Advertisement

Analysis of the SMS4 Block Cipher

  • Fen Liu
  • Wen Ji
  • Lei Hu
  • Jintai Ding
  • Shuwang Lv
  • Andrei Pyshkin
  • Ralf-Philipp Weinmann
Part of the Lecture Notes in Computer Science book series (LNCS, volume 4586)

Abstract

SMS4 is a 128-bit block cipher used in the WAPI standard for providing data confidentiality in wireless networks. In this paper we investigate and explain the origin of the S-Box employed by the cipher, show that an embedded cipher similar to BES can be obtained for SMS4 and demonstrate the fragility of the cipher design by giving variants that exhibit 264 weak keys.

We also show attacks on reduced round versions of the cipher. The best practical attack we found is an integral attack that works on 10 rounds out of 32 rounds with a complexity of 218 operations; it can be extended to 13 rounds using round key guesses, resulting in a complexity of 2114 operations and a data complexity of 216 chosen pairs.

Keywords

block ciphers cryptanalysis UFN algebraic structure 

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. 1.
    Barkan, E., Biham, E.: In How Many Ways Can You Write Rijndael? In: Zheng, Y. (ed.) ASIACRYPT 2002. LNCS, vol. 2501, pp. 160–175. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  2. 2.
    Biryukov, A., De Cannière, C., Braeken, A., Preneel, B.: A Toolbox for Cryptanalysis: Linear and Affine Equivalence Algorithms. In: Biham, E. (ed.) Advances in Cryptology – EUROCRPYT 2003. LNCS, vol. 2656, pp. 33–50. Springer, Heidelberg (2003)Google Scholar
  3. 3.
    Daemen, J., Knudsen, L.R., Rijmen, V.: The Block Cipher Square. In: Biham, E. (ed.) FSE 1997. LNCS, vol. 1267, pp. 149–165. Springer, Heidelberg (1997)CrossRefGoogle Scholar
  4. 4.
    Ferguson, N., Kelsey, J., Lucks, S., Schneier, B., Stay, M., Wagner, D., Whiting, D.: Improved Cryptanalysis of Rijndael. In: Schneier, B. (ed.) FSE 2000. LNCS, vol. 1978, pp. 213–230. Springer, Heidelberg (2000)Google Scholar
  5. 5.
    Knudsen, L.R., Wagner, D.: Integral Cryptanalysis. In: Daemen, J., Rijmen, V. (eds.) FSE 2002. LNCS, vol. 2365, pp. 112–127. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  6. 6.
    Beijing Data Security Technology Co. Ltd. Specification of SMS4 (in Chinese) (2006), http://www.oscca.gov.cn/UpFile/, 21016423197990.pdf
  7. 7.
    Murphy, S., Robshaw, M.J.B.: Essential Algebraic Structure within the AES. In: Yung, M. (ed.) CRYPTO 2002. LNCS, vol. 2442, pp. 1–16. Springer, Heidelberg (2002)Google Scholar
  8. 8.
    Patarin, J., Goubin, L., Courtois, N.: Improved algorithms for isomorphisms of polynomials. In: Nyberg, K. (ed.) EUROCRYPT 1998. LNCS, vol. 1403, pp. 184–200. Springer, Heidelberg (1998)CrossRefGoogle Scholar
  9. 9.
    Patarin, J., Nachef, V., Berbain, C.: Generic Attacks on Unbalanced Feistel Schemes with Contracting Functions. In: Lai, X., Chen, K. (eds.) ASIACRYPT 2006. LNCS, vol. 4284, pp. 396–411. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  10. 10.
    Schneier, B., Kelsey, J.: Unbalanced Feistel Networks and Block Cipher Design. In: Gollmann, D. (ed.) Fast Software Encryption. LNCS, vol. 1039, pp. 121–144. Springer, Heidelberg (1996)Google Scholar
  11. 11.
    Zhang, L., Wu, W.: Difference Fault Attack on the SMS4 Encryption Algorithm (in Chinese). Chinese Journal of Computers 29(9) (September 2006)Google Scholar

Copyright information

© Springer Berlin Heidelberg 2007

Authors and Affiliations

  • Fen Liu
    • 1
  • Wen Ji
    • 1
  • Lei Hu
    • 1
  • Jintai Ding
    • 2
  • Shuwang Lv
    • 1
  • Andrei Pyshkin
    • 3
  • Ralf-Philipp Weinmann
    • 3
  1. 1.State Key Laboratory of Information Security, Graduate School of Chinese Academy of Sciences, Beijing 100049China
  2. 2.Department of Mathematical Sciences, University of Cincinnati, Cincinnati, OH, 45221USA
  3. 3.Fachbereich Informatik, Technische Universität Darmstadt, 64289 DarmstadtGermany

Personalised recommendations