Paper 2008/281
Linear and Differential Cryptanalysis of Reduced SMS4 Block Cipher
Taehyun Kim, Jongsung Kim, Seokhie Hong, and Jaechul Sung
Abstract
SMS4 is a 128-bit block cipher with a 128-bit user key and 32 rounds, which is used in WAPI, the Chinese WLAN national standard. In this paper, we present a linear attack and a differential attack on a 22-round reduced SMS4; our 22-round linear attack has a data complexity of 2^{117} known plaintexts, a memory complexity of 2^{109} bytes and a time complexity of 2^{109.86} 22-round SMS4 encryptions and 2^{120.39} arithmetic operations, while our 22-round differential attack requires 2^{118} chosen plaintexts, 2^{123} memory bytes and 2^{125.71} 22-round SMS4 encryptions. Both of our attacks are better than any previously known cryptanalytic results on SMS4 in terms of the number of attacked rounds. Furthermore, we present a boomerang and a rectangle attacks on a 18-round reduced SMS4. These results are better than previously known rectangle attacks on reduced SMS4. The methods presented to attack SMS4 can be applied to other unbalanced Feistel ciphers with incomplete diffusion.
Metadata
- Available format(s)
- Category
- Secret-key cryptography
- Publication info
- Published elsewhere. Unknown where it was published
- Keywords
- Block CipherSMS4Linear AttackDifferential AttackBoomerang AttackRectangle Attck
- Contact author(s)
- kimth714 @ cist korea ac kr
- History
- 2008-06-24: received
- Short URL
- https://ia.cr/2008/281
- License
-
CC BY
BibTeX
@misc{cryptoeprint:2008/281, author = {Taehyun Kim and Jongsung Kim and Seokhie Hong and Jaechul Sung}, title = {Linear and Differential Cryptanalysis of Reduced {SMS4} Block Cipher}, howpublished = {Cryptology {ePrint} Archive, Paper 2008/281}, year = {2008}, url = {https://eprint.iacr.org/2008/281} }