Advertisement

Journal of Computer Science and Technology

, Volume 22, Issue 3, pp 449–456 | Cite as

Impossible Differential Cryptanalysis of Reduced-Round ARIA and Camellia

  • Wen-Ling Wu
  • Wen-Tao Zhang
  • Deng-Guo Feng
Regular Paper

Abstract

This paper studies the security of the block ciphers ARIA and Camellia against impossible differential cryptanalysis. Our work improves the best impossible differential cryptanalysis of ARIA and Camellia known so far. The designers of ARIA expected no impossible differentials exist for 4-round ARIA. However, we found some nontrivial 4-round impossible differentials, which may lead to a possible attack on 6-round ARIA. Moreover, we found some nontrivial 8-round impossible differentials for Camellia, whereas only 7-round impossible differentials were previously known. By using the 8-round impossible differentials, we presented an attack on 12-round Camellia without FL/FL 1 layers.

Keywords

block cipher ARIA Camellia data complexity time complexity impossible differential cryptanalysis 

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

Supplementary material

11390_2007_9056_MOESM1_ESM.pdf (44 kb)
Supplementary material - Chinese Abstract (PDF 44 kb)

References

  1. [1]
    Daesung Kwon, Jaesung Kim, Sangwoo Park et al. New block cipher: ARIA. In Proc. Information Security and Cryptology (ICISC’03), Seoul, Korea, LNCS 2971, Springer-Verlag, November 27–28, 2003, pp.432–445.Google Scholar
  2. [2]
    Aoki K, Ichikawa T, Kanda M et al. Specification of Camellia — A 128-bit block cipher. In Proc. Selected Areas in Cryptography (SAC’2000), Waterloo, Canada, LNCS 2012, Springer-Verlag, August 14–15, 2000, pp.183–191.Google Scholar
  3. [3]
    Lee S, Hong S, Lee S et al. Truncated differential cryptanalysis of Camellia. In Proc. Information Security and Cryptology (ICISC’01), Seoul, Korea, LNCS 2288, Springer-Verlag, December 6–7, 2001, pp.32–38.Google Scholar
  4. [4]
    Sugita M, Kobara K, Imai H. Security of reduced version of the block cipher Camellia against truncated and impossible differential cryptanalysis. In Proc. Advances in Cryptology (Asiacrypt’01), Queensland, Australia, LNCS 2248, Springer-Verlag, December 9–13, 2001, pp193–207.Google Scholar
  5. [5]
    Hatano Y, Sekine H, Kaneko T. Higher order differential attack of Camellia (II). In Proc. Selected Areas in Cryptography (SAC’02), Newfoundland, Canada, LNCS 2595, Springer-Verlag, August 15–16, 2002, pp.39–56.Google Scholar
  6. [6]
    Yeom Y, Park S, Kim I. On the security of Camellia against the square attack. In Proc. Fast Software Encryption (FSE’02), Springer-Verlag, Leuven, Belgium, LNCS 2356, February 4–6, 2002, pp.89–99.Google Scholar
  7. [7]
    Shirai T. Differential, linear, boomerang and rectangle cryptanalysis of reduced-round Camellia. In Proc. the Third NESSIE Workshop, Munich, Germany, November 6–7, 2002. Available at: https://www.cosic.esat.kuleuven.be/nessie/.
  8. [8]
    Yeom Y, Park I, Kim I. A study of integral type cryptanalysis on Camellia. In Proc. The 2003 Symposium on Cryptography and Information Security (SCIS’03), Hamamatsu, Japan, January 2003, pp.26–29.Google Scholar
  9. [9]
    Wenling Wu, Dengguo Feng, Hua Chen. Collision attack and pseudorandomness of reduced-round Camellia. In Proc. Selected Areas in Cryptography (SAC 2004), Waterloo, Canada, LNCS 3357, Springer-Verlag, August 9–10, 2004, pp.256–270.Google Scholar
  10. [10]
    Duo Lei, Li Chao, Keqin Feng. New observation on Camellia. In Proc. Selected Areas in Cryptography (SAC 2005), Springer-Verlag, Kingston, Canada, LNCS 3897, August 11–12, 2005, pp.51–64.Google Scholar
  11. [11]
    Wenling Wu. Pseudorandomness of Camellia-like scheme. Journal of Computer Science and Technology, 2006, 21(1): 82–88.CrossRefMathSciNetGoogle Scholar
  12. [12]
    A Biryukov, Christophe De Canniere et al. Security and performance analysis of ARIA. Available at http://homes.esat.kuleuven.be/~abiryuko/ARIA-COSICreport.pdf.
