|Key sizes||128, 192, or 256 bits|
|Block sizes||128 bits|
|Structure||combination SPN and Feistel network|
|Rounds||6.5 or 7.5|
|Best public cryptanalysis|
|Differential and linear attacks exist against SC2000 reduced to 4.5 rounds|
In cryptography, SC2000 is a block cipher invented by a research group at Fujitsu Labs. It was submitted to the NESSIE project, but was not selected. It was among the cryptographic techniques recommended for Japanese government use by CRYPTREC in 2003, however, has been dropped to "candidate" by CRYPTREC revision in 2013.
The algorithm uses a key size of 128, 192, or 256 bits. It operates on blocks of 128 bits using 6.5 or 7.5 rounds of encryption. Each round consists of S-box lookups, key additions, and an unkeyed two-round Feistel network. There are 3 S-boxes: a 4×4-bit one used at the beginning of each round, and a 5×5-bit one and 6×6-bit one used in the Feistel network.
No analysis of the full SC2000 has been announced, but a reduced version of 4.5 rounds is susceptible to linear cryptanalysis, and a reduced version of 5 rounds is susceptible to differential cryptanalysis.
In 2014 Alex Biryukov and Ivica Nikolić found a weakness in the key schedule of SC2000 which allows an attacker to find colliding keys which result in identical encryptions in just 239 time for 256 bit keys. They proved that there are 268 colliding key pairs and the whole set can be found in 258 time.
- Lars Knudsen, Håvard Raddum (7 March 2001). "A first report on Whirlpool, NUSH, SC2000, Noekeon, Two-Track-MAC and RC6" (PDF). Retrieved 8 February 2007.
- Hitoshi Yanami, Takeshi Shimoyama, Orr Dunkelman (2000). Differential and Linear Cryptanalysis of a Reduced-Round SC2000 (PDF/PostScript). Proceedings of Second Open NESSIE Workshop. Retrieved 8 February 2007.
- Jiqiang Lu (July 2011). "Differential Attack on Five Rounds of the SC2000 Block Cipher." (PDF). Journal of Computer Science and Technology. Retrieved 30 January 2012.
- Alex Biryukov; Ivica Nikolić (10 November 2014). "Colliding Keys for SC2000-256" (PDF).
|This cryptography-related article is a stub. You can help Wikipedia by expanding it.|