Securing SMS4 Cipher against Differential Power Analysis and Its VLSI Implementation

Differential power analysis is of great concern because it can be used to break implementations of almost any symmetric or asymmetric algorithm, and several countermeasures have been proposed to protect implementations of cryptographic algorithms except SMS4 cipher. In the present paper, we focus on the differential power analysis attack on SMS4 cipher, and suggest a secure masking scheme for SMS4 cipher, which is particularly suited for implementation in dedicated hardware. The masking scheme for the inversion presented in this article is based on composite field arithmetic, in which the inversion is shifted from GF(2(8)) down to GF(2(2)). In addition, several methods such as module reuse and changing computing order are employed to reduce circuit area and maintain its speed. Using SMIC 0.18 mu m CMOS technology, the area of this improved SMS4 cipher is only about 25k-gates and the frequency could be up to 50MHz.