Paper 2015/896

Improved Attacks on Reduced-Round Camellia-128/192/256

Xiaoyang Dong, Leibo Li, Keting Jia, and Xiaoyun Wang

Abstract

Camellia is a widely used block cipher, which has been selected as an international standard by ISO/IEC. In this paper, we consider a new family of dierentials of round-reduced Camellia-128 depending on dierent key subsets. There are totally 224 key subsets corresponding to 224 types of 8-round dierentials, which cover a fraction of 1- 1=2^{15} of the keyspace. And each type of 8-round dierential consists of 2^{43} dierentials. Combining with the multiple dierential attack techniques, we give the key-dependent multiple dierential attack on 10-round Camellia-128 with data complexity 2^{91} and time complexity 2^{113}. Furthermore, we propose a 7-round property for Camellia-192 and an 8-round property for Camellia-256, and then mount the meet-in-the-middle attacks on 12-round Camellia-192 and 13-round Camellia-256, with complexity of 2^{180} encryptions and 2^{232.7} encryptions, respectively. All these attacks start from the rst round in a single keysetting.

Metadata
Available format(s)
PDF
Category
Secret-key cryptography
Publication info
Published elsewhere. CT-RSA 2015
DOI
DOI: 10.1007/978-3-319-16715-2_4
Keywords
CamelliaBlock CipherKey-Dependent AttackMultiple Differential AttackMeet-in-the-Middle Attack.
Contact author(s)
dongxiaoyang @ mail sdu edu cn
History
2015-09-15: received
Short URL
https://ia.cr/2015/896
License
Creative Commons Attribution
CC BY

BibTeX 

@misc{cryptoeprint:2015/896,
      author = {Xiaoyang Dong and Leibo Li and Keting Jia and Xiaoyun Wang},
      title = {Improved Attacks on Reduced-Round Camellia-128/192/256},
      howpublished = {Cryptology {ePrint} Archive, Paper 2015/896},
      year = {2015},
      doi = {DOI: 10.1007/978-3-319-16715-2_4},
      url = {https://eprint.iacr.org/2015/896}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.