SMS4

SMS4 is a block cipher used in the Chinese National Standard for Wireless LAN WAPI (Wired Authentication and Privacy Infrastructure).

SMS4 was a proposed cipher to be used in IEEE 802.11i standard, but has so far been rejected by ISO. One of the reasons for the rejection has been opposition to the WAPI fast-track proposal by the IEEE.

SMS4 is patented by Beijing Data Security Technology Co. Ltd. (BDST). According to an article on The Register, any Wi-Fi equipment makers that want to support WAPI must work with one of eleven designated implementors of WAPI.

One thing that sets the WAPI proposal apart from other WLAN security standards is the use of central key servers.

The SMS4 algorithm was declassified in January, 2006. A few details of the SMS4 cipher are:

It has a block size of 128 bits.
Uses a 8-bit S-box
The key size is 128 bits.
The only operations used are XOR, circular shifts and S-Box applications
Performs 32 rounds to process one block.
Each round updates a quarter (32 bits) of the internal state.
A non-linear key schedule is used to produce the round keys.
Decryption is using the same keys as encryption, but in reversed order.

1 Terms and Definitions
2 SMS4 S-box
3 External links

Terms and Definitions

Word and Byte

Define $Z^e_2$ as a vector set of e bits.

$Z^{32}_2$ is a word.

$Z^8_2$ is a byte.

S-box

S-box is fixed for 8-bit input and 8-bit output, noted as Sbox().

Keys and Key Parameters

The length of encryption keys are 128-bit, represented as $MK=(MK_0,\ MK_1,\ MK_2,\ MK_3)$ , in which $MK_i\ (i=0,\ 1,\ 2,\ 3)$ is a word.

A rotation key is represented as $(rk_0,\ rk_1,\ \ldots,\ rk_{31})$ . It is generated by the encryption key.

$FK=(FK_0,\ FK_1,\ FK_2,\ FK_3)$ is a system parameter.

$CK=(CK_0,\ CK_1,\ \ldots,\ CK_31)$ is a fixed parameter.

$F K i$ and $C K i$ are words, used for extension of the algorithm.

SMS4 S-box

The round function of SMS4 uses a bijective 8-bit S-box. The following table contains the substitution values of the S-box:

    0  1  2  3  4  5  6  7  8  9  a  b  c  d  e  f
 0 d6 90 e9 fe cc e1 3d b7 16 b6 14 c2 28 fb 2c 05
 1 2b 67 9a 76 2a be 04 c3 aa 44 13 26 49 86 06 99
 2 9c 42 50 f4 91 ef 98 7a 33 54 0b 43 ed cf ac 62
 3 e4 b3 1c a9 c9 08 e8 95 80 df 94 fa 75 8f 3f a6
 4 47 07 a7 fc f3 73 17 ba 83 59 3c 19 e6 85 4f a8
 5 68 6b 81 b2 71 64 da 8b f8 eb 0f 4b 70 56 9d 35
 6 1e 24 0e 5e 63 58 d1 a2 25 22 7c 3b 01 21 78 87
 7 d4 00 46 57 9f d3 27 52 4c 36 02 e7 a0 c4 c8 9e
 8 ea bf 8a d2 40 c7 38 b5 a3 f7 f2 ce f9 61 15 a1
 9 e0 ae 5d a4 9b 34 1a 55 ad 93 32 30 f5 8c b1 e3
 a 1d f6 e2 2e 82 66 ca 60 c0 29 23 ab 0d 53 4e 6f
 b d5 db 37 45 de fd 8e 2f 03 ff 6a 72 6d 6c 5b 51
 c 8d 1b af 92 bb dd bc 7f 11 d9 5c 41 1f 10 5a d8
 d 0a c1 31 88 a5 cd 7b bd 2d 74 d0 12 b8 e5 b4 b0
 e 89 69 97 4a 0c 96 77 7e 65 b9 f1 09 c5 6e c6 84
 f 18 f0 7d ec 3a dc 4d 20 79 ee 5f 3e d7 cb 39 48

The columns represents the high nibble and row represents low nibble. This means that S(0x6a) = 0x7c.

External links

Block ciphers

edit


	Original Article from WikiPedia: http://en.wikipedia.org/wiki/SMS4 Encyclopedia Dictionary * More Info