SM4 (cipher)
<templatestyles src="Module:Hatnote/styles.css"></templatestyles>
File:SM4 round.svg | |
General | |
---|---|
Designers | Data Assurance & Communication Security Center, Academy of Sciences |
First published | 2006 (declassified; standardized March 21, 2012)[1] |
Cipher detail | |
Key sizes | 128 bits |
Block sizes | 128 bits |
Structure | unbalanced Feistel network |
Rounds | 32 |
Best public cryptanalysis | |
Linear and differential attacks against 22 rounds |
ShāngMì 4 (SM4, 商密4) (formerly SMS4)[2] is a block cipher used in the Chinese National Standard for Wireless LAN WAPI (WLAN Authentication and Privacy Infrastructure) and also used with Transport Layer Security.[3]
SM4 was a cipher proposed to for the IEEE 802.11i standard, but has so far been rejected by ISO. One of the reasons for the rejection has been opposition to the WAPI fast-track proposal by the IEEE.[citation needed]
The SM4 algorithm was drafted by Data Assurance & Communication Security Center, CAS, and Commercial Cryptography Testing Center, National Cryptography Administration. It is mainly developed by Lü Shuwang (Chinese: 吕述望). The algorithm was declassified in January, 2006, and it became a national standard (GB/T 32907-2016) in August 2016.[4]
Contents
Cipher detail
The SM4 cipher has a key size and a block size of 128 bits each.[5][6] Encryption or decryption of one block of data is composed of 32 rounds. A non-linear key schedule is used to produce the round keys and the decryption uses the same round keys as for encryption, except that they are in reversed order.
Keys and key parameters
The length of encryption keys is 128 bits, represented as , in which
is a 32-bit word. The round keys are represented by
, where each
is a word. It is generated by the encryption key and the following parameters:
and
are words, used to generate the round keys.
Round
Each round are computed from the four previous round outputs such that:
Where is a substitution function composed of a non-linear transform, the S-box and linear transform
S-box
S-box is fixed for 8-bit input and 8-bit output, noted as Sbox(). As with AES, the S-box is based on the multiplicative inverse over GF(28). The affine transforms and polynomial bases are different from that of AES, but due to affine isomorphism it can be calculated efficiently given an AES Rijndael S-box.[7]
Remark
On March 21, 2012, the Chinese government published the industrial standard "GM/T 0002-2012 SM4 Block Cipher Algorithm", officially renaming SMS4 to SM4.[2]
A description of SM4 in English is available as an Internet Draft. It contains a reference implementation in ANSI C.[8]
SM4 is part of the ARMv8.4-A expansion to the ARM architecture.[9]
References
- ↑ Lua error in package.lua at line 80: module 'strict' not found.
- ↑ 2.0 2.1 Lua error in package.lua at line 80: module 'strict' not found.
- ↑ Yang, P (March 2021). RFC 8998. IETF. doi:10.17487/RFC8998. https://tools.ietf.org/html/rfc8998. Retrieved 2022-07-30.
- ↑ Lu Shuwang. Overview on SM4 Algorithm[J]. Journal of Information Security Research, 2016, 2(11): 995-1007.
- ↑ 无线局域网产品使用的SMS4密码算法 Archived 2007-07-10 at the Wayback MachineScript error: No such module "In lang".
- ↑ SMS4 Encryption Algorithm for Wireless Networks
- ↑ Lua error in package.lua at line 80: module 'strict' not found.
- ↑ Lua error in package.lua at line 80: module 'strict' not found.
- ↑ Lua error in package.lua at line 80: module 'strict' not found.
External links
- Webarchive template wayback links
- Articles with short description
- Articles with redirect hatnotes needing review
- Block ciphers
- Articles with unsourced statements from March 2022
- Articles with invalid date parameter in template
- Articles containing Chinese-language text
- Standards of the People's Republic of China