Differential Attack on Five Rounds of the SC2000 Block Cipher  被引量：1

作　　者：吕继强 

机构地区：[1]Department of Computer Science,Ecole Normale Superieure,45 Rue d'Ulm

出　　处：《Journal of Computer Science & Technology》2011年第4期722-731,共10页计算机科学技术学报（英文版）

基　　金：supported by the French ANR Project SAPHIR Ⅱ

摘　　要：The SC2000 block cipher has a 128-bit block size and a user key of 128, 192 or 256 bits, which employs a total of 6.5 rounds if a 128-bit user key is used. It is a CRYPTREC recommended e-government cipher in Japan. In this paper we address how to recover the user key from a few subkey bits of SC2000, and describe two 4.75-round differential characteristics with probability 2-126 of SC2000 and seventy-six 4.75-round differential characteristics with probability 2-127. Finally, we present a differential cryptanalysis attack on a 5-round reduced version of SC2000 when used with a 128-bit key; the attack requires 21256s chosen plaintexts and has a time complexity of 212575 5-round SC2000 encryptions. The attack does not threat the security of the full SC2000 cipher, but it suggests for the first time that the safety margin of SC2000 with a 128-bit key decreases below one and a half rounds.The SC2000 block cipher has a 128-bit block size and a user key of 128, 192 or 256 bits, which employs a total of 6.5 rounds if a 128-bit user key is used. It is a CRYPTREC recommended e-government cipher in Japan. In this paper we address how to recover the user key from a few subkey bits of SC2000, and describe two 4.75-round differential characteristics with probability 2-126 of SC2000 and seventy-six 4.75-round differential characteristics with probability 2-127. Finally, we present a differential cryptanalysis attack on a 5-round reduced version of SC2000 when used with a 128-bit key; the attack requires 21256s chosen plaintexts and has a time complexity of 212575 5-round SC2000 encryptions. The attack does not threat the security of the full SC2000 cipher, but it suggests for the first time that the safety margin of SC2000 with a 128-bit key decreases below one and a half rounds.

关 键 词：CRYPTOLOGY block cipher SC2000 differential cryptanalysis 

分 类 号：TN918.1[电子电信—通信与信息系统]