Security of Reduced-Round Camellia against Impossible Differential Attack

Leibo Li; Jiazhe Chen; Xiaoyun Wang

Paper 2011/524

Security of Reduced-Round Camellia against Impossible Differential Attack

Leibo Li, Jiazhe Chen, and Xiaoyun Wang

Abstract

Camellia is one of the widely used block ciphers, which has been selected as an international standard by ISO/IEC. By using some interesting properties of $F L / F L^{- 1}$ functions, we introduce new 7-round impossible differentials of Camellia for weak keys, which can be used to attack reduced-round Camellia under weak-key setting. The weak keys that work for the impossible differential take 3/4 of the whole key space, therefore, we can further get rid of the weak-key assumption and leverage the attacks to all keys by utilizing a method that is called \emph{the multiplied method}. As a result, for the whole key space, 10-round Camellia-128, 11-round Camellia-192 and 12-round Camellia-256 can be attacked with about $2^{120}$ , $2^{184}$ and $2^{240}$ encryptions, respectively. In addition, we are able to extend the attacks to 12-round Camellia-192 and 14-round Camellia-256 which include two layers, provided that the attacks do not have to be started from the first round.

Metadata

Available format(s): PDF
Publication info: Published elsewhere. Unknown where it was published
Keywords: Camellia Block Cipher Impossible Differential Cryptanalysis
Contact author(s): lileibo @ mail sdu edu cn
History: 2011-11-14: revised; 2011-09-26: received; See all versions
Short URL: https://ia.cr/2011/524
License: CC BY

BibTeX

@misc{cryptoeprint:2011/524,
      author = {Leibo Li and Jiazhe Chen and Xiaoyun Wang},
      title = {Security of Reduced-Round Camellia against Impossible Differential Attack},
      howpublished = {Cryptology {ePrint} Archive, Paper 2011/524},
      year = {2011},
      url = {https://eprint.iacr.org/2011/524}
}