SM4 (cipher)

{{redirect|SMS4|the satellite|Synchronous Meteorological Satellite}}

{{Infobox block cipher

| name = SM4

| image = File:SM4 round.svg

| caption =

| designers = Data Assurance & Communication Security Center, Chinese Academy of Sciences

| publish date = 2006 (declassified; standardized March 21, 2012){{cite web |url=http://www.cnnic.cn/gcjsyj/qyjsyj/mmsfbz/sm4/201312/t20131204_43341.htm |title=SM4 Block Cipher Algorithm |publisher=CNNIC |date=2013-12-04 |access-date=2016-07-24 |archive-date=2016-09-19 |archive-url=https://web.archive.org/web/20160919072646/http://www.cnnic.cn/gcjsyj/qyjsyj/mmsfbz/sm4/201312/t20131204_43341.htm |url-status=dead }}

| derived from =

| derived to =

| key size = 128 bits

| block size = 128 bits

| structure = unbalanced Feistel network

| rounds = 32

| cryptanalysis = Linear and differential attacks against 22 rounds

}}

ShāngMì 4 (SM4, 商密4) (formerly SMS4){{cite web|url=http://www.oscca.gov.cn/News/201204/News_1228.htm |title=Announcement No.23 of the State Cryptography Administration |publisher=The Office of the State Commercial Code Administration (OSCCA) |date=2012-03-21 |access-date=2016-07-24 |url-status=dead |archive-url=https://web.archive.org/web/20160814151056/http://www.oscca.gov.cn/News/201204/News_1228.htm |archive-date=2016-08-14 |language=zh-cn}} is a block cipher, standardised for commercial cryptography in China.{{Cite book |last1=Martinkauppi |first1=Louise Bergman |last2=He |first2=Qiuping |last3=Ilie |first3=Dragos |title=2020 13th International Conference on Communications (COMM) |chapter=On the Design and Performance of Chinese OSCCA-approved Cryptographic Algorithms |date=June 2020 |chapter-url=https://ieeexplore.ieee.org/document/9142035 |pages=119–124 |doi=10.1109/COMM48946.2020.9142035|isbn=978-1-7281-5611-8 |s2cid=220668639 |url=http://urn.kb.se/resolve?urn=urn:nbn:se:bth-19835 }} It is used in the Chinese National Standard for Wireless LAN WAPI (WLAN Authentication and Privacy Infrastructure), and with Transport Layer Security.{{cite IETF |title= |rfc=8998 |last=Yang |first=P |date=March 2021 |publisher=IETF |access-date=2022-07-30 |doi=10.17487/RFC8998}}

SM4 was a cipher proposed for the IEEE 802.11i standard, but it has so far been rejected. One of the reasons for the rejection has been opposition to the WAPI fast-track proposal by the IEEE.{{Citation needed|date=March 2022}}

SM4 was published as {{URL|1=https://www.iso.org/standard/81564.html|2=ISO/IEC 18033-3/Amd 1}} in 2021.

The SM4 algorithm was drafted by Data Assurance & Communication Security Center, Chinese Academy of Sciences (CAS), and Commercial Cryptography Testing Center, National Cryptography Administration. It is mainly developed by Lü Shuwang ({{lang-zh|吕述望}}). The algorithm was declassified in January, 2006, and it became a national standard (GB/T 32907-2016) in August 2016.Lu Shuwang. {{URL|1=http://ris.sic.gov.cn/CN/Y2016/V2/I11/995|2=Overview on SM4 Algorithm}}[J]. Journal of Information Security Research, 2016, 2(11): 995-1007.

Cipher detail

The SM4 cipher has a key size and a block size of 128 bits each.{{cite web |title=无线局域网产品使用的 SMS4 密码算法 |url=http://www.oscca.gov.cn/UpFile/200621016423197990.pdf |publisher=State Cryptography Administration of the People's Republic of China |archive-url=https://web.archive.org/web/20070710015158/http://www.oscca.gov.cn/UpFile/200621016423197990.pdf |archive-date=2007-07-10 |language=zh-Hans}}[http://eprint.iacr.org/2008/329.pdf SMS4 Encryption Algorithm for Wireless Networks] Encryption or decryption of one block of data is composed of 32 rounds. A non-linear key schedule is used to produce the round keys and the decryption uses the same round keys as for encryption, except that they are in reversed order.

