New Description of SMS4 by an Embedding overGF(28)

  • Wen Ji
  • Lei Hu
Part of the Lecture Notes in Computer Science book series (LNCS, volume 4859)


SMS4 is a 128-bit block cipher which is used in the WAPI standard in China for protecting wireless transmission data. Due to the nature that the functions deployed in the round transformations of SMS4 operate on two different fields GF(28) and GF(2), it is difficult to analyze this cipher algebraically. In this paper we describe a new block cipher called ESMS4, which uses only algebraic operations over GF(28). The new cipher is an extension of SMS4 in the sense that SMS4 can be embedded into ESMS4 with restricted plaintext space and key spaces. Thus, the SMS4 cipher can be investigated through this embedding over GF(28). Based on this new cipher, we represent the SMS4 cipher with an overdetermined, sparse multivariate quadratic equation system over GF(28). Furthermore, we estimate the computational complexity of the XSL algorithm for solving the equation system and find that the complexity is 277 when solving the whole system of equations.


block cipher SMS4 ESMS4 algebraic equation XSL algorithm 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Beijing Data Security Company, The SMS4 Block Cipher (in Chinese), Beijing (2006), available at
  2. 2.
    Cid, C., Leurent, G.: An Analysis of the XSL Algorithm. In: Roy, B. (ed.) ASIACRYPT 2005. LNCS, vol. 3788, pp. 333–352. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  3. 3.
    Courtois, N., Pieprzyk, J.: Cryptanalysis of Block Ciphers with Overdefined Systems of Equations, Cryptology ePrint Archive, Report, /044, 2002 (2002), available at
  4. 4.
    Courtois, N., Pieprzyk, J.: Cryptanalysis of Block Ciphers with Overdefined Systems of Equations. In: Zheng, Y. (ed.) ASIACRYPT 2002. LNCS, vol. 2501, pp. 267–287. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  5. 5.
    Courtois, N., Klimov, A., Patarin, J., Shamir, A.: Efficient Algorithms for Solving Overdefined Systems of Multivariate Polynomial Equations. In: Preneel, B. (ed.) EUROCRYPT 2000. LNCS, vol. 1807, pp. 392–407. Springer, Heidelberg (2000)CrossRefGoogle Scholar
  6. 6.
    Courtois, N., Patarin, J.: About the XL Algorithm over GF(2). In: Joye, M. (ed.) CT-RSA 2003. LNCS, vol. 2612, pp. 141–157. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  7. 7.
    Daemen, J., Rijmen, V.: AES proposal: The Rijndael block cipher. Springer, Heidelberg (1999)Google Scholar
  8. 8.
    Kipnis, A., Shamir, A.: Cryptanalysis of the HFE Public Key Cryptosystem by Relinearization. In: Wiener, M.J. (ed.) CRYPTO 1999. LNCS, vol. 1666, pp. 19–30. Springer, Heidelberg (1999)Google Scholar
  9. 9.
    Lidl, R., Niederreiter, H.: Introduction to Finite Fields and Their Applications. Cambridge University Press, Cambridge (1984)Google Scholar
  10. 10.
    Liu, F., Ji, W., Hu, L., Ding, J., Lv, S., Pyshkin, A., Weinmann, R.: Analysis of the SMS4 Block Cipher. In: ACISP 2007. LNCS, vol. 4586, pp. 158–170. Springer, Heidelberg (2007)Google Scholar
  11. 11.
    Murphy, S., Robshaw, M.: Essential Algebraic Structure within the AES. In: Yung, M. (ed.) CRYPTO 2002. LNCS, vol. 2442, pp. 1–16. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  12. 12.
    Lim, C., Khoo, K.: An Analysis of XSL Applied to BES. In: FSE 2007. LNCS, vol. 4593, pp. 242–253. Springer, Heidelberg (2007)Google Scholar
  13. 13.
    Zhang, L., Wu, W.: Difference Fault Attack on the SMS4 Encryption Algorithm (in Chinese). Chinese Journal of Computers 29(9), 1596–1602 (2006)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2007

Authors and Affiliations

  • Wen Ji
    • 1
  • Lei Hu
    • 1
  1. 1.State Key Laboratory of Information Security, Graduate School of Chinese Academy of Sciences, Beijing 100049China

Personalised recommendations