Analysis of Two Attacks on Reduced-Round Versions of the SMS4

Toz D., Dunkelman O.

10th International Conference on Information and Communications Security, Birmingham, United Kingdom, 20 - 22 October 2008, vol.5308, pp.141-143 identifier identifier

  • Publication Type: Conference Paper / Full Text
  • Volume: 5308
  • Doi Number: 10.1007/978-3-540-88625-9-10
  • City: Birmingham
  • Country: United Kingdom
  • Page Numbers: pp.141-143


SMS4 is a 128-bit block cipher used in WAPI (the Chinese national standard for wireless networks). Up until recently, the best attacks on SMS4 known, in terms of the number of rounds, were the rectangle attack on 14 rounds and the impossible differential attack on 16 rounds (out of 32 rounds) presented by Lu. While analyzing them, we noticed that these attacks have flaws and that their complexity analysis is inaccurate. In this paper we make a more comprehensive analysis of these attacks and further improve these results.