Paper 2010/593

Differential Attack on Five Rounds of the SC2000 Block Cipher

Jiqiang Lu


The SC2000 block cipher has a 128-bit block size and a user key of 128, 192 or 256 bits, which employs a total of 6.5 rounds if a 128-bit user key is used. It is a CRYPTREC recommended e-government cipher. In this paper we describe two 4.75-round differential characteristics with probability $2^{-126}$ of SC2000 and seventy-six 4.75-round differential characteristics with probability $2^{-127}$. Finally, we present a differential cryptanalysis attack on a 5-round reduced version of SC2000 when used with a 128-bit key; the attack requires $2^{125.68}$ chosen plaintexts and has a time complexity of $2^{125.75}$ 5-round SC2000 encryptions. It suggests for the first time that the safety margin of SC2000 with a 128-bit key decreases below one and a half rounds.

Note: In this enhanced version, we address how to recover the user key from a few subkey bits of SC2000, give more non-trivial 4.75-round differential characteristics, and present a more efficient attack.

Available format(s)
Secret-key cryptography
Publication info
Published elsewhere. A preliminary version of this work was presented at Inscrypt 2009.
Block cipherSC2000Differential cryptanalysis
Contact author(s)
lvjiqiang @ hotmail com
2010-12-04: revised
2010-11-23: received
See all versions
Short URL
Creative Commons Attribution


      author = {Jiqiang Lu},
      title = {Differential Attack on Five Rounds of the SC2000 Block Cipher},
      howpublished = {Cryptology ePrint Archive, Paper 2010/593},
      year = {2010},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.