Scribd
Upload
107 views8 pages

SM4 Block Cipher Standard Overview

Uploaded by

nhavb
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
107 views8 pages

SM4 Block Cipher Standard Overview

Uploaded by

nhavb
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd

SM4 Block Cipher Algorithm

Content

1 Scope ............................................................................................................................... 1

2 Terms and Definitions .................................................................................................. 1

3 Symbols and Acronyms ................................................................................................ 1

4 Algorithm Structure ..................................................................................................... 1

5 Key and Key Parameters .............................................................................................. 2

6 Round Function 𝑭 ......................................................................................................... 2

6.1 Round Function Structure .......................................................................................2

6.2 Permutation 𝑻 ............................................................................................................2

7 Algorithm Description ................................................................................................. 3

7.1 Encryption ....................................................................................................................3

7.2 Decryption ....................................................................................................................3

7.3 Key Expansion .............................................................................................................3

Annex A (informative) Examples ..................................................................................... 5

A.1 Example 1 .....................................................................................................................5

A.2 Example 2 .....................................................................................................................6


SM4 Block Cipher Algorithm

1 Scope

This document specifies the SM4 block cipher algorithm, including its structure and
description. And this document gives computation examples for SM4 block cipher
algorithm.
This document applies to cipher application using block cipher algorithm.

2 Terms and Definitions


The following terms and definitions are applied to this document.

2.1 block length


bit size of one block plaintext

2.2 key length


bit size of the cipher key

2.3 key expansion algorithm


an algorithm that transforms the cipher key into round keys

2.4 rounds
the number of round function iterations

2.5 word
a bit string of length 32 bits

2.6 S-box
a permutation with 8-bit input and 8-bit output, represented as 𝑆𝑏𝑜𝑥(·)

3 Symbols and Acronyms


The following symbols and acronyms are applied to this document.
⊕ logical exclusive-or of 32-bit words
<<< 𝑖 left circular rotation by 𝑖 bits

4 Algorithm Structure
SM4 is a block cipher algorithm. Its block length and cipher key length are both of 128
bits. SM4 adopts an unbalanced Feistel structure and iterates its round functions for 32
times in both encryption and key expansion algorithm. The structure of decryption is the

1
same as the encryption. But the decryption round keys are in the reverse order of the
encryption round keys.

5 Key and Key Parameters


The 128-bit cipher key is represented as 𝑀𝐾 = (𝑀𝐾0 , 𝑀𝐾2 , 𝑀𝐾3 , 𝑀𝐾4 ), where 𝑀𝐾6 =
(𝑖 = 0,1,2,3) are 32-bit words.
The round keys are represented as (𝑟𝑘0 , 𝑟𝑘2 , … , 𝑟𝑘42 ), where 𝑟𝑘6 (𝑖 = 0, … ,31) are
32-bit words. The round keys are generated from the cipher key via key expansion
algorithm.
The system parameter is 𝐹𝐾 = (𝐹𝐾0 , 𝐹𝐾2 , 𝐹𝐾3 , 𝐹𝐾4 ), and the fixed parameter is 𝐶𝐾 =
(𝐶𝐾0 , 𝐶𝐾2 , … , 𝐶𝐾42 ) , where the 𝐹𝐾6 (𝑖 = 0,1,2,3) and 𝐶𝐾6 (𝑖 = 0, … ,31) are 32-bit
words used in the key expansion algorithm.

6 Round Function 𝑭
6.1 Round Function Structure

Suppose the input to round function is (𝑋0 , 𝑋2 , 𝑋3 , 𝑋4 ) ∈ (𝑍343 )C and the round key is
𝑟𝑘 ∈ 𝑍343 , then 𝐹 can be represented as:
𝐹 𝑋0 , 𝑋2 , 𝑋3 , 𝑋4 , 𝑟𝑘 = 𝑋0 ⊕ 𝑇(𝑋2 ⊕ 𝑋3 ⊕ 𝑋4 ⊕ 𝑟𝑘).

6.2 Permutation 𝑻
𝑇: 𝑍343 → 𝑍343 is an invertible transformation, composed of a nonlinear transformation 𝜏
and a linear transformation 𝐿. That is, 𝑇 ∙ = 𝐿(𝜏(∙)).
(1) Nonlinear transformation 𝝉
𝜏 is composed of 4 S-boxes in parallel. Suppose 𝐴 = (𝑎0 , 𝑎2 , 𝑎3 , 𝑎4 ) ∈ (𝑍3M )C is input to
𝜏, and 𝐵 = (𝑏0 , 𝑏2 , 𝑏3 , 𝑏4 ) ∈ (𝑍3M )C is the corresponding output, then
𝑏0 , 𝑏2 , 𝑏3 , 𝑏4 = 𝜏 𝐴 = (𝑆𝑏𝑜𝑥 𝑎0 , 𝑆𝑏𝑜𝑥 𝑎2 , 𝑆𝑏𝑜𝑥 𝑎3 , 𝑆𝑏𝑜𝑥 𝑎4 ).
The S-box is as follows:

