Cryptology ePrint Archive: Report 2015/896

Improved Attacks on Reduced-Round Camellia-128/192/256

Xiaoyang Dong and Leibo Li and Keting Jia and Xiaoyun Wang

Abstract: Camellia is a widely used block cipher, which has been selected as an international standard by ISO/IEC. In this paper, we consider a new family of dierentials of round-reduced Camellia-128 depending on dierent key subsets. There are totally 224 key subsets corresponding to 224 types of 8-round dierentials, which cover a fraction of 1- 1=2^{15} of the keyspace. And each type of 8-round dierential consists of 2^{43} dierentials. Combining with the multiple dierential attack techniques, we give the key-dependent multiple dierential attack on 10-round Camellia-128 with data complexity 2^{91} and time complexity 2^{113}. Furthermore, we propose a 7-round property for Camellia-192 and an 8-round property for Camellia-256, and then mount the meet-in-the-middle attacks on 12-round Camellia-192 and 13-round Camellia-256, with complexity of 2^{180} encryptions and 2^{232.7} encryptions, respectively. All these attacks start from the rst round in a single keysetting.

Category / Keywords: secret-key cryptography / Camellia, Block Cipher, Key-Dependent Attack, Multiple Differential Attack, Meet-in-the-Middle Attack.

Original Publication (in the same form): CT-RSA 2015
DOI: DOI: 10.1007/978-3-319-16715-2_4

Date: received 14 Sep 2015

Contact author: dongxiaoyang at mail sdu edu cn

Available format(s): PDF | BibTeX Citation

Version: 20150915:070231 (All versions of this report)

Short URL: ia.cr/2015/896

Discussion forum: Show discussion | Start new discussion