Security analysis of the SCO-family using key schedules

The COS-based ciphers SCO-1, SCO-2 and SCO-3 (called the SCO-family) have been designed to improve the security of DDP-based ciphers which are all broken by related-key attacks. In this paper we show that the SCO-family is still vulnerable to related-key attacks: we present related-key differential attacks on a full-round SCO-1, a full-round SCO-2 and an 11-round reduced SCO-3, respectively. The attack on SCO-1 requires 2^6^1 related-key chosen ciphertexts and 2^1^2^0^.^5^9 full-round SCO-1 decryptions. For the attack on SCO-2, we require 2^5^9 related-key chosen plaintexts and 2^1^1^8^.^4^2 full-round SCO-2 encryptions, and the 11-round attack on SCO-3 works with 2^5^8 related-key chosen plaintexts and 2^1^1^7^.^5^4 11-round SCO-3 encryptions. This work is the first known cryptanalytic results on the SCO-family.

[1]  Nikolay A. Moldovyan,et al.  New Class of Cryptographic Primitives and Cipher Design for Networks Security , 2006, Int. J. Netw. Secur..

[2]  Seokhie Hong,et al.  Related-Key Amplified Boomerang Attacks on the Full-Round Eagle-64 and Eagle-128 , 2007, ACISP.

[3]  Odysseas G. Koufopavlou,et al.  High Speed Networking Security: Design and Implementation of Two New DDP-Based Ciphers , 2005, Mob. Networks Appl..

[4]  Seokhie Hong,et al.  Related Key Differential Cryptanalysis of Full-Round SPECTR-H64 and CIKS-1 , 2004, ACISP.

[5]  Jongsung Kim,et al.  Related-Key Differential Attacks on Cobra-H64 and Cobra-H128 , 2005, IMACC.

[6]  Jongsung Kim,et al.  Related-Key Attacks on the Full-Round Cobra-F64a and Cobra-F64b , 2006, SCN.

[7]  Nikolay A. Moldovyan,et al.  Fast Encryption Algorithm Spectr-H64 , 2001, MMM-ACNS.

[8]  Jongsung Kim,et al.  Related-Key Differential Attacks on Cobra-S128, Cobra-F64a, and Cobra-F64b , 2005, Mycrypt.

[9]  Seokhie Hong,et al.  Related-Key Attacks on DDP Based Ciphers: CIKS-128 and CIKS-128H , 2004, INDOCRYPT.

[10]  N.D. Goots,et al.  Fast DDP-based ciphers: from hardware to software , 2003, 2003 46th Midwest Symposium on Circuits and Systems.

[11]  Nikolay A. Moldovyan,et al.  A cipher based on data-dependent permutations , 2001, Journal of Cryptology.

[12]  Nikolay A. Moldovyan On Cipher Design Based on Switchable Controlled Operations , 2003, Int. J. Netw. Secur..

[13]  Sangjin Lee,et al.  A Chosen Plaintext Linear Attack on Block Cipher CIKS-1 , 2002, ICICS.