Impossible differential cryptanalysis of reduced–round Camellia–256
- « Previous Article
- Table of contents
- Next Article »
Camellia, a 128-bit block cipher that has been accepted by ISO/IEC as an international standard, is increasingly being used in many cryptographic applications. In this study, the authors present a new impossible differential attack on a reduced version of Camellia-256 without FL/FL−1 functions and whitening. First, the authors introduce a new extension of the hash table technique and then exploit it to attack 16 rounds of Camellia-256. When, in an impossible differential attack, the size of the target subkey space is large and the filtration, in the initial steps of the attack, is performed slowly, the extended hash table technique will be very useful. The proposed attack on Camellia-256 requires 2124.1 known plaintexts and has a running time equivalent to about 2249.3 encryptions. In terms of the number of attacked rounds, our result is the best published attack on Camellia-256.