We present a new 128-bit block cipher called Camellia. Camellia supports 128-bit block size and 128-, 192-, and 256-bit keys, i.e., the same interface specifications as the Advanced Encryption Standard (AES). Efficiency on both software and hardware platforms is a remarkable characteristic of Camellia in addition to its high level of security. It is confirmed that Camellia provides strong security against differential and linear cryptanalyses. Compared to the AES finalists, i.e., MARS, RC6, Rijndael, Serpent, and Twofish, Camellia offers at least comparable encryption speed in software and hardware. An optimized implementation of Camellia in assembly language can encrypt on a Pentium III (800MHz) at the rate of more than 276 Mbits per second, which is much faster than the speed of an optimized DES implementation. In addition, a distinguishing feature is its small hardware design. The hardware design, which includes encryption and decryption and key schedule, occupies approximately 11K gates, which is the smallest among all existing 128-bit block ciphers as far as we know.
Abstract. This paper studies the upper bounds of the maximum differential and linear characteristic probabilities of Feistel ciphers with SPN round function. In the same way as for SPN ciphers, we consider the minimum number of differential and linear active s-boxes, which provides a measure of the upper bounds of these probabilities, in order to evaluate the security against differential and linear cryptanalyses. The purpose of this work is to clarify the (lower bound of) minimum numbers of active s-boxes in some consecutive rounds of Feistel ciphers, i.e., in three, four, six, eight, and twelve consecutive rounds, using differential and linear branch numbers P d , P l , respectively. Furthermore, we investigate the necessary condition for desirable P -functions, which means that the round functions are invulnerable to both differential and linear cryptanalyses. As an example, we show the round function of Camellia, which satisfies the condition.
Abstract. This paper studies the security offered by the block cipher E2 against truncated differential cryptanalysis. At FSE'99 Matsui and Tokita showed a possible attack on an 8-round variant of E2 without ITFunction (the initial transformation) and F T -Function (the final transformation) based on byte characteristics. To evaluate the security against attacks using truncated differentials, which mean bytewise differentials in this paper, we searched for all truncated differentials that lead to possible attacks for reduced-round variants of E2. As a result, we confirmed that there exist no such truncated differentials for E2 with more than 8 rounds. However, we found another 7-round truncated differential which lead to another possible attack on an 8-round variant of E2 without ITor F T -Function with less complexity. We also found that the 7-round truncated differential is useful to distinguish a 7-round variant of E2 with IT -and F T -Functions from a random permutation. In spite of our severe examination, this type of cryptanalysis fails to break the full E2. We believe that this means that the full E2 offers strong security against this truncated differential cryptanalysis.
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.
customersupport@researchsolutions.com
10624 S. Eastern Ave., Ste. A-614
Henderson, NV 89052, USA
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Copyright © 2024 scite LLC. All rights reserved.
Made with 💙 for researchers
Part of the Research Solutions Family.