It totally smells like a backdoor when an antidemocratic government forces people to use a specific chypher, but AFAIK anyone with proper knowledge in the field can study it and validate its security independantly, no?

I'm sure it will take time and serious researchers for this, but it would be great to publicly unveil such issues if they exists, and otherwise rest easier if the chinese creation really is a worthy chypher

If there is one thing we can learn from when USA's trove of OS security flaws was publicly leaked is that if you let these security flaws in the wild eventually everyone will pick up on them, and then it's China way more vulnerable to its adversaries and not just China govt spying on their own citizens.

They might be crazy enough to think the risk is worth it, so the initial reaction seems correct, but it's probably worth looking into it and maybe that's not what this is about, right?

Anyway, not a crypto expert here, just wanting to start a conversation and hoping someone with more depth chimes in.

With all the talk about backdoors for western security agencies in AES, I don't really get the transported judgment that SM4 is worse off in this regard only due to its closeness to the Chinese government. The US influence in the mentioned standard bodies acts as a gatekeeper for protecting their own interests of spreading questionable security standards to the world. That sounds like a double standard to my ears as we need strong encryption without any government backdoor.

Of course I would distrust SM4 from the start, but it's the job of security reasearchers to prove its ineffectiveness first before drawing any conclusions.

Exactly and it's even worse, NIST is known for deploying backdoored encryption standards, while with china there was atleast no such thing in the past.

It's the same for boycotting huawei, some 3 letter agencys (the same with the "weapons of mass destruction"-lie) claim their stuff is insecure but constantly fail to proof it, while there are more than enough known backdoors in cisco stuff.
I guess logical thinking people are a rare sight in the IT sector, strange.

I find it laughable to think that any government based encryption standard isn't best kept at a poking distance.
So I guess it's about choosing your poison pill. Which color do you prefer?

Have we ever found a backdoor from a merge request from China?

International Standard Organization, more like American Standard Organization

That's difficult to say. What is well known is that there are many instances of China-manufactured 'Internet-of-Things' equipment being remotely accessible without the purchaser necessarily knowing of that. (One example of many. Another.) Code audits of networking equipment have shown poor quality code where it is plausibly deniable that the programming errors are deliberate. Huawei might even have been exploited by Chinese Intelligence. As far as I know, no-one has publicly stated that Chinese contributors have done what Kangjie Lu of the University of Minnesota did, which is introduce deliberate flaws into Linux kernel code. He spent some time in Beijing.

I would expect an explicit backdoor introduced into the Linux kernel would need to be plausibly deniable - that is, look like a programming error, so it would be difficult to point to a particular merge request and say definitively that it was intended as a backdoor. On the other hand, we know there is a vast amount of malware out that with the explicit intent of opening backdoors on target machines. It would be unlikely if none of it originated from China, and implausible to think that the Chinese Security and Intelligence services do not make use of malware.

We have to assume that bad actors from everywhere (not just China) are seeking to add vulnerabilities into the Linux kernel, and indeed other popular software. It would be unfair to single out China as somehow being especially bad.

SM4 is not for spying. In addition to get rid off AES, it is for import control with mandatory Chinese regulatory certifications and so on.

The amount of money currently being spent replacing Huawei in critical telecoms infrastructure suggests at least something murky is going on

It is hard to backdoor symetric cryptographic algorithm, but I have more confidence in AES or ChaCha and many others (because of design and related proofs). It is also slower than AES.

BTW, I could not find any cryptanalysis of SM4 done by other than Chinese researchers (does not mean they did not try).

I think user should be allowed to choose algorithm. Speck has been removed from Linux just because it was from NSA.