0 1 2 3 4 5 6 7 8 9 A B C D E F

0 D6 90 E9 FE CC E1 3D B7 16 B6 14 C2 28 FB 2C 05

1 2B 67 9A 76 2A BE 04 C3 AA 44 13 26 49 86 06 99

2 9C 42 50 F4 91 EF 98 7A 33 54 0B 43 ED CF AC 62

3 E4 B3 1C A9 C9 08 E8 95 80 DF 94 FA 75 8F 3F A6
x
4 47 07 A7 FC F3 73 17 BA 83 59 3C 19 E6 85 4F A8

5 68 6B 81 B2 71 64 DA 8B F8 EB 0F 4B 70 56 9D 35

6 1E 24 0E 5E 63 58 D1 A2 25 22 7C 3B 01 21 78 87

7 D4 00 46 57 9F D3 27 52 4C 36 02 E7 A0 C4 C8 9E

2
8 EA BF 8A D2 40 C7 38 B5 A3 F7 F2 CE F9 61 15 A1

9 E0 AE 5D A4 9B 34 1A 55 AD 93 32 30 F5 8C B1 E3

A 1D F6 E2 2E 82 66 CA 60 C0 29 23 AB 0D 53 4E 6F

B D5 DB 37 45 DE FD 8E 2F 03 FF 6A 72 6D 6C 5B 51

C 8D 1B AF 92 BB DD BC 7F 11 D9 5C 41 1F 10 5A D8

D 0A C1 31 88 A5 CD 7B BD 2D 74 D0 12 B8 E5 B4 B0

E 89 69 97 4A 0C 96 77 7E 65 B9 F1 09 C5 6E C6 84

F 18 F0 7D EC 3A DC 4D 20 79 EE 5F 3E D7 CB 39 48

Note: substitution values for the byte xy (in hexadecimal format), e.g. when the input
is 'EF', then the output is the value in row E and column F, i.e. 𝑆𝑏𝑜𝑥(𝐸𝐹) = 84.
(2) Linear transformation 𝑳
The output from the nonlinear transformation 𝜏 is the input to the linear
transformation 𝐿. Suppose the input to 𝐿 is 𝐵 ∈ 𝑍343 , and the corresponding output is
𝐶 ∈ 𝑍343 , then
𝐶 = 𝐿 𝐵 = 𝐵 ⊕ (𝐵 <<< 2) ⊕ (𝐵 <<< 10) ⊕ (𝐵 <<< 18) ⊕ (𝐵 <<< 24).

7 Algorithm Description
7.1 Encryption
The encryption algorithm first iterates the round function 𝐹 for 32 times, and then
applies the reverse transformation 𝑅 in the end.
Suppose its input plaintext is (𝑋0 , 𝑋2 , 𝑋3 , 𝑋4 ) ∈ (𝑍343 )C , the corresponding output
ciphertext is (𝑌0 , 𝑌2 , 𝑌3 , 𝑌4 ) ∈ (𝑍343 )C , and the round keys are 𝑟𝑘6 ∈ 𝑍343 , 𝑖 = 0,1, … ,31,
then the process of the encryption algorithm is as follows:
(1) 32-round iterated operation: 𝑋6UC = 𝐹 𝑋6 , 𝑋6U2 , 𝑋6U3 , 𝑋6U4 , 𝑟𝑘6 , 𝑖 = 0,1, … 31.
(2) The reverse transformation:
𝑌0 , 𝑌2 , 𝑌3 , 𝑌4 = 𝑅 𝑋43 , 𝑋44 , 𝑋4C , 𝑋4V = 𝑋4V , 𝑋4C , 𝑋44 , 𝑋43 .

7.2 Decryption
The structure of the decryption transformation is the same as the encryption
transformation. The only difference is the order of the round keys. In decryption, the
round keys are used in the order of (𝑟𝑘42 , 𝑟𝑘40 , … , 𝑟𝑘0 ).

7.3 Key Expansion


The round keys in this algorithm are generated from the cipher key via the key
expansion algorithm.
Suppose the cipher key is 𝑀𝐾 = (𝑀𝐾0 , 𝑀𝐾2 , 𝑀𝐾3 , 𝑀𝐾4 ) ∈ (𝑍343 )C , then the round keys
are generated as follows:
𝐾0 , 𝐾2 , 𝐾3 , 𝐾4 = (𝑀𝐾0 ⊕ 𝐹𝐾0 , 𝑀𝐾2 ⊕ 𝐹𝐾2 , 𝑀𝐾3 ⊕ 𝐹𝐾3 , 𝑀𝐾4 ⊕ 𝐹𝐾4 ),
𝑟𝑘6 = 𝐾6UC = 𝐾6 ⊕ 𝑇 W 𝐾6U2 ⊕ 𝐾6U3 ⊕ 𝐾6U4 ⊕ 𝐶𝐾6 , 𝑖 = 0,1, … ,31 ,
where

