Cryptology ePrint Archive: Report 2007/466

Improved Impossible Differential Cryptanalysis of CLEFIA

Wei Wang and Xiaoyun Wang

Abstract: This paper presents an improved impossible differential attack on the new block cipher CLEFIA which is proposed by Sony Corporation at FSE 2007. Combining some observations with new tricks, we can filter out the wrong keys more efficiently, and improve the impossible differential attack on 11-round CLEFIA-192/256, which also firstly works for CLEFIA-128. The complexity is about $2^{103.1}$ encryptions and $2^{103.1}$ chosen plaintexts. By putting more constraint conditions on plaintext pairs, we give the first attack on 12-round CLEFIA for all three key lengths with $2^{119.1}$ encryptions and $2^{119.1}$ chosen plaintexts. For CLEFIA-192/256, our attack is applicable to 13-round variant, of which the time complexity is about $2^{181}$, and the data complexity is $2^{120}$. We also extend our attack to 14-round CLEFIA-256, with about $2^{245.4}$ encryptions and $2^{120.4}$ chosen plaintexts. Moreover, a birthday sieve method is introduced to decrease the complexity of the core precomputation.

Category / Keywords: secret-key cryptography / Block ciphers, cryptanalysis, impossible differential attack, CLEFIA

Date: received 12 Dec 2007, last revised 5 Mar 2008

Contact author: xiaoyunwang at mail tsinghua edu cn

Available format(s): PDF | BibTeX Citation

Version: 20080306:030330 (All versions of this report)

Short URL:

Discussion forum: Show discussion | Start new discussion

[ Cryptology ePrint archive ]