{{Short description|Chinese block cipher}} {{redirect|SMS4|the satellite|Synchronous Meteorological Satellite}} {{Infobox block cipher | name = SM4 | image = File:SM4 round.svg | caption = | designers = Data Assurance & Communication Security Center, Chinese Academy of Sciences | publish date = 2006 (declassified; standardized March 21, 2012)<ref>{{cite web |url=http://www.cnnic.cn/gcjsyj/qyjsyj/mmsfbz/sm4/201312/t20131204_43341.htm |title=SM4 Block Cipher Algorithm |publisher=CNNIC |date=2013-12-04 |access-date=2016-07-24 |archive-date=2016-09-19 |archive-url=https://web.archive.org/web/20160919072646/http://www.cnnic.cn/gcjsyj/qyjsyj/mmsfbz/sm4/201312/t20131204_43341.htm |url-status=dead }}</ref> | derived from = | derived to = | key size = 128 bits | block size = 128 bits | structure = Unbalanced Feistel network | rounds = 32 | cryptanalysis = Linear and differential attacks against 22 rounds }} '''ShāngMì 4''' ('''SM4, 商密4''') (formerly '''SMS4''')<ref name="oscca_1228">{{cite web|url=http://www.oscca.gov.cn/News/201204/News_1228.htm |title=Announcement No.23 of the State Cryptography Administration |publisher=The Office of the State Commercial Code Administration (OSCCA) |date=2012-03-21 |access-date=2016-07-24 |url-status=dead |archive-url=https://web.archive.org/web/20160814151056/http://www.oscca.gov.cn/News/201204/News_1228.htm |archive-date=2016-08-14 |language=zh-cn}}</ref> is a block cipher, standardised for commercial cryptography in China.<ref>{{Cite book |last1=Martinkauppi |first1=Louise Bergman |last2=He |first2=Qiuping |last3=Ilie |first3=Dragos |title=2020 13th International Conference on Communications (COMM) |chapter=On the Design and Performance of Chinese OSCCA-approved Cryptographic Algorithms |date=June 2020 |chapter-url=https://ieeexplore.ieee.org/document/9142035 |pages=119–124 |doi=10.1109/COMM48946.2020.9142035|isbn=978-1-7281-5611-8 |s2cid=220668639 |url=http://urn.kb.se/resolve?urn=urn:nbn:se:bth-19835 }}</ref> It is used in the Chinese National Standard for Wireless LAN WAPI (WLAN Authentication and Privacy Infrastructure), and with Transport Layer Security.<ref>{{cite IETF |title= |rfc=8998 |last=Yang |first=P |date=March 2021 |publisher=IETF |access-date=2022-07-30 |doi=10.17487/RFC8998}}</ref>
SM4 was a cipher proposed for the IEEE 802.11i standard, but it has so far been rejected. One of the reasons for the rejection has been opposition to the WAPI fast-track proposal by the IEEE.{{Citation needed|date=March 2022}}
SM4 was published as {{URL|1=https://www.iso.org/standard/81564.html|2=ISO/IEC 18033-3/Amd 1}} in 2021.
The SM4 algorithm was drafted by Data Assurance & Communication Security Center, Chinese Academy of Sciences (CAS), and Commercial Cryptography Testing Center, National Cryptography Administration. It is mainly developed by Lü Shuwang ({{lang-zh|吕述望}}). The algorithm was declassified in January, 2006, and it became a national standard (GB/T 32907-2016) in August 2016.<ref name="abstract192">Lu Shuwang. {{URL|1=http://ris.sic.gov.cn/CN/Y2016/V2/I11/995|2=Overview on SM4 Algorithm}}[J]. Journal of Information Security Research, 2016, 2(11): 995-1007.</ref>
==Cipher detail== The SM4 cipher has a key size and a block size of 128 bits each.<ref>{{cite web |title=无线局域网产品使用的 SMS4 密码算法 |url=http://www.oscca.gov.cn/UpFile/200621016423197990.pdf |publisher=State Cryptography Administration of the People's Republic of China |archive-url=https://web.archive.org/web/20070710015158/http://www.oscca.gov.cn/UpFile/200621016423197990.pdf |archive-date=2007-07-10 |language=zh-Hans}}</ref><ref>[http://eprint.iacr.org/2008/329.pdf SMS4 Encryption Algorithm for Wireless Networks]</ref> Encryption or decryption of one block of data is composed of 32 rounds. A non-linear key schedule is used to produce the round keys and the decryption uses the same round keys as for encryption, except that they are in reversed order.
