|Designers||Data Assurance & Communication Security Center, Academy of Sciences|
|First published||2006 (declassified; standardized March 21, 2012)|
|Key sizes||128 bits|
|Block sizes||128 bits|
|Structure||unbalanced Feistel network|
|Best public cryptanalysis|
|Linear and differential attacks against 22 rounds|
SM4 was a cipher proposed to for the IEEE 802.11i standard, but has so far been rejected by ISO. One of the reasons for the rejection has been opposition to the WAPI fast-track proposal by the IEEE.
The SM4 algorithm was drafted by Data Assurance & Communication Security Center, CAS, and Commercial Cryptogrophy Testing Center, National Cryptography Administration. It is mainly developed by Lü Shuwang (Chinese: 吕述望). The algorithm was declassified in January, 2006, and it became a national standard (GB/T 32907-2016) in August 2016.
- It has a block size of 128 bits.
- It uses an 8-bit S-box.
- The key size is 128 bits.
- The only operations used are 32-bit bitwise XOR, 32-bit circular shifts and S-box applications.
- Encryption or decryption of one block of data is composed of 32 rounds.
- Each round updates a quarter (i.e., 32 bits) of the internal state.
- A non-linear key schedule is used to produce the round keys.
- Decryption uses the same round keys as for encryption, except that they are in reversed order.
Terms and definitions
Word and byte
Define as a vector set of e bits.
is a word.
is a byte.
S-box is fixed for 8-bit input and 8-bit output, noted as Sbox(). As with AES, the S-box is based on the multiplicative inverse over GF(28). The affine transforms and polynomial bases are different from that of AES, but due to affine isomorphism it can be calculated efficiently given an AES Rijndael S-box.
Keys and key parameters
The length of encryption keys is 128 bits, represented as , in which is a word.
A round key is represented as , where each is a word. It is generated by the encryption key.
is a system parameter.
is a fixed parameter, used to generate .
and are words, used for extension of the algorithm.
On March 21, 2012, the Chinese government published the industrial standard "GM/T 0002-2012 SM4 Block Cipher Algorithm", officially renaming SMS4 to SM4.
- "SM4 Block Cipher Algorithm". CNNIC. 2013-12-04. Retrieved 2016-07-24.
- "Announcement No.23 of the State Cryptography Administration" (in Chinese (China)). The Office of Security Commercial Code Administration (OSCCA). 2012-03-21. Archived from the original on 2016-08-14. Retrieved 2016-07-24.
- Lu Shuwang. Overview on SM4 Algorithm[J]. Journal of Information Security Research, 2016, 2(11): 995-1007.
- 无线局域网产品使用的SMS4密码算法 Archived 2007-07-10 at the Wayback Machine(in Chinese)
- SMS4 Encryption Algorithm for Wireless Networks
- Saarinen, Markku-Juhani O. (17 April 2020). "mjosaarinen/sm4ni: Demonstration that AES-NI instructions can be used to implement the Chinese Encryption Standard SM4". GitHub.
- Tse, Ronald; Kit, Wong; Saarinen, Markku-Juhani. "The SM4 Blockcipher Algorithm And Its Modes Of Operations". tools.ietf.org.
- "Introducing 2017's extensions to the Arm Architecture". community.arm.com.