Abstract
We present several attacks on the block cipher C2, which is used for encrypting DVD Audio discs and Secure Digital cards. C2 has a 56 bit key and a secret 8 to 8 bit S-box. We show that if the attacker is allowed to choose the key, the S-box can be recovered in 224 C2 encryptions. Attacking the 56 bit key for a known S-box can be done in complexity 248. Finally, a C2 implementation with a 8 to 8 bit secret S-box (equivalent to 2048 secret bits) and a 56 bit secret key can be attacked in 253.5 C2 encryptions on average.
Chapter PDF
Similar content being viewed by others
References
Distributed C2 brute force attack : Status page, http://www.marumo.ne.jp/c2/bf/status.html (accessed on 12/02/2009)
C2 Block Cipher Specification, Revision 1.0 (2003), http://www.4Centity.com , used to be available online from 4C Entity, http://edipermadi.files.wordpress.com/2008/08/cryptomeria-c2-spec.pdf
4C Entity. Wikipedia article, http://en.wikipedia.org/wiki/4C_Entity (accessed on 11/02/2009)
Cryptomeria cipher. Wikipedia article, http://en.wikipedia.org/wiki/Cryptomeria_cipher (accessed on 11/02/2009)
4C Entity. C2 facsimile s-box, http://www.4centity.com/docs/C2_Facsimile_S-Box.txt
Biham, E., Dunkelman, O., Keller, N.: The rectangle attack - rectangling the serpent. In: Pfitzmann, B. (ed.) EUROCRYPT 2001. LNCS, vol. 2045, pp. 340–357. Springer, Heidelberg (2001)
Contini, S., Yin, Y.L.: Forgery and partial key-recovery attacks on HMAC and NMAC using hash collisions. In: Lai, X., Chen, K. (eds.) ASIACRYPT 2006. LNCS, vol. 4284, pp. 37–53. Springer, Heidelberg (2006)
Feller, W.: An introduction to probability theory and its applications, 3rd edn., vol. I. Wiley, Chichester (1968)
Kelsey, J., Kohno, T., Schneier, B.: Amplified boomerang attacks against reduced-round MARS and Serpent. In: Schneier, B. (ed.) FSE 2000. LNCS, vol. 1978, pp. 75–93. Springer, Heidelberg (2001)
Lipmaa, H., Moriai, S.: Efficient algorithms for computing differential properties of addition. In: Matsui, M. (ed.) FSE 2001. LNCS, vol. 2355, pp. 336–350. Springer, Heidelberg (2002)
Mendel, F., Pramstaller, N., Rechberger, C., Rijmen, V.: Analysis of step-reduced SHA-256. In: Robshaw, M.J.B. (ed.) FSE 2006. LNCS, vol. 4047, pp. 126–143. Springer, Heidelberg (2006)
Wagner, D.: The boomerang attack. In: Knudsen, L.R. (ed.) FSE 1999. LNCS, vol. 1636, pp. 156–170. Springer, Heidelberg (1999)
Weinmann, R.-P.: Algebraic S-Box recovery: the case of Cryptomeria. Presentation at Echternach Seminar on Symmetric Cryptography, Echternach, Luxembourg (11/01/2008), http://wiki.uni.lu/esc/docs/rpw_friday_algebraic_sbox_recovery.pdf
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2009 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Borghoff, J., Knudsen, L.R., Leander, G., Matusiewicz, K. (2009). Cryptanalysis of C2. In: Halevi, S. (eds) Advances in Cryptology - CRYPTO 2009. CRYPTO 2009. Lecture Notes in Computer Science, vol 5677. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-03356-8_15
Download citation
DOI: https://doi.org/10.1007/978-3-642-03356-8_15
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-03355-1
Online ISBN: 978-3-642-03356-8
eBook Packages: Computer ScienceComputer Science (R0)