S box masking method for SMS4

A technology of masking and masking values, which is applied in countermeasures against encryption mechanisms, encryption devices with shift registers/memory, digital transmission systems, etc. Small area, easy to achieve effect

Active Publication Date: 2018-03-13
GIANTEC SEMICON LTD
View PDF8 Cites 2 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0007] At present, SMS4 mainly adopts the fixed mask method in the implementation of the S box, and the disadvantage of the fixed mask is obvious: first, the mask value is fixed, because a table corresponds to a fixed mask value, so when using the full mask scheme , the area occupied by the look-up table method will be large

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • S box masking method for SMS4
  • S box masking method for SMS4
  • S box masking method for SMS4

Examples

Experimental program
Comparison scheme
Effect test

Embodiment

[0061] Take the input x=10101010b (0xaa) and the mask value mask=01010101b (0x55) of the S box as an example:

[0062] Calculate L 1 (mask)=01111001b(0x79), this L 1 (mask) is the rand of S30, this step is to calculate S1

[0063] Calculate data1=L 1 (x+mask)+c 1 =00101100b (0x2c), this step is to calculate S2;

[0064] Calculate data1×L 1 (mask)=11111111b (0xff), this step is to calculate S31;

[0065] Calculation (L 1 (mask))^2=01110010b(0x72);

[0066] Calculate data1×L 1 (mask)+(L 1 (mask))^2=11011100b(0xdc), this step is to calculate S32;

[0067] Calculate(data1×L 1 (mask)+(L 1 (mask))^2)^(-1)=10111111b(0xdf), this step is S33, need to judge L 1 (x) is 0 or not, if it is 0, the pseudo-round key FKEY operation will be performed to interfere with power consumption, and the result of this step will be directly output as L 1 (mask);

[0068] calculate

[0069] (data1×L 1 (mask)+(L 1 (mask))^2)^(-1)+1=10111110b(0xde), this step is to calculate S34;

[0070]...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention discloses an S box masking method for an SMS4. The method comprises the steps of setting x as an input of an S box and adding a random mask to improve the security. The S box masking method for the SMS4 comprises the following steps: S1, calculating L1(mask), and if the value is 0, reselecting a mask value until the calculation result of the L1(mask) is not 0; S2, calculating data1=L1(x+mask)+c1; S3, performing Boolean masking on a linear part, performing multiplicative masking with a dummy key on an inverse model part I, and calculating I(data1)=I(L1(x)+L1(mask)) to obtain data2=I(L1(x))+L1(mask); and S4, calculating Sbox(x)=L1(data2)+L1(L1(mask))+c1. The method has the advantages that full masking on the SMS4 can be realized, the area occupied by a look-up table method is smaller than that in the prior art, and the method is also easy to implement.

Description

technical field [0001] The invention relates to an SMS4 S-box masking method. Background technique [0002] The SMS4 block encryption algorithm is a block encryption algorithm used in China's wireless standards, and has been identified as the national encryption industry standard by the State Commercial Encryption Administration in 2012. [0003] The S-box of SMS4 is the nonlinear link of the entire SMS4. The S-box guarantees the security of the entire algorithm. At present, only the look-up table of the S-box is given in the standard algorithm document, and the algebraic expression of the S-box is not given. However, related papers have analyzed the S-box in GF(2 8 ) algebraic expression: Sbox(x)=L 1 (I(L 1 (x))), [0004] Where: L(x)=A 1 *x+c 1 ; I is in GF(2 8 ) modulo inverse; [0005] [0006] The irreducible polynomial is: f(x)=x 8 +x 7 +x 6 +x 5 +x 4 +x 2 +1. [0007] At present, SMS4 mainly adopts the fixed mask method in the implementation of the...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(China)
IPC IPC(8): H04L9/00H04L9/06
CPCH04L9/003H04L9/0618
Inventor 张宇
Owner GIANTEC SEMICON LTD
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap