SM4分组密码算法综述
|
摘要
SM4分组密码算法简称为SM4算法,为配合WAPI无线局域网标准的推广应用,SM4算法于2006年公开发布,2012年3月发布成为国家密码行业标准(标准号为GM/T 0002-2012),2016年8月发布成为国家标准(标准号为GB/T 32907-2016).介绍了SM4分组密码算法的算法流程、结构特点及其密码特性,以及SM4算法的安全性分析研究现状,并与国际标准分组算法的安全性进行了对比.
SM4 Algorithm,short for SM4 Block Cipher Algorithm,was published in 2006 to promote the application of WAPI.It became a cryptography industrial standard(GM/T 0002—2012) in March 2012 and a national standard(GB/T 32907—2016) in August 2016.This paper describes SM4's calculating process,structural features and cryptographic properties.Furthermore,we introduce some latest researches on SM4's security and compare SM4's security with several international block cipher standards such as AES,HIGHT and MISTY1.
SM4 Algorithm,short for SM4 Block Cipher Algorithm,was published in 2006 to promote the application of WAPI.It became a cryptography industrial standard(GM/T 0002—2012) in March 2012 and a national standard(GB/T 32907—2016) in August 2016.This paper describes SM4's calculating process,structural features and cryptographic properties.Furthermore,we introduce some latest researches on SM4's security and compare SM4's security with several international block cipher standards such as AES,HIGHT and MISTY1.
引文
[1]Shannon C E.Communication theory of secret system[J].Bell System Technical Joural,1949,28(4):656-715
[2]National Institute of Standard Technology.FIPS 46-3 Data Encryption Standard[S].Gaithersburg:Federal Information Processing Standard,1977
[3]NIST.AES计划主页[EB/OL].[2016-11-04].http://csrc.nist.gov/encryption/aes/
[4]NIST.NESSIE计划主页[EB/OL].[2016-11-04].http://www.cryptonessie.org
[5]国家密码管理局.国家密码管理局公告(第7号)[EB/OL].[2016-11-04].http://www.oscca.gov.cn/News/200709/News_1105.htm
[6]吕述望,李大为,张超,等.GM/T 0002-2012 SM4分组密码算法[S].北京:中国标准出版社,2012
[7]中国标准化委员会.GB/T 32907-2016信息安全技术SM4分组密码算法[S].北京:中国质检出版社,2016
[8]吕述望.完全映射及其密码学应用[M].北京:中国科学技术大学出版社,2008
[9]刘佳,韦宝典,戴宪华.SMS4算法S盒的密码学性质[J].计算机工程,2008,34(5):158-160
[10]吴文玲,冯登国,张文涛.分组密码的设计与分析[M].2版.北京:清华大学出版社,2009
[11]陈华.密码算法的安全性检测及关键组件的设计[D].北京:中国科学院软件研究所,2004
[12]Zhang Lei,Zhang Wentao,Wu Wenling.Cryptanalysis of reduced-round SM4 block cipher[C]//Proc of ACISP2008.Berlin:Springer,2008:216-229
[13]Zhang Wentao,Wu Wenling,Feng Dengguo,et al.Some new observations on the SM4 block cipher in the Chinese WAPI standard[C]//Proc of Information Security Practice and Experience(ISPEC).Berlin:Springer,2009:324-335
[14]张美玲,刘景美,王新梅.22-轮SM4的差分分析[J].中山大学学报:自然科学版,2010,49(2):43-47
[15]Su Bozhan,Wu Wenling,Zhang Wentao.Security of the SM4 block cipher against differential cryptanalysis[J].Journal of Computer Science and Technology,2001,26(1):130-138
[16]Etrog J,Robshaw Matt J B.The cryptanalysis of reducedround SM4[C]//Proc of SAC2009.Berlin:Springer,2009:51-65
[17]董晓丽.分组密码AES和SM4的安全性分析[D].西安:西安电子科技大学,2011
[18]Liu Mingjie,Chen Jiazhe.Improved linear attacks on the Chinese block cipher standard[J].Journal of Computer Science and Technology,2014,29(6):1123-1133
