Security analysis of the SCO-family using key schedules

The COS-based ciphers SCO-1, SCO-2 and SCO-3 (called the SCO-family) have been designed to improve the security of DDP-based ciphers which are all broken by related-key attacks. In this paper we show that the SCO-family is still vulnerable to related-key attacks: we present related-key differential attacks on a full-round SCO-1, a full-round SCO-2 and an 11-round reduced SCO-3, respectively. The attack on SCO-1 requires 2(61) related-key chosen ciphertexts and 2(120.59) full-round SCO-1 decryptions. For the attack on SCO-2, we require 2(59) related-key chosen plaintexts and 2(118.42) full-round SCO-2 encryptions, and the 11-round attack on SCO-3 works with 2 58 related-key chosen plaintexts and 2(117.54) 11-round SCO-3 encryptions. This work is the first known cryptanalytic results on the SCO-family. (C) 2009 Elsevier Inc. All rights reserved.