=Keys and key parameters=

The length of encryption keys is 128 bits, represented as $MK=(MK_0,\ MK_1,\ MK_2,\ MK_3)$ , in which $MK_i\ (i=0,\ 1,\ 2,\ 3)$ is a 32-bit word. The round keys are represented by $(rk_0,\ rk_1,\ \ldots,\ rk_{31})$ , where each $rk_i(i=0,\ \ldots,\ 31)$ is a word. It is generated by the encryption key and the following parameters:

$FK=(FK_0,\ FK_1,\ FK_2,\ FK_3)$
$CK=(CK_0,\ CK_1,\ \ldots,\ CK_{31})$

$FK_i$ and $CK_i$ are words, used to generate the round keys.

=Round=

Each round are computed from the four previous round outputs $X_i, X_{i+1}, X_{i+2}, X_{i+3}$ such that:

$X_{i+4} = X_i \oplus F(X_{i+1} \oplus X_{i+2} \oplus X_{i+3} \oplus rk_i)$

Where $F$ is a substitution function composed of a non-linear transform, the S-box and linear transform $L$

=S-box=

SM4's S-box is fixed for 8-bit input and 8-bit output, noted as Sbox(). As with Advanced Encryption Standard (AES), the S-box is based on the multiplicative inverse over {{math|GF(2⁸)}}. The affine transforms and polynomial bases are different from that of AES, but due to affine isomorphism it can be calculated efficiently given an AES S-Box.{{cite web |last1=Saarinen |first1=Markku-Juhani O. |title=mjosaarinen/sm4ni: Demonstration that AES-NI instructions can be used to implement the Chinese Encryption Standard SM4 |url=https://github.com/mjosaarinen/sm4ni |website=GitHub |date=17 April 2020}}

History

On March 21, 2012, the Chinese government published the industrial standard "GM/T 0002-2012 SM4 Block Cipher Algorithm", officially renaming SMS4 to SM4.

A description of SM4 in English is available as an Internet Draft. It contains a reference implementation in ANSI C.{{cite journal |last1=Tse |first1=Ronald |last2=Kit |first2=Wong |last3=Saarinen |first3=Markku-Juhani |title=The SM4 Blockcipher Algorithm And Its Modes Of Operations |url=https://tools.ietf.org/html/draft-ribose-cfrg-sm4-10 |website=tools.ietf.org |date=22 April 2018 |language=en}}

SM4 is part of the ARMv8.4-A expansion to the ARM architecture.{{cite web |title=Introducing 2017's extensions to the Arm Architecture |url=https://community.arm.com/developer/ip-products/processors/b/processors-ip-blog/posts/introducing-2017s-extensions-to-the-arm-architecture |website=community.arm.com |date=2 November 2017 |language=en}} SM4 support for the RISC-V architecture was ratified in 2021 as the Zksed extension.{{cite web |title=RISC-V Cryptography Extensions Task Group Announces Public Review of the Scalar Cryptography Extensions |url=https://riscv.org/blog/2021/09/risc-v-cryptography-extensions-task-group-announces-public-review-of-the-scalar-cryptography-extensions |website=riscv.org |language=en}}

SM4 is supported by Intel processors, starting from Arrow Lake S, Lunar Lake, Diamond Rapids and Clearwater Forest.{{cite web |title=Intel® Architecture Instruction Set Extensions and Future Features |url=https://cdrdv2-public.intel.com/843860/architecture-instruction-set-extensions-programming-reference-dec-24.pdf |page=1-3|publisher=Intel Corporation |access-date=2 February 2025 |date=December 2024}}

References

External links

[http://eprint.iacr.org/2008/281 Linear and Differential Cryptanalysis of Reduced SMS4 Block Cipher]
[https://web.archive.org/web/20110708205942/http://www.cryptoclarity.com/CryptoClarityLLC/Welcome/Entries/2009/2/24_SMS4_Cipher_as_a_Spreadsheet.html Example of SMS4 implemented as a Spreadsheet]
[https://web.archive.org/web/20041103211024/http://www.lois.labs.gov.cn/personnel/lvshuwang.htm Page of Lu Shu-wang (吕述望) (in Chinese)]
[http://gmssl.org The GmSSL Project] {{Webarchive|url=https://web.archive.org/web/20201021125413/http://gmssl.org/ |date=2020-10-21 }} (OpenSSL fork with GuoMi algorithms)
[https://www.iso.org/standard/81564.html] (ISO/IEC 18033-3:2010/Amd 1:2021 Information technology — Security techniques — Encryption algorithms — Part 3: Block ciphers — Amendment 1: SM4 )

Category:Block ciphers

Category:Standards of the People's Republic of China