On the Security of CAMELLIA against the Square Attack

Yeom, Yongjin; Park, Sangwoo; Kim, Iljun

doi:10.1007/3-540-45661-9_7

Cited by 32 publications

(18 citation statements)

References 13 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…He and Qing found that 6-round Camellia is breakable by Square attack [9]. Reference [10] improved the known result about Square attack. Later, Ref.…”

Section: Introductionmentioning

confidence: 71%

Security research with Square attack to a variant Camellia cipher

Zhang

2010

Front. Electr. Electron. Eng. China

View full text Add to dashboard Cite

This paper investigates the relation between the choice of S-boxes and Square attack. A variant Camellia, which uses only a single S-box instead of four, is proposed. The security of the variant Camellia against Square attack is studied in detail. Result shows that it needs only 28 chosen plaintexts to recover a byte of the 6th round-key of variant Camellias, while the original Camellia needs either 28 chosen plaintexts to recover a byte of the 6th round-key and a byte of some constant or 216 chosen plaintexts to recover a byte of the 6th roundkey. Furthermore, Square attacks on other round-reduced variant Camellia are proposed, and the time complexity of 11-round attack is reduced from 2 250 to 2 225.5 . The weaker variant Camellia indicates that the choice of S-box and the order of different S-boxes have influence on Square attack.

show abstract

“…He and Qing found that 6-round Camellia is breakable by Square attack [9]. Reference [10] improved the known result about Square attack. Later, Ref.…”

Section: Introductionmentioning

confidence: 71%

Security research with Square attack to a variant Camellia cipher

Zhang

2010

Front. Electr. Electron. Eng. China

View full text Add to dashboard Cite

show abstract

“…The security of Camellia was initially analyzed by the algorithm designers. Efficient attacks on Camellia include linear cryptanalysis [14] , differential cryptanalysis [13,14] , impossible differential cryptanalysis [15,17] , truncated differential cryptanalysis [7,9,15] , higher order differential cryptanalysis [5] , collision attack [16] and Square attack [3,19,20] . The best attacks on Camellia without FL/FL -1 function layer were impossible differential cryptanalysis [18] , which can attack 12-round Camellia-128 and 16-round Camellia-256 without FL/FL -1 .…”

Section: Introductionmentioning

confidence: 99%

Integral Attacks on Feistel-SP Structure Block Cipher

Li¹,

Wu²,

Zhang³

et al. 2013

Advances in Intelligent Systems Research

View full text Add to dashboard Cite

Abstract-In this paper, a method is presented to extend the length of integral distinguisher of Feistel-SP structure, based on which a new 8-round distinguisher for the block cipher Camellia is proposed. Moreover, integral attacks on round-reduced Camellia without FL/FL -1 are improved. We attack 11-round Camellia-128 with the data complexity of 2 120 and the time complexity of 2 125.5 , and attack 12-round Camellia-256 with the data complexity of 2 120 and the time complexity of 2 214.3 . These attacks are the best integral attacks on round-reduced Camellia so far.

show abstract

“…As one of the most widely used block ciphers, Camellia has received a significant amount of cryptanalytic attention. The most efficient cryptanalytic results on Camellia include linear and differential attacks [19], truncated differential attack [5,10,13,20], higher order differential attack [7,11], collision attack [14,21], square attack [8,14,24], a square like attack [6] and impossible differential attack [15,20,22,23].…”

Section: Introductionmentioning

confidence: 99%

New Results on Impossible Differential Cryptanalysis of Reduced–Round Camellia–128

Mala

Shakiba

Dakhilalian

et al. 2009

Selected Areas in Cryptography

View full text Add to dashboard Cite

Abstract. Camellia, a 128-bit block cipher which has been accepted by ISO/IEC as an international standard, is increasingly being used in many cryptographic applications. In this paper, using the redundancy in the key schedule and accelerating the filtration of wrong pairs, we present a new impossible differential attack to reduced-round Camellia. By this attack 12-round Camellia-128 without F L/F L −1 functions and whitening is breakable with a total complexity of about 2 116.6 encryptions and 2 116.3 chosen plaintexts. In terms of the numbers of the attacked rounds, our attack is better than any previously known attack on Camellia-128.

show abstract

On the Security of CAMELLIA against the Square Attack

Cited by 32 publications

References 13 publications

Security research with Square attack to a variant Camellia cipher

Security research with Square attack to a variant Camellia cipher

Integral Attacks on Feistel-SP Structure Block Cipher

New Results on Impossible Differential Cryptanalysis of Reduced–Round Camellia–128

Contact Info

Product

Resources

About