The SC2000 block cipher has a 128-bit block size and a user key of 128, 192 or 256 bits, which employs a total of 6.5 rounds if a 128-bit user key is used. It is a CRYPTREC recommended e-government cipher in Japan. In...The SC2000 block cipher has a 128-bit block size and a user key of 128, 192 or 256 bits, which employs a total of 6.5 rounds if a 128-bit user key is used. It is a CRYPTREC recommended e-government cipher in Japan. In this paper we address how to recover the user key from a few subkey bits of SC2000, and describe two 4.75-round differential characteristics with probability 2-126 of SC2000 and seventy-six 4.75-round differential characteristics with probability 2-127. Finally, we present a differential cryptanalysis attack on a 5-round reduced version of SC2000 when used with a 128-bit key; the attack requires 21256s chosen plaintexts and has a time complexity of 212575 5-round SC2000 encryptions. The attack does not threat the security of the full SC2000 cipher, but it suggests for the first time that the safety margin of SC2000 with a 128-bit key decreases below one and a half rounds.展开更多
文摘The SC2000 block cipher has a 128-bit block size and a user key of 128, 192 or 256 bits, which employs a total of 6.5 rounds if a 128-bit user key is used. It is a CRYPTREC recommended e-government cipher in Japan. In this paper we address how to recover the user key from a few subkey bits of SC2000, and describe two 4.75-round differential characteristics with probability 2-126 of SC2000 and seventy-six 4.75-round differential characteristics with probability 2-127. Finally, we present a differential cryptanalysis attack on a 5-round reduced version of SC2000 when used with a 128-bit key; the attack requires 21256s chosen plaintexts and has a time complexity of 212575 5-round SC2000 encryptions. The attack does not threat the security of the full SC2000 cipher, but it suggests for the first time that the safety margin of SC2000 with a 128-bit key decreases below one and a half rounds.
