Abstract:As an international standard adopted by ISO/IEC, the block cipher Camellia has been used in various cryptographic applications. In this paper, we reevaluate the security of Camellia against impossible differential cryptanalysis. Specifically, we propose several 7-round impossible differentials with the FL/FL-1 layer. Based on one of them, we mount impossible differential attacks on 11-round Camellia-192 and 12-round Camellia-256. The data complexities of our attacks on 11-round Camellia-192 and 12-round Camellia-256 are about 2(120) chosen plaintexts and 2(119.8) chosen plaintexts, respectively. The corresponding time complexities are approximately 2(167.1) 11-round encryptions and 2(220.87) 12-round encryptions. As far as we know, our attacks are 2(16.9) times and 2(19.13) times faster than the previously best known ones but have slightly more data. (c) 2012 Elsevier Inc. All rights reserved.

Improved Results on Impossible Differential Cryptanalysis of Reduced-Round Camellia-192/256