Linearity within the SMS4 Block Cipher

  • Muhammad Reza Z’aba
  • Leonie Simpson
  • Ed Dawson
  • Kenneth Wong
Part of the Lecture Notes in Computer Science book series (LNCS, volume 6151)


We present several new observations on the SMS4 block cipher, and discuss their cryptographic significance. The crucial observation is the existence of fixed points and also of simple linear relationships between the bits of the input and output words for each component of the round functions for some input words. This implies that the non-linear function T of SMS4 does not appear random and that the linear transformation provides poor diffusion. Furthermore, the branch number of the linear transformation in the key scheduling algorithm is shown to be less than optimal. The main security implication of these observations is that the round function is not always non-linear. Due to this linearity, it is possible to reduce the number of effective rounds of SMS4 by four. We also investigate the susceptibility of SMS4 to further cryptanalysis. Finally, we demonstrate a successful differential attack on a slightly modified variant of SMS4. These findings raise serious questions on the security provided by SMS4.


SMS4 block cipher round function fixed point encryption key scheduling algorithm linearity cryptanalysis 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Biham, E.: New Types of Cryptanalytic Attacks Using Related Keys. In: Helleseth, T. (ed.) EUROCRYPT 1993. LNCS, vol. 765, pp. 398–409. Springer, Heidelberg (1994)Google Scholar
  2. 2.
    Biham, E., Shamir, A.: Differential Cryptanalysis of the Data Encryption Standard. Springer, Heidelberg (1993)zbMATHGoogle Scholar
  3. 3.
    Biryukov, A., Wagner, D.: Slide Attacks. In: Knudsen, L.R. (ed.) FSE 1999. LNCS, vol. 1636, pp. 245–259. Springer, Heidelberg (1999)CrossRefGoogle Scholar
  4. 4.
    Biryukov, A., Wagner, D.: Advanced Slide Attacks. In: Preneel, B. (ed.) EUROCRYPT 2000. LNCS, vol. 1807, pp. 589–606. Springer, Heidelberg (2000)CrossRefGoogle Scholar
  5. 5.
    Courtois, N.T., Pieprzyk, J.: Cryptanalysis of Block Ciphers with Overdefined Systems of Equations. In: Zheng, Y. (ed.) ASIACRYPT 2002. LNCS, vol. 2501, pp. 267–287. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  6. 6.
    Daemen, J., Rijmen, V.: The Design of Rijndael, AES – The Advanced Encryption Standard. Springer, Heidelberg (2002)zbMATHGoogle Scholar
  7. 7.
    Diffie, W., Ledin, G.: SMS4 Encryption Algorithm for Wireless Networks. In: Cryptology ePrint Archive, Report 2008/329 (2008)Google Scholar
  8. 8.
    Etrog, J., Robshaw, M.J.B.: Improved Cryptanalysis of Reduced-Round SMS4. In: Avanzi, R.M., Keliher, L., Sica, F. (eds.) SAC 2008. LNCS, vol. 5381, pp. 51–65. Springer, Heidelberg (2009)CrossRefGoogle Scholar
  9. 9.
    Grinstead, C.M., Snell, J.L.: Introduction to Probability, 2nd revised edn. American Mathematical Society, Providence (1997)Google Scholar
  10. 10.
    Kim, T., Kim, J., Hong, S., Sung, J.: Linear and Differential Cryptanalysis of Reduced SMS4 Block Cipher. In: Cryptology ePrint Archive, Report 2008/281 (2008)Google Scholar
  11. 11.
    Knudsen, L.: Cryptanalysis of LOKI91. In: Zheng, Y., Seberry, J. (eds.) AUSCRYPT 1992. LNCS, vol. 718, pp. 22–35. Springer, Heidelberg (1993)Google Scholar
  12. 12.
    Liu, F., Ji, W., Hu, L., Ding, J., Lv, S., Pyshkin, A., Weinmann, R.-P.: Analysis of the SMS4 Block Cipher. In: Pieprzyk, J., Ghodosi, H., Dawson, E. (eds.) ACISP 2007. LNCS, vol. 4586, pp. 158–170. Springer, Heidelberg (2007)CrossRefGoogle Scholar
  13. 13.
    Lu, J.: Attacking Reduced-Round Versions of the SMS4 Block Cipher in the Chinese WAPI Standard. In: Qing, S., Imai, H., Wang, G. (eds.) ICICS 2007. LNCS, vol. 4861, pp. 306–318. Springer, Heidelberg (2007)CrossRefGoogle Scholar
  14. 14.
    Office of State Commercial Cryptography Administration, P.R. China: The SMS4 Block Cipher (2006) (in Chinese),
  15. 15.
    Riordan, J.: An Introduction to Combinatorial Analysis. Princeton University Press, Princeton (1980)zbMATHGoogle Scholar
  16. 16.
    Schneier, B., Kelsey, J.: Unbalanced Feistel Networks and Block Cipher Design. In: Gollmann, D. (ed.) FSE 1996. LNCS, vol. 1039, pp. 121–144. Springer, Heidelberg (1996)Google Scholar
  17. 17.
    Toz, D., Dunkelman, O.: Analysis of Two Attacks on Reduced-Round Versions of the SMS4. In: Chen, L., Ryan, M.D., Wang, G. (eds.) ICICS 2008. LNCS, vol. 5308, pp. 141–156. Springer, Heidelberg (2008)CrossRefGoogle Scholar
  18. 18.
    Zhang, W., Wu, W., Feng, D., Su, B.: Some New Observations on the SMS4 Block Cipher in the Chinese WAPI Standard. In: Bao, F., Li, H., Wang, G. (eds.) ISPEC 2009. LNCS, vol. 5451, pp. 324–335. Springer, Heidelberg (2009)CrossRefGoogle Scholar
  19. 19.
    Zhang, L., Zhang, W., Wu, W.: Cryptanalysis of Reduced-Round SMS4 Block Cipher. In: Mu, Y., Susilo, W., Seberry, J. (eds.) ACISP 2008. LNCS, vol. 5107, pp. 216–229. Springer, Heidelberg (2008)CrossRefGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2010

Authors and Affiliations

  • Muhammad Reza Z’aba
    • 1
  • Leonie Simpson
    • 1
  • Ed Dawson
    • 1
  • Kenneth Wong
    • 1
  1. 1.Information Security InstituteQueensland University of TechnologyBrisbaneAustralia

Personalised recommendations