×
Wu, Wenling; Zhang, Lei; Zhang, Wentao

Improved impossible differential cryptanalysis of reduced-round Camellia. (English) Zbl 1256.94069

Avanzi, Roberto Maria (ed.) et al., Selected areas in cryptography. 15th international workshop, SAC 2008, Sackville, New Brunswick, Canada, August 14–15. Revised selected papers. Berlin: Springer (ISBN 978-3-642-04158-7/pbk). Lecture Notes in Computer Science 5381, 442-456 (2009).
Summary: The block cipher Camellia has now been adopted as an international standard by ISO/IEC, and it has also been selected to be Japanese CRYPTREC e-government recommended cipher and in the NESSIE block cipher portfolio. Recently, W. Wu, W. Zhang and D. Feng [“Impossible differential cryptanalysis of reduced-round ARIA and Camellia”, J. Comput. Sci. Technol. 22, No. 3, 449–456 (2007; doi:10.1007/s11390-007-9056-0)] constructed some 8-round impossible differentials of Camellia, and presented an attack on 12-round Camellia-192/256. Later, in [Lect. Notes Comput. Sci. 4964, 370–386 (2008; Zbl 1153.94408)], J. Lu et al. improved the above attack by using the same 8-round impossible differential and some new observations on the diffusion transformation of Camellia. Considering that all these previously known impossible differential attacks on Camellia have not taken the key scheduling algorithm into account, in this paper we exploit the relations between the round subkeys of Camellia, together with some novel techniques in the key recovery process to improve the impossible differential attack on Camellia up to 12-round Camellia-128 and 16-round Camellia-256. The data complexities of the two attacks are \(2^{65}\) and \(2^{89}\) respectively, and the time complexities of the two attacks are less than \(2^{111.5}\) and \(2^{222.1}\) respectively. The presented results are better than any previously published cryptanalytic results on Camellia without the FL/FL\( ^{ - 1}\) functions and whitening layers.
For the entire collection see [Zbl 1173.94003].

Cited in 3 Documents

MSC:

94A60 Cryptography

Keywords:

block cipher; Camellia; impossible differential; cryptanalysis; round subkey

Citations:

Zbl 1153.94408

Software:

Camellia
Cite Review PDF
Full Text: DOI

References:

