Attacking Reduced-Round Versions of the SMS4 Block Cipher in the Chinese WAPI Standard

Lu, Jiqiang

doi:10.1007/978-3-540-77048-0_24

Cited by 26 publications

(46 citation statements)

References 11 publications

(20 reference statements)

Supporting

Mentioning

Contrasting

Order By: Relevance

“…2.2 we unify all previous works on boomerang-style distinguishers [63,32,6,57,7,8,48,37] and their related-key counterparts [36,25,38,9,10,22,53,29,35,64,46,47,49,50,23]. We highlight their similarities and differences for a better view of which attack variant is more suitable for a particular situation.…”

Section: Outline Of This Papermentioning

confidence: 92%

Advanced Differential-Style Cryptanalysis of the NSA's Skipjack Block Cipher

Kim¹,

Phan

2009

Cryptologia

View full text Add to dashboard Cite

Section: Outline Of This Papermentioning

confidence: 92%

Advanced Differential-Style Cryptanalysis of the NSA's Skipjack Block Cipher

Kim¹,

Phan

2009

Cryptologia

View full text Add to dashboard Cite

“…As a result, only the first column of M would be stored. Round 4 5 8 9 12 13 16 17 input b800e200 b800e200 b8e20000 b8e20000 00e2e200 00e2e200 b800e200 b800e200 output d3d33189 16009f6b 6bd3d389 aee29f6b d331d389 ae007d6b d3d33189 16009f6b input 00e200b8 00e200b8 e2e20000 e2e20000 e20000b8 e20000b8 00e200b8 00e200b8 output 009f6b16 d33189d3 007d6bae 31d389d3 e29f6bae d3d3896b 009f6b16 d33189d3 input b800e200 b800e200 00e2e200 00e2e200 b8e20000 b8e20000 b800e200 b800e200 output 16009f6b d3d33189 ae007d6b d331d389 aee29f6b 6bd3d389 16009f6b d3d33189 input 00b800e2 00b800e2 00b8e200 00b8e200 0000e2e2 0000e2e2 00b800e2 00b800e2 output 89d3d331 6b16009f 896bd3d3 6baee29f 89d331d3 6bae007d 89d3d331 6b16009f input e200b800 e200b800 e20000e2 e20000e2 0000b8e2 0000b8e2 e200b800 e200b800 output 9f6b1600 3189d3d3 7d6bae00 d389d331 9f6baee2 d3896bd3 9f6b1600 3189d3d3 input 00e200b8 00e200b8 e20000b8 e20000b8 e2e20000 e2e20000 00e200b8 00e200b8 output d33189d3 009f6b16 d3d3896b e29f6bae 31d389d3 007d6bae d33189d3 009f6b16 input e200b800 e200b800 0000b8e2 0000b8e2 e20000e2 e20000e2 e200b800 e200b800 output 3189d3d3 9f6b1600 d3896bd3 9f6baee2 d389d331 7d6bae00 3189d3d3 9f6b1600 input 00b800e2 00b800e2 0000e2e2 0000e2e2 00b8e200 00b8e200 00b800e2 00b800e2 output 6b16009f 89d3d331 6bae007d 89d331d3 6baee29f 896bd3d3 6b16009f 89d3d331 20 ) and insert (−1) g to the corresponding row of the first column of M . 6.…”

Section: Linear Attacks On 23-round Sms4mentioning

confidence: 99%

Improved Linear Attacks on the Chinese Block Cipher Standard

Liu

Chen

2014

J. Comput. Sci. Technol.

View full text Add to dashboard Cite

Abstract. The block cipher used in the Chinese Wireless LAN Standard (WAPI), SMS4, was recently renamed as SM4, and became the block cipher standard issued by the Chinese government 3 . This paper improves the previous linear cryptanalysis of SMS4 by giving the first 19-round onedimensional approximations. The 19-round approximations hold with bias 2 −62.27 ; we use one of them to leverage a linear attack on 23-round SMS4. Our attack improves the previous 23-round attacks by reducing the time complexity. Furthermore, the data complexity of our attack is further improved by the multidimensional linear approach.

show abstract

“…For example, for SMS4, a 12-round impossible differential characteristic was published in [6], formed by combining two 6-round differentials. Our results, however, give a definite lower bound for the number of rounds that can be attacked with an impossible differential or impossible boomerang distinguisher.…”

Section: Sms4mentioning

confidence: 99%

Impossible Boomerang Attack for Block Cipher Structures

Choy

Yap

2009

Advances in Information and Computer Security

View full text Add to dashboard Cite

Abstract. Impossible boomerang attack [5] (IBA) is a new variant of differential cryptanalysis against block ciphers. Evident from its name, it combines the ideas of both impossible differential cryptanalysis and boomerang attack. Though such an attack might not be the best attack available, its complexity is still less than that of the exhaustive search. In impossible boomerang attack, impossible boomerang distinguishers are used to retrieve some of the subkeys. Thus the security of a block cipher against IBA can be evaluated by impossible boomerang distinguishers. In this paper, we study the impossible boomerang distinguishers for block cipher structures whose round functions are bijective. Inspired by the U-method in [3], we provide an algorithm to compute the maximum length of impossible boomerang distinguishers for general block cipher structures, and apply the algorithm to known block cipher structures such as Nyberg's generalized Feistel network, a generalized CAST256-like structure, a generalized MARS-like structure, a generalized RC6-like structure, etc.

show abstract

Attacking Reduced-Round Versions of the SMS4 Block Cipher in the Chinese WAPI Standard

Cited by 26 publications

References 11 publications

Advanced Differential-Style Cryptanalysis of the NSA's Skipjack Block Cipher

Advanced Differential-Style Cryptanalysis of the NSA's Skipjack Block Cipher

Improved Linear Attacks on the Chinese Block Cipher Standard

Impossible Boomerang Attack for Block Cipher Structures

Contact Info

Product

Resources

About