Security of Reduced Version of the Block Cipher Camellia against Truncated and Impossible Differential Cryptanalysis

Sugita, Makoto; Kobara, Kazukuni; Imai, Hideki

doi:10.1007/3-540-45682-1_12

Cited by 36 publications

(37 citation statements)

References 6 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…A similar method can be seen in [20]. However, since we could not find a general rule of proof, we just do conjecture it in the case that m is large.…”

Section: Conjecture 2 If R ≥ M 2 There Does Not Exist An Impossiblmentioning

confidence: 78%

Provable Security for the Skipjack-like Structure against Differential Cryptanalysis and Linear Cryptanalysis

Sung¹,

Lee

Lim

et al. 2000

Advances in Cryptology — ASIACRYPT 2000

View full text Add to dashboard Cite

Abstract. In this paper we introduce a structure iterated by the rule A of Skipjack and show that this structure is provably resistant against differential or linear attacks. It is the main result of this paper that the upper bound of r-round (r ≥ 15) differential(or linear hull) probabilities are bounded by p 4 if the maximum differential (or linear hull) probability of a round function is p, and an impossible differential of this structure does not exist if r ≥ 16. Application of this structure which can be seen as a generalized Feistel structure in a way to block cipher designs brings out the provable security against differential and linear attacks with some upper bounds of probabilities. We also propose an interesting conjecture.

show abstract

“…A similar method can be seen in [20]. However, since we could not find a general rule of proof, we just do conjecture it in the case that m is large.…”

Section: Conjecture 2 If R ≥ M 2 There Does Not Exist An Impossiblmentioning

confidence: 78%

Provable Security for the Skipjack-like Structure against Differential Cryptanalysis and Linear Cryptanalysis

Sung¹,

Lee

Lim

et al. 2000

Advances in Cryptology — ASIACRYPT 2000

View full text Add to dashboard Cite

show abstract

“…There are a number of results on simple versions of Camellia which exclude the F L/F L −1 layers and whitening being given in recent years [6,10,13,14,16,17,18,19]. Among them, the impossible differential attacks [3] are most efficient [13,14,17,18].…”

Section: Introductionmentioning

confidence: 99%

“…Among them, the impossible differential attacks [3] are most efficient [13,14,17,18]. Since the existence of F L/F L −1 layers will probably destroy the impossibility, non of the impossible differential paths in these attacks includes the F L/F L −1 layers.…”

Section: Introductionmentioning

confidence: 99%

New Impossible Differential Attacks of Reduced-Round Camellia-192 and Camellia-256

Chen

Jia

et al. 2011

Information Security and Privacy

View full text Add to dashboard Cite

Abstract. Camellia is a block cipher selected as a standard by ISO/IEC, which has been analyzed by a number of cryptanalysts. In this paper, we propose several 6-round impossible differential paths of Camellia with the F L/F L −1 layer in the middle of them. With the impossible differential and a well-organized precomputational table, impossible differential attacks on 10-round Camellia-192 and 11-round Camellia-256 are given, and the time complexity are 2 175 and 2 206.8 respectively. An impossible differential attack on 15-round Camellia-256 without F L/F L −1 layers and whitening is also be given, which needs about 2 236.1 encryptions. To the best of our knowledge, these are the best cryptanalytic results of Camellia-192/-256 with F L/F L −1 layers and Camellia-256 without F L/F L −1 layers to date.

show abstract

“…Nov. 2001) selected as the AES (Advanced Encryption Standard) algorithm [11]. This cipher has been reputed to be secure against conventional cryptanalytic methods [4,8], such as DC (Differential Cryptanalysis) [1] and LC (Linear Cryptanalysis) [7], and throughout the AES process the security of the AES algorithm was examined with considerable cryptanalytic methods [2-4, 13, 14]. But despite the novelty of the AES algorithm [5], the fact that the AES algorithm uses mathematically simple functions [6,12,15,16] has led to some commentators' concern about the security of this cipher.…”

Section: Introductionmentioning

confidence: 99%

Further Observations on the Structure of the AES Algorithm

Song

Seberry

2003

Fast Software Encryption

View full text Add to dashboard Cite

Abstract. We present our further observations on the structure of the AES algorithm relating to the cyclic properties of the functions used in this cipher. We note that the maximal period of the linear layer of the AES algorithm is short, as previously observed by S. Murphy and M.J.B. Robshaw. However, we also note that when the non-linear and the linear layer are combined, the maximal period is dramatically increased not to allow algebraic clues for its cryptanalysis. At the end of this paper we describe the impact of our observations on the security of the AES algorithm. We conclude that although the AES algorithm consists of simple functions, this cipher is much more complicated than might have been expected.

show abstract

Security of Reduced Version of the Block Cipher Camellia against Truncated and Impossible Differential Cryptanalysis

Cited by 36 publications

References 6 publications

Provable Security for the Skipjack-like Structure against Differential Cryptanalysis and Linear Cryptanalysis

Provable Security for the Skipjack-like Structure against Differential Cryptanalysis and Linear Cryptanalysis

New Impossible Differential Attacks of Reduced-Round Camellia-192 and Camellia-256

Further Observations on the Structure of the AES Algorithm

Contact Info

Product

Resources

About