3
(1) 𝑇 W replaces the linear transformation 𝐿 in permutation 𝑇 by 𝐿W : 𝐿W 𝐵 = 𝐵 ⊕
(𝐵 <<< 13) ⊕ (𝐵 <<< 23).
(2) The system parameter 𝐹𝐾 is:
𝐹𝐾0 = (𝐴3𝐵1𝐵𝐴𝐶6), 𝐹𝐾2 = (56𝐴𝐴3350),
𝐹𝐾3 = (677𝐷9197), 𝐹𝐾4 = (𝐵27022𝐷𝐶).
(3) The fixed parameter 𝐶𝐾 is used in the key expansion algorithm. Suppose 𝑐𝑘6,^ is
the j -th byte of 𝐶𝐾6 (𝑖 = 0,1, … ,31, 𝑗 = 0,1,2,3), i.e. 𝐶𝐾6 = (𝑐𝑘6,0 , 𝑐𝑘6,2 , 𝑐𝑘6,3 , 𝑐𝑘6,4 )) ∈
(𝑍3M )C , then 𝑐𝑘6,^ = (4𝑖 + 𝑗)×7(𝑚𝑜𝑑 256). To be specific, the values of the fixed
parameters 𝐶𝐾6 (𝑖 = 0,1, … ,31) are:
00070E15, 1C232A31, 383F464D, 545B6269,
70777E85, 8C939AA1, A8AFB6BD, C4CBD2D9,
E0E7EEF5, FC030A11, 181F262D, 343B4249,
50575E65, 6C737A81, 888F969D, A4ABB2B9,
C0C7CED5, DCE3EAF1, F8FF060D, 141B2229,
30373E45, 4C535A61, 686F767D, 848B9299,
A0A7AEB5, BCC3CAD1, D8DFE6ED, F4FB0209,
10171E25, 2C333A41, 484F565D, 646B7279.

4
Annex A
(informative)

Examples

A.1 Example 1
This part is an example of encrypting a plaintext using the SM4 block cipher algorithm.
Input plaintext: 01 23 45 67 89 AB CD EF FE DC BA 98 76 54 32 10.
Cipher key: 01 23 45 67 89 AB CD EF FE DC BA 98 76 54 32 10.
The round keys and the states of the output of each round are as follows:
rk[0]=F12186F9 X[4]=27FAD345
rk[1]=41662B61 X[5]=A18B4CB2
rk[2]=5A6AB19A X[6]=11C1E22A
rk[3]=7BA92077 X[7]=CC13E2EE
rk[4]=367360F4 X[8]=F87C5BD5
rk[5]=776A0C61 X[9]=33220757
rk[6]=B6BB89B3 X[10]=77F4C297
rk[7]=24763151 X[11]=7A96F2EB
rk[8]=A520307C X[12]=27DAC07F
rk[9]=B7584DBD X[13]=42DD0F19
rk[10]=C30753ED X[14]=B8A5DA02
rk[11]=7EE55B57 X[15]=907127FA
rk[12]=6988608C X[16]=8B952B83
rk[13]=30D895B7 X[17]=D42B7C59
rk[14]=44BA14AF X[18]=2FFC5831
rk[15]=104495A1 X[19]=F69E6888
rk[16]=D120B428 X[20]=AF2432C4
rk[17]=73B55FA3 X[21]=ED1EC85E
rk[18]=CC874966 X[22]=55A3BA22
rk[19]=92244439 X[23]=124B18AA
rk[20]=E89E641F X[24]=6AE7725F
rk[21]=98CA015A X[25]=F4CBA1F9
rk[22]=C7159060 X[26]=1DCDFA10

5
rk[23]=99E1FD2E X[27]=2FF60603
rk[24]=B79BD80C X[28]=EFF24FDC
rk[25]=1D2115B0 X[29]=6FE46B75
rk[26]=0E228AEB X[30]=893450AD
rk[27]=F1780C81 X[31]=7B938F4C
rk[28]=428D3654 X[32]=536E4246
rk[29]=62293496 X[33]=86B3E94F
rk[30]=01CF72E5 X[34]=D206965E
rk[31]=9124A012 X[35]=681EDF34
The output ciphertext: 68 1E DF 34 D2 06 96 5E 86 B3 E9 4F 53 6E 42 46.

A.2 Example 2
This part is an example of encrypting a plaintext for 1000000 times under the SM4 block
cipher algorithm with a fixed cipher key.
The input plaintext: 01 23 45 67 89 AB CD EF FE DC BA 98 76 54 32 10.
The cipher key: 01 23 45 67 89 AB CD EF FE DC BA 98 76 54 32 10.
The output ciphertext: 59 52 98 C7 C6 FD 27 1F 04 02 F8 04 C3 3D 3F 66.

You might also like