Collision attack and pseudorandomness of reduced-round camellia

Camellia is the final winner of 128-bit block cipher in NESSIE. In this paper, we construct some efficient distinguishers between 4-round Camellia and random permutation of the blocks space. By using collision-searching techniques, the distinguishers are used to attack 6,7,8 and 9 rounds of Camellia with 128-bit key and 8,9 and 10 rounds of Camellia with 192/256-bit key. The attack on 6-round of 128-bit key Camellia is more efficient than known attacks. The complexities of the attack on 7(8,9,10)-round Camellia without FL /FL−−1 functions are less than that of previous attacks. Furthermore, we prove that the 4-round primitive-wise idealized Camellia is not pseudorandom permutation and the 5-round primitive-wise idealized Camellia is super-pseudorandom permutation for non-adaptive adversaries.

[1]  Aggelos Kiayias,et al.  Polynomial Reconstruction Based Cryptography , 2001, Selected Areas in Cryptography.

[2]  Yasuo Hatano,et al.  Higher Order Differential Attack of Camellia (II) , 2002, Selected Areas in Cryptography.

[3]  Seokhie Hong,et al.  Truncated Differential Cryptanalysis of Camellia , 2001, ICISC.

[4]  Taizo Shirai,et al.  Improved Upper Bounds of Differential and Linear Characteristic Probability for Camellia , 2002, FSE.

[5]  Rainer A. Rueppel Advances in Cryptology — EUROCRYPT’ 92 , 2001, Lecture Notes in Computer Science.

[6]  Kaoru Kurosawa,et al.  On the Pseudorandomness of the AES Finalists - RC6 and Serpent , 2000, FSE.

[7]  Gerhard Goos,et al.  Fast Software Encryption , 2001, Lecture Notes in Computer Science.

[8]  Joan Feigenbaum,et al.  Advances in Cryptology-Crypto 91 , 1992 .

[9]  Sangwoo Park,et al.  On the Security of CAMELLIA against the Square Attack , 2002, FSE.

[10]  Kwangjo Kim,et al.  Information Security and Cryptology — ICISC 2001 , 2002, Lecture Notes in Computer Science.

[11]  Yeping He,et al.  Square Attack on Reduced Camellia Cipher , 2001, ICICS.

[12]  Kazukuni Kobara,et al.  Security of Reduced Version of the Block Cipher Camellia against Truncated and Impossible Differential Cryptanalysis , 2001, ASIACRYPT.

[13]  Michael Luby,et al.  How to Construct Pseudo-Random Permutations from Pseudo-Random Functions (Abstract) , 1986, CRYPTO.

[14]  Ron Kohavi,et al.  WEBKDD 2001 — Mining Web Log Data Across All Customers Touch Points , 2002, Lecture Notes in Computer Science.

[15]  Colin Boyd,et al.  Advances in Cryptology - ASIACRYPT 2001 , 2001 .

[16]  Ueli Maurer A Simplified and Generalized Treatment of Luby-Rackoff Pseudorandom Permutation Generator , 1992, EUROCRYPT.

[17]  Serge Vaudenay,et al.  Provable Security for Block Ciphers by Decorrelation , 1998, STACS.

[18]  Jacques Patarin,et al.  New Results on Pseudorandom Permutation Generators Based on the DES Scheme , 1991, CRYPTO.