As an ISO/IEC international standard, Camellia has been used in various cryptographic applications. In this study, the authors present the best currently known attacks on Camellia-192/256 with key-dependent layers FL/FL −1 (without the whitening layers) by taking advantage of the intrinsic weakness of keyed functions, the redundancy of key schedule and the early abort technique. Specifically, the authors mount the first impossible differential attack on 13-round Camellia-192 with 2124.79 chosen plaintexts, 2186.09 13-round encryptions and 2129.79 bytes, while the analysis for the biggest number of rounds in previous results on Camellia-192 worked on 12 rounds. Furthermore, the authors successfully attack on 14-round Camellia-256 with 2122.14 chosen plaintexts, 2228.33 14-round encryptions and 2134.14 bytes. Compared with the previously best known attack on 14-round Camellia-256, the time and memory complexities are reduced by 29.87 times and 246.06 times, and the data complexity is comparable.
[1]
Zhiqiang Liu,et al.
Improved results on impossible differential cryptanalysis of reduced-round Camellia-192/256
,
2011,
J. Syst. Softw..
[2]
Dengguo Feng,et al.
Impossible Differential Cryptanalysis of Reduced-Round ARIA and Camellia
,
2007,
Journal of Computer Science and Technology.
[3]
Jongsung Kim,et al.
Cryptanalysis of reduced versions of the Camellia block cipher
,
2012,
IET Inf. Secur..
[4]
Mohammad Dakhilalian,et al.
Impossible differential cryptanalysis of reduced-round Camellia-256
,
2011,
IET Inf. Secur..