[1] Aoki, K., Ichikawa, T., Kanda, M., et al.: Specification of Camellia–a 128-bit Block Cipher. In: Selected Areas in Cryptography-SAC 2000. LNCS, vol. 2012, pp. 183–191. Springer, Heidelberg (2001)
[2] Lee, S., Hong, S.H., Lee, S.-J., Lim, J.-I., Yoon, S.H.: Truncated differential cryptanalysis of camellia. In: Kim, K.-c. (ed.) ICISC 2001. LNCS, vol. 2288, pp. 32–38. Springer, Heidelberg (2002) · Zbl 0994.68578 · doi:10.1007/3-540-45861-1_3
[3] Sugita, M., Kobara, K., Imai, H.: Security of reduced version of the block cipher camellia against truncated and impossible differential cryptanalysis. In: Boyd, C. (ed.) ASIACRYPT 2001. LNCS, vol. 2248, pp. 193–207. Springer, Heidelberg (2001) · Zbl 1062.94554 · doi:10.1007/3-540-45682-1_12
[4] Hatano, Y., Sekine, H., Kaneko, T.: Higher order differential attack of (II). In: Nyberg, K., Heys, H.M. (eds.) SAC 2002. LNCS, vol. 2595, pp. 129–146. Springer, Heidelberg (2003) · Zbl 1066.94543 · doi:10.1007/3-540-36492-7_10
[5] Wu, W., Zhang, W., Feng, D.: Impossible Differential Cryptanalysis of Reduced-Round ARIA and Camellia. Journal of Computer Science and Technology 22(3), 449–456 (2007) · doi:10.1007/s11390-007-9056-0
[6] Lu, J., Kim, J.-S., Keller, N., Dunkelman, O.: Improving the efficiency of impossible differential cryptanalysis of reduced camellia and MISTY1. In: Malkin, T.G. (ed.) CT-RSA 2008. LNCS, vol. 4964, pp. 370–386. Springer, Heidelberg (2008) · Zbl 1153.94408 · doi:10.1007/978-3-540-79263-5_24
[7] He, Y., Qing, S.: Square attack on reduced camellia cipher. In: Qing, S., Okamoto, T., Zhou, J. (eds.) ICICS 2001. LNCS, vol. 2229, pp. 238–245. Springer, Heidelberg (2001) · Zbl 1050.94525 · doi:10.1007/3-540-45600-7_27
[8] Yeom, Y., Park, S., Kim, I.: On the Security of Camellia against the Square Attack. In: FSE 2002. LNCS, vol. 2356, pp. 89–99. Springer, Heidelberg (2002) · Zbl 1045.94537 · doi:10.1007/3-540-45661-9_7
[9] Yeom, Y., Park, S., Kim, I.: A Study of Integral Type Cryptanalysis on Camellia. In: The 2003 Symposium on Cryptography and Information Security-SCIS 2003, Hamamatsu, Japan, pp. 26–29 (2003)
[10] Lei, D., Chao, L., Feng, K.: New observation on camellia. In: Preneel, B., Tavares, S. (eds.) SAC 2005. LNCS, vol. 3897, pp. 51–64. Springer, Heidelberg (2006) · Zbl 1151.94536 · doi:10.1007/11693383_4
[11] Duo, L., Li, C., Feng, K.: Square like attack on camellia. In: Qing, S., Imai, H., Wang, G. (eds.) ICICS 2007. LNCS, vol. 4861, pp. 269–283. Springer, Heidelberg (2007) · doi:10.1007/978-3-540-77048-0_21
[12] Wenling, W., Dengguo, F., Hua, C.: Collision attack and pseudorandomness of reduced-round camellia. In: Handschuh, H., Hasan, M.A. (eds.) SAC 2004. LNCS, vol. 3357, pp. 252–266. Springer, Heidelberg (2004) · Zbl 1117.94339 · doi:10.1007/978-3-540-30564-4_18
[13] Jie, G., Zhongya, Z.: Improved collision attack on reduced round camellia. In: Pointcheval, D., Mu, Y., Chen, K. (eds.) CANS 2006. LNCS, vol. 4301, pp. 182–190. Springer, Heidelberg (2006) · Zbl 1307.94056 · doi:10.1007/11935070_12
[14] Shirai, T.: Differential, Linear, Boomerang and Rectangle Cryptanalysis of Reduced-Round Camellia. In: Proceedings of the Third NESSIE Workshop, Munich, Germany, November 6-7 (2002), https://www.cosic.esat.kuleuven.be/nessie/
[15] Wu, W., Feng, D.: Differential-Linear Cryptanalysis of Camellia. In: Progress on Cryptography, pp. 173–180. Kluwer Academic Publishers, Dordrecht (2004) · Zbl 1081.94542 · doi:10.1007/1-4020-7987-7_24
[16] Biham, E., Biryukov, A., Shamir, A.: Cryptanalysis of Skipjack Reduced to 31 Rounds Using Impossible Differentials. In: EUROCRYPT 1999. LNCS, vol. 2595, pp. 12–23. Springer, Heidelberg (1999) · Zbl 0927.94013 · doi:10.1007/3-540-48910-X_2
[17] Cheon, J.H., Kim, M., Kim, K., Lee, J.-Y., Kang, S.: Improved impossible differential cryptanalysis of rijndael and crypton. In: Kim, K.-c. (ed.) ICISC 2001. LNCS, vol. 2288, pp. 39–49. Springer, Heidelberg (2002) · Zbl 0994.68576 · doi:10.1007/3-540-45861-1_4
[18] Phan, R.C.-W.: Impossible Differential Cryptanalysis of 7-round AES. Information Processing Letters 91(1), 33–38 (2004) · Zbl 1177.68087 · doi:10.1016/j.ipl.2004.02.018
[19] Jakimoski, G., Desmedt, Y.: Related-Key Differential Cryptanalysis of 192-bit key AES Variants. In: Matsui, M., Zuccherato, R.J. (eds.) SAC 2003. LNCS, vol. 3006, pp. 208–221. Springer, Heidelberg (2004) · Zbl 1081.94527 · doi:10.1007/978-3-540-24654-1_15
[20] Zhang, W., Wu, W., Zhang, L., Feng, D.: Improved related-key impossible differential attacks on reduced-round AES-192. In: Biham, E., Youssef, A.M. (eds.) SAC 2006. LNCS, vol. 4356, pp. 15–27. Springer, Heidelberg (2007) · Zbl 1161.94434 · doi:10.1007/978-3-540-74462-7_2
[21] Biham, E., Dunkelman, O., Keller, N.: Related-key impossible differential attacks on 8-round AES-192. In: Pointcheval, D. (ed.) CT-RSA 2006. LNCS, vol. 3860, pp. 21–33. Springer, Heidelberg (2006) · Zbl 1125.94320 · doi:10.1007/11605805_2
[22] Zhang, W., Wu, W., Feng, D.: New results on impossible differential cryptanalysis of reduced AES. In: Nam, K.-H., Rhee, G. (eds.) ICISC 2007. LNCS, vol. 4817, pp. 239–250. Springer, Heidelberg (2007) · Zbl 1182.94049 · doi:10.1007/978-3-540-76788-6_19
[23] Tsunoo, Y., Tsujihara, E., Saito, T., Suzaki, T., Kubo, H.: Impossible Differential Cryptanalysis of CLEFIA. In: Fast Software Encryption-FSE 2008. Springer, Heidelberg (2008) · Zbl 1154.94436
This reference list is based on information provided by the publisher or from digital mathematics libraries. Its items are heuristically matched to zbMATH identifiers and may contain data conversion errors. In some cases that data have been complemented/enhanced by data from zbMATH Open. This attempts to reflect the references listed in the original paper as accurately as possible without claiming completeness or a perfect matching.