Improved Attacks on Reduced-Round Camellia-128/192/256
نویسندگان
چکیده
Camellia is a widely used block cipher, which has been selected as an international standard by ISO/IEC. In this paper, we consider a new family of differentials of round-reduced Camellia-128 depending on different key subsets. There are totally 224 key subsets corresponding to 224 types of 8-round differentials, which cover a fraction of 1− 1/2 of the keyspace. And each type of 8-round differential consists of 2 differentials. Combining with the multiple differential attack techniques, we give the key-dependent multiple differential attack on 10-round Camellia-128 with data complexity 2 and time complexity 2. Furthermore, we propose a 7-round property for Camellia-192 and an 8-round property for Camellia-256, and then mount the meet-in-the-middle attacks on 12-round Camellia-192 and 13-round Camellia-256, with complexity of 2 encryptions and 2 encryptions, respectively. All these attacks start from the first round in a single key setting.
منابع مشابه
Improved Meet-in-the-Middle Attacks on Reduced-Round Camellia-192/256
Camellia is one of the widely used block ciphers, which has been selected as an international standard by ISO/IEC. In this paper, we focus on the key-recovery attacks on reduced-round Camellia-192/256 with meet-in-the-middle methods. We utilize multiset and the differential enumeration methods which are popular to analyse AES in the recent to attack Camellia-192/256. We propose a 7-round proper...
متن کاملCryptanalysis of reduced versions of the Camellia block cipher
The Camellia block cipher has a 128-bit block length, a user key of 128, 192 or 256 bits long, and a total of 18 rounds for a 128-bit key and 24 rounds for a 192 or 256-bit key. It is a Japanese CRYPTRECrecommended e-government cipher, an European NESSIE selected cipher and an ISO international standard. In this paper, we describe a flaw in the approach used to choose plaintexts or ciphertexts ...
متن کاملMeet-in-the-Middle Attack on Reduced Versions of the Camellia Block Cipher
The Camellia block cipher has a 128-bit block length and a user key of 128, 192 or 256 bits long, which employs a total of 18 rounds for a 128-bit key and 24 rounds for a 192 or 256-bit key. It is a Japanese CRYPTREC-recommended e-government cipher, a European NESSIE selected cipher, and an ISO international standard. In this paper, we describe a few 5 and 6-round properties of Camellia and fin...
متن کاملSecurity of Reduced-Round Camellia against Impossible Differential Attack
Camellia is one of the widely used block ciphers, which has been selected as an international standard by ISO/IEC. By using some interesting properties of FL/FL−1 functions, we introduce new 7-round impossible differentials of Camellia for weak keys, which can be used to attack reduced-round Camellia under weak-key setting. The weak keys that work for the impossible differential take 3/4 of the...
متن کاملNew Impossible Differential Attacks on Camellia
Camellia is one of the most worldwide used block ciphers, which has been selected as a standard by ISO/IEC. In this paper, we propose several new 7-round impossible differentials of Camellia with 2 FL/FL−1 layers, which turn out to be the first 7-round impossible differentials with 2 FL/FL−1 layers. Combined with some basic techniques including the early abort approach and the key schedule cons...
متن کامل