Differential Attack on Five Rounds of the SC2000 Block Cipher

Abstract

SC2000 is a 128-bit block cipher with a user key of 128, 192 or 256 bits, which employs a total of 6.5 rounds if a 128-bit user key is used. It is a CRYPTREC recommended e-government cipher. In this paper we describe one 4.75-round differential characteristic with probability 2-126 of SC2000 and thirty 4.75-round differential characteristics with probability 2-127. Finally, we exploit these 4.75-round differentials to conduct a differential cryptanalysis attack on a 5-round reduced version of SC2000 when used with a 128-bit key. The attack suggests for the first time that the safety margin of SC2000 with a 128-bit key decreases below one and a half rounds.