New Impossible Differential Attacks on Camellia

  • Dongxia Bai
  • Leibo Li
Part of the Lecture Notes in Computer Science book series (LNCS, volume 7232)


Camellia is one of the most worldwide used block ciphers, which has been selected as a standard by ISO/IEC. In this paper, we propose several new 7-round impossible differentials of Camellia with 2 FL/FL − 1 layers, which turn out to be the first 7-round impossible differentials with 2 FL/FL − 1 layers. Combined with some basic techniques including the early abort approach and the key schedule consideration, we achieve the impossible differential attacks on 11-round Camellia-128, 11-round Camellia-192, 12-round Camellia-192, and 14-round Camellia-256, and the time complexity are 2123.8, 2121.7, 2171.4 and 2238.3 respectively. As far as we know, these are the best results against the reduced-round variants of Camellia. Especially, we give the first attack on 11-round Camellia-128 reduced version with FL/FL − 1 layers.


Camellia Impossible Differential Cryptanalysis Impossible Differential Attack 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Aoki, K., Ichikawa, T., Kanda, M., Matsui, M., Moriai, S., Nakajima, J., Tokita, T.: Camellia: A 128-Bit Block Cipher Suitable for Multiple Platforms - Design and Analysis. In: Stinson, D.R., Tavares, S. (eds.) SAC 2000. LNCS, vol. 2012, pp. 39–56. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  2. 2.
    Aoki, K., Ichikawa, T., Kanda, M., Matsui, M., Moriai, S., Nakajima, J., Tokita, T.: Specification of Camellia–a 128-bit block cipher. version 2.0 (2001),
  3. 3.
    Biham, E., Biryukov, A., Shamir, A.: Cryptanalysis of Skipjack Reduced to 31 Rounds Using Impossible Differentials. In: Stern, J. (ed.) EUROCRYPT 1999. LNCS, vol. 1592, pp. 12–23. Springer, Heidelberg (1999)Google Scholar
  4. 4.
    Chen, J., Jia, K., Yu, H., Wang, X.: New Impossible Differential Attacks of Reduced-Round Camellia-192 and Camellia-256. In: Parampalli, U., Hawkes, P. (eds.) ACISP 2011. LNCS, vol. 6812, pp. 16–33. Springer, Heidelberg (2011)CrossRefGoogle Scholar
  5. 5.
    CRYPTREC-Cryptography Research and Evaluation Committees, report, Archive (2002),
  6. 6.
    Duo, L., Li, C., Feng, K.: Square Like Attack on Camellia. In: Qing, S., Imai, H., Wang, G. (eds.) ICICS 2007. LNCS, vol. 4861, pp. 269–283. Springer, Heidelberg (2007)CrossRefGoogle Scholar
  7. 7.
    Hatano, Y., Sekine, H., Kaneko, T.: Higher Order Differential Attack of Camellia (II). In: Nyberg, K., Heys, H.M. (eds.) SAC 2002. LNCS, vol. 2595, pp. 129–146. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  8. 8.
    He, Y., Qing, S.: Square Attack on Reduced Camellia Cipher. In: Qing, S., Okamoto, T., Zhou, J. (eds.) ICICS 2001. LNCS, vol. 2229, pp. 238–245. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  9. 9.
    International Standardization of Organization (ISO), International Standard-ISO/IEC 18033-3, Information technology-Security techniques-Encryption algorithms-Part 3: Block ciphers (2005)Google Scholar
  10. 10.
    Kanda, M., Matsumoto, T.: Security of Camellia against Truncated Differential Cryptanalysis. In: Matsui, M. (ed.) FSE 2001. LNCS, vol. 2355, pp. 137–286. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  11. 11.
    Kawabata, T., Kaneko, T.: A Study on Higher Order Differential Attack of Camellia. In: The 2nd Open NESSIE Workshop (2001)Google Scholar
  12. 12.
    Knudsen, L.R.: DEAL–a 128-bit Block Cipher. Technical report, Department of Informatics, University of Bergen, Norway (1998)Google Scholar
  13. 13.
    Kühn, U.: Improved Cryptanalysis of MISTY1. In: Daemen, J., Rijmen, V. (eds.) FSE 2002. LNCS, vol. 2365, pp. 61–75. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  14. 14.
