Welcome!
To use the personalized features of this site, please log in or register.
If you have forgotten your username or password, we can help.
|
 |
Security of Reduced Version of the Block Cipher Camellia against Truncated and Impossible Differential Cryptanalysis
| |
|
Security of Reduced Version of the Block Cipher Camellia against Truncated and Impossible Differential Cryptanalysis
Makoto Sugita5  , Kazukuni Kobara6 and Hideki Imai6
| (5) |
NTT Network Innovation Laboratories, NTT Corporation, 1-1 Hikari-no-oka, Yokosuka-shi, 239-0847 Kanagawa, Japan |
| (6) |
Institute of Industrial Sciences, The University of Tokyo, 4-6-1, Komaba, Meguro-ku, 153-8505 Tokyo, Japan |
Abstract
This paper describes truncated and impossible differential cryptanalysis of the 128-bit block cipher Camellia, which was proposed
by NTT and Mitsubishi Electric Corporation. Our work improves on the best known truncated and impossible differential cryptanalysis.
As a result, we show a nontrivial 9-round byte characteristic, which may lead to a possible attack of reduced-round version
of Camellia without input/output whitening, FL or FL
-1 in a chosen plain text scenario. Previously, only 6-round differentials were known, which may suggest a possible attack of
Camellia reduced to 8-rounds. Moreover, we show a nontrivial 7-round impossible differential, whereas only a 5-round impossible
differential was previously known. This cryptanalysis is effective against general Feistel structures with round functions
composed of S-D (Substitution and Diffusion) transformation.
Keywords Block Cipher Camellia - Truncated Differential Cryptanalysis - Impossible Differential Cryptanalysis
Fulltext Preview (Small, Large)
 References secured to subscribers.
|
|
|
|
|
|