Security of Reduced Version of the Block Cipher Camellia against Truncated and Impossible Differential Cryptanalysis

14 years 3 months ago

Download www.iacr.org

This paper describes truncated and impossible differential cryptanalysis of the 128-bit block cipher Camellia, which was proposed by NTT and Mitsubishi Electric Corporation. Our work improves on the best known truncated and impossible differential cryptanalysis. As a result, we show a nontrivial 9-round byte characteristic, which may lead to a possible attack of reduced-round version of Camellia without input/output whitening, FL or FL-1 in a chosen plain text scenario. Previously, only 6-round differentials were known, which may suggest a possible attack of Camellia reduced to 8-rounds. Moreover, we show a nontrivial 7-round impossible differential, whereas only a 5-round impossible differential was previously known. This cryptanalysis is effective against general Feistel structures with round functions composed of S-D (Substitution and Diffusion) transformation.

Makoto Sugita, Kazukuni Kobara, Hideki Imai

Real-time Traffic

ASIACRYPT 2001 | Block Cipher Camellia | Cryptology | Nontrivial 9-round Byte | Possible Attack |

claim paper

Post Info
More Details (n/a)

Added	23 Aug 2010
Updated	23 Aug 2010
Type	Conference
Year	2001
Where	ASIACRYPT
Authors	Makoto Sugita, Kazukuni Kobara, Hideki Imai

Comments (0)

Sciweavers

Security of Reduced Version of the Block Cipher Camellia against Truncated and Impossible Differential Cryptanalysis

ASIACRYPT 2001 | Block Cipher Camellia | Cryptology | Nontrivial 9-round Byte | Possible Attack |

Explore & Download

Productivity Tools

Document Tools

Image Tools

Sciweavers