[19]Liu Zhiqiang,Gu Dawu,Zhang Jing.Multiple linear cryptanalysis of reduced-round SM4 block cipher[J].Chinese Journal of Electronics,2010,19(3):389-393
[20]Cho J Y,Nyberg K.Improved linear cryptanalysis of SM4block cipher[C]//Proc of the 9th Int Workshop on Symmetric Key Encryption Workshop(SKEW).Vienna,Austria:SKEW,2010
[21]Lu Jiqiang.Attacking reduced-round versions of the SM4block cipher in the Chinese WAPI standard[C]//Proc of ICICS2007.Berlin:Springer,2007:306-318
[22]Toz D,Dunkelman O.Analysis of two attacks on reducedround versions of the SM4[C]//Proc of ICICS 2008.Berlin:Springer,2008:141-156
[23]Wang Gaoli.Improved impossible differential cryptanalysis on SM4[C]//Proc of Int Conf on Communications and Intelligence Information Security.Piscataway,NJ:IEEE,2010:105-108
[24]马猛,赵亚群,刘庆聪,等.SM4算法的多维零相关线性分析[J].密码学报,2015,2(5):458-466
[25]Liu Fen,Ji Wen,Hu Lei,et al.Analysis of the SM4 block cipher[C]//Proc of ACISP 2007.Berlin:Springer,2007:158-170
[26]钟名富,胡予濮,陈杰.分组密码算法SM4的14轮Square攻击[J].西安电子科技大学学报:自然科学版,2008,35(1):105-109
[27]Ji Wen,Hu Lei,Ou Haiwen.Algebraic attack to SM4 and the comparison with AES[C]//Proc of the 5th Int Conf on Information Assurance and Security.Piscataway,NJ:IEEE,2009:662-665
[28]Erickson J,Ding J,Christensen C.Algebraic cryptanalysis of SM4:Groebner basis attack and SAT attack compared[C]//Proc of ICISC2009.Berlin:Springer,2010:73-86
[29]薛萍.对分组密码算法SM4的矩形攻击[D].济南:山东大学,2012
[30]魏航,崔会丽,吕晓庆.SM4分组密码算法的差分-代数分析[J].成都大学学报:自然科学版,2012,31(2):158-160
[31]张立廷,吴文玲.使用压缩函数的非平衡Feistel结构的伪随机性和超伪随机性[J].计算机学报,2009,32(7):1320-1330)
[32]Zhang Meiling,Liu Yuanhua,Liu Jingmei.Practically secure against differential cryptanalysis for block cipher SM4[J].American Journal of Engineering and Technology Research,2011,11(12):1923-1928
[33]Zhang Bin,Jin Chenhui.Practical security against linear cryptanalysis for SM4-like ciphers with SP round function[J].Science China:Information Sciences,2012,55(9):2161-2170
[34]Sun Siwei,Hu Lei,Wang Peng,et aL Automatic security evaluation and(related-key)differential characteristic search:Application to SIMON,PRESENT,LBlock,DES(L)and other bit-oriented block cipher[C]//Proc of ASIACRYPT(2014).Berlin:Springer,2014:158-178
[35]Todo Y.Integral cryptanalysis on full MISTY1[C]//Proc of Advances in Cryptology-CRYPTO 2015.Berlin:Springer,2015:413-432
[36]Bar-On A,Keller N.A 270 attack on the full MISTY1[C]//Proc of Advances in Cryptology-CRYPTO 2016.Berlin:Springer,2016:435-456
[37]Isobe T,Shibutani K.Generic key recovery attack on feistel scheme[C]//Proc of Part I of the 19th Int Conf on Advances in Cryptology(ASIACRYPT2013).Berlin:Springer,2013:464-485
[38]Bonwook K,Hong D,Kwon D.Related-key attack on the full HIGHT[C]//Proc of the 13th Int Conf on Information Security and Cryptology(ICISC'10).Berlin:Springer,2011:49-67
[39]Ferguson N,Kelsey J,Lucks S,et al.Improved cryptanalysis of Rijndael[C]//Proc of the 7th Int Workshop on Fast Software Encryption Fse.Berlin:Springer,2001:213-230
