access icon free Improved impossible differential attack on reduced version of Camellia with FL/FL −1 functions

© The Institution of Engineering and Technology
Received 16/11/2013, Accepted 02/12/2015, Revised 08/11/2015, Published 28/06/2016

As an ISO/IEC international standard, Camellia has been used in various cryptographic applications. In this study, the authors present the best currently known attacks on Camellia-192/256 with key-dependent layers FL/FL −1 (without the whitening layers) by taking advantage of the intrinsic weakness of keyed functions, the redundancy of key schedule and the early abort technique. Specifically, the authors mount the first impossible differential attack on 13-round Camellia-192 with 2124.79 chosen plaintexts, 2186.09 13-round encryptions and 2129.79 bytes, while the analysis for the biggest number of rounds in previous results on Camellia-192 worked on 12 rounds. Furthermore, the authors successfully attack on 14-round Camellia-256 with 2122.14 chosen plaintexts, 2228.33 14-round encryptions and 2134.14 bytes. Compared with the previously best known attack on 14-round Camellia-256, the time and memory complexities are reduced by 29.87 times and 246.06 times, and the data complexity is comparable.

Inspec keywords: IEC standards; ISO standards; cryptography

Other keywords: Camellia standard; cryptographic applications; time complexity; Camellia-256; impossible differential attack; data complexity; Camellia-192; IEC international standard; ISO international standard; memory complexity

