New Second-order Threshold Implementation of Sm4 Block Cipher

As SM4 block cipher has become an ISO/IEC international encryption standard in June 2020, the security of SM4 against side-channel analysis (SCA) is highly valued by academic community. Threshold implementation (TI) scheme is a common countermeasure against SCA. However, the implementation of a high-order TI scheme can be costly. How to improve the resistance of SM4 implementation against high-order SCA without significant increasing the cost appears to be an important task. In this article, a new SM4 second-order TI scheme is proposed based on the tower field decomposition of 8-bits inverter. In more detail, by performing the tower field decomposition twice in the SM4 S-box, the inverse and multiplication operations on finite field are transformed into inverse and multiplication operations on tower field, thus reducing the algebraic order of the decomposed S-box from 7 to 2. Then, the design and implementation of our scheme with 3 shares is illustrated based on the decomposed S-box. Compared with the best-known TI of the S-box in the SM4, our scheme uses smaller number of register stages. The circuit area of S-box is reduced by 48.6%. The number of fresh randomness required in a single round operation is 96 bits. Moreover, both the second-order t-test with 10 million power traces and the correlation power analysis are performed, thus verifying the second-order security of this scheme.