Impossible Differential Cryptanalysis of 14-Round Camellia-192

As an international standard by ISO/IEC, Camellia is a widely used block cipher, which has received much attention from cryptanalysts. The impossible differential attack is one of efficient methods to analyze Camellia. Liu et al. gave an 8-round impossible differential, of which the input and output differences depend on some weak keys. In this paper, we apply some key relations to build the precomputation table to reduce time complexity and give some relations between the size of weak key sets and the number of input and output differences of the impossible differentials, which are used to balance the time complexity and the fraction of key space attacked. Furthermore, we give an impossible differential attack on 14-round Camellia-192 with $$2^{126.5}$$ known plaintexts and $$2^{189.32}$$ encryptions. Our impossible differential attack works one more round than previous cryptanalysis results.

[1]  Mohammad Dakhilalian,et al.  New Results on Impossible Differential Cryptanalysis of Reduced-Round Camellia-128 , 2009, Selected Areas in Cryptography.

[2]  Chao Li,et al.  Square Like Attack on Camellia , 2007, ICICS.

[3]  Jiqiang Lu,et al.  Meet-in-the-Middle Attack on Reduced Versions of the Camellia Block Cipher , 2012, IWSEC.

[4]  Jongsung Kim,et al.  Improving the Efficiency of Impossible Differential Cryptanalysis of Reduced Camellia and MISTY 1 , 2007 .

[5]  Jiazhe Chen,et al.  Low Data Complexity Attack on Reduced Camellia-256 , 2012, ACISP.

[6]  Dawu Gu,et al.  New Observations on Impossible Differential Cryptanalysis of Reduced-Round Camellia , 2012, FSE.

[7]  Yasuo Hatano,et al.  Higher Order Differential Attack of Camellia (II) , 2002, Selected Areas in Cryptography.

[8]  Wenling Wu,et al.  Improved Impossible Differential Cryptanalysis of Reduced-Round Camellia , 2009, Selected Areas in Cryptography.

[9]  Mitsuru Matsui,et al.  Camellia: A 128-Bit Block Cipher Suitable for Multiple Platforms - Design and Analysis , 2000, Selected Areas in Cryptography.

[10]  Chao Li,et al.  New Observation on Camellia , 2005, Selected Areas in Cryptography.

[11]  Andrey Bogdanov,et al.  Zero-Correlation Linear Cryptanalysis with FFT and Improved Attacks on ISO Standards Camellia and CLEFIA , 2013, Selected Areas in Cryptography.

[12]  María Naya-Plasencia,et al.  Scrutinizing and Improving Impossible Differential Attacks: Applications to CLEFIA, Camellia, LBlock and Simon (Full Version) , 2014, IACR Cryptol. ePrint Arch..

[13]  Jongsung Kim,et al.  The higher-order meet-in-the-middle attack and its application to the Camellia block cipher , 2012, Theor. Comput. Sci..

[14]  Keting Jia,et al.  Meet-in-the-Middle Technique for Truncated Differential and Its Applications to CLEFIA and Camellia , 2015, FSE.

[15]  Jongsung Kim,et al.  Cryptanalysis of reduced versions of the Camellia block cipher , 2012, IET Inf. Secur..

[16]  Keting Jia,et al.  New Impossible Differential Attacks of Reduced-Round Camellia-192 and Camellia-256 , 2011, ACISP.

[17]  Kazukuni Kobara,et al.  Security of Reduced Version of the Block Cipher Camellia against Truncated and Impossible Differential Cryptanalysis , 2001, ASIACRYPT.

[18]  Keting Jia,et al.  Improved Attacks on Reduced-Round Camellia-128/192/256 , 2015, CT-RSA.

[19]  Seokhie Hong,et al.  Truncated Differential Cryptanalysis of Camellia , 2001, ICISC.

[20]  Céline Blondeau,et al.  Impossible differential attack on 13-round Camellia-192 , 2015, Inf. Process. Lett..

[21]  Ulrich Kühn,et al.  Improved Cryptanalysis of MISTY1 , 2002, FSE.