SM4 (cipher)

ShāngMì 4 (SM4, 商密4) (formerly SMS4) is a block cipher, standardised for commercial cryptography in China. It is used in the Chinese National Standard for Wireless LAN WAPI (WLAN Authentication and Privacy Infrastructure), and with Transport Layer Security.

SM4 was a cipher proposed for the IEEE 802.11i standard, but it has so far been rejected. One of the reasons for the rejection has been opposition to the WAPI fast-track proposal by the IEEE.

SM4 was published as in 2021.

The SM4 algorithm was drafted by Data Assurance & Communication Security Center, Chinese Academy of Sciences (CAS), and Commercial Cryptography Testing Center, National Cryptography Administration. It is mainly developed by Lü Shuwang ( zh, 吕述望). The algorithm was declassified in January, 2006, and it became a national standard (GB/T 32907-2016) in August 2016.Lu Shuwang. Journal of Information Security Research, 2016, 2(11): 995-1007.

Cipher detail

The SM4 cipher has a key size and a block size of 128 bits each. Encryption or decryption of one block of data is composed of 32 rounds. A non-linear key schedule is used to produce the round keys and the decryption uses the same round keys as for encryption, except that they are in reversed order.

Keys and key parameters

The length of encryption keys is 128 bits, represented as $MK=(MK_0,\ MK_1,\ MK_2,\ MK_3)$, in which $MK_i\ (i=0,\ 1,\ 2,\ 3)$ is a 32-bit word. The round keys are represented by $(rk_0,\ rk_1,\ \ldots,\ rk_)$, where each $rk_i(i=0,\ \ldots,\ 31)$ is a word. It is generated by the encryption key and the following parameters:

* $FK=(FK_0,\ FK_1,\ FK_2,\ FK_3)$
* $CK=(CK_0,\ CK_1,\ \ldots,\ CK_)$

$FK_i$ and $CK_i$ are words, used to generate the round keys.

Round

Each round are computed from the four previous round outputs $X_i, X_, X_, X_$ such that:
$X_ = X_i \oplus F(X_ \oplus X_ \oplus X_ \oplus rk_i)$

Where $F$ is a substitution function composed of a non-linear transform, the S-box and linear transform $L$

S-box

SM4's S-box is fixed for 8-bit input and 8-bit output, noted as Sbox(). As with Advanced Encryption Standard (AES), the S-box is based on the multiplicative inverse over . The affine transforms and polynomial bases are different from that of AES, but due to affine isomorphism it can be calculated efficiently given an AES S-Box.

History

On March 21, 2012, the Chinese government published the industrial standard "GM/T 0002-2012 SM4 Block Cipher Algorithm", officially renaming SMS4 to SM4.

A description of SM4 in English is available as an Internet Draft. It contains a reference implementation in ANSI C.

SM4 is part of the ARMv8.4-A expansion to the ARM architecture. SM4 support for the RISC-V architecture was ratified in 2021 as the Zksed extension.

SM4 is supported by Intel processors, starting from Arrow Lake S, Lunar Lake, Diamond Rapids and Clearwater Forest.

References

External links

Linear and Differential Cryptanalysis of Reduced SMS4 Block Cipher





The GmSSL Project
(OpenSSL fork with GuoMi algorithms)


(ISO/IEC 18033-3:2010/Amd 1:2021 Information technology — Security techniques — Encryption algorithms — Part 3: Block ciphers — Amendment 1: SM4 )

{{Cryptography navbox , block

Block ciphers
Standards of the People's Republic of China