SCIENCE CHINA Information Sciences, Volume 60, Issue 12: 122101(2017) https://doi.org/10.1007/s11432-016-0477-8

## Revised cryptanalysis for SMS4

Lei CHENG1,2, Bing SUN1,2,3, Chao LI1,*
• ReceivedJul 12, 2016
• AcceptedSep 8, 2016
• PublishedMar 13, 2017
Share
Rating

### Abstract

SMS4 is released by the Chinese government as part of the WAPI standard for the wireless networks.At ICICS 2007 and CRYPTO 2015, Lu and Sun et al. constructed some $12$-round impossible differentials and $12$-round zero correlation linear hulls, respectively. In this paper, it is proved that the distinguishers constructed by Lu and Sun et al. are independent with the details of the non-linear layers though they concentrated on the specific S-boxes.This indicates that for the structure deduced by SMS4, there always exist $12$-round impossible differentials and $12$-round zero correlation linear hulls.

### Acknowledgment

This work was supported by National Natural Science Foundation of China (Grant Nos. 61672530, 61402515), and Research Fund for the Doctoral Program of Higher Education of China (Grant No. 2012150112004)

### References

[1] Zhang L, Zhang W T, Wu W L. Cryptanalysis of reduced-round SMS4 block cipher. In: Proceedings of the 13th Australasian Conference on Information Security and Privacy, Wollongong, 2008. 216--229. Google Scholar

[2] Zhang W T, Wu W L, Feng D G, et al. Some new observations on the SMS4 block cipher in the Chinese WAPI standard. In: Proceedings of the 5th International Conference on Information Security Practice and Experience, Xian, 2009. 324--335. Google Scholar

[3] Su B Z, Wu W L, Zhang W T. Security of the SMS4 Block Cipher Against Differential Cryptanalysis. J Comput Sci Technol, 2011, 26: 130-138 CrossRef Google Scholar

[4] Etrog J, Robshaw M J. The cryptanalysis of reduced-round SMS4. In: Selected Areas in Cryptography. Berlin: Springer, 2009. 51--65. Google Scholar

[5] Liu Z Q, Gu D W, Zhang J. Multiple linear cryptanalysis of reduced-round SMS4 block ciphers. Chinese J Electron, 2010, 19: 389--393. Google Scholar

[6] Lu J Q. Attacking reduced-round versions of the SMS4 block cipher in the Chinese WAPI standard. In: Proceedings of the 9th International Conference on Information and Communications Security, Zhengzhou, 2007. 306--318. Google Scholar

[7] Toz D, Dunkelman O. Analysis of two attacks on reduced-round versions of the SMS4. In: Proceedings of the 10th International Conference on Information and Communications Security, Birmingham, 2008. 141--156. Google Scholar

[8] Sun B, Liu Z Q, Rijmen V, et al. Links among impossible differential, integral and zero correlation linear cryptanalysis. In: Advances in Cryptology — CRYPTO 2015. Berlin: Springer. 2015. 95--115. Google Scholar

[9] Zhang W T, Su B Z, Wu W L, et al. Extending higher-order integral: an efficient unified algorithm of constructing integral distinguishers for block ciphers. In: Applied Cryptography and Network Security. Berlin: Springer, 2012. 117--134. Google Scholar

[10] Liu F, Ji W, Hu L, et al. Analysis of the SMS4 block cipher. In: Information Security and Privacy. Berlin: Springer, 2007. 158--170. Google Scholar

[11] Erickson J, Ding J T, Christensen C. Algebraic cryptanalysis of SMS4: Gr$\ddot{\text{o}}$bner basis attack and SAT attack compared. In: Proceedings of the 12th International Conference on Information, Security and Cryptology, Seoul, 2009. 73--86. Google Scholar

[12] Ji W, Hu L. New description of SMS4 by an embedding over $GF(2^8)$. In: Proceedings of the 8th International Conference on Progress in Cryptology, Chennai, 2007. 238--251. Google Scholar

[13] Knudsen L R. DEAL -- A 128-bit Block Cipher. Technical Report, Department of Informatics, University of Bergen, Norway, 1998. Google Scholar

[14] Biham E, Biryukov A, Shamir A. Cryptanalysis of Skipjack reduced to 31 rounds using impossible differentials. In: Proceedings of the 17th International Conference on Theory and Application of Cryptographic Techniques, Prague, 1999. 12--23. Google Scholar

[15] Biham E, Biryukov A, Shamir A. Miss in the middle attacks on IDEA and Khufu. In: Proceedings of the 6th International Workshop on Fast Software Encryption. London: Springer, 1999. 124--138. Google Scholar

[16] Kim J, Hong S, Sung J, et al. Impossible differential cryptanalysis for block cipher structures. In: Progress in Cryptology — INDOCRYPT. Berlin: Springer, 2003. 82--96. Google Scholar

[17] Luo Y, Lai X, Wu Z. A unified method for finding impossible differentials of block cipher structures. Inf Sci, 2014, 263: 211-220 CrossRef Google Scholar

[18] Wu S B, Wang M S. Automatic search of truncated impossible differentials for word-oriented block ciphers. In: Progress in Cryptology — INDOCRYPT. Berlin: Springer, 2012. 283--302. Google Scholar

[19] Bogdanov A, Rijmen V. Linear hulls with correlation zero and linear cryptanalysis of block ciphers. Des Codes Cryptogr, 2014, 70: 369-383 CrossRef Google Scholar

[20] Knudsen L R, Wagner D. Integral cryptanalysis. In: Revised Papers From the 9th International Workshop on Fast Software Encryption. Berlin: Springer, 2002. 112--127. Google Scholar

[21] Sun B, Li R L, Qu L J. SQUARE attack on block ciphers with low algebraic degree. Sci China Inf Sci, 2010, 53: 1988-1995 CrossRef Google Scholar

• Figure 1

Round Function of SMS4.

• Figure 2

$12$-Round impossible differential of SMS4.

• Figure 3

$12$-Round zero correlation linear hull of SMS4.

Citations

• #### 0

Altmetric

Copyright 2019 Science China Press Co., Ltd. 《中国科学》杂志社有限责任公司 版权所有