Improved Attacks on Reduced-Round Camellia-128/192/256

详细信息    查看全文

• 作者：Xiaoyang Dong (14)
  Leibo Li (14)
  Keting Jia (15)
  Xiaoyun Wang (14) (16)
  
  14. Key Laboratory of Cryptologic Technology and Information Security ; Ministry of Education ; Shandong University ; Jinan ; China
  15. Department of Computer Science and Technology ; Tsinghua University ; Beijing ; China
  16. Institute for Advanced Study ; Tsinghua University ; Beijing ; China
  
• 关键词：Camellia ; Block cipher ; Key ; dependent attack ; Multiple differential attack ; Meet ; in ; the ; middle attack
• 刊名：Lecture Notes in Computer Science
• 出版年：2015
• 出版时间：2015
• 年：2015
• 卷：9048
• 期：1
• 页码：59-83
• 全文大小：458 KB
• 参考文献：1. Aoki, K., Ichikawa, T., Kanda, M., Matsui, M., Moriai, S., Nakajima, J., Tokita, T.: Specification of Camellia - a 128-bit Block Cipher. version 2.0 (2001)
  2. Aoki, K, Ichikawa, T, Kanda, M, Matsui, M, Moriai, S, Nakajima, J, Tokita, T $$Camellia$$ : a 128-bit block cipher suitable for multiple platforms - design and analysis. In: Stinson, DR, Tavares, S eds. (2001) Selected Areas in Cryptography. Springer, Heidelberg, pp. 39-56 CrossRef
  3. Ben-Aroya, I., Biham, E.: Differential cryptanalysis of lucifer. In: Advances in CryptologyCRYPTO93, pp. 187鈥?99. Springer (1994)
  4. Blondeau, C, G茅rard, B Multiple differential cryptanalysis: theory and practice. In: Joux, A eds. (2011) Fast Software Encryption. Springer, Heidelberg, pp. 35-54 CrossRef
  5. Bogdanov, A, Geng, H, Wang, M, Wen, L, Collard, B Zero-correlation linear cryptanalysis with FFT and improved attacks on ISO standards camellia and CLEFIA. In: Lange, T, Lauter, K, Lison臎k, P eds. (2014) Selected Areas in Cryptography 鈥?SAC 2013. Springer, Heidelberg, pp. 306-323 CrossRef
  6. Boura, Christina, Naya-Plasencia, Mar铆a, Suder, Valentin Scrutinizing and improving impossible differential attacks: applications to CLEFIA, camellia, LBlock and Simon. In: Sarkar, Palash, Iwata, Tetsu eds. (2014) Advances in Cryptology 鈥?ASIACRYPT 2014. Springer, Heidelberg, pp. 179-199 CrossRef
  7. Chen, J, Jia, K, Yu, H, Wang, X New impossible differential attacks of reduced-round camellia-192 and camellia-256. In: Parampalli, U, Hawkes, P eds. (2011) Information Security and Privacy. Springer, Heidelberg, pp. 16-33 CrossRef
  8. Chen, J, Li, L Low data complexity attack on reduced camellia-256. In: Susilo, W, Mu, Y, Seberry, J eds. (2012) Information Security and Privacy. Springer, Heidelberg, pp. 101-114 CrossRef
  9. Cryptography Research and Evaluation Committees: http://www.cryptrec.go.jp/english/index.html
  10. Demirci, H, Sel莽uk, AA A meet-in-the-middle attack on 8-round AES. In: Nyberg, K eds. (2008) Fast Software Encryption. Springer, Heidelberg, pp. 116-126 CrossRef
  11. Derbez, P, Fouque, P-A, Jean, J Improved key recovery attacks on reduced-round AES in the single-key setting. In: Johansson, T, Nguyen, PQ eds. (2013) Advances in Cryptology 鈥?EUROCRYPT 2013. Springer, Heidelberg, pp. 371-387 CrossRef
  12. Dunkelman, O, Keller, N, Shamir, A Improved single-key attacks on 8-round AES-192 and AES-256. In: Abe, M eds. (2010) Advances in Cryptology - ASIACRYPT 2010. Springer, Heidelberg, pp. 158-176 CrossRef
  13. Hatano, Y, Sekine, H, Kaneko, T Higher order differential attack of Camellia (II). In: Nyberg, Kaisa, Heys, Howard M eds. (2003) Selected Areas in Cryptography. Springer, Heidelberg, pp. 129-146 CrossRef
  14. International Organization for Standardization(ISO): International Standard- ISO/IEC 18033鈥?, Information technology-Security techniques-Encryption algorithms -Part 3: Block ciphers (2010)
  15. Kanda, M, Matsumoto, T Security of camellia against truncated differential cryptanalysis. In: Matsui, M eds. (2002) Fast Software Encryption. Springer, Heidelberg, pp. 286-299 CrossRef
  16. Knudsen, LR, Rijmen, V On the decorrelated fast cipher (DFC) and its theory. In: Knudsen, LR eds. (1999) Fast Software Encryption. Springer, Heidelberg, pp. 81-94 CrossRef
  17. K眉hn, U Improved cryptanalysis of MISTY1. In: Daemen, J, Rijmen, V eds. (2002) Fast Software Encryption. Springer, Heidelberg, pp. 61-75 CrossRef
  18. Lee, S, Hong, S, Lee, S, Lim, J, Yoon, S Truncated differential cryptanalysis of camellia. In: Kim, K eds. (2002) Information Security and Cryptology - ICISC 2001. Springer, Heidelberg, pp. 32-38 CrossRef
  19. Lei, D, Chao, L, Feng, K New observation on camellia. In: Preneel, B, Tavares, S eds. (2006) Selected Areas in Cryptography. Springer, Heidelberg, pp. 51-64 CrossRef
  20. Duo, L, Li, C, Feng, K Square like attack on camellia. In: Qing, S, Imai, H, Wang, G eds. (2007) Information and Communications Security. Springer, Heidelberg, pp. 269-283 CrossRef
  21. Liu, Y, Li, L, Gu, D, Wang, X, Liu, Z, Chen, J, Li, W New observations on impossible differential cryptanalysis of reduced-round camellia. In: Canteaut, A eds. (2012) Fast Software Encryption. Springer, Heidelberg, pp. 90-109 CrossRef
  22. Lu, J, Kim, J, Keller, N, Dunkelman, O Improving the efficiency of impossible differential cryptanalysis of reduced camellia and MISTY1. In: Malkin, T eds. (2008) Topics in Cryptology 鈥?CT-RSA 2008. Springer, Heidelberg, pp. 370-386 CrossRef
  23. Lu, J, Wei, Y, Fouque, PA, Kim, J (2012) Cryptanalysis of reduced versions of the Camellia block cipher. IET Information Security 6: pp. 228-238 CrossRef
  24. Lu, J, Wei, Y, Kim, J, Pasalic, E The higher-order meet-in-the-middle attack and its application to the camellia block cipher. In: Galbraith, S, Nandi, M eds. (2012) Progress in Cryptology - INDOCRYPT 2012. Springer, Heidelberg, pp. 244-264 CrossRef
  25. Mala, H, Shakiba, M, Dakhilalian, M, Bagherikaram, G New results on impossible differential cryptanalysis of reduced鈥搑ound camellia鈥?28. In: Jacobson, MJ, Rijmen, V, Safavi-Naini, R eds. (2009) Selected Areas in Cryptography. Springer, Heidelberg, pp. 281-294 CrossRef
  26. Shirai, T.: Differential, linear, boomerang and rectangle cryptanalysis of reduced- round camellia. In: The Third NESSIE Workshop (2002)
  27. Sugita, M, Kobara, K, Imai, H Security of reduced version of the block cipher camellia against truncated and impossible differential cryptanalysis. In: Boyd, C eds. (2001) Advances in Cryptology - ASIACRYPT 2001. Springer, Heidelberg, pp. 193-207 CrossRef
  28. Sun, X, Lai, X The key-dependent attack on block ciphers. In: Matsui, M eds. (2009) Advances in Cryptology 鈥?ASIACRYPT 2009. Springer, Heidelberg, pp. 19-36 CrossRef
  29. Wang, M, Sun, Y, Tischhauser, E, Preneel, B A model for structure attacks, with applications to PRESENT and serpent. In: Canteaut, A eds. (2012) Fast Software Encryption. Springer, Heidelberg, pp. 49-68 CrossRef
  30. Wenling, W, Dengguo, F, Hua, C Collision attack and pseudorandomness of reduced-round camellia. In: Handschuh, H, Hasan, MA eds. (2004) Selected Areas in Cryptography. Springer, Heidelberg, pp. 252-266 CrossRef
  31. Wu, W, Zhang, W, Feng, D (2007) Impossible Differential Cryptanalysis of Reduced-Round ARIA and Camellia. J. Comput. Sci. Technol. 22: pp. 449-456 CrossRef
  
