| Article ID | Journal | Published Year | Pages | File Type |
|---|---|---|---|---|
| 461741 | Journal of Systems and Software | 2012 | 8 Pages |
As an international standard adopted by ISO/IEC, the block cipher Camellia has been used in various cryptographic applications. In this paper, we reevaluate the security of Camellia against impossible differential cryptanalysis. Specifically, we propose several 7-round impossible differentials with the FL/FL−1 layer. Based on one of them, we mount impossible differential attacks on 11-round Camellia-192 and 12-round Camellia-256. The data complexities of our attacks on 11-round Camellia-192 and 12-round Camellia-256 are about 2120 chosen plaintexts and 2119.8 chosen plaintexts, respectively. The corresponding time complexities are approximately 2167.1 11-round encryptions and 2220.87 12-round encryptions. As far as we know, our attacks are 216.9 times and 219.13 times faster than the previously best known ones but have slightly more data.
► Present several 7-round impossible differentials of Camellia. ► Attack 11-round Camellia-192 with 2120 chosen plaintexts and 2167.1 encryptions. ► Attack 12-round Camellia-256 with 2119.8 chosen plaintexts and 2220.9 encryptions. ► Our attacks are faster than the previous ones but have slightly more data.
