Cryptology ePrint Archive: Report 2008/281

Linear and Differential Cryptanalysis of Reduced SMS4 Block Cipher

Taehyun Kim, Jongsung Kim, Seokhie Hong and Jaechul Sung

Abstract: SMS4 is a 128-bit block cipher with a 128-bit user key and 32 rounds, which is used in WAPI, the Chinese WLAN national standard. In this paper, we present a linear attack and a differential attack on a 22-round reduced SMS4; our 22-round linear attack has a data complexity of 2^{117} known plaintexts, a memory complexity of 2^{109} bytes and a time complexity of 2^{109.86} 22-round SMS4 encryptions and 2^{120.39} arithmetic operations, while our 22-round differential attack requires 2^{118} chosen plaintexts, 2^{123} memory bytes and 2^{125.71} 22-round SMS4 encryptions. Both of our attacks are better than any previously known cryptanalytic results on SMS4 in terms of the number of attacked rounds. Furthermore, we present a boomerang and a rectangle attacks on a 18-round reduced SMS4. These results are better than previously known rectangle attacks on reduced SMS4. The methods presented to attack SMS4 can be applied to other unbalanced Feistel ciphers with incomplete diffusion.

Category / Keywords: secret-key cryptography / Block Cipher, SMS4, Linear Attack, Differential Attack, Boomerang Attack, Rectangle Attck

Date: received 22 Jun 2008

Contact author: kimth714 at cist korea ac kr

Available format(s): PDF | BibTeX Citation

Version: 20080624:094811 (All versions of this report)

Short URL:

[ Cryptology ePrint archive ]