Subjects: Cryptography; Data security

References

    1. 1)
      • 6. Hatano, Y., Sekine, H., Kaneko, T.: ‘Higher order differential attack of Camellia (II)’. SAC 2002, 2002 (LNCS, 2595), pp. 129146.
    2. 2)
      • 13. Li, L., Jia, K.: ‘Improved meet-in-the-middle attacks on reduced-round Camellia-192/256’. Available at http://eprint.iacr.org/2014/292.
    3. 3)
      • 4. International Organization for Standardization (ISO): ‘International standard – ISO/IEC 18033-3, information technology – security techniques – encryption algorithms – part 3: block ciphers’, 2005.
    4. 4)
      • 25. Bai, D., Li, L.: ‘New impossible differential attacks on Camellia’. ISPEC 2012, 2012 (LNCS, 7232), pp. 8096.
    5. 5)
      • 8. Lei, D., Li, C., Feng, K.: ‘Square like attack on Camellia’. ICICS 2007, 2008 (LNCS, 4861), pp. 269283.
    6. 6)
      • 34. Biham, E., Biryukov, A., Shamir, A.: ‘Cryptanalysis of skipjack reduced to 31 rounds using impossible differentials’. EUROCRYPT 1999, 1999 (LNCS, 1592), pp. 1223.
    7. 7)
      • 20. Lu, J., Kim, J., Keller, N., et al: ‘Improving the efficiency of impossible differential cryptanalysis of reduced Camellia and MISTY1’. CT-RSA 2008, 2008 (LNCS, 4964), pp. 370386.
    8. 8)
      • 9. Sugita, M., Kobara, K., Imai, H.: ‘Security of reduced version of the block cipher Camellia against truncated and impossible differential cryptanalysis’. ASIACRYPT 2001, 2001 (LNCS, 2248), pp. 193207.
    9. 9)
      • 21. Boura, C., Naya-Plasencia, M., Suder, V.: ‘Scrutinizing and improving impossible differential attacks: applications to CLEFIA, Camellia, LBlock and SIMON’. ASIACRYPT 2014, 2014 (LNCS, 8873), pp. 179199.
    10. 10)
      • 10. Lee, S., Hong, S., Lee, S., et al: ‘Truncated differential cryptanalysis of Camellia’. ICISC 2001, 2002 (LNCS, 2288), pp. 3238.
    11. 11)
      • 33. Knudsen, L.R.: ‘DEAL – a 128-bit block cipher’. Technical report, Department of Informatics, University of Bergen, 1998.
    12. 12)
      • 5. Shirai, T.: ‘Differential, linear, boomerang and rectangle cryptanalysis of reduced-round Camellia’. Proc. of 3rd NESSIE Workshop 2002, 2002.
    13. 13)
      • 32. Mala, H., Dakhilalian, M., Shakiba, M.: ‘Impossible differential cryptanalysis of reduced-round Camellia-256’, IET Inf. Secur., 2011, 5, (3), pp. 129134.
    14. 14)
      • 29. Liu, Y., Gu, D., Liu, Z., et al: ‘Improved results on impossible differential cryptanalysis of reduced-round Camellia-192/256’, J. Syst. Softw., 2012, 85, (11), pp. 24512458.
    15. 15)
      • 16. Lu, J., Wei, Y., Pasalic, E., et al: ‘Meet-in-the-middle attack on reduced versions of the Camellia block cipher’. IWSEC 2012, 2012 (LNCS, 7631), pp. 197215.
    16. 16)
      • 26. Li, L., Chen, J., Wang, X.: ‘Security of reduced-round Camellia against impossible differential attack’. Available at http://eprint.iacr.org/2011/524.
    17. 17)
      • 19. Bogdanov, A., Geng, H., Wang, M., et al: ‘Zero correlation linear cryptanalysis with FFT and improved attacks on ISO standards Camellia and CLEFIA’. SAC 2013, 2013 (LNCS, 8282), pp. 306323.
    18. 18)
      • 28. Chen, J., Jia, K., Yu, H., et al: ‘New impossible differential attacks of reduced-round Camellia-192 and Camellia-256’. ACISP 2011, 2011 (LNCS, 6812), pp. 1633.
    19. 19)
      • 14. Chen, J., Li, L.: ‘Low data complexity attack on reduced Camellia-256’. ACISP 2012, 2012 (LNCS, 7372), pp. 101114.
    20. 20)
      • 1. Aoki, K., Ichikawa, T., Kanda, M., et al: ‘Camellia: A 128-bit block cipher suitable for multiple platforms – design and analysis’. SAC 2000, 2000 (LNCS, 2012), pp. 3956.
    21. 21)
      • 27. Lu, J., Wei, Y., Kim, J., et al: ‘Cryptanalysis of reduced versions of the Camellia block cipher’, IET Inf. Secur., 2012, 6, (3), pp. 228238.
    22. 22)
      • 2. Cryptography Research and Evaluating Committees (CRYPTREC): CRYPTREC report 2002, 2003.
    23. 23)
      • 12. Wu, W., Feng, D., Chen, H.: ‘Collision attack and pseudorandomness of reduced-round Camellia’. SAC 2004, 2004 (LNCS, 3357), pp. 252266.
    24. 24)
      • 24. Wu, W., Zhang, W., Feng, D.: ‘Impossible differential cryptanalysis of reduced-round ARIA and Camellia’, J. Comput. Sci. Technol., 2007, 22, (3), pp. 449456.
    25. 25)
      • 22. Lee, S., Hong, S., Lee, S., et al: ‘Truncated differential cryptanalysis of Camellia’. ICICS 2001, 2002 (LNCS, 2288), pp. 3238.
    26. 26)
      • 18. Dong, X., Li, L., Jia, K., et al: ‘Improved attacks on reduced-round Camellia-128/192/256’. CT-RSA, 2015(to appear).
    27. 27)
      • 7. Lei, D., Li, C., Feng, K.: ‘New observation on Camellia’. SAC 2005, 2006 (LNCS, 3897), pp. 5164.
    28. 28)
      • 30. Liu, Y., Li, L., Gu, D., et al: ‘New observations on impossible differential cryptanalysis of reduced-round Camellia’. FSE 2012, 2012 (LNCS, 7549), pp. 90109.
    29. 29)
      • 15. Lu, J., Wei, Y., Kim, J., et al: ‘The higher-order meet-in-the-middle attack and its application to the Camellia block cipher’. INDOCRYPT 2012, 2012 (LNCS, 7668), pp. 244264.
    30. 30)
      • 31. Li, L., Chen, J., Jia, K.: ‘New impossible differential cryptanalysis of reduced-round Camellia’. CANS 2011, 2011 (LNCS, 7092), pp. 2639.
    31. 31)
      • 23. Mala, H., Shakiba, M., Dakhilalian, M., et al: ‘New results on impossible differential cryptanalysis of reduced-round Camellia-128’. SAC 2009, 2009 (LNCS, 5867), pp. 281294.
    32. 32)
      • 11. Kanda, M., Matsumoto, T.: ‘Security of Camellia against truncated differential cryptanalysis’. FSE 2002, 2002 (LNCS, 2355), pp. 286299.
    33. 33)
      • 17. Li, L., Jia, K., Wang, X., et al: ‘Meet-in-the-middle technique for truncated differential and its applications to CLEFIA and Camellia’. FSE, 2015(to appear).
    34. 34)
      • 3. New European Schemes for Signatures, Integrity, and Encryption (NESSIE): Final report of European project IST-1999–12324, 2004.
http://iet.metastore.ingenta.com/content/journals/10.1049/iet-ifs.2014.0279
Loading

Related content

content/journals/10.1049/iet-ifs.2014.0279
pub_keyword,iet_inspecKeyword,pub_concept
6
6
Loading