Paper 2007/466

Improved Impossible Differential Cryptanalysis of CLEFIA

Wei Wang and Xiaoyun Wang

Abstract

This paper presents an improved impossible differential attack on the new block cipher CLEFIA which is proposed by Sony Corporation at FSE 2007. Combining some observations with new tricks, we can filter out the wrong keys more efficiently, and improve the impossible differential attack on 11-round CLEFIA-192/256, which also firstly works for CLEFIA-128. The complexity is about $2^{103.1}$ encryptions and $2^{103.1}$ chosen plaintexts. By putting more constraint conditions on plaintext pairs, we give the first attack on 12-round CLEFIA for all three key lengths with $2^{119.1}$ encryptions and $2^{119.1}$ chosen plaintexts. For CLEFIA-192/256, our attack is applicable to 13-round variant, of which the time complexity is about $2^{181}$, and the data complexity is $2^{120}$. We also extend our attack to 14-round CLEFIA-256, with about $2^{245.4}$ encryptions and $2^{120.4}$ chosen plaintexts. Moreover, a birthday sieve method is introduced to decrease the complexity of the core precomputation.

Metadata
Available format(s)
PDF
Category
Secret-key cryptography
Publication info
Published elsewhere. Unknown where it was published
Keywords
Block cipherscryptanalysisimpossible differential attackCLEFIA
Contact author(s)
xiaoyunwang @ mail tsinghua edu cn
History
2008-03-06: last of 4 revisions
2007-12-18: received
See all versions
Short URL
https://ia.cr/2007/466
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2007/466,
      author = {Wei Wang and Xiaoyun Wang},
      title = {Improved Impossible Differential Cryptanalysis of CLEFIA},
      howpublished = {Cryptology ePrint Archive, Paper 2007/466},
      year = {2007},
      note = {\url{https://eprint.iacr.org/2007/466}},
      url = {https://eprint.iacr.org/2007/466}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.