Improved Impossible Differential Attack on Reduced Version of Camellia-192/256
Y Liu, D Gu, Z Liu, W Li - Cryptology ePrint Archive, 2012 - eprint.iacr.org
Y Liu, D Gu, Z Liu, W Li
Cryptology ePrint Archive, 2012•eprint.iacr.orgAs an ISO/IEC international standard, Camellia has been used various cryptographic
applications. In this paper, we improve previous attacks on Camellia-192/256 with key-
dependent layers $ FL/FL^{-1} $ by using the intrinsic weakness of keyed functions.
Specifically, we present the first impossible differential attack on 13-round Camellia with
$2^{121.6} $ chosen ciphertexts and $2^{189.9} $13-round encryptions, while the analysis
for the biggest number of rounds in previous results on Camellia-192 worked on 12 rounds …
applications. In this paper, we improve previous attacks on Camellia-192/256 with key-
dependent layers $ FL/FL^{-1} $ by using the intrinsic weakness of keyed functions.
Specifically, we present the first impossible differential attack on 13-round Camellia with
$2^{121.6} $ chosen ciphertexts and $2^{189.9} $13-round encryptions, while the analysis
for the biggest number of rounds in previous results on Camellia-192 worked on 12 rounds …
Abstract
As an ISO/IEC international standard, Camellia has been used various cryptographic applications. In this paper, we improve previous attacks on Camellia-192/256 with key-dependent layers by using the intrinsic weakness of keyed functions. Specifically, we present the first impossible differential attack on 13-round Camellia with chosen ciphertexts and 13-round encryptions, while the analysis for the biggest number of rounds in previous results on Camellia-192 worked on 12 rounds. Furthermore, we successfully attack 14-round Camellia-256 with chosen ciphertexts and 14-round encryptions. Compared with the previously best known attack on 14-round Camellia-256, the time complexity of our attack is reduced by times and the data complexity is comparable.
eprint.iacr.org
Showing the best result for this search. See all results