Impossible Differential Cryptanalysis of Reduced-Round ARIA and Camellia
- 127 Downloads
This paper studies the security of the block ciphers ARIA and Camellia against impossible differential cryptanalysis. Our work improves the best impossible differential cryptanalysis of ARIA and Camellia known so far. The designers of ARIA expected no impossible differentials exist for 4-round ARIA. However, we found some nontrivial 4-round impossible differentials, which may lead to a possible attack on 6-round ARIA. Moreover, we found some nontrivial 8-round impossible differentials for Camellia, whereas only 7-round impossible differentials were previously known. By using the 8-round impossible differentials, we presented an attack on 12-round Camellia without FL/FL 1 layers.
Keywordsblock cipher ARIA Camellia data complexity time complexity impossible differential cryptanalysis
Unable to display preview. Download preview PDF.
- Daesung Kwon, Jaesung Kim, Sangwoo Park et al. New block cipher: ARIA. In Proc. Information Security and Cryptology (ICISC’03), Seoul, Korea, LNCS 2971, Springer-Verlag, November 27–28, 2003, pp.432–445.Google Scholar
- Aoki K, Ichikawa T, Kanda M et al. Specification of Camellia — A 128-bit block cipher. In Proc. Selected Areas in Cryptography (SAC’2000), Waterloo, Canada, LNCS 2012, Springer-Verlag, August 14–15, 2000, pp.183–191.Google Scholar
- Lee S, Hong S, Lee S et al. Truncated differential cryptanalysis of Camellia. In Proc. Information Security and Cryptology (ICISC’01), Seoul, Korea, LNCS 2288, Springer-Verlag, December 6–7, 2001, pp.32–38.Google Scholar
- Sugita M, Kobara K, Imai H. Security of reduced version of the block cipher Camellia against truncated and impossible differential cryptanalysis. In Proc. Advances in Cryptology (Asiacrypt’01), Queensland, Australia, LNCS 2248, Springer-Verlag, December 9–13, 2001, pp193–207.Google Scholar
- Hatano Y, Sekine H, Kaneko T. Higher order differential attack of Camellia (II). In Proc. Selected Areas in Cryptography (SAC’02), Newfoundland, Canada, LNCS 2595, Springer-Verlag, August 15–16, 2002, pp.39–56.Google Scholar
- Yeom Y, Park S, Kim I. On the security of Camellia against the square attack. In Proc. Fast Software Encryption (FSE’02), Springer-Verlag, Leuven, Belgium, LNCS 2356, February 4–6, 2002, pp.89–99.Google Scholar
- Shirai T. Differential, linear, boomerang and rectangle cryptanalysis of reduced-round Camellia. In Proc. the Third NESSIE Workshop, Munich, Germany, November 6–7, 2002. Available at: https://www.cosic.esat.kuleuven.be/nessie/.
- Yeom Y, Park I, Kim I. A study of integral type cryptanalysis on Camellia. In Proc. The 2003 Symposium on Cryptography and Information Security (SCIS’03), Hamamatsu, Japan, January 2003, pp.26–29.Google Scholar
- Wenling Wu, Dengguo Feng, Hua Chen. Collision attack and pseudorandomness of reduced-round Camellia. In Proc. Selected Areas in Cryptography (SAC 2004), Waterloo, Canada, LNCS 3357, Springer-Verlag, August 9–10, 2004, pp.256–270.Google Scholar
- Duo Lei, Li Chao, Keqin Feng. New observation on Camellia. In Proc. Selected Areas in Cryptography (SAC 2005), Springer-Verlag, Kingston, Canada, LNCS 3897, August 11–12, 2005, pp.51–64.Google Scholar
- A Biryukov, Christophe De Canniere et al. Security and performance analysis of ARIA. Available at http://homes.esat.kuleuven.be/~abiryuko/ARIA-COSICreport.pdf.
