Paper 2011/524

Security of Reduced-Round Camellia against Impossible Differential Attack

Leibo Li, Jiazhe Chen, and Xiaoyun Wang

Abstract

Camellia is one of the widely used block ciphers, which has been selected as an international standard by ISO/IEC. By using some interesting properties of $FL/FL^{-1}$ functions, we introduce new 7-round impossible differentials of Camellia for weak keys, which can be used to attack reduced-round Camellia under weak-key setting. The weak keys that work for the impossible differential take 3/4 of the whole key space, therefore, we can further get rid of the weak-key assumption and leverage the attacks to all keys by utilizing a method that is called \emph{the multiplied method}. As a result, for the whole key space, 10-round Camellia-128, 11-round Camellia-192 and 12-round Camellia-256 can be attacked with about $2^{120}$, $2^{184}$ and $2^{240}$ encryptions, respectively. In addition, we are able to extend the attacks to 12-round Camellia-192 and 14-round Camellia-256 which include two $FL/FL^{-1}$ layers, provided that the attacks do not have to be started from the first round.

Metadata
Available format(s)
PDF
Publication info
Published elsewhere. Unknown where it was published
Keywords
CamelliaBlock CipherImpossible DifferentialCryptanalysis
Contact author(s)
lileibo @ mail sdu edu cn
History
2011-11-14: revised
2011-09-26: received
See all versions
Short URL
https://ia.cr/2011/524
License
Creative Commons Attribution
CC BY

BibTeX 

@misc{cryptoeprint:2011/524,
      author = {Leibo Li and Jiazhe Chen and Xiaoyun Wang},
      title = {Security of Reduced-Round Camellia against Impossible Differential Attack},
      howpublished = {Cryptology {ePrint} Archive, Paper 2011/524},
      year = {2011},
      url = {https://eprint.iacr.org/2011/524}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.