Cryptology ePrint Archive: Report 2010/593

Differential Attack on Five Rounds of the SC2000 Block Cipher

Jiqiang Lu

Abstract: The SC2000 block cipher has a 128-bit block size and a user key of 128, 192 or 256 bits, which employs a total of 6.5 rounds if a 128-bit user key is used. It is a CRYPTREC recommended e-government cipher. In this paper we describe two 4.75-round differential characteristics with probability $2^{-126}$ of SC2000 and seventy-six 4.75-round differential characteristics with probability $2^{-127}$. Finally, we present a differential cryptanalysis attack on a 5-round reduced version of SC2000 when used with a 128-bit key; the attack requires $2^{125.68}$ chosen plaintexts and has a time complexity of $2^{125.75}$ 5-round SC2000 encryptions. It suggests for the first time that the safety margin of SC2000 with a 128-bit key decreases below one and a half rounds.

Category / Keywords: secret-key cryptography / Block cipher, SC2000, Differential cryptanalysis

Publication Info: A preliminary version of this work was presented at Inscrypt 2009.

Date: received 22 Nov 2010, last revised 4 Dec 2010

Contact author: lvjiqiang at hotmail com

Available format(s): PDF | BibTeX Citation

Note: In this enhanced version, we address how to recover the user key from a few subkey bits of SC2000, give more non-trivial 4.75-round differential characteristics, and present a more efficient attack.

Version: 20101204:142321 (All versions of this report)

Short URL: ia.cr/2010/593

Discussion forum: Show discussion | Start new discussion