The Cryptanalysis of Reduced-Round SMS4

In this paper we consider the cryptanalysis of the block cipher SMS4. The cipher has received much recent attention due its simplicity and prominence (it is used in wireless networks in China) and a range of differential attacks break up to 21 of the 32 rounds used in SMS4. Here we consider the application of linear cryptanalysis to the cipher and we demonstrate a simple attack on 22 rounds of SMS4. We also consider some advanced linear cryptanalytic techniques which, under the best conditions for the cryptanalyst, might (just) extend to 23 rounds.

[1]  Henri Gilbert,et al.  A Known Plaintext Attack of FEAL-4 and FEAL-6 , 1991, CRYPTO.

[2]  Susan K. Langford,et al.  Differential-Linear Cryptanalysis , 1994, CRYPTO.

[3]  Lei Hu,et al.  Analysis of the SMS4 Block Cipher , 2007, ACISP.

[4]  S. Murphy,et al.  The Independence of Linear Approximations in Symmetric Cryptanalysis , 2006, IEEE Transactions on Information Theory.

[5]  Ronald L. Rivest,et al.  The RC5 Encryption Algorithm , 1994, FSE.

[6]  Alfredo De Santis,et al.  Advances in Cryptology — EUROCRYPT'94 , 1994, Lecture Notes in Computer Science.

[7]  Eli Biham,et al.  Differential Cryptanalysis of the Data Encryption Standard , 1993, Springer New York.

[8]  Ingrid Verbauwhede,et al.  Cryptographic Hardware and Embedded Systems - CHES 2007, 9th International Workshop, Vienna, Austria, September 10-13, 2007, Proceedings , 2007, CHES.

[9]  Tor Helleseth,et al.  Advances in Cryptology — EUROCRYPT ’93 , 2001, Lecture Notes in Computer Science.

[10]  Lars R. Knudsen,et al.  DES-X (or DESX) , 2005, Encyclopedia of Cryptography and Security.

[11]  Mitsuru Matsui,et al.  Linear Cryptanalysis Method for DES Cipher , 1994, EUROCRYPT.

[12]  Matthew J. B. Robshaw,et al.  Linear Cryptanalysis Using Multiple Approximations and FEAL , 1994, FSE.

[13]  Ali Aydin Selçuk,et al.  On Probability of Success in Linear and Differential Cryptanalysis , 2008, Journal of Cryptology.

[14]  Jean-Jacques Quisquater,et al.  Experiments on the Multiple Linear Cryptanalysis of Reduced Round Serpent , 2008, FSE.

[15]  Ali Aydin Selçuk New Results in Linear Cryptanalysis of RC5 , 1998, FSE.

[16]  Matthew Franklin,et al.  Advances in Cryptology – CRYPTO 2004 , 2004, Lecture Notes in Computer Science.

[17]  Alex Biryukov,et al.  On Multiple Linear Approximations , 2004, IACR Cryptol. ePrint Arch..

[18]  Wenling Wu,et al.  Cryptanalysis of Reduced-Round SMS4 Block Cipher , 2008, ACISP.

[19]  Joan Feigenbaum,et al.  Advances in Cryptology-Crypto 91 , 1992 .

[20]  Mitsuru Matsui,et al.  The First Experimental Cryptanalysis of the Data Encryption Standard , 1994, CRYPTO.

[21]  Jiqiang Lu Attacking Reduced-Round Versions of the SMS4 Block Cipher in the Chinese WAPI Standard , 2007, ICICS.

[22]  Matthew J. B. Robshaw,et al.  Linear Cryptanalysis Using Multiple Approximations , 1994, CRYPTO.

[23]  Jean-Jacques Quisquater,et al.  Improving the Time Complexity of Matsui's Linear Cryptanalysis , 2007, ICISC.

[24]  Kil-Hyun Nam,et al.  Information Security and Cryptology - ICISC 2007, 10th International Conference, Seoul, Korea, November 29-30, 2007, Proceedings , 2007, ICISC.

[25]  Kaisa Nyberg,et al.  Linear Approximation of Block Ciphers , 1994, EUROCRYPT.

[26]  Yvo Desmedt,et al.  Advances in Cryptology — CRYPTO ’94 , 2001, Lecture Notes in Computer Science.

[27]  Gerhard Goos,et al.  Fast Software Encryption , 2001, Lecture Notes in Computer Science.

[28]  Andrey Bogdanov,et al.  PRESENT: An Ultra-Lightweight Block Cipher , 2007, CHES.

[29]  Reihaneh Safavi-Naini,et al.  Information Security and Privacy, 11th Australasian Conference, ACISP 2006, Melbourne, Australia, July 3-5, 2006, Proceedings , 2006, ACISP.