Square attack on the 14-round block cipher SMS4

In order to make a new security evaluation for the block cipher SMS4,a certain plaintext is chosen to built a gamma set that contains three active words.Based on the character of the diversification of the active words in the round structure of SMS4,a balance word is found in the ninth round by observing the spread path of the balance words,and therefore a new 12-round distinguisher is constructed,by use of which a 14-round square attack is made on SMS4.In the attack 232chosen plaintexts are needed and the time complexity is about 296.5.Thus the 14-round SMS4 is not immune to the Square attack.