New Results on Impossible Differential Cryptanalysis of Reduced–Round Camellia–128

  • Hamid Mala
  • Mohsen Shakiba
  • Mohammad Dakhilalian
  • Ghadamali Bagherikaram
Part of the Lecture Notes in Computer Science book series (LNCS, volume 5867)


Camellia, a 128–bit block cipher which has been accepted by ISO/IEC as an international standard, is increasingly being used in many cryptographic applications. In this paper, using the redundancy in the key schedule and accelerating the filtration of wrong pairs, we present a new impossible differential attack to reduced–round Camellia. By this attack 12–round Camellia–128 without FL/FL − 1 functions and whitening is breakable with a total complexity of about 2116.6 encryptions and 2116.3 chosen plaintexts. In terms of the numbers of the attacked rounds, our attack is better than any previously known attack on Camellia–128.


Time Complexity Hash Table Block Cipher Collision Attack Cipher Suitable 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


  1. 1.
    Aoki, K., Ichikawa, T., Kanda, M., Matsui, M., Moriai, S., Nakajima, J., Tokita, T.: Camellia: a 128-bit Block Cipher Suitable for Multiple Platforms-Design and Analysis. In: Stinson, D.R., Tavares, S. (eds.) SAC 2000. LNCS, vol. 2012, pp. 39–56. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  2. 2.
    Aoki, K., Ichikawa, T., Kanda, M., Matsui, M., Moriai, S., Nakajima, J., Tokita, T.: Specification of Camellia – a 128-bit Block Cipher. version 2.0 (2001),
  3. 3.
    Biham, E., Biryukov, A., Shamir, A.: Cryptanalysis of Skipjack Reduced to 31 Rounds Using Impossible Differentials. In: Stern, J. (ed.) EUROCRYPT 1999. LNCS, vol. 1592, pp. 12–23. Springer, Heidelberg (1999)Google Scholar
  4. 4.
    Biham, E., Shamir, A.: Differential Cryptanalysis of the Data Encryption Standard. Springer, Heidelberg (1993)zbMATHGoogle Scholar
  5. 5.
    CRYPTREC – Cryptography Research and Evaluation Committees, report, Archive (2002),
  6. 6.
    Duo, L., Li, C., Feng, K.: Square Like Attack on Camellia. In: Qing, S., Imai, H., Wang, G. (eds.) ICICS 2007. LNCS, vol. 4861, pp. 269–283. Springer, Heidelberg (2007)CrossRefGoogle Scholar
  7. 7.
    Hatano, Y., Sekine, H., Kaneko, T.: Higher Order Differential Attack of Camellia (II). In: Nyberg, K., Heys, H.M. (eds.) SAC 2002. LNCS, vol. 2595, pp. 129–146. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  8. 8.
    He, Y., Qing, S.: Square Attack on Reduced Camellia Cipher. In: Qing, S., Okamoto, T., Zhou, J. (eds.) ICICS 2001. LNCS, vol. 2229, pp. 238–245. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  9. 9.
    International Standardization of Organization (ISO), International Standard - ISO/IEC 18033-3, Information technology - Security techniques - Encryption algorithms - Part 3: Block ciphers (July 2005)Google Scholar
  10. 10.
    Kanda, M., Matsumoto, T.: Security of Camellia against Truncated Differential Cryptanalysis. In: Matsui, M. (ed.) FSE 2001. LNCS, vol. 2355, pp. 119–137. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  11. 11.
    Kawabata, T., Kaneko, T.: A Study on Higher Order Differential Attack of Camellia. In: The 2nd open NESSIE workshop (2001)Google Scholar
  12. 12.
    Knudsen, L.R.: DEAL – a 128-bit Block Cipher. Technical report, Department of Informatics, University of Bergen, Norway (1998)Google Scholar
  13. 13.
    Lee, S., Hong, S., Lee, S., Lim, J., Yoon, S.: Truncated Differential Cryptanalysis of Camellia. In: Kim, K.-c. (ed.) ICISC 2001. LNCS, vol. 2288, pp. 32–38. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  14. 14.
    Lei, D., Chao, L., Feng, K.: New Observation on Camellia. In: Preneel, B., Tavares, S. (eds.) SAC 2005. LNCS, vol. 3897, pp. 51–64. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  15. 15.
    Lu, J.: Cryptanalysis of Block Ciphers. PhD Thesis, Department of Mathematics, Royal Holloway, University of London, England (2008)Google Scholar
  16. 16.
    Lu, J., Kim, J., Keller, N., Dunkelman, O.: Improving the Efficiency of Impossible Differential Cryptanalysis of Reduced Camellia and MISTY1. In: Malkin, T.G. (ed.) CT-RSA 2008. LNCS, vol. 4964, pp. 370–386. Springer, Heidelberg (2008)CrossRefGoogle Scholar
  17. 17.
    NESSIE – New European Schemes for Signatures, Integrity, and Encryption, final report of European project IST-1999-12324. Archive (1999),
  18. 18.
    NTT Information Sharing Platform Laboratories: Internationally Standardized Encryption Algorithm from Japan“Camellia”,
  19. 19.
    Shirai, T.: Differential, Linear, Boomerang and Rectangle Cryptanalysis of Reduced-Round Camellia. In: Proceedings of 3rd NESSIE workshop (November 2002)Google Scholar
  20. 20.
    Sugita, M., Kobara, K., Imai, H.: Security of Reduced Version of the Block Cipher Camellia against Truncated and Impossible Differential Cryptanalysis. In: Boyd, C. (ed.) ASIACRYPT 2001. LNCS, vol. 2248, pp. 193–207. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  21. 21.
    Wu, W., Feng, D., Chen, H.: Collision Attack and Pseudorandomness of Reduced-Round Camellia. In: Handschuh, H., Hasan, M.A. (eds.) SAC 2004. LNCS, vol. 3357, pp. 252–266. Springer, Heidelberg (2004)Google Scholar
  22. 22.
    Wu, W., Zhang, L., Zhang, W.: Improved Impossible Differential Cryptanalysis of Reduced-Round Camellia. In: Avanzi, R., Keliher, L., Sica, F. (eds.) SAC 2008. LNCS, vol. 5381, pp. 442–456. Springer, Heidelberg (2009)Google Scholar
  23. 23.
    Wu, W., Zhang, W., Feng, D.: Impossible Differential Cryptanalysis of Reduced-Round ARIA and Camellia. Journal of Computer Science and Technology 22(3), 449–456 (2007)CrossRefGoogle Scholar
  24. 24.
    Yeom, Y., Park, S., Kim, I.: On the security of Camellia against the Square attack. In: Daemen, J., Rijmen, V. (eds.) FSE 2002. LNCS, vol. 2365, pp. 89–99. Springer, Heidelberg (2002)CrossRefGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2009

Authors and Affiliations

  • Hamid Mala
    • 1
  • Mohsen Shakiba
    • 1
  • Mohammad Dakhilalian
    • 1
  • Ghadamali Bagherikaram
    • 2
  1. 1.Cryptography & System Security Research Laboratory, Department of Electrical and Computer EngineeringIsfahan University of TechnologyIsfahanIran
  2. 2.Department of Electrical and Computer EngineeringUniversity of WaterlooWaterlooCanada

Personalised recommendations