Linearity within the SMS4 block cipher

Authors:
Muhammad Reza Z'aba;Leonie Simpson;Ed Dawson;Kenneth Wong
Affiliations:
Information Security Institute, Queensland University of Technology, Brisbane, Queensland, Australia;Information Security Institute, Queensland University of Technology, Brisbane, Queensland, Australia;Information Security Institute, Queensland University of Technology, Brisbane, Queensland, Australia;Information Security Institute, Queensland University of Technology, Brisbane, Queensland, Australia
Venue:
Inscrypt'09 Proceedings of the 5th international conference on Information security and cryptology
Year:
2009

Citing 14
Cited 0

Differential cryptanalysis of the data encryption standard

Differential cryptanalysis of the data encryption standard
New types of cryptanalytic attacks using related keys

EUROCRYPT '93 Workshop on the theory and application of cryptographic techniques on Advances in cryptology
The Design of Rijndael

The Design of Rijndael
Cryptanalysis of LOKI

ASIACRYPT '91 Proceedings of the International Conference on the Theory and Applications of Cryptology: Advances in Cryptology
Cryptanalysis of Block Ciphers with Overdefined Systems of Equations

ASIACRYPT '02 Proceedings of the 8th International Conference on the Theory and Application of Cryptology and Information Security: Advances in Cryptology
Unbalanced Feistel Networks and Block Cipher Design

Proceedings of the Third International Workshop on Fast Software Encryption
Slide Attacks

FSE '99 Proceedings of the 6th International Workshop on Fast Software Encryption
Cryptanalysis of Reduced-Round SMS4 Block Cipher

ACISP '08 Proceedings of the 13th Australasian conference on Information Security and Privacy
Analysis of Two Attacks on Reduced-Round Versions of the SMS4

ICICS '08 Proceedings of the 10th International Conference on Information and Communications Security
Some New Observations on the SMS4 Block Cipher in the Chinese WAPI Standard

ISPEC '09 Proceedings of the 5th International Conference on Information Security Practice and Experience
The Cryptanalysis of Reduced-Round SMS4

Selected Areas in Cryptography
Advanced slide attacks

EUROCRYPT'00 Proceedings of the 19th international conference on Theory and application of cryptographic techniques
Analysis of the SMS4 block cipher

ACISP'07 Proceedings of the 12th Australasian conference on Information security and privacy
Attacking reduced-round versions of the SMS4 block cipher in the Chinese WAPI standard

ICICS'07 Proceedings of the 9th international conference on Information and communications security

Quantified Score

Hi-index	0.00

Visualization

Abstract

We present several new observations on the SMS4 block cipher, and discuss their cryptographic significance. The crucial observation is the existence of fixed points and also of simple linear relationships between the bits of the input and output words for each component of the round functions for some input words. This implies that the nonlinear function T of SMS4 does not appear random and that the linear transformation provides poor diffusion. Furthermore, the branch number of the linear transformation in the key scheduling algorithm is shown to be less than optimal. The main security implication of these observations is that the round function is not always non-linear. Due to this linearity, it is possible to reduce the number of effective rounds of SMS4 by four. We also investigate the susceptibility of SMS4 to further cryptanalysis. Finally, we demonstrate a successful differential attack on a slightly modified variant of SMS4. These findings raise serious questions on the security provided by SMS4.