- Biham E, Shamir A. Differential Cryptanalysis of the Data Encryption Standard, Springer-Verlag, 1993.Google Scholar
- Matsui M. Linear cryptanalysis method for DES cipher. In Proc. Advances in Cryptology–EUROCRYPT’93, Lofthus, Norway, LNCS 765, Springer-Verlag, May 23–27, 1993, pp.386–397.Google Scholar
- Knudsen L. Truncated and higher order differentials. In Proc. Fast Software Encryption (FSE’95), Leuven, Belgium, LNCS 2595, Springer-Verlag, December 1994, pp.196–211.Google Scholar
- Biham E, Biryukov A, Shamir A. Cryptanalysis of skipjack reduced to 31 rounds using impossible differentials. In Proc. Advances in Cryptology–EUROCRYPT’99, Rague, Czech Republic, LNCS 2595, Springer-Verlag, May 2–6, 1999, pp.12–23.Google Scholar
- Biryukov A, Wagner D. Slide attacks. In Proc. Fast Software Encryption (FSE’99), Rome, Italy, LNCS 1636, Springer-Verlag, March 24–26, 1999, pp.245–259.Google Scholar
- Biryukov A, Wagner D. Advanced slide attacks. In Proc. Advances in Cryptology–EUROCRYPT’00, Bruges, Belgium, LNCS 1807, Springer-Verlag, May 14–18, 2000, pp.589–606.Google Scholar
- Knudsen L, Wagner D. Integral cryptanalysis (extended abstract). In Proc. Fast Software Encryption (FSE 2002), Leuven, Belgium, LNCS 2595, Springer-Verlag, February 4–6, 2002, pp.112–127.Google Scholar
- Wagner D. The boomerang attack. In Proc. Fast Software Encryption (FSE’99), Rome, Italy, LNCS 1636, Springer-Verlag, March 24–26, 1999, pp.157–170.Google Scholar
- Jakobsen T, Knudsen L. The interpolation attack against block ciphers. In Proc. Fast Software Encryption (FSE’99), Rome, Italy, LNCS 1267, Springer-Verlag, pp.28–40.Google Scholar
- Courtois N, Pieprzyk J. Cryptanalysis of block ciphers with overdefined systems of equations. In Proc. Advances in Cryptology–ASIACRYPT’02, Queenstown, New Zealand, LNCS 2595, Springer-Verlag, December 1–5, 2002, pp.267–287.Google Scholar
- Jung Hee Cheon, Munju Kim, Kwangjo Kim et al. Improved impossible differential cryptanalysis of Rijndael and Crypton. In Proc. International Conference on Information Security and Cryptology (ICISC’01), Seoul, South Korea, LNCS 2288, Springer-Verlag, December 6–7, 2001, pp.39–49.Google Scholar
- Goce Jakimoski, Yvo Desmedt. Related-key differential cryptanalysis of 192-bit key AES variants. In Proc. Selected Areas in Cryptography (SAC’2003), Ottawa, Canada, LNCS 3006, Springer-Verlag, August 14–15, 2003, pp.208–221.Google Scholar
- Biham E, Orr Dunkelman, Nathan Keller. Related-key impossible differential attacks on 8-round AES-192. In Proc. The Cryptographer’s Track (CT-RSA), San Jose, CA, USA, LNCS 3860, Springer-Verlag, February 13–17, 2006, pp.21–33.Google Scholar
- Wentao Zhang, Wenling Wu, Lei Zhang, Dengguo Feng. Improved related-key impossible differential attacks on reduced-round AES-192. In Proc. Selected Areas in Cryptography (SAC’2006), Montreal, Canada, Springer-Verlag, August 17–18, 2006, pp.168–181.Google Scholar
- Bon Wook Koo, Hwan Seok Jang, Jung Hwan Song. Constructing and cryptanalysis of a 16 × 16 binary matrix as a diffusion layer. In Proc. Int. Workshop on Information Security Applications, Jeju Island, Korea, LNCS 2908, Springer-Verlag, August 25–27, 2003, pp.489–503.Google Scholar