In accordance with regulations and requirements, the editorial department's website domain has been changed to arocmag.cn. The original domain (arocmag.com) will be discontinued after Dec. 31st, 2024.
See More
Technology of Information Security
|
App. Res. of Comp. Printed Article
Vol. 38, 2021 No. 9
2811-2815

Security analysis and countermeasures for software implementation of SM2 algorithm

Wang Tengfei1
Zhang Haifeng2
Xu Sen3
1. School of Electronic Information & Electrical Engineering, Shanghai Jiao Tong University, Shanghai 200240, China
2. Beijing Smartchip Microelectronics Technology Company Limited, Beijing 100192, China
3. Viewsource(Shanghai)Technology Company Limited, Shanghai 200241, China
DOI: 10.19734/j.issn.1001-3695.2021.02.0030

Abstract

National standard for commercial cryptography named SM2 is a public key cryptosystem based on elliptic curve cryptography. In the process of software implementation, it may face the risk of sensitive data leakage through side channels. In order to improve the security of SM2 algorithm in practical applications, this paper analyzed the security of SM2 software implementation, which was based on multiprecision integer and rational arithmetic cryptographic library(MIRACL), using cache timing attack method. A selection strategy of monitoring addresses could avoid the mistakes caused by cache line size, temporal precision and data prefetching technology as much as possible. This paper also modified constant-time countermea-sures according to leakage points. Experiments show that the constant-time scalar multiplication function can protect the sensitive data in SM2 much better than MIRACL scalar multiplication function, under the same cache timing attack conditions. It concludes that the SM2 algorithm based on MIRACL library needs to adopt necessary countermeasures to obtain security against cache timing attacks.

Foundation Support

“十三五”国家密码发展基金密码理论课题(SGITZX00YFJS1805255)

Publish Information

DOI: 10.19734/j.issn.1001-3695.2021.02.0030
Publish at: Application Research of Computers Printed Article, Vol. 38, 2021 No. 9
Section: Technology of Information Security
Pages: 2811-2815
Serial Number: 1001-3695(2021)09-046-2811-05

Publish History

[2021-09-05] Printed Article

Cite This Article

王腾飞, 张海峰, 许森. SM2算法软件实现的安全性分析与防护 [J]. 计算机应用研究, 2021, 38 (9): 2811-2815. (Wang Tengfei, Zhang Haifeng, Xu Sen. Security analysis and countermeasures for software implementation of SM2 algorithm [J]. Application Research of Computers, 2021, 38 (9): 2811-2815. )

About the Journal

  • Application Research of Computers Monthly Journal
  • Journal ID ISSN 1001-3695
    CN  51-1196/TP

Application Research of Computers, founded in 1984, is an academic journal of computing technology sponsored by Sichuan Institute of Computer Sciences under the Science and Technology Department of Sichuan Province.

Aiming at the urgently needed cutting-edge technology in this discipline, Application Research of Computers reflects the mainstream technology, hot technology and the latest development trend of computer application research at home and abroad in a timely manner. The main contents of the journal include high-level academic papers in this discipline, the latest scientific research results and major application results. The contents of the columns involve new theories of computer discipline, basic computer theory, algorithm theory research, algorithm design and analysis, blockchain technology, system software and software engineering technology, pattern recognition and artificial intelligence, architecture, advanced computing, parallel processing, database technology, computer network and communication technology, information security technology, computer image graphics and its latest hot application technology.

Application Research of Computers has many high-level readers and authors, and its readers are mainly senior and middle-level researchers and engineers engaged in the field of computer science, as well as teachers and students majoring in computer science and related majors in colleges and universities. Over the years, the total citation frequency and Web download rate of Application Research of Computers have been ranked among the top of similar academic journals in this discipline, and the academic papers published are highly popular among the readers for their novelty, academics, foresight, orientation and practicality.

Indexed & Evaluation

  • The Second National Periodical Award 100 Key Journals
  • Double Effect Journal of China Journal Formation
  • the Core Journal of China (Peking University 2023 Edition)
  • the Core Journal for Science
  • Chinese Science Citation Database (CSCD) Source Journals
  • RCCSE Chinese Core Academic Journals
  • Journal of China Computer Federation
  • 2020-2022 The World Journal Clout Index (WJCI) Report of Scientific and Technological Periodicals
  • Full-text Source Journal of China Science and Technology Periodicals Database
  • Source Journal of China Academic Journals Comprehensive Evaluation Database
  • Source Journals of China Academic Journals (CD-ROM Version), China Journal Network
  • 2017-2019 China Outstanding Academic Journals with International Influence (Natural Science and Engineering Technology)
  • Source Journal of Top Academic Papers (F5000) Program of China's Excellent Science and Technology Journals
  • Source Journal of China Engineering Technology Electronic Information Network and Electronic Technology Literature Database
  • Source Journal of British Science Digest (INSPEC)
  • Japan Science and Technology Agency (JST) Source Journal
  • Russian Journal of Abstracts (AJ, VINITI) Source Journals
  • Full-text Journal of EBSCO, USA
  • Cambridge Scientific Abstracts (Natural Sciences) (CSA(NS)) core journals
  • Poland Copernicus Index (IC)
  • Ulrichsweb (USA)