Improved Linear Attacks on the Chinese Block Cipher Standard

The block cipher used in the Chinese Wireless LAN Standard (WAPI), SMS4, was recently renamed as SM4, and became the block cipher standard issued by the Chinese government. This paper gives a method for finding the linear approximations of SMS4. With this method, 19-round one-dimensional approximations are given, which are used to improve the previous linear cryptanalysis of SMS4. The 19-round approximations hold with bias 2−62.27; we use one of them to leverage a linear attack on 23-round SMS4. Our attack improves the previous 23-round attacks by reducing the time complexity. Furthermore, the data complexity of our attack is further improved by the multidimensional linear approach.

[1]  Eli Biham,et al.  On Matsui's Linear Cryptanalysis , 1994, EUROCRYPT.

[2]  Kaisa Nyberg,et al.  Dependent Linear Approximations: The Algorithm of Biryukov and Others Revisited , 2010, CT-RSA.

[3]  Jongsung Kim,et al.  Linear and Differential Cryptanalysis of Reduced SMS4 Block Cipher , 2008, IACR Cryptol. ePrint Arch..

[4]  Jiqiang Lu Attacking Reduced-Round Versions of the SMS4 Block Cipher in the Chinese WAPI Standard , 2007, ICICS.

[5]  Alex Biryukov,et al.  On Multiple Linear Approximations , 2004, IACR Cryptol. ePrint Arch..

[6]  Matthew J. B. Robshaw,et al.  Linear Cryptanalysis Using Multiple Approximations , 1994, CRYPTO.

[7]  Matthew J. B. Robshaw,et al.  The Cryptanalysis of Reduced-Round SMS4 , 2009, Selected Areas in Cryptography.

[8]  Xin-She Yang,et al.  Introduction to Algorithms , 2021, Nature-Inspired Optimization Algorithms.

[9]  Lei Hu,et al.  Analysis of the SMS4 Block Cipher , 2007, ACISP.

[10]  Kaisa Nyberg,et al.  Multidimensional Linear Cryptanalysis of Reduced Round Serpent , 2008, ACISP.

[11]  Kaisa Nyberg,et al.  Multidimensional Extension of Matsui's Algorithm 2 , 2009, FSE.

[12]  Ali Aydin Selçuk,et al.  On Probability of Success in Linear and Differential Cryptanalysis , 2008, Journal of Cryptology.

[13]  Lei Hu,et al.  New Description of SMS4 by an Embedding overGF(28) , 2007, INDOCRYPT.

[14]  Kaisa Nyberg,et al.  Improved Linear Cryptanalysis of SMS4 Block Cipher , 2011 .

[15]  Wen-Ling Wu,et al.  Security of the SMS4 Block Cipher Against Differential Cryptanalysis , 2011, Journal of Computer Science and Technology.

[16]  Kaisa Nyberg,et al.  Multidimensional Walsh Transform and a Characterization of Bent Functions , 2007, 2007 IEEE Information Theory Workshop on Information Theory for Wireless Networks.

[17]  Vincent Rijmen,et al.  The Design of Rijndael , 2002, Information Security and Cryptography.

[18]  Matthew J. B. Robshaw,et al.  Linear Cryptanalysis Using Multiple Approximations and FEAL , 1994, FSE.

[19]  Dengguo Feng,et al.  Some New Observations on the SMS4 Block Cipher in the Chinese WAPI Standard , 2009, ISPEC.

[20]  Ronald L. Rivest,et al.  Introduction to Algorithms, 3rd Edition , 2009 .

[21]  Jing Zhang,et al.  Multiple Linear Cryptanalysis of Reduced-Round SMS4 Block Cipher , 2009, IACR Cryptol. ePrint Arch..

[22]  Jean-Jacques Quisquater,et al.  Improving the Time Complexity of Matsui's Linear Cryptanalysis , 2007, ICISC.

[23]  Eli Biham,et al.  Differential cryptanalysis of DES-like cryptosystems , 1990, Journal of Cryptology.

[24]  Chenhui Jin,et al.  Practical security against linear cryptanalysis for SMS4-like ciphers with SP round function , 2011, Science China Information Sciences.

[25]  John Erik Hershey,et al.  Hadamard matrix analysis and synthesis , 1996 .

[26]  Whitfield Diffie,et al.  SMS4 Encryption Algorithm for Wireless Networks , 2008, IACR Cryptol. ePrint Arch..

[27]  R. Yarlagadda,et al.  Hadamard matrix analysis and synthesis: with applications to communications and signal/image processing , 1996 .

[28]  Mitsuru Matsui,et al.  Linear Cryptanalysis Method for DES Cipher , 1994, EUROCRYPT.

[29]  Orr Dunkelman,et al.  Analysis of Two Attacks on Reduced-Round Versions of the SMS4 , 2008, ICICS.

[30]  Ronald L. Rivest,et al.  Introduction to Algorithms, third edition , 2009 .

[31]  Wenling Wu,et al.  Cryptanalysis of Reduced-Round SMS4 Block Cipher , 2008, ACISP.

[32]  Andrey Bogdanov,et al.  On the Wrong Key Randomisation and Key Equivalence Hypotheses in Matsui's Algorithm 2 , 2013, FSE.

[33]  Dawu Gu,et al.  Differential and Linear Cryptanalysis Using Mixed-Integer Linear Programming , 2011, Inscrypt.

[34]  Hongjun Wu,et al.  Improving the Algorithm 2 in Multidimensional Linear Cryptanalysis , 2011, ACISP.