  13. [13]
    Biham E, Shamir A. Differential Cryptanalysis of the Data Encryption Standard, Springer-Verlag, 1993.Google Scholar
  14. [14]
    Matsui M. Linear cryptanalysis method for DES cipher. In Proc. Advances in Cryptology–EUROCRYPT’93, Lofthus, Norway, LNCS 765, Springer-Verlag, May 23–27, 1993, pp.386–397.Google Scholar
  15. [15]
    Knudsen L. Truncated and higher order differentials. In Proc. Fast Software Encryption (FSE’95), Leuven, Belgium, LNCS 2595, Springer-Verlag, December 1994, pp.196–211.Google Scholar
  16. [16]
    Biham E, Biryukov A, Shamir A. Cryptanalysis of skipjack reduced to 31 rounds using impossible differentials. In Proc. Advances in Cryptology–EUROCRYPT’99, Rague, Czech Republic, LNCS 2595, Springer-Verlag, May 2–6, 1999, pp.12–23.Google Scholar
  17. [17]
    Biryukov A, Wagner D. Slide attacks. In Proc. Fast Software Encryption (FSE’99), Rome, Italy, LNCS 1636, Springer-Verlag, March 24–26, 1999, pp.245–259.Google Scholar
  18. [18]
    Biryukov A, Wagner D. Advanced slide attacks. In Proc. Advances in Cryptology–EUROCRYPT’00, Bruges, Belgium, LNCS 1807, Springer-Verlag, May 14–18, 2000, pp.589–606.Google Scholar
  19. [19]
    Knudsen L, Wagner D. Integral cryptanalysis (extended abstract). In Proc. Fast Software Encryption (FSE 2002), Leuven, Belgium, LNCS 2595, Springer-Verlag, February 4–6, 2002, pp.112–127.Google Scholar
  20. [20]
    Wagner D. The boomerang attack. In Proc. Fast Software Encryption (FSE’99), Rome, Italy, LNCS 1636, Springer-Verlag, March 24–26, 1999, pp.157–170.Google Scholar
  21. [21]
    Jakobsen T, Knudsen L. The interpolation attack against block ciphers. In Proc. Fast Software Encryption (FSE’99), Rome, Italy, LNCS 1267, Springer-Verlag, pp.28–40.Google Scholar
  22. [22]
    Courtois N, Pieprzyk J. Cryptanalysis of block ciphers with overdefined systems of equations. In Proc. Advances in Cryptology–ASIACRYPT’02, Queenstown, New Zealand, LNCS 2595, Springer-Verlag, December 1–5, 2002, pp.267–287.Google Scholar
  23. [23]
    Jung Hee Cheon, Munju Kim, Kwangjo Kim et al. Improved impossible differential cryptanalysis of Rijndael and Crypton. In Proc. International Conference on Information Security and Cryptology (ICISC’01), Seoul, South Korea, LNCS 2288, Springer-Verlag, December 6–7, 2001, pp.39–49.Google Scholar
  24. [24]
    Raphael Chung-Wei Phan. Impossible differential cryptanalysis of 7-round AES. Information Processing Letters, 2004, 91(1): 33–38.CrossRefMathSciNetGoogle Scholar
  25. [25]
    Goce Jakimoski, Yvo Desmedt. Related-key differential cryptanalysis of 192-bit key AES variants. In Proc. Selected Areas in Cryptography (SAC’2003), Ottawa, Canada, LNCS 3006, Springer-Verlag, August 14–15, 2003, pp.208–221.Google Scholar
  26. [26]
    Biham E, Orr Dunkelman, Nathan Keller. Related-key impossible differential attacks on 8-round AES-192. In Proc. The Cryptographer’s Track (CT-RSA), San Jose, CA, USA, LNCS 3860, Springer-Verlag, February 13–17, 2006, pp.21–33.Google Scholar
  27. [27]
    Wentao Zhang, Wenling Wu, Lei Zhang, Dengguo Feng. Improved related-key impossible differential attacks on reduced-round AES-192. In Proc. Selected Areas in Cryptography (SAC’2006), Montreal, Canada, Springer-Verlag, August 17–18, 2006, pp.168–181.Google Scholar
  28. [28]
    Bon Wook Koo, Hwan Seok Jang, Jung Hwan Song. Constructing and cryptanalysis of a 16 × 16 binary matrix as a diffusion layer. In Proc. Int. Workshop on Information Security Applications, Jeju Island, Korea, LNCS 2908, Springer-Verlag, August 25–27, 2003, pp.489–503.Google Scholar

Copyright information

© Science Press, Beijing, China and Springer Science + Business Media, LLC, USA 2007

Authors and Affiliations

  1. 1.State Key Laboratory of Information SecurityInstitute of Software, Chinese Academy of SciencesBeijingChina
  2. 2.State Key Laboratory of Information SecurityGraduate University of Chinese Academy of SciencesBeijingChina

Personalised recommendations