A New Higher Order Differential of Enocoro-128v2

Abstract

This paper reports the strength of a pseudorandom number generator Enocoro-128v2, which was published as a stream cipher by Hitachi, Ltd. in 2010, against higher order differential cryptanalysis. Enocoro-128v2 is one of the candidate recommended ciphers of CRYPTREC, which is a project for the e-Government in Japan, and specified in ISO/IEC 29192-3:2012. It takes a 128-bit secret key and a 64-bit initial vector as input, and the update function is applied 96 times in the initialization process. It has been reported that a 21 initialization rounds of Enocoro-128v2 is attackable by chosen IV distinguishing attack. In this paper, we focused on a higher order differential of the initialization process of Enocoro-128v2. As a results, we found a new 22-round higher order differential characteristic, in which 16-th order differential equals to constant by computer experiment. Exploiting this characteristic, we also show that a 22 initialization rounds of Enocoro-128v2 can be attacked with 216 chosen IV.