On Probability of Success in Linear and Differential Cryptanalysis
Journal of Cryptology
Cryptanalysis of Reduced-Round SMS4 Block Cipher
ACISP '08 Proceedings of the 13th Australasian conference on Information Security and Privacy
Analysis of Two Attacks on Reduced-Round Versions of the SMS4
ICICS '08 Proceedings of the 10th International Conference on Information and Communications Security
Some New Observations on the SMS4 Block Cipher in the Chinese WAPI Standard
ISPEC '09 Proceedings of the 5th International Conference on Information Security Practice and Experience
Analysis of the SMS4 block cipher
ACISP'07 Proceedings of the 12th Australasian conference on Information security and privacy
New description of SMS4 by an embedding over GF(28)
INDOCRYPT'07 Proceedings of the cryptology 8th international conference on Progress in cryptology
Attacking reduced-round versions of the SMS4 block cipher in the Chinese WAPI standard
ICICS'07 Proceedings of the 9th international conference on Information and communications security
Improving the efficiency of impossible differential cryptanalysis of reduced Camellia and MISTY1
CT-RSA'08 Proceedings of the 2008 The Cryptopgraphers' Track at the RSA conference on Topics in cryptology
| Hi-index | 0.00 |
SMS4 is a 128-bit block cipher used in the WAPI standard for wireless networks in China. In this paper, we analyze the security of the SMS4 block cipher against differential cryptanalysis. Firstly, we prove three theorems and one corollary that reflect relationships of 5- and 6-round SMS4. Next, by these relationships, we clarify the minimum number of active S-boxes in 6-, 7- and 12-round SMS4 respectively. Finally, based on the above results, we present a family of about 214 differential characteristics for 19-round SMS4, which leads to an attack on 23-round SMS4 with 2118 chosen plaintexts and 2126.7 encryptions.