Abstract: In the context of large-scale applications of distributed Internet of Things (IoT), cryptographic technologies, as the underlying infrastructure for information security, are facing severe challenges from side-channel attacks (SCAs)—a physical-layer security threat. The SM4 block cipher algorithm, as China’s independently developed commercial cryptographic standard, has been deeply integrated into distributed IoT security protocols. However, its implementation-level vulnerabilities to side-channel attacks remain unresolved. Research on side-channel attacks targeting the SM4 key expansion algorithm is scarce, with existing methods primarily relying on multi-trace statistical characteristics, while single-trace attack approaches are under-explored. This paper proposes a single-trace side-channel attack method integrating Bayesian networks with side-channel attack modeling. By constructing a probabilistic graphical model and combining it with the belief propagation algorithm, the method efficiently infers round subkeys from a single power trace, ultimately recovering the master key. Simulation and practical experiments demonstrate the effectiveness of this approach, achieving an 85.74% success rate for master key recovery under ideal conditions. Even when substantial Gaussian white noise is added to practical power traces (resulting in a signal-to-noise ratio of only 10 dB), the success rate remains at 70%. Compared to traditional methods, this approach exhibits significant advantages in success rate, required power traces, and attack duration, offering new insights and technical tools for side-channel attack research on cryptographic devices in distributed IoT systems, as well as theoretical foundations for related defensive designs.