白盒SM4的分析与改进

差分计算分析(DCA)是一种应用于白盒实现安全性分析的侧信道分析手段，其高效性在白盒高级数据加密标准(AES)的分析工作中已得到验证。该文针对白盒SM4方案提出一种类差分计算分析的自动化分析方法，该分析以白盒SM4方案中的查找表结果为分析对象，采用统计分析的方法提取密钥，称为中间值平均差分分析(IVMDA)。相比于已有的白盒SM4的分析方法，中间值平均差分分析所需要的条件更少，分析效率更高。在对白盒SM4方案进行成功分析后，该文提出一种软件对策以提高白盒SM4方案的安全性，该对策利用非线性部件对白盒方案中的中间状态进行混淆，消除中间状态与密钥之间的相关性。实验证明该对策可以有效抵抗中间值平均差分分析。

Analysis and Improvement of White-box SM4 Implementation

Differential Computational Analysis (DCA) is a side channel analysis method applied to white box security analysis. Its efficiency has been verified in the analysis of white-box Advanced Encryption Standard (AES). A new DCA-like attack is proposed named Intermediate-Values Mean Difference Analysis(IVMDA). The analysis takes the results of the lookup table in the white-box SM4 implementation as the analysis object, and uses the method of statistical analysis to extract the key. Compared with the existing white-box SM4 analysis method, the intermediate-values mean difference analysis requires fewer conditions, and the analysis efficiency is higher. After successfully analyzing the white-box SM4 implementation, a software countermeasure is proposed to improve its security. The software countermeasure uses nonlinear components to confuse the intermediate state in the white-box implementation and eliminate the correlation between the intermediate state and the key. The experimental results show that the countermeasure can effectively resist the intermediate-values mean difference analysis.