===Keys and key parameters=== The length of encryption keys is 128 bits, represented as <math>MK=(MK_0,\ MK_1,\ MK_2,\ MK_3)</math>, in which <math>MK_i\ (i=0,\ 1,\ 2,\ 3)</math> is a 32-bit word. The round keys are represented by <math>(rk_0,\ rk_1,\ \ldots,\ rk_{31})</math>, where each <math>rk_i(i=0,\ \ldots,\ 31)</math> is a 32-bit word. It is generated by the encryption key and the following parameters:
* <math>FK=(FK_0,\ FK_1,\ FK_2,\ FK_3)</math> * <math>CK=(CK_0,\ CK_1,\ \ldots,\ CK_{31})</math>
<math>FK_i</math> and <math>CK_i</math> are 32-bit words used to generate the round keys.
===Round=== Each round are computed from the four previous round outputs <math>X_i, X_{i+1}, X_{i+2}, X_{i+3}</math> such that: <math>X_{i+4} = X_i \oplus F(X_{i+1} \oplus X_{i+2} \oplus X_{i+3} \oplus rk_i)</math>
Where <math>F</math> is a substitution function composed of a non-linear transform, the S-box and linear transform <math>L</math>
===S-box=== {{further|AES instruction set#Application beyond AES}} SM4's S-box is fixed for 8-bit input and 8-bit output, noted as Sbox(). As with Advanced Encryption Standard (AES), the S-box is based on the multiplicative inverse over {{math|GF(2<sup>8</sup>)}}. The affine transforms and polynomial bases are different from that of AES, but due to affine isomorphism it can be calculated efficiently given an AES S-Box.<ref>{{cite web |last1=Saarinen |first1=Markku-Juhani O. |title=mjosaarinen/sm4ni: Demonstration that AES-NI instructions can be used to implement the Chinese Encryption Standard SM4 |url=https://github.com/mjosaarinen/sm4ni |website=GitHub |date=17 April 2020}}</ref>
==History== On March 21, 2012, the Chinese government published the industrial standard "GM/T 0002-2012 SM4 Block Cipher Algorithm", officially renaming SMS4 to SM4.<ref name="oscca_1228" />
A description of SM4 in English is available as an Internet Draft. It contains a reference implementation in ANSI C.<ref>{{cite journal |last1=Tse |first1=Ronald |last2=Kit |first2=Wong |last3=Saarinen |first3=Markku-Juhani |title=The SM4 Blockcipher Algorithm And Its Modes Of Operations |url=https://tools.ietf.org/html/draft-ribose-cfrg-sm4-10 |website=tools.ietf.org |date=22 April 2018 |language=en}}</ref>
SM4 is part of the ARMv8.4-A expansion to the ARM architecture.<ref>{{cite web |title=Introducing 2017's extensions to the Arm Architecture |url=https://community.arm.com/developer/ip-products/processors/b/processors-ip-blog/posts/introducing-2017s-extensions-to-the-arm-architecture |website=community.arm.com |date=2 November 2017 |language=en}}</ref> SM4 support for the RISC-V architecture was ratified in 2021 as the Zksed extension.<ref>{{cite web |title=RISC-V Cryptography Extensions Task Group Announces Public Review of the Scalar Cryptography Extensions |url=https://riscv.org/blog/2021/09/risc-v-cryptography-extensions-task-group-announces-public-review-of-the-scalar-cryptography-extensions |website=riscv.org |language=en}} </ref>
SM4 is supported by Intel processors, starting from Arrow Lake S, Lunar Lake, Diamond Rapids and Clearwater Forest.<ref>{{cite web |title=Intel® Architecture Instruction Set Extensions and Future Features |url=https://cdrdv2-public.intel.com/843860/architecture-instruction-set-extensions-programming-reference-dec-24.pdf |page=1-3|publisher=Intel Corporation |access-date=2 February 2025 |date=December 2024}}</ref>
==References== {{Reflist}}
==External links== * [http://eprint.iacr.org/2008/281 Linear and Differential Cryptanalysis of Reduced SMS4 Block Cipher] * [https://web.archive.org/web/20110708205942/http://www.cryptoclarity.com/CryptoClarityLLC/Welcome/Entries/2009/2/24_SMS4_Cipher_as_a_Spreadsheet.html Example of SMS4 implemented as a Spreadsheet] * [https://web.archive.org/web/20041103211024/http://www.lois.labs.gov.cn/personnel/lvshuwang.htm Page of Lu Shu-wang (吕述望) (in Chinese)] * [http://gmssl.org The GmSSL Project] {{Webarchive|url=https://web.archive.org/web/20201021125413/http://gmssl.org/ |date=2020-10-21 }} (OpenSSL fork with GuoMi algorithms) * [https://www.iso.org/standard/81564.html] (ISO/IEC 18033-3:2010/Amd 1:2021 Information technology — Security techniques — Encryption algorithms — Part 3: Block ciphers — Amendment 1: SM4 )
{{Cryptography navbox | block}}
Category:Block ciphers Category:Standards of China