# SM4 (cipher)

SM4
General
DesignersChinese Government
First published2006 (declassified; standardized March 21, 2012)
Cipher detail
Key sizes128 bits
Block sizes128 bits
Structureunbalanced Feistel network
Rounds32
Best public cryptanalysis
Linear and differential attacks against 22 rounds

SM4 (formerly SMS4) is a block cipher used in the Chinese National Standard for Wireless LAN WAPI (Wired Authentication and Privacy Infrastructure).

SM4 was a cipher proposed to for the IEEE 802.11i standard, but has so far been rejected by ISO. One of the reasons for the rejection has been opposition to the WAPI fast-track proposal by the IEEE.

The SM4 algorithm was invented by Lu Shuwang (Chinese: 吕述望). The algorithm was declassified in January, 2006, and it became a national standard (GB/T 32907-2016) in August 2016.

## Cipher detail

A few details of the SM4 cipher are:

• It has a block size of 128 bits.
• It uses an 8-bit S-box.
• The key size is 128 bits.
• The only operations used are 32-bit bitwise XOR, 32-bit circular shifts and S-box applications.
• Encryption or decryption of one block of data is composed of 32 rounds.
• Each round updates a quarter (i.e., 32 bits) of the internal state.
• A non-linear key schedule is used to produce the round keys.
• Decryption uses the same round keys as for encryption, except that they are in reversed order.

## Terms and definitions

### Word and byte

Define $Z_{2}^{e}$ as a vector set of e bits.

$Z_{2}^{32}$ is a word.

$Z_{2}^{8}$ is a byte.

### S-box

S-box is fixed for 8-bit input and 8-bit output, noted as Sbox().

### Keys and key parameters

The length of encryption keys is 128 bits, represented as $MK=(MK_{0},\ MK_{1},\ MK_{2},\ MK_{3})$ , in which $MK_{i}\ (i=0,\ 1,\ 2,\ 3)$ is a word.

A round key is represented as $(rk_{0},\ rk_{1},\ \ldots ,\ rk_{31})$ ,where each $rk_{i}(i=0,\ \ldots ,\ 31)$ is a word. It is generated by the encryption key.

$FK=(FK_{0},\ FK_{1},\ FK_{2},\ FK_{3})$ is a system parameter.

$CK=(CK_{0},\ CK_{1},\ \ldots ,\ CK_{31})$ is a fixed parameter, used to generate $rk_{i}$ .

$FK_{i}$ and $CK_{i}$ are words, used for extension of the algorithm.

## Remark

On March 21, 2012, the Chinese government published the industrial standard "GM/T 0002-2012 SM4 Block Cipher Algorithm", officially renaming SMS4 to SM4.