Paper 2010/062

Differential Cryptanalysis of SMS4 Block Cipher

Bozhan Su, Wenling Wu, and Wentao Zhang

Abstract

SMS4 is a 128-bit block cipher used in the WAPI standard for wireless networks in China. In this paper, we analyze the security of SMS4 block cipher against differential cryptanalysis. Firstly, we prove three theorems and one corollary that reflect relationships of 5- and 6-round SMS4. Nextly, by these relationships, we clarify the minimum number of differentially active S-boxes in 6-, 7- and 12-round SMS4 respectively. Finally, based on the above results, we present a family of about $2^{14}$ differential characteristics for 19-round SMS4, which leads to an attack on 23-round SMS4 with $2^{115}$ chosen plaintexts and $2^{124.3}$ encryptions. Our attack is the best known attack on SMS4 so far.

Metadata
Available format(s)
PDF
Category
Secret-key cryptography
Publication info
Published elsewhere. Unknown where it was published
Keywords
Block CipherSMS4Differential Cryptanalysis
Contact author(s)
subozhan @ 126 com
History
2010-02-08: received
Short URL
https://ia.cr/2010/062
License
Creative Commons Attribution
CC BY

BibTeX 

@misc{cryptoeprint:2010/062,
      author = {Bozhan Su and Wenling Wu and Wentao Zhang},
      title = {Differential Cryptanalysis of {SMS4} Block Cipher},
      howpublished = {Cryptology {ePrint} Archive, Paper 2010/062},
      year = {2010},
      url = {https://eprint.iacr.org/2010/062}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.