Improved Differential Fault Analysis on Camellia-128

  • Toru AkishitaEmail author
  • Noboru Kunihiro
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 9689)


In this paper we propose improved Differential Fault Analysis (DFA) on the block cipher Camellia with a 128-bit key. Existing DFAs on Camellia-128 require several faults induced at multiple rounds, at least two of which must be induced at or after the 16-th round. On the other hand, by utilizing longer fault propagation paths than the existing DFAs, the proposed attacks require random byte faults to targeted byte positions induced only at the 14-th round. The simulation results confirm the feasibility of the proposed attacks. Our attacks indicate that the last 5 rounds of Camellia-128, two more rounds compared with the existing DFAs, must be protected against DFAs.


Differential fault analysis DFA Camellia Fault propagation path 



We would like to thank the anonymous reviewers for their helpful comments. This research was partially supported by CREST, JST and JSPS KAKENHI Grant Number 25280001.


  1. 1.
    Ali, S.S., Mukhopadhyay, D.: A differential fault analysis on aes key schedule using single fault. In: FDTC, pp. 35–42. IEEE (2011)Google Scholar
  2. 2.
    Ali, S.S., Mukhopadhyay, D.: Improved differential fault analysis of CLEFIA. In: The 10th Workshop on Fault Diagnosis and Tolerance in Cryptography - FDTC, pp. 60–70. IEEE (2013)Google Scholar
  3. 3.
    Aoki, K., Ichikawa, T., Kanda, M., Matsui, M., Moriai, S., Nakajima, J., Tokita, T.: \(Camellia\): a 128-bit block cipher suitable for multiple platforms - design and analysis. In: Stinson, D.R., Tavares, S. (eds.) SAC 2000. LNCS, vol. 2012, p. 39. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  4. 4.
    Biham, E., Shamir, A.: Differential fault analysis of secret key cryptosystems. In: Kaliski Jr., B.S. (ed.) CRYPTO 1997. LNCS, vol. 1294, pp. 513–525. Springer, Heidelberg (1997)CrossRefGoogle Scholar
  5. 5.
    Boneh, D., DeMillo, R.A., Lipton, R.J.: On the importance of checking cryptographic protocols for faults. In: Fumy, W. (ed.) EUROCRYPT 1997. LNCS, vol. 1233, pp. 37–51. Springer, Heidelberg (1997)CrossRefGoogle Scholar
  6. 6.
    Chen, H., Zhou, Y., Wu, W., Wang, N.: Fault propagation pattern based DFA on feistel ciphers, with application to Camellia. In: The 10th IEEE International Conference on Computer and Information Technology - CIT, pp. 1050–1057. IEEE Computer Society (2010)Google Scholar
  7. 7.
    Japan CRYPTREC (Cryptography Research and Evaluation Committees).
  8. 8.
    Daemen, J., Rijmen, V.: The Design of Rijndael: AES - The Advanced Encryption Standard. Information Security and Cryptography, 1st edn. Springer, Heidelberg (2002)CrossRefzbMATHGoogle Scholar
  9. 9.
    Derbez, P., Fouque, P.-A., Leresteux, D.: Meet-in-the-middle and impossible differential fault analysis on AES. In: Preneel, B., Takagi, T. (eds.) CHES 2011. LNCS, vol. 6917, pp. 274–291. Springer, Heidelberg (2011)CrossRefGoogle Scholar
  10. 10.
    The NESSIE project (New European Schemes for Signatures, Integrity and Encryption).
  11. 11.
    Phan, R.C.-W., Yen, S.-M.: Amplifying side-channel attacks with techniques from block cipher cryptanalysis. In: Domingo-Ferrer, J., Posegga, J., Schreckling, D. (eds.) CARDIS 2006. LNCS, vol. 3928, pp. 135–150. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  12. 12.
    Sasaki, Y., Li, Y., Sakamoto, H., Sakiyama, K.: Coupon collector’s problem for fault analysis against AES — high tolerance for noisy fault injections. In: Sadeghi, A.-R. (ed.) FC 2013. LNCS, vol. 7859, pp. 213–220. Springer, Heidelberg (2013)CrossRefGoogle Scholar
  13. 13.
    Shirai, T., Shibutani, K., Akishita, T., Moriai, S., Iwata, T.: The 128-bit blockcipher CLEFIA (Extended Abstract). In: Biryukov, A. (ed.) FSE 2007. LNCS, vol. 4593, pp. 181–195. Springer, Heidelberg (2007)CrossRefGoogle Scholar
  14. 14.
    Takahashi, J., Fukunaga, T.: Improved differential fault analysis on CLEFIA. In: The 5th Workshop on Fault Diagnosis and Tolerance in Cryptography - FDTC, pp. 25–34. IEEE (2008)Google Scholar
  15. 15.
    Todo, Y., Sasaki, Y.: New property of diffusion switching mechanism on CLEFIA and its application to DFA. In: Sakiyama, K., Terada, M. (eds.) IWSEC 2013. LNCS, vol. 8231, pp. 99–114. Springer, Heidelberg (2013)CrossRefGoogle Scholar
  16. 16.
    Tunstall, M., Mukhopadhyay, D., Ali, S.: Differential fault analysis of the advanced encryption standard using a single fault. In: Ardagna, C.A., Zhou, J. (eds.) WISTP 2011. LNCS, vol. 6633, pp. 224–233. Springer, Heidelberg (2011)Google Scholar
  17. 17.
    Zhao, V., Wang, T.: An Improved Differential Fault Attacks on Camellia. Cryptology ePrint Archive/585 (2009)Google Scholar
  18. 18.
    Zhao, X., Wang, T., Guo, S.: Further improved deep differential fault analysis on Camellia. In: The 2nd International Conference on Instrumentation, Measurement, Computer, Communication and Control - IMCCC, pp. 878–882, IEEE Computer Society (2012)Google Scholar

Copyright information

© Springer International Publishing Switzerland 2016

Authors and Affiliations

  1. 1.The University of TokyoTokyoJapan

Personalised recommendations