rounds 1, 2, 3, and 4
Reference [13] 1, 2, 3, 4 ^{L transformation for}

rounds 1, 2, 3, and 4
Reference [14] 1, 2, 3, 4 ^{Round output of}

rounds 1, 2, 3, and 4
Reference [15] 1, 2, 3, 4 ^{Round output of}

rounds 1, 2, 3, and 4
Reference [16] 1, 2, 3, 4 ^{Round output of}

Our attack 2, 4
The S-box output of 2th and 4th rounds
16 16 × N 4 × 4 × 2⁸
4 4 × N 4 × 4 × 2⁸
16 16 × N 4 × 4 × 2⁸
16 16 × N 4 × 4 × 2⁸
2 4 × N (4 × 2⁸ + 2⁴) × 2

4. Conclusions

In this paper, we proposed a method that uses chosen plaintext power analysis for SM4 to improve the efficiency existing power analysis for SM4. The method reduces the number of attack rounds, the number of plaintext selections, and the search space of the key, and it selects the nonlinear s-box output as the attack point. This method is not only applied to analyze the first four rounds of SM4 encryption, but also effective to the first four rounds of SM4 decryption. Moreover, this method can also be directly applied to other grouping cipher attacks with similar differential features of S-box, such as AES. Meanwhile, we also can carry out our attack on the first four rounds on SM4 decryption. Another possibility for future work is to combine other cryptanalysis and side channel attacks, such as combining power analysis and algebraic analysis.

Download 449.46 Kb.

Do'stlaringiz bilan baham: