Differential cryptanalysis of the data encryption standard
Differential cryptanalysis of the data encryption standard
New types of cryptanalytic attacks using related keys
EUROCRYPT '93 Workshop on the theory and application of cryptographic techniques on Advances in cryptology
The Design of Rijndael
ASIACRYPT '91 Proceedings of the International Conference on the Theory and Applications of Cryptology: Advances in Cryptology
Cryptanalysis of Block Ciphers with Overdefined Systems of Equations
ASIACRYPT '02 Proceedings of the 8th International Conference on the Theory and Application of Cryptology and Information Security: Advances in Cryptology
Unbalanced Feistel Networks and Block Cipher Design
Proceedings of the Third International Workshop on Fast Software Encryption
FSE '99 Proceedings of the 6th International Workshop on Fast Software Encryption
Cryptanalysis of Reduced-Round SMS4 Block Cipher
ACISP '08 Proceedings of the 13th Australasian conference on Information Security and Privacy
Analysis of Two Attacks on Reduced-Round Versions of the SMS4
ICICS '08 Proceedings of the 10th International Conference on Information and Communications Security
Some New Observations on the SMS4 Block Cipher in the Chinese WAPI Standard
ISPEC '09 Proceedings of the 5th International Conference on Information Security Practice and Experience
The Cryptanalysis of Reduced-Round SMS4
Selected Areas in Cryptography
EUROCRYPT'00 Proceedings of the 19th international conference on Theory and application of cryptographic techniques
Analysis of the SMS4 block cipher
ACISP'07 Proceedings of the 12th Australasian conference on Information security and privacy
Attacking reduced-round versions of the SMS4 block cipher in the Chinese WAPI standard
ICICS'07 Proceedings of the 9th international conference on Information and communications security
Hi-index | 0.00 |
We present several new observations on the SMS4 block cipher, and discuss their cryptographic significance. The crucial observation is the existence of fixed points and also of simple linear relationships between the bits of the input and output words for each component of the round functions for some input words. This implies that the nonlinear function T of SMS4 does not appear random and that the linear transformation provides poor diffusion. Furthermore, the branch number of the linear transformation in the key scheduling algorithm is shown to be less than optimal. The main security implication of these observations is that the round function is not always non-linear. Due to this linearity, it is possible to reduce the number of effective rounds of SMS4 by four. We also investigate the susceptibility of SMS4 to further cryptanalysis. Finally, we demonstrate a successful differential attack on a slightly modified variant of SMS4. These findings raise serious questions on the security provided by SMS4.