XC6SLX9). Our design which ensures that there is no first-order leakage in the fol- is implemented on the main FPGA, while the control lowing registers [5]. Besides, for Feistel ciphers such as SM4, FPGA manages the communication between the device un- the output of the S-box is then XORed with the former byte, der test (DUT) and the PC. The power traces covering which is not involved the computation of this S-box. In sum- the last two rounds of SM4 are sampled at 500 MS/s mary, if the input is uniformly shared, the round output is with an oscilloscope. In our implementation, we use a always uniform. pseudo-random number generator (PRNG) implemented on Hardware architectures. SM4 is a 32-round iterative un- the FPGA to provide fresh randomness. The PRNG is asyn- balanced Feistel block cipher with 128-bit block size and chronously active with the encryption algorithm to minimize 128-bit key.

View Full Text

Details

  • File Type
    pdf
  • Upload Time
    -
  • Content Languages
    English
  • Upload User
    Anonymous/Not logged-in
  • File Pages
    3 Page
  • File Size
    -

Download

Channel Download Status
Express Download Enable

Copyright

We respect the copyrights and intellectual property rights of all users. All uploaded documents are either original works of the uploader or authorized works of the rightful owners.

  • Not to be reproduced or distributed without explicit permission.
  • Not used for commercial purposes outside of approved use cases.
  • Not used to infringe on the rights of the original creators.
  • If you believe any content infringes your copyright, please contact us immediately.

Support

For help with questions, suggestions, or problems, please contact us