Cryptographic ciphers often utilize an algorithm and a key to protect information. The algorithm may be a complex mathematical function, and the key may be a string of bits. Various types of ciphers are known, including those that utilize a “secret” key, and those that utilize a “public” key. Ciphers that utilize a secret key may operate based on the use of a single key that is shared between multiple parties. In such instances the single key may be used to encrypt and decrypt information. In contrast, a cipher utilizing a public key may use two keys to protect information, i.e., a widely distributed (i.e., public) key, and a different, “private” key that is not widely distributed. In such algorithms the public key may be used to encrypt information to produce cipher text that can only be decrypted using the private key.
The advanced encryption standard (AES) is one type of cryptographic cipher that utilizes a secret key (cipher key) to transform intelligible data (plaintext) into unintelligible data (cipher text). The transformations in the AES cipher are performed over a series of rounds, and include: (1) adding a round key (value derived from the cipher key) to the state (a two dimensional array of bytes) using an exclusive XOR operation (AddRoundKey); (2) processing the state using a non-linear byte substitution table (SubBytes, also called S-Box); (3) cyclically shifting the last three rows of the state by different offsets (ShiftRows); and (4) taking all of the columns of the state and mixing their data independently of one another to produce new columns (MixColumns). Decryption (inverse cipher) uses the cipher key to transform the cipher text into plaintext by performing the inverse of the transformations in the cipher.
AES is compute intensive and its performance on general purposes processors was relatively slow when it was first introduced. Subsequent to its introduction a new instruction set architecture for AES was developed. The new instruction set architecture, referred to as AES-New Instructions or AES-NI, improves the performance of AES on a general purpose processors in part by grouping sequences of AES operations into single operations. The use of AES-NI also hardens the AES cipher against so-called “side-channel attacks.” A detailed description of AES-NI and its ability to protect against side channel attacks can be found in S. Gueron. Intel Advanced Encryption Standard (AES) Instructions Set, Rev 3.01 (September 2012), available at http://software.intel.com/sites/default/files/article/165683/aes-wp-2012-09-22-v01.pdf, the entire content of which is incorporated herein by reference. Details of the AES cipher may be found in Federal Information Processing Standard (FIPS) 197, the entire content of which is incorporated here by reference. FIPS 197 may be found at http://csrc.nist.gov/publications/fips/fips197/fips-197.pdf.
SMS4 is another type of cryptographic cipher that utilizes a secret key (cipher key) to transform plaintext into cipher text. SMS4 is an unbalanced Feistel network cipher with a block size of 128 bits (16 bytes) and a key size of 128 bits (16 bytes). Like AES, SMS4 encrypts plaintext and decrypts cipher text in a series of rounds. During execution of SMS4 each 128 bit input block is divided into four 32 bit words. Each encryption round of SMS4 includes two transformations, a non-linear S-box transformation (τ) and a linear transformation (L). An English translation of the SMS4 specification is provided in Whitfield Diffie and George Ledin (translators), “SMS4 Encryption Algorithm for Wireless Networks,” Cryptology Eprint Archive, Report 2008/329, 2008, available at http://eprint.iacr.org, the entire content of which is incorporated herein by reference.
Although SMS4 is a useful cipher its performance on general purpose processors is presently about the same as the performance of AES prior to the implementation of AES-NI. Moreover the non-linear transformation in SMS4 relies on the use of an S-box lookup table that is defined in the SMS4 specification. Use of that lookup table may expose the cipher to certain types of attack, such as but not limited to side channel attacks. The practical usefulness of SMS4 may therefore be limited, and may be overshadowed by the improved performance and security exhibited by other ciphers such as AES.
Although the following Detailed Description will proceed with reference being made to illustrative embodiments, many alternatives, modifications, and variations thereof will be apparent to those skilled in the art.