How Do The Chinese Ciphers Compare with NIST Standards?
How Do The Chinese Ciphers Compare with NIST Standards?
And, so, NIST has defined AES as the standard for symmetric key encryption. But, NIST was pinpointed in possibly pushing a cipher with an NSA backdoor. For companies in China, the ShāngMì (SM) series of ciphers provide one alternative for TLS 1.3 integration and Wireless authentication. SM2 defines authentication, SM3 defines a hashing function, and SM4 for encryption. SM4 was developed by Lü Shuwang in 2007 and became a national standard (GB/T 32907–2016) in 2016. It has also been defined in RFC 8998 [here]:
SM2
SM2 is a signature signature equivalent to ECDSA, EdDSA and RSA [here]:
As we see, the fastest signing method is ECDSA (P256), and where is more than ten times faster than Curve SM2. But, SM2 does fairly well in signing, and while RSA is around ten times faster than SM2, overall, ECDSA is around twice as fast to verify than SM2:
SM3
SM3 provides a 256-bit hash [here]:
SM3 is one of the showest of the major hashes, and is about 37% of the speed of SHA-1 [here]:
For a hash of “Hello”, we get [here]:
echo -n "Hello" | openssl dgst -sm3
dc74f051ad5bc19ba721bf0023e10de03bae29bbe013c43988bae55828bcebSM4
With the SM4 cipher, we have a block size of 128 bits and a 128-bit encryption key [here]:
Each block of data has 32 rounds of processing. Overall, we can add a salt value of 128 bits in an IV (Initialisation Vector). Overall, SM4 does not perform well against AES and Cha-Cha20., with AES — 128-ECB being around 100 times faster the SM4-ECB [here]:
We can code with [here]:
import os
from cryptography.hazmat.primitives.ciphers import Cipher, algorithms, modes
from cryptography.hazmat.primitives import padding
import sys
message="Hello"
keysize=16
iv = os.urandom(16)
mode=0
if (len(sys.argv)>1):
message=str(sys.argv[1])
if (len(sys.argv)>2):
mode=int(sys.argv[2])
key = os.urandom(keysize)
padder = padding.PKCS7(128).padder()
unpadder = padding.PKCS7(128).unpadder()
cipher=None
if (mode==0):
cipher = Cipher(algorithms.SM4(key), modes.CBC(iv))
if (mode==1):
cipher = Cipher(algorithms.SM4(key), modes.OFB(iv))
if (mode==2):
cipher = Cipher(algorithms.SM4(key), modes.CFB(iv))
if (mode==3):
cipher = Cipher(algorithms.SM4(key), modes.CTR(iv))
if (mode==4):
cipher = Cipher(algorithms.SM4(key), modes.ECB())
encryptor = cipher.encryptor()
str=padder.update(message.encode())+padder.finalize()
ciphertext = encryptor.update(str ) + encryptor.finalize()
# Now decrypt
decryptor = cipher.decryptor()
rtn=unpadder.update(decryptor.update(ciphertext) + decryptor.finalize())+unpadder.finalize()
print("Type:\t\t\t",cipher.algorithm.name)
print("Mode:\t\t\t",cipher.mode.name)
print("Message:\t\t",message)
print("Message with padding:\t",str)
print("\nKey:\t\t\t",key.hex())
if (mode!=4): print("IV:\t\t\t",iv.hex())
print("\nCipher:\t\t\t",ciphertext.hex())
print("Decrypt:\t\t",rtn.decode())and a test run of [here]:
Type: SM4
Mode: CBC
Message: Hello
Message with padding: b'Hello\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b'
Key: ff010929f29f618ea5181a6a2e9de7a0
IV: 56f8a40da11cd93a67172311470879c3
Cipher: 292994cf3bf587e2b9f020a6c94026c1
Decrypt: HelloSM4 is also a core part of OpenSSL 3.x:
https://asecuritysite.com/openssl/openssl3
Conclusions
And, so, SM4 (the symmetric key method) is particularly slow compared with AES. This is perhaps due to the accereltation that many processesor have for AES. With SM3 (the signature method), the signature creation is around 10 times slower that ECDSA (P256). And for SM2, the hashes take around three times longer to create than SHA-1