Advertisement

The Cryptanalysis of Reduced-Round SMS4

  • Jonathan Etrog
  • Matt J. B. Robshaw
Part of the Lecture Notes in Computer Science book series (LNCS, volume 5381)

Abstract

In this paper we consider the cryptanalysis of the block cipher SMS4. The cipher has received much recent attention due its simplicity and prominence (it is used in wireless networks in China) and a range of differential attacks break up to 21 of the 32 rounds used in SMS4. Here we consider the application of linear cryptanalysis to the cipher and we demonstrate a simple attack on 22 rounds of SMS4. We also consider some advanced linear cryptanalytic techniques which, under the best conditions for the cryptanalyst, might (just) extend to 23 rounds.

Keywords

Linear Approximation Block Cipher Advance Encryption Standard Round Function Linear Cryptanalysis 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.

References

  1. 1.
    Biham, E., Shamir, A.: Differential Cryptanalysis of the Data Encryption Standard. Springer, Heidelberg (1993)CrossRefzbMATHGoogle Scholar
  2. 2.
    Bogdanov, A., Knudsen, L.R., Leander, G., Paar, C., Poschmann, A., Robshaw, M.J.B., Seurin, Y., Vikkelsoe, C.: PRESENT: An ultra-lightweight block cipher. In: Paillier, P., Verbauwhede, I. (eds.) CHES 2007. LNCS, vol. 4727, pp. 450–466. Springer, Heidelberg (2007)CrossRefGoogle Scholar
  3. 3.
    Biryukov, A., De Cannière, C., Quisquater, M.: On multiple linear approximations. In: Franklin, M. (ed.) CRYPTO 2004. LNCS, vol. 3152, pp. 1–22. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  4. 4.
    Collard, B., Standaert, F.-X., Quisquater, J.-J.: Improving the time complexity of matsui’s linear cryptanalysis. In: Nam, K.-H., Rhee, G. (eds.) ICISC 2007. LNCS, vol. 4817, pp. 77–88. Springer, Heidelberg (2007)CrossRefGoogle Scholar
  5. 5.
    Collard, B., Standaert, F.-X., Quisquater, J.-J.: Experiments on the multiple linear cryptanalysis of reduced round serpent. In: Nyberg, K. (ed.) FSE 2008. LNCS, vol. 5086, pp. 382–397. Springer, Heidelberg (2008)CrossRefGoogle Scholar
  6. 6.
    Kaliski, B.S., Robshaw, M.J.B.: Linear cryptanalysis using multiple approximations. In: Desmedt, Y.G. (ed.) CRYPTO 1994. LNCS, vol. 839, pp. 26–39. Springer, Heidelberg (1994)Google Scholar
  7. 7.
    Kaliski, B.S., Robshaw, M.J.B.: Linear Cryptanalysis and FEAL. In: Preneel, B. (ed.) FSE 1994. LNCS, vol. 1008, pp. 249–264. Springer, Heidelberg (1995)CrossRefGoogle Scholar
  8. 8.
    Knudsen, L., Mathiassen, J.: A chosen-plaintext linear attack on DES. In: Schneier, B. (ed.) FSE 2000. LNCS, vol. 1978, pp. 262–272. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  9. 9.
    Langford, S.K., Hellman, M.E.: Differential-linear cryptanalysis. In: Desmedt, Y.G. (ed.) CRYPTO 1994. LNCS, vol. 839, pp. 17–25. Springer, Heidelberg (1994)Google Scholar
  10. 10.
    Liu, F., Ji, W., Hu, L., Ding, J., Lv, S., Pyshkin, A., Weinmann, R.-P.: Analysis of the SMS4 block cipher. In: Pieprzyk, J., Ghodosi, H., Dawson, E. (eds.) ACISP 2007. LNCS, vol. 4586, pp. 158–170. Springer, Heidelberg (2007)CrossRefGoogle Scholar
  11. 11.
    Lu, J.: Attacking reduced-round versions of the SMS4 block cipher in the chinese WAPI standard. In: Qing, S., Imai, H., Wang, G. (eds.) ICICS 2007. LNCS, vol. 4861, pp. 306–318. Springer, Heidelberg (2007)CrossRefGoogle Scholar
  12. 12.
    Matsui, M.: Linear cryptanalysis method for DES cipher. In: Helleseth, T. (ed.) EUROCRYPT 1993. LNCS, vol. 765, pp. 386–397. Springer, Heidelberg (1994)CrossRefGoogle Scholar
  13. 13.
    Matsui, M.: The first experimental cryptanalysis of the data encryption standard. In: Desmedt, Y.G. (ed.) CRYPTO 1994. LNCS, vol. 839, pp. 1–11. Springer, Heidelberg (1994)Google Scholar
  14. 14.
    Murphy, S.: The Independence of Linear Approximations in Symmetric Cryptanalysis. IEEE Transactions on Information Theory 52, 5510–5518 (2006)MathSciNetCrossRefzbMATHGoogle Scholar
  15. 15.
    National Institute of Standards and Technology. FIPS 46-3: Data Encryption Standard (November 1998), http://csrc.nist.gov
  16. 16.
    National Institute of Standards and Technology. FIPS 197: Advanced Encryption Standard (November 2001), http://csrc.nist.gov
  17. 17.
    Nyberg, K.: Linear approximation of block ciphers. In: De Santis, A. (ed.) EUROCRYPT 1994. LNCS, vol. 950, pp. 439–444. Springer, Heidelberg (1995)CrossRefGoogle Scholar
  18. 18.
    Rivest, R.L.: The RC5 Encryption Algorithm. In: Preneel, B. (ed.) FSE 1994. LNCS, vol. 1008, pp. 86–96. Springer, Heidelberg (1995)CrossRefGoogle Scholar
  19. 19.
    Selçuk, A.A.: New results in linear cryptanalysis of RC5. In: Vaudenay, S. (ed.) FSE 1998. LNCS, vol. 1372, pp. 1–16. Springer, Heidelberg (1998)CrossRefGoogle Scholar
  20. 20.
    Selçuk, A.: On Probability of Success in Linear and Differential Cryptanalysis. Journal of Cryptology 21(1), 131–147 (2008)MathSciNetCrossRefzbMATHGoogle Scholar
  21. 21.
    Tardy-Corfdir, A., Gilbert, H.: A known plaintext attack of FEAL-4 and FEAL-6. In: Feigenbaum, J. (ed.) CRYPTO 1991. LNCS, vol. 576, pp. 172–182. Springer, Heidelberg (1992)Google Scholar
  22. 22.
    Zhang, L., Zhang, W., Wu, W.: Cryptanalysis of reduced-round SMS4 block cipher. In: Mu, Y., Susilo, W., Seberry, J. (eds.) ACISP 2008. LNCS, vol. 5107, pp. 216–229. Springer, Heidelberg (2008)CrossRefGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2009

Authors and Affiliations

  • Jonathan Etrog
    • 1
  • Matt J. B. Robshaw
    • 1
  1. 1.Orange LabsIssy les Moulineaux Cedex 9France

Personalised recommendations