Full Text:   <588>

Summary:  <101>

CLC number: TP309

On-line Access: 2019-08-05

Received: 2018-05-19

Revision Accepted: 2018-07-30

Crosschecked: 2019-07-12

Cited: 0

Clicked: 1532

Citations:  Bibtex RefMan EndNote GB/T7714


Ye Yuan


-   Go to

Article info.
Open peer comments

Frontiers of Information Technology & Electronic Engineering  2019 Vol.20 No.7 P.930-945


Correlation power attack on a message authentication code based on SM3

Author(s):  Ye Yuan, Kai-ge Qu, Li-ji Wu, Jia-wei Ma, Xiang-min Zhang

Affiliation(s):  Institute of Microelectronics, Tsinghua University, Beijing 100084, China; more

Corresponding email(s):   yuan-y15@mails.tsinghua.edu.cn, kaigequ@gmail.com, lijiwu@tsinghua.edu.cn, zhxm@mail.tsinghua.edu.cn

Key Words:  HMAC-SM3, Side channel analysis, Correlation power attack, Bit-wise chosen-plaintext

Ye Yuan, Kai-ge Qu, Li-ji Wu, Jia-wei Ma, Xiang-min Zhang. Correlation power attack on a message authentication code based on SM3[J]. Frontiers of Information Technology & Electronic Engineering, 2019, 20(7): 930-945.

@article{title="Correlation power attack on a message authentication code based on SM3",
author="Ye Yuan, Kai-ge Qu, Li-ji Wu, Jia-wei Ma, Xiang-min Zhang",
journal="Frontiers of Information Technology & Electronic Engineering",
publisher="Zhejiang University Press & Springer",

%0 Journal Article
%T Correlation power attack on a message authentication code based on SM3
%A Ye Yuan
%A Kai-ge Qu
%A Li-ji Wu
%A Jia-wei Ma
%A Xiang-min Zhang
%J Frontiers of Information Technology & Electronic Engineering
%V 20
%N 7
%P 930-945
%@ 2095-9184
%D 2019
%I Zhejiang University Press & Springer
%DOI 10.1631/FITEE.1800312

T1 - Correlation power attack on a message authentication code based on SM3
A1 - Ye Yuan
A1 - Kai-ge Qu
A1 - Li-ji Wu
A1 - Jia-wei Ma
A1 - Xiang-min Zhang
J0 - Frontiers of Information Technology & Electronic Engineering
VL - 20
IS - 7
SP - 930
EP - 945
%@ 2095-9184
Y1 - 2019
PB - Zhejiang University Press & Springer
ER -
DOI - 10.1631/FITEE.1800312

Hash-based message authentication code (HMAC) is widely used in authentication and message integrity. As a Chinese hash algorithm, the SM3 algorithm is gradually winning domestic market value in China. The side channel security of HMAC based on SM3 (HMAC-SM3) is still to be evaluated, especially in hardware implementation, where only intermediate values stored in registers have apparent Hamming distance leakage. In addition, the algorithm structure of SM3 determines the difficulty in HMAC-SM3 side channel analysis. In this paper, a skillful bit-wise chosen-plaintext correlation power attack procedure is proposed for HMAC-SM3 hardware implementation. Real attack experiments on a field programmable gate array (FPGA) board have been performed. Experimental results show that we can recover the key from the hypothesis space of 2256 based on the proposed procedure.




Darkslateblue:Affiliate; Royal Blue:Author; Turquoise:Article


[1]Belaïd S, Bettale L, Dottax E, et al., 2015. Differential power analysis of HMAC SHA-1 and HMAC SHA-2 in the Hamming weight model. In: Obaidat MS, Holzinger A, Filipe J (Eds.), E-Business and Telecommunications. Springer, Cham, p.363-379.

[2]Bellare M, Canetti R, Krawczyk H, 1996. Keying hash functions for message authentication. Int Cryptology Conf on Advances in Cryptology, p.1-15.

[3]Brier E, Clavier C, Olivier F, 2004. Correlation power analysis with a leakage model. In: Joye M, Quisquater JJ (Eds.), Cryptographic Hardware and Embedded Systems. Springer Berlin Heidelberg, p.16-29.

[4]Ding DW, Gao XW, 2012. Design and implementation of SM3 algorithm on FPGA. Microcomp Appl, 31(5):26-28 (in Chinese).

[5]FIPS, 2002. The Keyed-Hash Message Authentication Code (HMAC). Federal Information Processing Standards Publication, Gaithersburg, MD, USA.

[6]Guo LM, Wang LH, Liu D, et al., 2015. A chosen-plaintext differential power analysis attack on HMAC-SM3. 11th Int Conf on Computational Intelligence and Security, p.350-353.

[7]Kocher P, Jaffe J, Jun B, 1999. Differential power analysis. In: Wiener M (Ed.), Advances in Cryptology. Springer Berlin Heidelberg, p.388-397.

[8]Liu ZB, Ma Y, Jing JW, et al., 2011. Implementation of SM3 HASH function on FPGA. Netinfo Secur, 9:191-193, 218 (in Chinese).

[9]Ma Y, Xia LN, Lin JQ, et al., 2012. {Hardware performance optimization and evaluation of SM3 hash algorithm on FPGA}. 14th Int Cryptology Conf on Information and Communications Security, p.105-118.

[10]McEvoy R, Tunstall M, Murphy CC, et al., 2007. {Differential power analysis of HMAC based on SHA-2, and countermeasures}. 8th Int Conf on Information Security Applications, p.317-332.

[11]Menezes A, van Oorschot PC, Vanstone S, 1996. Hash functions and data integrity. In: Handbook of Applied Cryptography. CRC Press, Boca Raton, USA, p.321-376.

[12]Moradi A, Barenghi A, Kasper T, et al., 2011. {On the vulnerability of FPGA bitstream encryption against power analysis attacks: extracting keys from Xilinx Virtex-II FPGAs}. Proc 18th ACM Conf on Computer and Communications Security, p.111-124.

[13]Qu KG, An W, Wu LJ, et al., 2015. A novel masking scheme for SM3 based MAC. China Commun, 12(6):12-21.

[14]SCA, 2010. SM3 Cryptographic Hash Algorithm. State Cryptography Administration of China (in Chinese).

[15]Sun W, Liu JR, Gu DW, et al., 2015. Research on power analysis against software-based and hardware-based cryptographic circuits. Int Conf on Computer Science and Communication Engineering, p.1-8.

[16]Tunstall M, Hanley N, McEvoy RP, et al., 2007. Correlation power analysis of large word sizes. IET Irish Signals and Systems Conf, p.13-14.

[17]Wang XY, Yang XW, 2012. Optimization design and implementation of SM3 algorithm based on FPGA. Comput Eng, 38(6):244-246 (in Chinese).

Open peer comments: Debate/Discuss/Question/Opinion


Please provide your name, email address and a comment

Journal of Zhejiang University-SCIENCE, 38 Zheda Road, Hangzhou 310027, China
Tel: +86-571-87952783; E-mail: cjzhang@zju.edu.cn
Copyright © 2000 - Journal of Zhejiang University-SCIENCE