From Wikipedia, the free encyclopedia
First published2000
CertificationCRYPTREC (Candidate)
Cipher detail
Key sizes128, 192, or 256 bits
Block sizes128 bits
Structurecombination SPN and Feistel network
Rounds6.5 or 7.5
Best public cryptanalysis
Differential and linear attacks exist against SC2000 reduced to 4.5 rounds

In cryptography, SC2000 is a block cipher invented by a research group at Fujitsu Labs. It was submitted to the NESSIE project, but was not selected. It was among the cryptographic techniques recommended for Japanese government use by CRYPTREC in 2003, however, has been dropped to "candidate" by CRYPTREC revision in 2013.

The algorithm uses a key size of 128, 192, or 256 bits. It operates on blocks of 128 bits using 6.5 or 7.5 rounds of encryption. Each round consists of S-box lookups, key additions, and an unkeyed two-round Feistel network. There are 3 S-boxes: a 4×4-bit one used at the beginning of each round, and a 5×5-bit one and 6×6-bit one used in the Feistel network.

No analysis of the full SC2000 has been announced, but a reduced version of 4.5 rounds is susceptible to linear cryptanalysis, and a reduced version of 5 rounds is susceptible to differential cryptanalysis.[1][2][3]

In 2014, Alex Biryukov and Ivica Nikolić found a weakness in the key schedule of SC2000 which allows an attacker to find colliding keys which result in identical encryptions in just 239 time for 256 bit keys. They proved that there are 268 colliding key pairs and the whole set can be found in 258 time.[4]


  1. ^ Lars Knudsen, Håvard Raddum (7 March 2001). "A first report on Whirlpool, NUSH, SC2000, Noekeon, Two-Track-MAC and RC6" (PDF). Retrieved 8 February 2007. {{cite journal}}: Cite journal requires |journal= (help)
  2. ^ Hitoshi Yanami, Takeshi Shimoyama, Orr Dunkelman (2000). Differential and Linear Cryptanalysis of a Reduced-Round SC2000 (PDF/PostScript). Proceedings of Second Open NESSIE Workshop. Retrieved 8 February 2007.{{cite conference}}: CS1 maint: multiple names: authors list (link)
  3. ^ Jiqiang Lu (July 2011). "Differential Attack on Five Rounds of the SC2000 Block Cipher" (PDF). Journal of Computer Science and Technology. Retrieved 30 January 2012.
  4. ^ Alex Biryukov; Ivica Nikolić (10 November 2014). "Colliding Keys for SC2000-256" (PDF). {{cite journal}}: Cite journal requires |journal= (help)

External links[edit]