[40]Andrey B,Khovratovich D,Rechberger C.Biclique cryptanalysis of the full AES[C]//Proc of ASIACRYPT2011.Berlin:Springer,2011:344-371
[41]Biryukov A,Khovratovich D.Related-key cryptanalysis of the full AES-192 and AES-256[C]//Proc of Advances in Cryptology-ASIACRYPT 2009.Berlin:Springer,2009:1-18
[42]Christina B,Naya-Plasencia M,Suder V.Scrutinizing and improving impossible differential attacks:Applications to CLEFIA,Camellia,LBlock and Simon[C]//Proc of ASIACRYPT 2014.Berlin:Springer,2014:179-199
[43]Lu Jiqiang,Yap W,Henricksen M,et al.Differential attack on nine rounds of the SEED block cipher[J].Information Processing Letters,2014,114(3):116-123
[2]National Institute of Standard Technology.FIPS 46-3 Data Encryption Standard[S].Gaithersburg:Federal Information Processing Standard,1977
[3]NIST.AES计划主页[EB/OL].[2016-11-04].http://csrc.nist.gov/encryption/aes/
[4]NIST.NESSIE计划主页[EB/OL].[2016-11-04].http://www.cryptonessie.org
[5]国家密码管理局.国家密码管理局公告(第7号)[EB/OL].[2016-11-04].http://www.oscca.gov.cn/News/200709/News_1105.htm
[6]吕述望,李大为,张超,等.GM/T 0002-2012 SM4分组密码算法[S].北京:中国标准出版社,2012
[7]中国标准化委员会.GB/T 32907-2016信息安全技术SM4分组密码算法[S].北京:中国质检出版社,2016
[8]吕述望.完全映射及其密码学应用[M].北京:中国科学技术大学出版社,2008
[9]刘佳,韦宝典,戴宪华.SMS4算法S盒的密码学性质[J].计算机工程,2008,34(5):158-160
[10]吴文玲,冯登国,张文涛.分组密码的设计与分析[M].2版.北京:清华大学出版社,2009
[11]陈华.密码算法的安全性检测及关键组件的设计[D].北京:中国科学院软件研究所,2004
[12]Zhang Lei,Zhang Wentao,Wu Wenling.Cryptanalysis of reduced-round SM4 block cipher[C]//Proc of ACISP2008.Berlin:Springer,2008:216-229
[13]Zhang Wentao,Wu Wenling,Feng Dengguo,et al.Some new observations on the SM4 block cipher in the Chinese WAPI standard[C]//Proc of Information Security Practice and Experience(ISPEC).Berlin:Springer,2009:324-335
[14]张美玲,刘景美,王新梅.22-轮SM4的差分分析[J].中山大学学报:自然科学版,2010,49(2):43-47
[15]Su Bozhan,Wu Wenling,Zhang Wentao.Security of the SM4 block cipher against differential cryptanalysis[J].Journal of Computer Science and Technology,2001,26(1):130-138
[16]Etrog J,Robshaw Matt J B.The cryptanalysis of reducedround SM4[C]//Proc of SAC2009.Berlin:Springer,2009:51-65
[17]董晓丽.分组密码AES和SM4的安全性分析[D].西安:西安电子科技大学,2011
[18]Liu Mingjie,Chen Jiazhe.Improved linear attacks on the Chinese block cipher standard[J].Journal of Computer Science and Technology,2014,29(6):1123-1133
[19]Liu Zhiqiang,Gu Dawu,Zhang Jing.Multiple linear cryptanalysis of reduced-round SM4 block cipher[J].Chinese Journal of Electronics,2010,19(3):389-393
[20]Cho J Y,Nyberg K.Improved linear cryptanalysis of SM4block cipher[C]//Proc of the 9th Int Workshop on Symmetric Key Encryption Workshop(SKEW).Vienna,Austria:SKEW,2010
[21]Lu Jiqiang.Attacking reduced-round versions of the SM4block cipher in the Chinese WAPI standard[C]//Proc of ICICS2007.Berlin:Springer,2007:306-318
[22]Toz D,Dunkelman O.Analysis of two attacks on reducedround versions of the SM4[C]//Proc of ICICS 2008.Berlin:Springer,2008:141-156
