Cryptology ePrint Archive: Report 2015/896

Improved Attacks on Reduced-Round Camellia-128/192/256

Xiaoyang Dong and Leibo Li and Keting Jia and Xiaoyun Wang

Abstract: Camellia is a widely used block cipher, which has been selected as an international standard by ISO/IEC. In this paper, we consider a new family of di erentials of round-reduced Camellia-128 depending on di erent key subsets. There are totally 224 key subsets corresponding to 224 types of 8-round di erentials, which cover a fraction of 1- 1=2^{15} of the keyspace. And each type of 8-round di erential consists of 2^{43} di erentials. Combining with the multiple di erential attack techniques, we give the key-dependent multiple di erential attack on 10-round Camellia-128 with data complexity 2^{91} and time complexity 2^{113}. Furthermore, we propose a 7-round property for Camellia-192 and an 8-round property for Camellia-256, and then mount the meet-in-the-middle attacks on 12-round Camellia-192 and 13-round Camellia-256, with complexity of 2^{180} encryptions and 2^{232.7} encryptions, respectively. All these attacks start from the rst round in a single keysetting.

Category / Keywords: secret-key cryptography / Camellia, Block Cipher, Key-Dependent Attack, Multiple Differential Attack, Meet-in-the-Middle Attack.

Original Publication (in the same form): CT-RSA 2015
DOI: 10.1007/978-3-319-16715-2_4

Date: received 14 Sep 2015

Contact author: dongxiaoyang at mail sdu edu cn

Available format(s): PDF | BibTeX Citation

Version: 20150915:070231 (All versions of this report)

Short URL:

Discussion forum: Show discussion | Start new discussion

[ Cryptology ePrint archive ]