Differential and Linear Cryptanalysis of a Reduced-Round SC2000
نویسندگان
چکیده
We analyze the security of the SC2000 block cipher against both differential and linear attacks. SC2000 is a six-and-a-half-round block cipher, which has a unique structure that includes both the Feistel and Substitution-Permutation Network (SPN) structures. Taking the structure of SC2000 into account, we investigate oneand two-round iterative differential and linear characteristics. We present two-round iterative differential characteristics with probability 2 and two-round iterative linear characteristics with probability 2. These characteristics, which we obtained through a search, allowed us to attack four-anda-half-round SC2000 in the 128-bit user-key case. Our differential attack needs 2 pairs of chosen plaintexts and 2 memory accesses and our linear attack needs 2 known plaintexts and 2 memory accesses, or 2 known plaintexts and 2 memory accesses.
منابع مشابه
A Differential Attack on Reduced-Round SC2000∗ NES/DOC/UIB/WP3/008/1
SC2000 is a 128-bit block cipher with key length of 128, 192 or 256 bits, developed by Fujitsu Laboratories LTD. For 128-bit keys, SC2000 consists of 6.5 rounds, and for 192and 256-bit keys it consists of 7.5 rounds. In this paper we demonstrate two different 3.5-round differential characteristics that hold with probabilities 2−106 and 2−107. These characteristics can be used to extract up to 3...
متن کاملImpossible Differential Cryptanalysis of Reduced-Round Midori64 Block Cipher (Extended Version)
Impossible differential attack is a well-known mean to examine robustness of block ciphers. Using impossible differ- ential cryptanalysis, we analyze security of a family of lightweight block ciphers, named Midori, that are designed considering low energy consumption. Midori state size can be either 64 bits for Midori64 or 128 bits for Midori128; however, both vers...
متن کاملImpossible Differential Cryptanalysis on Deoxys-BC-256
Deoxys is a final-round candidate of the CAESAR competition. Deoxys is built upon an internal tweakable block cipher Deoxys-BC, where in addition to the plaintext and key, it takes an extra non-secret input called a tweak. This paper presents the first impossible differential cryptanalysis of Deoxys-BC-256 which is used in Deoxys as an internal tweakable block cipher. First, we find a 4.5-round...
متن کاملRelated-Cipher Attacks on Block Ciphers with Flexible Number of Rounds
Related-cipher attack was introduced by Hongjun Wu in 2002 [25]. We can consider related ciphers as block ciphers with the same round function but different number of rounds. This attack can be applied to related ciphers by using the fact that their key schedules do not depend on the total number of rounds. In this paper we introduce differential related-cipher attack on block ciphers, which co...
متن کاملA new method for accelerating impossible differential cryptanalysis and its application on LBlock
Impossible differential cryptanalysis, the extension of differential cryptanalysis, is one of the most efficient attacks against block ciphers. This cryptanalysis method has been applied to most of the block ciphers and has shown significant results. Using structures, key schedule considerations, early abort, and pre-computation are some common methods to reduce complexities of this attack. In ...
متن کامل