Springer Nature is making SARS-CoV-2 and COVID-19 research free. View research | View latest news | Sign up for updates

Security of the SMS4 Block Cipher Against Differential Cryptanalysis

  • 114 Accesses

  • 10 Citations


SMS4 is a 128-bit block cipher used in the WAPI standard for wireless networks in China. In this paper, we analyze the security of the SMS4 block cipher against differential cryptanalysis. Firstly, we prove three theorems and one corollary that reflect relationships of 5- and 6-round SMS4. Next, by these relationships, we clarify the minimum number of active S-boxes in 6-, 7- and 12-round SMS4 respectively. Finally, based on the above results, we present a family of about 214 differential characteristics for 19-round SMS4, which leads to an attack on 23-round SMS4 with 2118 chosen plaintexts and 2126:7 encryptions.

This is a preview of subscription content, log in to check access.


  1. [1]

    Specification of SMS4, block cipher for WLAN products – SMS4. http://www.oscca.gov.cn/UpFile/200621016423197990.pdf. (in Chinese)

  2. [2]

    Diffie W, Ledin G (translators). SMS4 encryption algorithm for wireless networks. Cryptology ePrint Archive, Report 2008/329, Received Jul. 29 2008, http://eprint.iacr.org/.

  3. [3]

    Liu F, Ji W, Hu L, Ding J, Lv S, Pyshkin A, Weinmann R P. Analysis of the SMS4 block cipher. In Proc. ACISP 2007, Townville, Australia, Jul. 2-4, 2007, pp. 158–170.

  4. [4]

    Ji W, Hu L. New description of SMS4 by an embedding over GF(28). In Proc. INDOCRYPT 2007, Chennai, India, Dec. 9-13, 2007, pp. 238–251.

  5. [5]

    Lu J. Attacking reduced-round versions of the SMS4 block cipher in the Chinese WAPI standard. In Proc. ICICS 2007, Zhengzhou, China, Dec. 12-15, 2007, pp. 306–318.

  6. [6]

    Toz D, Dunkelman O. Analysis of two attacks on reduced-round versions of the SMS4. In Proc. ICICS 2008, Paris, France, Dec. 14-17, 2008, pp. 141–156.

  7. [7]

    Zhang L, Zhang W T, Wu W L. Cryptanalysis of reduced-round SMS4 block cipher. In Proc. ACISP 2008, Wollongong, Australia, Jul. 7-9, 2008, pp. 216–229.

  8. [8]

    Etrog J, Robshaw M J B. The Cryptanalysis of reduced-round SMS4. In Proc. SAC 2008, Fortaleza, Brazil, Mar. 16-20, 2008, pp. 51–65.

  9. [9]

    Kim T, Kim J, Hong S, Sun J. Linear and differential crypt-analysis of reduced SMS4 block cipher. Cryptology ePrint Archive, Report 2008/281, http://eprint.iacr.org/.

  10. [10]

    Zhang W T, Wu W L, Feng D G, Su B Z. Some new observations on the SMS4 block cipher in the Chinese WAPI standard. In Proc. ISPEC 2009, Xi'an, China, Apr. 13-15, 2009, pp. 324–335.

  11. [11]

    Lu J, Kim J, Keller N, Dunkelman O. Improving the efficiency of impossible differential cryptanalysis of reduced camellia and MISTY1. In Proc. CT-RSA 2008, San Francisco, USA, Apr. 8-11, 2008, pp. 370–386.

  12. [12]

    Daemen J. Cipher and hash function design strategies based on linear and differential cryptanalysis [Ph.D. Dissertation]. K.U. Leuven, March 1995.

  13. [13]

    Biham E, Shamir A. Differential cryptanalysis of DES-like cryptosystems. Journal of Cryptology, 1991, 4(1): 3–72.

  14. [14]

    Selçuk A A. On probability of success in linear and differential cryptanalysis. Journal of Cryptology, 2008, 21(1): 131–147.

Download references

Author information

Correspondence to Bo-Zhan Su.

Additional information

This work is supported by the National Natural Science Foundation of China under Grant Nos. 60873259 and 60903212, and the Knowledge Innovation Project of the Chinese Academy of Sciences.

Electronic supplementary material

Below is the link to the electronic supplementary material.

(PDF 74 kb)

Rights and permissions

Reprints and Permissions

About this article

Cite this article

Su, B., Wu, W. & Zhang, W. Security of the SMS4 Block Cipher Against Differential Cryptanalysis. J. Comput. Sci. Technol. 26, 130–138 (2011). https://doi.org/10.1007/s11390-011-9420-y

Download citation


  • block cipher
  • SMS4
  • differential cryptanalysis