Paper 2006/350

Impossible Differential Cryptanalysis of ARIA and Camellia

Wenling Wu, Wentao Zhang, and Dengguo Feng


This paper studies the security of the block ciphers ARIA and Camellia against impossible differential cryptanalysis. Our work improves the best impossible differential cryptanalysis of ARIA and Camellia known so far. The designers of ARIA expected no impossible differentials exist for 4-round ARIA. However, we found some nontrivial 4-round impossible differentials, which may lead to a possible attack on 6-round ARIA. Moreover, we found some nontrivial 8-round impossible differentials for Camellia, whereas only 7-round impossible differentials were previously known. By using the 8-round impossible differentials, we presented an attack on 12-round Camellia without $FL/FL^{-1}$ layers.

Available format(s)
Secret-key cryptography
Publication info
Published elsewhere. Unknown where it was published
Contact author(s)
wwl @ is iscas ac cn
2006-10-20: received
Short URL
Creative Commons Attribution


      author = {Wenling Wu and Wentao Zhang and Dengguo Feng},
      title = {Impossible Differential Cryptanalysis of  ARIA and Camellia},
      howpublished = {Cryptology ePrint Archive, Paper 2006/350},
      year = {2006},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.