Improved Impossible Differential Attack on Reduced Version of Camellia-192/256

As an ISO/IEC international standard, Camellia has been used various cryptographic applications. In this paper, we improve previous attacks on Camellia-192/256 with key-dependent layers FL/FL −1 by using the intrinsic weakness of keyed functions. Specifically, we present the first imposs ible differential attack on 13-round Camellia with 2 121.6 chosen ciphertexts and 2 189.9 13-round encryptions, while the analysis for the biggest number of rounds in previous results on Camellia-192 worked on 12 rounds. Furthermore, we successfully attack 14-round Camellia-256 with 2 122.1 chosen ciphertexts and 2 229.3 14-round encryptions. Compared with the previously best known attack on 14-round Camellia-256, the time complexity of our attack is reduced by 2 8.9 times and the data complexity is comparable.

[1]  Seokhie Hong,et al.  Truncated Differential Cryptanalysis of Camellia , 2001, ICISC.

[2]  Dengguo Feng,et al.  Impossible Differential Cryptanalysis of Reduced-Round ARIA and Camellia , 2007, Journal of Computer Science and Technology.

[3]  Dengguo Feng,et al.  New Results on Impossible Differential Cryptanalysis of Reduced AES , 2007, ICISC.

[4]  Hua Chen,et al.  Collision Attack and Pseudorandomness of Reduced-Round Camellia , 2004, Selected Areas in Cryptography.

[5]  Dawu Gu,et al.  New Observations on Impossible Differential Cryptanalysis of Reduced-Round Camellia , 2012, FSE.

[6]  Jiazhe Chen,et al.  Security of Reduced-Round Camellia against Impossible Differential Attack ⋆ , 2011 .

[7]  Keting Jia,et al.  New Impossible Differential Attacks of Reduced-Round Camellia-192 and Camellia-256 , 2011, ACISP.

[8]  Zhiqiang Liu,et al.  Improved results on impossible differential cryptanalysis of reduced-round Camellia-192/256 , 2011, J. Syst. Softw..

[9]  Mitsuru Matsui,et al.  Camellia: A 128-Bit Block Cipher Suitable for Multiple Platforms - Design and Analysis , 2000, Selected Areas in Cryptography.

[10]  Jongsung Kim,et al.  Cryptanalysis of reduced versions of the Camellia block cipher , 2012, IET Inf. Secur..

[11]  Kazukuni Kobara,et al.  Security of Reduced Version of the Block Cipher Camellia against Truncated and Impossible Differential Cryptanalysis , 2001, ASIACRYPT.

[12]  Chao Li,et al.  New Observation on Camellia , 2005, Selected Areas in Cryptography.

[13]  Mohammad Dakhilalian,et al.  New Results on Impossible Differential Cryptanalysis of Reduced-Round Camellia-128 , 2009, Selected Areas in Cryptography.

[14]  Chao Li,et al.  Square Like Attack on Camellia , 2007, ICICS.

[15]  Leibo Li,et al.  New Impossible Differential Attacks on Camellia , 2012, ISPEC.

[16]  Jongsung Kim,et al.  The higher-order meet-in-the-middle attack and its application to the Camellia block cipher , 2014, Theor. Comput. Sci..

[17]  Jongsung Kim,et al.  Improving the Efficiency of Impossible Differential Cryptanalysis of Reduced Camellia and MISTY 1 , 2007 .

[18]  Jiazhe Chen,et al.  Multiplied Conditional Impossible Differential Attack on Reduced-Round Camellia , 2011, IACR Cryptol. ePrint Arch..