GIFT密码算法的二阶门限实现及其安全性评估

目前已知GIFT算法的防护方案仅能抗一阶功耗攻击。为了使该算法能抵御高阶功耗攻击，利用GIFT算法的数学结构，结合门限实现方法，构造了GIFT算法的二阶门限实现方案；针对非线性部件S盒的数学特征，分别构建（3，9），（6，7）以及（5，10）等二阶门限实现方案，并选取所需硬件资源最少的（3，9）方案，将其在FPGA平台下实现。在实现时，为了更好地分析对比所耗硬件资源，使用并行和串行的硬件实现方法。结果表明，在NanGate 45nm工艺库下，并行实现消耗的总面积为12 043 GE，串行实现消耗的总面积为6 373 GE。通过采集实际功耗曲线，利用T-test对该二阶门限实现方案进行侧信息泄露评估，证实了该二阶门限实现方案的安全性。

Second-order threshold implementation of GIFT cryptographic algorithm and security evaluation

It is known that the protection scheme of the GIFT algorithm can only resist first-order power consumption attacks. In order to make the algorithm against high-order power attacks, this paper used the mathematical structure of GIFT algorithm and combined the threshold implementation method to construct a new second-order mask scheme of GIFT algorithm. Accor-ding to the mathematical characteristics of the nonlinear part S-box, it constructed second-order threshold implementation schemes(3, 9), (6, 7) and(5, 10) respectively, and selected the(3, 9) scheme with the least required hardware resources and simulated it in FPGA environment. In the hardware implementation, in order to better analyze and compare the hardware resources consumed, it used the parallel and serial hardware implementation methods respectively. The results show that under the NanGate 45nm open library process library, the total area consumed by the parallel implementation is 12043GE, and the total area consumed by the serial implementation is 6373GE. By collecting the actual power consumption curve, the T-test is used to evaluate the second-order threshold implementation scheme, which confirms the security of the second-order threshold implementation scheme.