Cryptology ePrint Archive: Report 2010/426

Parallelizing the Camellia and SMS4 Block Ciphers - Extended version

Huihui Yap and Khoongming Khoo and Axel Poschmann

Abstract: The n-cell GF-NLFSR (Generalized Feistel-NonLinear Feedback Shift Register) structure [8] is a generalized unbalanced Feistel network that can be considered as a generalization of the outer function FO of the KASUMI block cipher. An advantage of this cipher over other n-cell generalized Feistel networks, e.g. SMS4 [11] and Camellia [5], is that it is parallelizable for up to n rounds. In hardware implementations, the benefits translate to speeding up encryption by up to n times while consuming similar area and significantly less power. At the same time n-cell GF-NLFSR structures offer similar proofs of security against differential cryptanalysis as conventional n-cell Feistel structures. We also ensure that parallelized versions of Camellia and SMS4 are resistant against other block cipher attacks such as linear, boomerang, integral, impossible differential, higher order differential,interpolation, slide, XSL and related-key differential attacks.

Category / Keywords: secret-key cryptography / Generalized Unbalanced Feistel Network, GF-NLFSR, Camellia, SMS4

Publication Info: Extended version of paper in Africacrypt 2010

Date: received 1 Aug 2010, last revised 2 Aug 2010

Contact author: yhuihui at dso org sg

Available format(s): PDF | BibTeX Citation

Note: 1. We added an explanation of the duality between differential and linear cryptanalysis for the p-Camellia and p-SMS4 structures. 2. We corrected a slight notational error in the proof of protection against linear cryptanalysis for p-Camellia in the conference paper. 3. We added a proof for protection against linear cryptanalysis for p-SMS4, which was not presented in the conference paper. 4. We did a hardware implementation of p-Camellia and p-SMS4 and presented the speed-up over Camellia, SMS4 in this extended paper. 5. We added test vectors for p-Camellia and p-SMS4.

Version: 20100803:005216 (All versions of this report)

Short URL:

Discussion forum: Show discussion | Start new discussion

[ Cryptology ePrint archive ]