Improved Meet-in-the-Middle Attacks on Reduced-Round Camellia-192/256

Camellia is one of the widely used block ciphers, which has been selected as an international standard by ISO/IEC. In this paper, we focus on the key-recovery attacks on reduced-round Camellia-192/256 with meet-in-the-middle methods. We utilize multiset and the differential enumeration methods which are popular to analyse AES in the recent to attack Camellia-192/256. We propose a 7-round property for Camellia-192, and achieve a 12-round attack with 2 encryptions, 2 chosen plaintexts and 2 128-bit memories. Furthermore, we present an 8-round property for Camellia-256, and apply it to break the 13-round Camellia-256 with 2 encryptions, 2 chosen ciphertexts and 2 128-bit memories.

[1]  Hua Chen,et al.  Collision Attack and Pseudorandomness of Reduced-Round Camellia , 2004, Selected Areas in Cryptography.

[2]  Yasuo Hatano,et al.  Higher Order Differential Attack of Camellia (II) , 2002, Selected Areas in Cryptography.

[3]  Wenling Wu,et al.  Improved Impossible Differential Cryptanalysis of Reduced-Round Camellia , 2009, Selected Areas in Cryptography.

[4]  Jiazhe Chen,et al.  Low Data Complexity Attack on Reduced Camellia-256 , 2012, ACISP.

[5]  Feng Dengguo,et al.  Collision attack and pseudorandomness of reduced-round camellia , 2004 .

[6]  Seokhie Hong,et al.  Truncated Differential Cryptanalysis of Camellia , 2001, ICISC.

[7]  Keting Jia,et al.  New Impossible Differential Attacks of Reduced-Round Camellia-192 and Camellia-256 , 2011, ACISP.

[8]  Adi Shamir,et al.  Improved Single-Key Attacks on 8-Round AES-192 and AES-256 , 2010, Journal of Cryptology.

[9]  Ulrich Kühn,et al.  Improved Cryptanalysis of MISTY1 , 2002, FSE.

[10]  Zhiqiang Liu,et al.  Improved results on impossible differential cryptanalysis of reduced-round Camellia-192/256 , 2011, J. Syst. Softw..

[11]  Ali Aydin Selçuk,et al.  A Meet-in-the-Middle Attack on 8-Round AES , 2008, FSE.

[12]  Dawu Gu,et al.  New Observations on Impossible Differential Cryptanalysis of Reduced-Round Camellia , 2012, FSE.

[13]  Jérémy Jean,et al.  Improved Key Recovery Attacks on Reduced-Round AES in the Single-Key Setting , 2013, IACR Cryptol. ePrint Arch..

[14]  Chao Li,et al.  New Observation on Camellia , 2005, Selected Areas in Cryptography.

[15]  Jongsung Kim,et al.  Cryptanalysis of reduced versions of the Camellia block cipher , 2012, IET Inf. Secur..

[16]  Kazukuni Kobara,et al.  Security of Reduced Version of the Block Cipher Camellia against Truncated and Impossible Differential Cryptanalysis , 2001, ASIACRYPT.

[17]  Jongsung Kim,et al.  The higher-order meet-in-the-middle attack and its application to the Camellia block cipher , 2014, Theor. Comput. Sci..

[18]  Jongsung Kim,et al.  Improving the Efficiency of Impossible Differential Cryptanalysis of Reduced Camellia and MISTY 1 , 2007 .

[19]  Andrey Bogdanov,et al.  Zero-Correlation Linear Cryptanalysis with FFT and Improved Attacks on ISO Standards Camellia and CLEFIA , 2013, Selected Areas in Cryptography.

[20]  Mohammad Dakhilalian,et al.  New Results on Impossible Differential Cryptanalysis of Reduced-Round Camellia-128 , 2009, Selected Areas in Cryptography.

[21]  Mitsuru Matsui,et al.  Speci cation of Camellia | a 128-bit Block Cipher , 2001 .

[22]  Mitsuru Matsui,et al.  Camellia: A 128-Bit Block Cipher Suitable for Multiple Platforms - Design and Analysis , 2000, Selected Areas in Cryptography.

[23]  Keting Jia,et al.  New Impossible Differential Cryptanalysis of Reduced-Round Camellia , 2011, CANS.

[24]  Adi Shamir,et al.  Improved Single-Key Attacks on 8-Round AES-192 and AES-256 , 2010, Journal of Cryptology.

[25]  Dengguo Feng,et al.  Impossible Differential Cryptanalysis of Reduced-Round ARIA and Camellia , 2007, Journal of Computer Science and Technology.

[26]  Chao Li,et al.  Square Like Attack on Camellia , 2007, ICICS.

[27]  Jiqiang Lu,et al.  Meet-in-the-Middle Attack on Reduced Versions of the Camellia Block Cipher , 2012, IWSEC.

[28]  Joan Daemen,et al.  AES Proposal : Rijndael , 1998 .

[29]  Tsutomu Matsumoto,et al.  Security of Camellia against Truncated Differential Cryptanalysis , 2001, FSE.

[30]  Leibo Li,et al.  New Impossible Differential Attacks on Camellia , 2012, ISPEC.