SM4 (cipher)

SM4 (formerly SMS4)^[2] is a block cipher used in the Chinese National Standard for Wireless LAN WAPI (WLAN Authentication and Privacy Infrastructure).

SM4 was a cipher proposed to for the IEEE 802.11i standard, but has so far been rejected by ISO. One of the reasons for the rejection has been opposition to the WAPI fast-track proposal by the IEEE.

The SM4 algorithm was drafted by Data Assurance & Communication Security Center, CAS, and Commercial Cryptogrophy Testing Center, National Cryptography Administration. It is mainly developed by Lü Shuwang (Chinese: 吕述望). The algorithm was declassified in January, 2006, and it became a national standard (GB/T 32907-2016) in August 2016.^[3]

Cipher detail[]

A few details of the SM4 cipher are:^[4][5]

• It has a block size of 128 bits.
• It uses an 8-bit S-box.
• The key size is 128 bits.
• The only operations used are 32-bit bitwise XOR, 32-bit circular shifts and S-box applications.
• Encryption or decryption of one block of data is composed of 32 rounds.
• Each round updates a quarter (i.e., 32 bits) of the internal state.
• A non-linear key schedule is used to produce the round keys.
• Decryption uses the same round keys as for encryption, except that they are in reversed order.

Terms and definitions[]

Word and byte[]

Define ${\displaystyle Z_{2}^{e}}$ as a vector set of e bits.

${\displaystyle Z_{2}^{32}}$ is a word.

${\displaystyle Z_{2}^{8}}$ is a byte.

S-box[]

S-box is fixed for 8-bit input and 8-bit output, noted as Sbox(). As with AES, the S-box is based on the multiplicative inverse over GF(2⁸). The affine transforms and polynomial bases are different from that of AES, but due to affine isomorphism it can be calculated efficiently given an AES Rijndael S-box.^[6]

Keys and key parameters[]

The length of encryption keys is 128 bits, represented as ${\displaystyle MK=(MK_{0},\ MK_{1},\ MK_{2},\ MK_{3})}$, in which ${\displaystyle MK_{i}\ (i=0,\ 1,\ 2,\ 3)}$ is a word.

A round key is represented as ${\displaystyle (rk_{0},\ rk_{1},\ \ldots ,\ rk_{31})}$, where each ${\displaystyle rk_{i}(i=0,\ \ldots ,\ 31)}$ is a word. It is generated by the encryption key.

${\displaystyle FK=(FK_{0},\ FK_{1},\ FK_{2},\ FK_{3})}$ is a system parameter.

${\displaystyle CK=(CK_{0},\ CK_{1},\ \ldots ,\ CK_{31})}$ is a fixed parameter, used to generate ${\displaystyle rk_{i}}$.

${\displaystyle FK_{i}}$ and ${\displaystyle CK_{i}}$ are words, used for extension of the algorithm.

Remark[]

On March 21, 2012, the Chinese government published the industrial standard "GM/T 0002-2012 SM4 Block Cipher Algorithm", officially renaming SMS4 to SM4.^[2]

A description of SM4 in English is available as an Internet Draft. It contains a reference implementation in ANSI C.^[7]

SM4 is part of the ARMv8.4-A expansion to the ARM architecture.^[8]

References[]

External links[]

• Linear and Differential Cryptanalysis of Reduced SMS4 Block Cipher
• Example of SMS4 implemented as a Spreadsheet
• Page of Lu Shu-wang (吕述望) (in Chinese)
• The GmSSL Project (OpenSSL fork with GuoMi algorithms)