Why China’s National Cryptographic Algorithms Matter: SM1‑SM9 Explained

What are China’s national cryptographic algorithms?

China’s national cryptographic algorithms, issued by the State Cryptography Administration, include SM1 (SCB2), SM2, SM3, SM4, SM7, SM9 and the ZUC algorithm. They are widely used in finance, e‑government, security, and other fields to protect confidentiality, integrity, and availability of sensitive data while reducing reliance on foreign cryptographic products.

Why are national cryptographic algorithms needed?

Background

During network data transmission and storage, confidentiality and security are essential. International standards are secure but their source code cannot be guaranteed, posing risks of external tampering. Since 2007 China has developed its own standards, officially released in 2010.

After years of development, these algorithms have become a core part of China’s information security, enhancing national competitiveness.

Characteristics

National cryptographic algorithms have the following features:

High security: based on rigorous cryptographic principles.

Efficiency and flexibility: high encryption speed and adaptable key lengths.

Standardization: recognized by national standards bodies and comparable to international algorithms.

Independent innovation: domestically developed, reducing external dependence.

Multi‑domain applicability: suitable for finance, e‑commerce, communications, IoT, blockchain, and more.

How do the algorithms work?

The suite includes symmetric algorithms (SM1, SM4, SM7, ZUC), asymmetric algorithms (SM2, SM9) and a hash algorithm (SM3).

Below are brief introductions to the most commonly used algorithms.

SM1

SM1 is a symmetric encryption algorithm, implemented as an IP core and used for small‑data protection in smart cards, key devices, access control cards, and similar security products.

SM2

SM2 is an ECC‑based asymmetric algorithm, supporting digital signatures (SM2‑1), key exchange (SM2‑2) and public‑key encryption (SM2‑3). It is applied in e‑commerce, internet finance, IoT, and other scenarios.

Data encryption

SM2 uses a public key to encrypt data and a private key to decrypt.

Key agreement

SM2 enables secure key agreement through elliptic‑curve operations, generating a shared session key for symmetric encryption such as SM4.

Digital signature

SM2 combined with SM3 provides digital signatures for integrity and authenticity.

SM3

SM3 is a hash algorithm producing a 256‑bit digest, used for digital signatures, data integrity verification, blockchain, and random number generation.

Typical signing process: hash with SM3, encrypt the hash with a private key (SM2), transmit the ciphertext, and verify with the public key and compare hashes.

SM4

SM4 is a publicly documented block cipher (128‑bit block, 128‑bit key, 32 rounds) used for high‑volume data encryption in storage, network transmission, IoT, and blockchain.

Encryption modes

SM4 supports ECB, CBC, CFB, and other modes. ECB encrypts each block independently; CBC chains blocks for higher security.

In CBC mode, plaintext blocks are XORed with the previous ciphertext block (or IV for the first block) before encryption, and decryption reverses the process.

Comparison with International Standards

Compared with DES, AES, RSA, SHA‑1/256, the national algorithms offer comparable or higher security, similar block and key sizes, and efficient performance, while some (SM1, SM2) remain undisclosed.

Typical Application Scenarios

AD‑WAN vertical IP/MPLS networking

National algorithms can be integrated with AD‑WAN platforms to configure one‑click encryption, establishing end‑to‑end IPsec tunnels protected by SM2, SM3, and SM1/SM4.

During IKE key exchange, SM2 generates session keys; authentication uses SM2/SM3 signatures and SM1/SM4 encryption; data transfer uses SM2/SM3 signatures and SM1/SM4 encryption for confidentiality and integrity.

4G/5G VPDN networking

VPDN uses L2TP for user authentication and IPsec for data protection. National algorithm cards installed on routers perform SM2‑based key exchange, SM2/SM3 signatures, and SM1/SM4 encryption for secure tunnels.