    Lee, S., Hong, S.H., Lee, S.-J., Lim, J.-I., Yoon, S.H.: Truncated Differential Cryptanalysis of Camellia. In: Kim, K.-c. (ed.) ICISC 2001. LNCS, vol. 2288, pp. 32–38. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  15. 15.
    Duo, L., Li, C., Feng, K.: New Observation on Camellia. In: Preneel, B., Tavares, S. (eds.) SAC 2005. LNCS, vol. 3897, pp. 51–64. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  16. 16.
    Li, L., Chen, J., Jia, K.: New Impossible Differential Cryptanalysis of Reduced-round Camellia. In: Lin, D., Tsudik, G., Wang, X. (eds.) CANS 2011. LNCS, vol. 7092, pp. 26–39. Springer, Heidelberg (2011)CrossRefGoogle Scholar
  17. 17.
    Li, L., Chen, J., Wang, X.: Security of Reduced-Round Camellia against Impossible Differential Attack,
  18. 18.
    Lu, J.: Cryptanalysis of Block Ciphers. PhD Thesis, Department of Mathematics, Royal Holloway, University of London, England (2008)Google Scholar
  19. 19.
    Lu, J.: Higher-order meet-in-the-middle attacks on 10-round Camellia-128, 11-round Camellia-192 and 12-Camellia-256. In an invited talk at ASK 2011 in August 2011, Singapore (2011)Google Scholar
  20. 20.
    Lu, J., Kim, J.-S., Keller, N., Dunkelman, O.: Improving the Efficiency of Impossible Differential Cryptanalysis of Reduced Camellia and MISTY1. In: Malkin, T.G. (ed.) CT-RSA 2008. LNCS, vol. 4964, pp. 370–386. Springer, Heidelberg (2008)CrossRefGoogle Scholar
  21. 21.
    Lu, J., Wei, Y., Kim, J., Fouque, P.A.: Cryptanalysis of Reduced Versions of the Camellia Block Cipher. In: SAC 2011 (2011) (to appear)Google Scholar
  22. 22.
    Mala, H., Shakiba, M., Dakhilalian, M., Bagherikaram, G.: New Results on Impossible Differential Cryptanalysis of Reduced–Round Camellia–128. In: Jacobson Jr., M.J., Rijmen, V., Safavi-Naini, R. (eds.) SAC 2009. LNCS, vol. 5867, pp. 281–294. Springer, Heidelberg (2009)CrossRefGoogle Scholar
  23. 23.
    NESSIE–New European Schemes for Signatures, Integrity, and Encryption, final report of European project IST-1999-12324. Archive (1999),
  24. 24.
    NTT Information Sharing Platform Laboratories: Internationally Standardized Encryption Algorithm from Japan “Camellia”,
  25. 25.
    Shirai, T.: Differential, linear, boomerang and rectangle Cryptanalysis of Reduced-Round Camellia. In: Proceedings of the Third NESSIE Workshop, Munich, Germany, November 6-7 (2002)Google Scholar
  26. 26.
    Sugita, M., Kobara, K., Imai, H.: Security of Reduced Version of the Block Cipher Camellia against Truncated and Impossible Differential Cryptanalysis. In: Boyd, C. (ed.) ASIACRYPT 2001. LNCS, vol. 2248, pp. 193–207. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  27. 27.
    Wu, W., Zhang, W., Feng, D.: Impossible differential cryptanalysis of Reduced- Round ARIA and Camellia. Journal of Computer Science and Technology 22(3), 449–456 (2007)CrossRefGoogle Scholar
  28. 28.
    Wenling, W., Dengguo, F., Hua, C.: Collision Attack and Pseudorandomness of Reduced-Round Camellia. In: Handschuh, H., Hasan, M.A. (eds.) SAC 2004. LNCS, vol. 3357, pp. 252–266. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  29. 29.
    Yeom, Y., Park, S., Kim, I.: On the Security of Camellia against the Square Attack. In: Daemen, J., Rijmen, V. (eds.) FSE 2002. LNCS, vol. 2365, pp. 89–99. Springer, Heidelberg (2002)CrossRefGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2012

Authors and Affiliations

  • Dongxia Bai
    • 1
  • Leibo Li
    • 2
    • 3
  1. 1.Department of Computer Science and TechnologyTsinghua UniversityBeijingChina
  2. 2.Key Laboratory of Cryptologic Technology and Information Security, Ministry of EducationShandong UniversityJinanChina
  3. 3.School of MathematicsShandong UniversityJinanChina

Personalised recommendations