SMS4 is a 128-bit block cipher used in the WAPI standard for wireless networks in China. In this paper, we analyze the security of the SMS4 block cipher against differential cryptanalysis. Firstly, we prove three theorems and one corollary that reflect relationships of 5- and 6-round SMS4. Next, by these relationships, we clarify the minimum number of active S-boxes in 6-, 7- and 12-round SMS4 respectively. Finally, based on the above results, we present a family of about 214 differential characteristics for 19-round SMS4, which leads to an attack on 23-round SMS4 with 2118 chosen plaintexts and 2126:7 encryptions.
This is a preview of subscription content, log in to check access.
Buy single article
Instant access to the full article PDF.
Price includes VAT for USA
Subscribe to journal
Immediate online access to all issues from 2019. Subscription will auto renew annually.
This is the net price. Taxes to be calculated in checkout.
Specification of SMS4, block cipher for WLAN products – SMS4. http://www.oscca.gov.cn/UpFile/200621016423197990.pdf. (in Chinese)
Diffie W, Ledin G (translators). SMS4 encryption algorithm for wireless networks. Cryptology ePrint Archive, Report 2008/329, Received Jul. 29 2008, http://eprint.iacr.org/.
Liu F, Ji W, Hu L, Ding J, Lv S, Pyshkin A, Weinmann R P. Analysis of the SMS4 block cipher. In Proc. ACISP 2007, Townville, Australia, Jul. 2-4, 2007, pp. 158–170.
Ji W, Hu L. New description of SMS4 by an embedding over GF(28). In Proc. INDOCRYPT 2007, Chennai, India, Dec. 9-13, 2007, pp. 238–251.
Lu J. Attacking reduced-round versions of the SMS4 block cipher in the Chinese WAPI standard. In Proc. ICICS 2007, Zhengzhou, China, Dec. 12-15, 2007, pp. 306–318.
Toz D, Dunkelman O. Analysis of two attacks on reduced-round versions of the SMS4. In Proc. ICICS 2008, Paris, France, Dec. 14-17, 2008, pp. 141–156.
Zhang L, Zhang W T, Wu W L. Cryptanalysis of reduced-round SMS4 block cipher. In Proc. ACISP 2008, Wollongong, Australia, Jul. 7-9, 2008, pp. 216–229.
Etrog J, Robshaw M J B. The Cryptanalysis of reduced-round SMS4. In Proc. SAC 2008, Fortaleza, Brazil, Mar. 16-20, 2008, pp. 51–65.
Kim T, Kim J, Hong S, Sun J. Linear and differential crypt-analysis of reduced SMS4 block cipher. Cryptology ePrint Archive, Report 2008/281, http://eprint.iacr.org/.
Zhang W T, Wu W L, Feng D G, Su B Z. Some new observations on the SMS4 block cipher in the Chinese WAPI standard. In Proc. ISPEC 2009, Xi'an, China, Apr. 13-15, 2009, pp. 324–335.
Lu J, Kim J, Keller N, Dunkelman O. Improving the efficiency of impossible differential cryptanalysis of reduced camellia and MISTY1. In Proc. CT-RSA 2008, San Francisco, USA, Apr. 8-11, 2008, pp. 370–386.
Daemen J. Cipher and hash function design strategies based on linear and differential cryptanalysis [Ph.D. Dissertation]. K.U. Leuven, March 1995.
Biham E, Shamir A. Differential cryptanalysis of DES-like cryptosystems. Journal of Cryptology, 1991, 4(1): 3–72.
Selçuk A A. On probability of success in linear and differential cryptanalysis. Journal of Cryptology, 2008, 21(1): 131–147.
This work is supported by the National Natural Science Foundation of China under Grant Nos. 60873259 and 60903212, and the Knowledge Innovation Project of the Chinese Academy of Sciences.
Electronic supplementary material
Below is the link to the electronic supplementary material.
About this article
Cite this article
Su, B., Wu, W. & Zhang, W. Security of the SMS4 Block Cipher Against Differential Cryptanalysis. J. Comput. Sci. Technol. 26, 130–138 (2011). https://doi.org/10.1007/s11390-011-9420-y
- block cipher
- differential cryptanalysis