New Impossible Differential Cryptanalysis of Reduced-Round Camellia

Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 7092)


Camellia is one of the widely used block ciphers, which has been selected as an international standard by ISO/IEC. This paper introduces a 7-round impossible differential of Camellia including FL/FL − 1 layer. Utilizing impossible differential attack, 10-round Camellia-128 is breakable with 2118.5 chosen plaintexts and 2123.5 10 round encryptions. Moreover, 10-round Camellia-192 and 11-round Camellia-256 can also be analyzed, the time complexity are about 2130.4 and 2194.5, respectively. Comparing with known attacks on reduced round Camellia including FL/FL − 1 layer, our results are better than all of them.


Camellia Block Cipher Impossible Differential Cryptanalysis 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Aoki, K., Ichikawa, T., Kanda, M., Matsui, M., Moriai, S., Nakajima, J., Tokita, T.: Camellia: A 128-Bit Block Cipher Suitable for Multiple Platforms - Design and Analysis. In: Stinson, D.R., Tavares, S. (eds.) SAC 2000. LNCS, vol. 2012, pp. 39–56. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  2. 2.
    Aoki, K., Ichikawa, T., Kanda, M., Matsui, M., Moriai, S., Nakajima, J., Tokita, T.: Specification of Camellia-a 128-bit Block Cipher. version 2.0 (2001),
  3. 3.
    Biham, E., Biryukov, A., Shamir, A.: Cryptanalysis of Skipjack Reduced to 31 Rounds Using Impossible Differentials. In: Stern, J. (ed.) EUROCRYPT 1999. LNCS, vol. 1592, pp. 12–23. Springer, Heidelberg (1999)CrossRefGoogle Scholar
  4. 4.
    Chen, J., Jia, K., Yu, H., Wang, X.: New Impossible Differential Attacks of Reduced-Round Camellia-192 and Camellia-256. In: Parampalli, U., Hawkes, P. (eds.) ACISP 2011. LNCS, vol. 6812, pp. 16–33. Springer, Heidelberg (2011)CrossRefGoogle Scholar
  5. 5.
    CRYPTREC-Cryptography Research and Evaluation Committees, report, Archive (2002),
  6. 6.
    Duo, L., Li, C., Feng, K.: Square Like Attack on Camellia. In: Qing, S., Imai, H., Wang, G. (eds.) ICICS 2007. LNCS, vol. 4861, pp. 269–283. Springer, Heidelberg (2007)CrossRefGoogle Scholar
  7. 7.
    Hatano, Y., Sekine, H., Kaneko, T.: igher Order Differential Attack of Camellia (II). In: Nyberg, K., Heys, H.M. (eds.) SAC 2002. LNCS, vol. 2595, pp. 129–146. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  8. 8.
    International Standardization of Organization (ISO), International Standard - ISO/IEC 18033-3, Information technology - Security techniques - Encryption algorithms - Part 3: Block ciphers (2005)Google Scholar
  9. 9.
    Kanda, M., Matsumoto, T.: Security of Camellia against Truncated Differential Cryptanalysis. In: Matsui, M. (ed.) FSE 2001. LNCS, vol. 2355, pp. 119–137. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  10. 10.
    Knudsen, L.R.: DEAL C a 128-bit Block Cipher. Technical report, Department of Informatics, University of Bergen, Norway (1998)Google Scholar
  11. 11.
    Lee, S., Hong, S., Lee, S., Lim, J., Yoon, S.: Truncated Differential Cryptanalysis of Camellia. In: Kim, K.-c. (ed.) ICISC 2001. LNCS, vol. 2288, pp. 32–38. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  12. 12.
    Lei, D., Li, C., Feng, K.: New Observation on Camellia. In: Preneel, B., Tavares, S. (eds.) SAC 2005. LNCS, vol. 3897, pp. 51–64. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  13. 13.
    Lu, J., Kim, J.-S., Keller, N., Dunkelman, O.: Improving the Efficiency of Impossible Differential Cryptanalysis of Reduced Camellia and MISTY1. In: Malkin, T. (ed.) CT-RSA 2008. LNCS, vol. 4964, pp. 370–386. Springer, Heidelberg (2008)CrossRefGoogle Scholar
  14. 14.
    Mala, H., Shakiba, M., Dakhilalian, M., Bagherikaram, G.: New Results on Impossible Differential Cryptanalysis of Reduced–Round Camellia–128. In: Jacobson Jr., M.J., Rijmen, V., Safavi-Naini, R. (eds.) SAC 2009. LNCS, vol. 5867, pp. 281–294. Springer, Heidelberg (2009)CrossRefGoogle Scholar
  15. 15.
    NESSIE-New European Schemes for Signatures, Integrity, and Encryption, final report of European project IST-1999-12324. Archive (1999),
  16. 16.
    Shirai, T.: Differential, Linear, Boomerang and Rectangle Cryptanalysis of Reduced-Round Camellia. In: Proceedings of 3rd NESSIE Workshop (2002)Google Scholar
  17. 17.
    Sugita, M., Kobara, K., Imai, H.: Security of Reduced Version of the Block Cipher Camellia against Truncated and Impossible Differential Cryptanalysis. In: Boyd, C. (ed.) ASIACRYPT 2001. LNCS, vol. 2248, pp. 193–207. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  18. 18.
    Wu, W., Feng, D., Chen, H.: Collision Attack and Pseudorandomness of Reduced-Round Camellia. In: Handschuh, H., Hasan, M.A. (eds.) SAC 2004. LNCS, vol. 3357, pp. 252–266. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  19. 19.
    Wu, W., Zhang, W., Feng, D.: Impossible Differential Cryptanalysis of Reduced- Round ARIA and Camellia. Journal of Computer Science and Technology 22(3), 449–456 (2007)CrossRefGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2011

Authors and Affiliations

  1. 1.Key Laboratory of Cryptologic Technology and Information SecurityMinistry of Education, Shandong UniversityJinanChina
  2. 2.School of MathematicsShandong UniversityJinanChina
  3. 3.Institute for Advanced StudyTsinghua UniversityBeijingChina

Personalised recommendations