International Association for Cryptologic Research

International Association
for Cryptologic Research


Paper: Differential Cryptanalysis of SMS4 Block Cipher

Bozhan Su
Wenling Wu
Wentao Zhang
Search ePrint
Search Google
Abstract: SMS4 is a 128-bit block cipher used in the WAPI standard for wireless networks in China. In this paper, we analyze the security of SMS4 block cipher against differential cryptanalysis. Firstly, we prove three theorems and one corollary that reflect relationships of 5- and 6-round SMS4. Nextly, by these relationships, we clarify the minimum number of differentially active S-boxes in 6-, 7- and 12-round SMS4 respectively. Finally, based on the above results, we present a family of about $2^{14}$ differential characteristics for 19-round SMS4, which leads to an attack on 23-round SMS4 with $2^{115}$ chosen plaintexts and $2^{124.3}$ encryptions. Our attack is the best known attack on SMS4 so far.
  title={Differential Cryptanalysis of SMS4 Block Cipher},
  booktitle={IACR Eprint archive},
  keywords={secret-key cryptography / Block Cipher, SMS4, Differential Cryptanalysis},
  note={ 14645 received 5 Feb 2010},
  author={Bozhan Su and Wenling Wu and Wentao Zhang},