Meet-in-the-Middle Attack on Reduced Versions of the Camellia Block Cipher

The Camellia block cipher has a 128-bit block length and a user key of 128, 192 or 256 bits long, which employs a total of 18 rounds for a 128-bit key and 24 rounds for a 192 or 256-bit key. It is a Japanese CRYPTREC-recommended e-government cipher, a European NESSIE selected cipher, and an ISO international standard. In this paper, we describe a few 5 and 6-round properties of Camellia and finally use them to give (higher-order) meet-in-the-middle attacks on 10-round Camellia with the FL/FL− 1 functions under 128 key bits, 11-round Camellia with the FL/FL− 1 and whitening functions under 192 key bits and 12-round Camellia with the FL/FL− 1 and whitening functions under 256 key bits.

[1]  Mitsuru Matsui,et al.  Camellia: A 128-Bit Block Cipher Suitable for Multiple Platforms - Design and Analysis , 2000, Selected Areas in Cryptography.

[2]  Jacques Stern,et al.  Advances in Cryptology — EUROCRYPT ’99 , 1999, Lecture Notes in Computer Science.

[3]  Eli Biham,et al.  Cryptanalysis of Skipjack Reduced to 31 Rounds Using Impossible Differentials , 1999, Journal of Cryptology.

[4]  Chao Li,et al.  New Observation on Camellia , 2005, Selected Areas in Cryptography.

[5]  Gerhard Goos,et al.  Fast Software Encryption , 2001, Lecture Notes in Computer Science.

[6]  Whitfield Diffie,et al.  Special Feature Exhaustive Cryptanalysis of the NBS Data Encryption Standard , 1977, Computer.

[7]  Aggelos Kiayias,et al.  Polynomial Reconstruction Based Cryptography , 2001, Selected Areas in Cryptography.

[8]  Jiazhe Chen,et al.  Low Data Complexity Attack on Reduced Camellia-256 , 2012, ACISP.

[9]  Eli Biham,et al.  The Rectangle Attack - Rectangling the Serpent , 2001, EUROCRYPT.

[10]  David A. Wagner,et al.  The Boomerang Attack , 1999, FSE.

[11]  Chao Li,et al.  Square Like Attack on Camellia , 2007, ICICS.

[12]  Vincent Rijmen,et al.  The Block Cipher Square , 1997, FSE.

[13]  Mitsuru Matsui,et al.  Linear Cryptanalysis Method for DES Cipher , 1994, EUROCRYPT.

[14]  Pulak Mishra,et al.  Mergers, Acquisitions and Export Competitive- ness: Experience of Indian Manufacturing Sector , 2012 .

[15]  Kazukuni Kobara,et al.  Security of Reduced Version of the Block Cipher Camellia against Truncated and Impossible Differential Cryptanalysis , 2001, ASIACRYPT.

[16]  Jongsung Kim,et al.  The higher-order meet-in-the-middle attack and its application to the Camellia block cipher , 2014, Theor. Comput. Sci..

[17]  Lars R. Knudsen,et al.  Truncated and Higher Order Differentials , 1994, FSE.

[18]  Keting Jia,et al.  New Impossible Differential Attacks of Reduced-Round Camellia-192 and Camellia-256 , 2011, ACISP.

[19]  Xuejia Lai Higher Order Derivatives and Differential Cryptanalysis , 1994 .

[20]  Dawu Gu,et al.  New Observations on Impossible Differential Cryptanalysis of Reduced-Round Camellia , 2012, FSE.

[21]  Information Security and Privacy , 1996, Lecture Notes in Computer Science.

[22]  David A. Wagner,et al.  Integral Cryptanalysis , 2002, FSE.

[23]  Martin E. Hellman,et al.  A cryptanalytic time-memory trade-off , 1980, IEEE Trans. Inf. Theory.

[24]  Feng Dengguo,et al.  Collision attack and pseudorandomness of reduced-round camellia , 2004 .

[25]  Leibo Li,et al.  New Impossible Differential Attacks on Camellia , 2012, ISPEC.

[26]  Tor Helleseth,et al.  Advances in Cryptology — EUROCRYPT ’93 , 2001, Lecture Notes in Computer Science.

[27]  Ali Aydin Selçuk,et al.  A Meet-in-the-Middle Attack on 8-Round AES , 2008, FSE.

[28]  Jongsung Kim,et al.  Cryptanalysis of reduced versions of the Camellia block cipher , 2012, IET Inf. Secur..

[29]  Eli Biham,et al.  Differential cryptanalysis of DES-like cryptosystems , 1990, Journal of Cryptology.

[30]  Hua Chen,et al.  Collision Attack and Pseudorandomness of Reduced-Round Camellia , 2004, Selected Areas in Cryptography.

[31]  Yasuo Hatano,et al.  Higher Order Differential Attack of Camellia (II) , 2002, Selected Areas in Cryptography.

[32]  Sangwoo Park,et al.  On the Security of CAMELLIA against the Square Attack , 2002, FSE.

[33]  Keting Jia,et al.  New Impossible Differential Cryptanalysis of Reduced-Round Camellia , 2011, CANS.

[34]  Yupu Hu,et al.  Integral cryptanalysis of SAFER , 1999 .

[35]  Alex Biryukov,et al.  Impossible Differential Attack , 2005, Encyclopedia of Cryptography and Security.