[Resource Topic] 2011/524: Security of Reduced-Round Camellia against Impossible Differential Attack

Welcome to the resource topic for 2011/524

Title:
Security of Reduced-Round Camellia against Impossible Differential Attack

Authors: Leibo Li, Jiazhe Chen, Xiaoyun Wang

Abstract:

Camellia is one of the widely used block ciphers, which has been selected as an international standard by ISO/IEC. By using some interesting properties of FL/FL^{-1} functions, we introduce new 7-round impossible differentials of Camellia for weak keys, which can be used to attack reduced-round Camellia under weak-key setting. The weak keys that work for the impossible differential take 3/4 of the whole key space, therefore, we can further get rid of the weak-key assumption and leverage the attacks to all keys by utilizing a method that is called \emph{the multiplied method}. As a result, for the whole key space, 10-round Camellia-128, 11-round Camellia-192 and 12-round Camellia-256 can be attacked with about 2^{120}, 2^{184} and 2^{240} encryptions, respectively. In addition, we are able to extend the attacks to 12-round Camellia-192 and 14-round Camellia-256 which include two FL/FL^{-1} layers, provided that the attacks do not have to be started from the first round.

ePrint: https://eprint.iacr.org/2011/524

See all topics related to this paper.

Feel free to post resources that are related to this paper below.

Example resources include: implementations, explanation materials, talks, slides, links to previous discussions on other websites.

For more information, see the rules for Resource Topics .