一种基于门限实现的SM4算法S盒实现方案

针对SM4算法的安全实现面临DPA攻击严重威胁的问题，提出了一种新的SM4算法门限S盒实现方案。该方案基于门限实现技术，通过构造秘密共享函数代替仿射变换，将S盒输入和输出均分成2组进行处理。S盒输入经过秘密共享函数处理后，进入到复合域中进行求逆运算，并采用添加掩码的方法构造了符合门限实现技术分组性质的乘法器，提高了S盒的安全性。该方案在设计和实现过程中均满足门限实现技术对于分组数量和性质的要求，通过安全性分析和实验验证，能够抵御一阶DPA攻击，且具有较低的实现面积和功率消耗。

New S-box of SM4 based on threshold implementation

A new scheme of S-box is proposed to focus on the problem that SM4 algorithm faces a serious threat of DPA attack. The input and output of new S-box are divided into two groups by constructing a secret sharing function instead of the affine transformation. After the input through the secret sharing function, it performs inversion operation in the composite field. In order to improve the S-box security, the multiplier is constructed which satisfies grouping nature of threshold implementation by means of adding random mask to the output of multiplier. This scheme meets the requirements of grouping number and nature for threshold implementation in the S-box design and implementation. It can resist first-order DPA attack through security analysis and experimental verification, and has lower implementation area and power consumption.