×

New description of SMS4 by an embedding over GF(\(2^{8}\)). (English) Zbl 1153.94397

Srinathan, K. (ed.) et al., Progress in cryptology – INDOCRYPT 2007. 8th international conference on cryptology in India, Chennai, India, December 9–13, 2007. Proceedings. Berlin: Springer (ISBN 978-3-540-77025-1/pbk). Lecture Notes in Computer Science 4859, 238-251 (2007).
Summary: SMS4 is a 128-bit block cipher which is used in the WAPI standard in China for protecting wireless transmission data. Due to the nature that the functions deployed in the round transformations of SMS4 operate on two different fields GF(\(2^{8}\)) and \(GF(2)\), it is difficult to analyze this cipher algebraically. In this paper we describe a new block cipher called ESMS4, which uses only algebraic operations over GF(\(2^{8}\)). The new cipher is an extension of SMS4 in the sense that SMS4 can be embedded into ESMS4 with restricted plaintext space and key spaces. Thus, the SMS4 cipher can be investigated through this embedding over GF(\(2^{8}\)). Based on this new cipher, we represent the SMS4 cipher with an overdetermined, sparse multivariate quadratic equation system over GF(\(2^{8}\)). Furthermore, we estimate the computational complexity of the XSL algorithm for solving the equation system and find that the complexity is \(2^{77}\) when solving the whole system of equations.
For the entire collection see [Zbl 1135.94002].

MSC:

94A60 Cryptography
PDFBibTeX XMLCite
Full Text: DOI

References:

[1] Beijing Data Security Company, The SMS4 Block Cipher (in Chinese), Beijing (2006), available at http://www.oscca.gov.cn/UpFile/200621016423197990.pdf
[2] Cid, C.; Leurent, G.; Roy, B., An Analysis of the XSL Algorithm, Advances in Cryptology - ASIACRYPT 2005, 333-352 (2005), Heidelberg: Springer, Heidelberg · Zbl 1154.94384 · doi:10.1007/11593447_18
[3] Courtois, N., Pieprzyk, J.: Cryptanalysis of Block Ciphers with Overdefined Systems of Equations, Cryptology ePrint Archive, Report, /044, 2002 (2002), available at http://eprint.iacr.org/2002/044 · Zbl 1065.94543
[4] Courtois, N.; Pieprzyk, J.; Zheng, Y., Cryptanalysis of Block Ciphers with Overdefined Systems of Equations, Advances in Cryptology - ASIACRYPT 2002, 267-287 (2002), Heidelberg: Springer, Heidelberg · Zbl 1065.94543 · doi:10.1007/3-540-36178-2_17
[5] Courtois, N.; Klimov, A.; Patarin, J.; Shamir, A.; Preneel, B., Efficient Algorithms for Solving Overdefined Systems of Multivariate Polynomial Equations, Advances in Cryptology - EUROCRYPT 2000, 392-407 (2000), Heidelberg: Springer, Heidelberg · Zbl 1082.94514 · doi:10.1007/3-540-45539-6_27
[6] Courtois, N.; Patarin, J.; Joye, M., About the XL Algorithm over GF(2), Topics in Cryptology - CT-RSA 2003, 141-157 (2003), Heidelberg: Springer, Heidelberg · Zbl 1039.94511 · doi:10.1007/3-540-36563-X_10
[7] Daemen, J.; Rijmen, V., AES proposal: The Rijndael block cipher (1999), Heidelberg: Springer, Heidelberg
[8] Kipnis, A.; Shamir, A.; Wiener, M. J., Cryptanalysis of the HFE Public Key Cryptosystem by Relinearization, Advances in Cryptology - CRYPTO 1999, 19-30 (1999), Heidelberg: Springer, Heidelberg · Zbl 0940.94012
[9] Lidl, R.; Niederreiter, H., Introduction to Finite Fields and Their Applications (1984), Cambridge: Cambridge University Press, Cambridge
[10] Liu, F.; Ji, W.; Hu, L.; Ding, J.; Lv, S.; Pyshkin, A.; Weinmann, R., Analysis of the SMS4 Block Cipher, ACISP 2007, 158-170 (2007), Heidelberg: Springer, Heidelberg · Zbl 1213.94121
[11] Murphy, S.; Robshaw, M.; Yung, M., Essential Algebraic Structure within the AES, Advances in Cryptology - CRYPTO 2002, 1-16 (2002), Heidelberg: Springer, Heidelberg · Zbl 1026.94537 · doi:10.1007/3-540-45708-9_1
[12] Lim, C.; Khoo, K., An Analysis of XSL Applied to BES, FSE 2007, 242-253 (2007), Heidelberg: Springer, Heidelberg · Zbl 1186.94459
[13] Zhang, L.; Wu, W., Difference Fault Attack on the SMS4 Encryption Algorithm (in Chinese), Chinese Journal of Computers, 29, 9, 1596-1602 (2006)
This reference list is based on information provided by the publisher or from digital mathematics libraries. Its items are heuristically matched to zbMATH identifiers and may contain data conversion errors. In some cases that data have been complemented/enhanced by data from zbMATH Open. This attempts to reflect the references listed in the original paper as accurately as possible without claiming completeness or a perfect matching.