Sciweavers

ASIACRYPT
2001
Springer

Security of Reduced Version of the Block Cipher Camellia against Truncated and Impossible Differential Cryptanalysis

14 years 2 months ago
Security of Reduced Version of the Block Cipher Camellia against Truncated and Impossible Differential Cryptanalysis
This paper describes truncated and impossible differential cryptanalysis of the 128-bit block cipher Camellia, which was proposed by NTT and Mitsubishi Electric Corporation. Our work improves on the best known truncated and impossible differential cryptanalysis. As a result, we show a nontrivial 9-round byte characteristic, which may lead to a possible attack of reduced-round version of Camellia without input/output whitening, FL or FL-1 in a chosen plain text scenario. Previously, only 6-round differentials were known, which may suggest a possible attack of Camellia reduced to 8-rounds. Moreover, we show a nontrivial 7-round impossible differential, whereas only a 5-round impossible differential was previously known. This cryptanalysis is effective against general Feistel structures with round functions composed of S-D (Substitution and Diffusion) transformation.
Makoto Sugita, Kazukuni Kobara, Hideki Imai
Added 23 Aug 2010
Updated 23 Aug 2010
Type Conference
Year 2001
Where ASIACRYPT
Authors Makoto Sugita, Kazukuni Kobara, Hideki Imai
Comments (0)