Improved zero-correlation linear cryptanalysis of reduced-round Camellia under weak keys

Camellia is one of the widely used block ciphers, which has been included in the NESSIE block cipher portfolio and selected as a standard by ISO/IEC. In this study, the authors observe that there exist some interesting properties of the FL/FL −1 functions in Camellia. With this observation they derive some weak keys for the cipher, based on which they present the first known 8-round zero-correlation linear distinguisher of Camellia with FL/FL −1 layers. This result shows that the FL/FL −1 layers inserted in Camellia cannot resist zero-correlation linear cryptanalysis effectively for some weak keys since the currently best zero-correlation linear distinguisher for Camellia without FL/FL −1 layers also covers eight rounds. Moreover, by using the novel distinguisher, they launch key recovery attacks on 13-round Camellia-192 and 14-round Camellia-256. To their knowledge, these results are the best for Camellia-192 and Camellia-256 with FL/FL −1 and whitening layers.

[1]  Hua Chen,et al.  Collision Attack and Pseudorandomness of Reduced-Round Camellia , 2004, Selected Areas in Cryptography.

[2]  Yasuo Hatano,et al.  Higher Order Differential Attack of Camellia (II) , 2002, Selected Areas in Cryptography.

[3]  Zhiqiang Liu,et al.  Improved results on impossible differential cryptanalysis of reduced-round Camellia-192/256 , 2011, J. Syst. Softw..

[4]  Taizo Shirai,et al.  Improved Upper Bounds of Differential and Linear Characteristic Probability for Camellia , 2002, FSE.

[5]  Carlo Harpes,et al.  A Generalization of Linear Cryptanalysis and the Applicability of Matsui's Piling-Up Lemma , 1995, EUROCRYPT.

[6]  Jongsung Kim,et al.  Cryptanalysis of reduced versions of the Camellia block cipher , 2012, IET Inf. Secur..

[7]  Seokhie Hong,et al.  Truncated Differential Cryptanalysis of Camellia , 2001, ICISC.

[8]  Bart Preneel,et al.  NESSIE Project , 2005, Encyclopedia of Cryptography and Security.

[9]  Andrey Bogdanov,et al.  Zero-Correlation Linear Cryptanalysis with FFT and Improved Attacks on ISO Standards Camellia and CLEFIA , 2013, Selected Areas in Cryptography.

[10]  Leibo Li,et al.  New Impossible Differential Attacks on Camellia , 2012, ISPEC.

[11]  Anne Canteaut Fast software encryption : 19th international workshop, FSE 2012, Washington, DC, USA, March 19-21, 2012 : revised selected papers , 2012 .

[12]  Keting Jia,et al.  New Impossible Differential Cryptanalysis of Reduced-Round Camellia , 2011, CANS.

[13]  Jongsung Kim,et al.  The higher-order meet-in-the-middle attack and its application to the Camellia block cipher , 2012, Theor. Comput. Sci..

[14]  Andrey Bogdanov,et al.  Multidimensional zero-correlation attacks on lightweight block cipher HIGHT: Improved cryptanalysis of an ISO standard , 2014, Inf. Process. Lett..

[15]  Mohammad Dakhilalian,et al.  New Results on Impossible Differential Cryptanalysis of Reduced-Round Camellia-128 , 2009, Selected Areas in Cryptography.

[16]  Mitsuru Matsui,et al.  Linear Cryptanalysis Method for DES Cipher , 1994, EUROCRYPT.

[17]  Mitsuru Matsui,et al.  Camellia: A 128-Bit Block Cipher Suitable for Multiple Platforms - Design and Analysis , 2000, Selected Areas in Cryptography.

[18]  Andrey Bogdanov,et al.  Zero Correlation Linear Cryptanalysis with Reduced Data Complexity , 2012, FSE.

[19]  Dawu Gu,et al.  New Observations on Impossible Differential Cryptanalysis of Reduced-Round Camellia , 2012, FSE.

[20]  Chao Li,et al.  New Observation on Camellia , 2005, Selected Areas in Cryptography.

[21]  Keting Jia,et al.  New Impossible Differential Attacks of Reduced-Round Camellia-192 and Camellia-256 , 2011, ACISP.

[22]  Andrey Bogdanov,et al.  Integral and Multidimensional Linear Distinguishers with Correlation Zero , 2012, ASIACRYPT.

[23]  Jongsung Kim,et al.  Improving the Efficiency of Impossible Differential Cryptanalysis of Reduced Camellia and MISTY 1 , 2007 .

[24]  Feng Dengguo,et al.  Collision attack and pseudorandomness of reduced-round camellia , 2004 .

[25]  Joos Vandewalle,et al.  Correlation Matrices , 1994, FSE.

[26]  Kazukuni Kobara,et al.  Security of Reduced Version of the Block Cipher Camellia against Truncated and Impossible Differential Cryptanalysis , 2001, ASIACRYPT.

[27]  Chao Li,et al.  Square Like Attack on Camellia , 2007, ICICS.

[28]  Jean-Jacques Quisquater,et al.  Improving the Time Complexity of Matsui's Linear Cryptanalysis , 2007, ICISC.

[29]  Vincent Rijmen,et al.  Linear hulls with correlation zero and linear cryptanalysis of block ciphers , 2014, Des. Codes Cryptogr..