New Impossible Differential Cryptanalysis of Reduced-Round Camellia
Camellia is one of the widely used block ciphers, which has been selected as an international standard by ISO/IEC. This paper introduces a 7-round impossible differential of Camellia including FL/FL − 1 layer. Utilizing impossible differential attack, 10-round Camellia-128 is breakable with 2118.5 chosen plaintexts and 2123.5 10 round encryptions. Moreover, 10-round Camellia-192 and 11-round Camellia-256 can also be analyzed, the time complexity are about 2130.4 and 2194.5, respectively. Comparing with known attacks on reduced round Camellia including FL/FL − 1 layer, our results are better than all of them.
KeywordsCamellia Block Cipher Impossible Differential Cryptanalysis
Unable to display preview. Download preview PDF.
- 2.Aoki, K., Ichikawa, T., Kanda, M., Matsui, M., Moriai, S., Nakajima, J., Tokita, T.: Specification of Camellia-a 128-bit Block Cipher. version 2.0 (2001), http://info.isl.ntt.co.jp/crypt/eng/camellia/specifications.html
- 5.CRYPTREC-Cryptography Research and Evaluation Committees, report, Archive (2002), http://www.ipa.go.jp/security/enc/CRYPTREC/index-e.html
- 8.International Standardization of Organization (ISO), International Standard - ISO/IEC 18033-3, Information technology - Security techniques - Encryption algorithms - Part 3: Block ciphers (2005)Google Scholar
- 10.Knudsen, L.R.: DEAL C a 128-bit Block Cipher. Technical report, Department of Informatics, University of Bergen, Norway (1998)Google Scholar
- 15.NESSIE-New European Schemes for Signatures, Integrity, and Encryption, final report of European project IST-1999-12324. Archive (1999), https://www.cosic.esat.kuleuven.be/nessie/Bookv015.pdf
- 16.Shirai, T.: Differential, Linear, Boomerang and Rectangle Cryptanalysis of Reduced-Round Camellia. In: Proceedings of 3rd NESSIE Workshop (2002)Google Scholar