Paper 2008/281

Linear and Differential Cryptanalysis of Reduced SMS4 Block Cipher

Taehyun Kim, Jongsung Kim, Seokhie Hong, and Jaechul Sung

Abstract

SMS4 is a 128-bit block cipher with a 128-bit user key and 32 rounds, which is used in WAPI, the Chinese WLAN national standard. In this paper, we present a linear attack and a differential attack on a 22-round reduced SMS4; our 22-round linear attack has a data complexity of 2^{117} known plaintexts, a memory complexity of 2^{109} bytes and a time complexity of 2^{109.86} 22-round SMS4 encryptions and 2^{120.39} arithmetic operations, while our 22-round differential attack requires 2^{118} chosen plaintexts, 2^{123} memory bytes and 2^{125.71} 22-round SMS4 encryptions. Both of our attacks are better than any previously known cryptanalytic results on SMS4 in terms of the number of attacked rounds. Furthermore, we present a boomerang and a rectangle attacks on a 18-round reduced SMS4. These results are better than previously known rectangle attacks on reduced SMS4. The methods presented to attack SMS4 can be applied to other unbalanced Feistel ciphers with incomplete diffusion.

Metadata
Available format(s)
PDF
Category
Secret-key cryptography
Publication info
Published elsewhere. Unknown where it was published
Keywords
Block CipherSMS4Linear AttackDifferential AttackBoomerang AttackRectangle Attck
Contact author(s)
kimth714 @ cist korea ac kr
History
2008-06-24: received
Short URL
https://ia.cr/2008/281
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2008/281,
      author = {Taehyun Kim and Jongsung Kim and Seokhie Hong and Jaechul Sung},
      title = {Linear and Differential Cryptanalysis of Reduced {SMS4} Block Cipher},
      howpublished = {Cryptology {ePrint} Archive, Paper 2008/281},
      year = {2008},
      url = {https://eprint.iacr.org/2008/281}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.