Colliding Keys for SC2000-256
نویسندگان
چکیده
In this work we present analysis for the block cipher SC2000 , which is in the Japanese CRYPTREC portfolio for standardization. In spite of its very complex and non-linear key-schedule we have found a property of the full SC2000-256 (with 256-bit keys) which allows the attacker to find many pairs of keys which generate identical sets of subkeys. Such colliding keys result in identical encryptions. We designed an algorithm that efficiently produces colliding key pairs in 2 time, which takes a few hours on a PC. We show that there are around 2 colliding pairs, and the whole set can be enumerated in 2 time. This result shows that SC2000-256 cannot model an ideal cipher. Furthermore we explain how practical collisions can be produced for both Davies-Meyer and Hiroses hash function constructions instantiated with SC2000-256 .
منابع مشابه
A Differential Attack on Reduced-Round SC2000∗ NES/DOC/UIB/WP3/008/1
SC2000 is a 128-bit block cipher with key length of 128, 192 or 256 bits, developed by Fujitsu Laboratories LTD. For 128-bit keys, SC2000 consists of 6.5 rounds, and for 192and 256-bit keys it consists of 7.5 rounds. In this paper we demonstrate two different 3.5-round differential characteristics that hold with probabilities 2−106 and 2−107. These characteristics can be used to extract up to 3...
متن کاملKey Collisions of the RC4 Stream Cipher
This paper studies “colliding keys” of RC4 that create the same initial state and hence generate the same pseudo-random byte stream. It is easy to see that RC4 has colliding keys when its key size is very large, but it was unknown whether such key collisions exist for shorter key sizes. We present a new state transition sequence of the key scheduling algorithm for a related key pair of an arbit...
متن کاملThe Block Cipher SC2000
In this paper, we propose a new symmetric key block cipher SC2000 with 128-bit block length and 128-,192-,256-bit key lengths. The block cipher is constructed by piling two layers: one is a Feistel structure layer and the other is an SPN structure layer. Each operation used in two layers is S-box or logical operation, which has been well studied about security. It is a strong feature of the cip...
متن کاملA New Class of RC4 Colliding Key Pairs with Greater Hamming Distance
In this paper, we discovered a new class of colliding key pairs of RC4, namely, two different secret keys generate the same internal state after RC4’s key scheduling algorithm. This is to our knowledge the first discovery of RC4 colliding keys with hamming distance greater than one, that is, the colliding key pairs we found can differ from each other at three different positions, and the value ...
متن کاملHow to Find Short RC4 Colliding Key Pairs
The property that the stream cipher RC4 can generate the same keystream outputs under two different secret keys has been discovered recently. The principle that how the two different keys can achieve a collision is well known by investigating the key scheduling algorithm of RC4. However, how to find those colliding key pairs is a different story, which has been largely remained unexploited. Pre...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
عنوان ژورنال:
دوره شماره
صفحات -
تاریخ انتشار 2014