[23]Wang Gaoli.Improved impossible differential cryptanalysis on SM4[C]//Proc of Int Conf on Communications and Intelligence Information Security.Piscataway,NJ:IEEE,2010:105-108
[24]马猛,赵亚群,刘庆聪,等.SM4算法的多维零相关线性分析[J].密码学报,2015,2(5):458-466
[25]Liu Fen,Ji Wen,Hu Lei,et al.Analysis of the SM4 block cipher[C]//Proc of ACISP 2007.Berlin:Springer,2007:158-170
[26]钟名富,胡予濮,陈杰.分组密码算法SM4的14轮Square攻击[J].西安电子科技大学学报:自然科学版,2008,35(1):105-109
[27]Ji Wen,Hu Lei,Ou Haiwen.Algebraic attack to SM4 and the comparison with AES[C]//Proc of the 5th Int Conf on Information Assurance and Security.Piscataway,NJ:IEEE,2009:662-665
[28]Erickson J,Ding J,Christensen C.Algebraic cryptanalysis of SM4:Groebner basis attack and SAT attack compared[C]//Proc of ICISC2009.Berlin:Springer,2010:73-86
[29]薛萍.对分组密码算法SM4的矩形攻击[D].济南:山东大学,2012
[30]魏航,崔会丽,吕晓庆.SM4分组密码算法的差分-代数分析[J].成都大学学报:自然科学版,2012,31(2):158-160
[31]张立廷,吴文玲.使用压缩函数的非平衡Feistel结构的伪随机性和超伪随机性[J].计算机学报,2009,32(7):1320-1330)
[32]Zhang Meiling,Liu Yuanhua,Liu Jingmei.Practically secure against differential cryptanalysis for block cipher SM4[J].American Journal of Engineering and Technology Research,2011,11(12):1923-1928
[33]Zhang Bin,Jin Chenhui.Practical security against linear cryptanalysis for SM4-like ciphers with SP round function[J].Science China:Information Sciences,2012,55(9):2161-2170
[34]Sun Siwei,Hu Lei,Wang Peng,et aL Automatic security evaluation and(related-key)differential characteristic search:Application to SIMON,PRESENT,LBlock,DES(L)and other bit-oriented block cipher[C]//Proc of ASIACRYPT(2014).Berlin:Springer,2014:158-178
[35]Todo Y.Integral cryptanalysis on full MISTY1[C]//Proc of Advances in Cryptology-CRYPTO 2015.Berlin:Springer,2015:413-432
[36]Bar-On A,Keller N.A 270 attack on the full MISTY1[C]//Proc of Advances in Cryptology-CRYPTO 2016.Berlin:Springer,2016:435-456
[37]Isobe T,Shibutani K.Generic key recovery attack on feistel scheme[C]//Proc of Part I of the 19th Int Conf on Advances in Cryptology(ASIACRYPT2013).Berlin:Springer,2013:464-485
[38]Bonwook K,Hong D,Kwon D.Related-key attack on the full HIGHT[C]//Proc of the 13th Int Conf on Information Security and Cryptology(ICISC'10).Berlin:Springer,2011:49-67
[39]Ferguson N,Kelsey J,Lucks S,et al.Improved cryptanalysis of Rijndael[C]//Proc of the 7th Int Workshop on Fast Software Encryption Fse.Berlin:Springer,2001:213-230
[40]Andrey B,Khovratovich D,Rechberger C.Biclique cryptanalysis of the full AES[C]//Proc of ASIACRYPT2011.Berlin:Springer,2011:344-371
[41]Biryukov A,Khovratovich D.Related-key cryptanalysis of the full AES-192 and AES-256[C]//Proc of Advances in Cryptology-ASIACRYPT 2009.Berlin:Springer,2009:1-18
[42]Christina B,Naya-Plasencia M,Suder V.Scrutinizing and improving impossible differential attacks:Applications to CLEFIA,Camellia,LBlock and Simon[C]//Proc of ASIACRYPT 2014.Berlin:Springer,2014:179-199
[43]Lu Jiqiang,Yap W,Henricksen M,et al.Differential attack on nine rounds of the SEED block cipher[J].Information Processing Letters,2014,114(3):116-123