• 作者单位：Topics in Cryptology 篓C- CT-RSA 2015
• 丛书名：978-3-319-16714-5
• 刊物类别：Computer Science
• 刊物主题：Artificial Intelligence and Robotics
  Computer Communication Networks
  Software Engineering
  Data Encryption
  Database Management
  Computation by Abstract Devices
  Algorithm Analysis and Problem Complexity
  
• 出版者：Springer Berlin / Heidelberg
• ISSN：1611-3349

文摘

Camellia is a widely used block cipher, which has been selected as an international standard by ISO/IEC. In this paper, we consider a new family of differentials of round-reduced Camellia-128 depending on different key subsets. There are totally 224 key subsets corresponding to 224 types of 8-round differentials, which cover a fraction of \(1-1/2^{15}\) of the keyspace. And each type of 8-round differential consists of \(2^{43}\) differentials. Combining with the multiple differential attack techniques, we give the key-dependent multiple differential attack on 10-round Camellia-128 with data complexity \(2^{91}\) and time complexity \(2^{113}\) . Furthermore, we propose a 7-round property for Camellia-192 and an 8-round property for Camellia-256, and then mount the meet-in-the-middle attacks on 12-round Camellia-192 and 13-round Camellia-256, with complexity of \(2^{180}\) encryptions and \(2^{232.7}\) encryptions, respectively. All these attacks start from the first round in a single key setting.