|First published||2006 (declassified),(standardized in March 21, 2012)|
|Key sizes||128 bits|
|Block sizes||128 bits|
|Structure||unbalanced Feistel network|
|Best public cryptanalysis|
|linear and differential attacks against 22 rounds|
SMS4 was a proposed cipher to be used in IEEE 802.11i standard, but has so far been rejected by ISO. One of the reasons for the rejection has been opposition to the WAPI fast-track proposal by the IEEE.
The SMS4 algorithm was invented by Prof. LU Shu-wang(吕述望). The algorithm was declassified in January, 2006. A few details of the SMS4 cipher are:
- It has a block size of 128 bits.
- Uses an 8-bit S-box
- The key size is 128 bits.
- The only operations used are XOR, circular shifts and S-Box applications
- Performs 32 rounds to process one block.
- Each round updates a quarter (32 bits) of the internal state.
- A non-linear key schedule is used to produce the round keys.
- Decryption is using the same keys as encryption, but in reversed order.
Terms and Definitions
Word and Byte
Define as a vector set of e bits.
is a word.
is a byte.
S-box is fixed for 8-bit input and 8-bit output, noted as Sbox().
Keys and Key Parameters
The length of encryption keys are 128-bit, represented as , in which is a word.
A round key is represented as ,where each is a word. It is generated by the encryption key.
is a system parameter.
is a fixed parameter, used to generate .
and are words, used for extension of the algorithm.
On Mar 21, 2012, the Chinese government published the industrial standard <GM/T 0002-2012 SM4 Block Cipher Algorithm Standard>, officially renaming SMS4 to SM4.
- "国家密码管理局公告（第23号）". The Office of Security Commercial Code Administration (OSCCA). 2012-03-21. Retrieved 2016-07-24.