Low Data Complexity Attack on Reduced Camellia-256

  • Jiazhe Chen
  • Leibo Li
Part of the Lecture Notes in Computer Science book series (LNCS, volume 7372)


This paper proposes a low data complexity attack on reduced-round block cipher Camellia. Utilizing a 7-round meet-in-the-middle distinguisher with an FL layer between the fifth and the sixth round, one can attack 12-round Camellia-256 with 219 chosen plaintexts and 2231.2 encryptions. This attack starts from the first round of Camellia-256, so as to keep the property of Camellia that inserting the FL layers every 6 rounds; it also takes the whitening keys into account. Compared with the recent proposed attacks on Camellia-256, the attack in this paper has much lower data complexity; at the same time, it is also the best attack on Camellia-256 in terms of the number of rounds and the time complexity, if one only consider the ’regular’ reduced Camellia with 6 rounds before (after) the first (last) FL layer and with whitening keys.


Block Cipher Camellia Meet-in-the-Middle Attack Low Data Complexity Cryptanalysis 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Aoki, K., Ichikawa, T., Kanda, M., Matsui, M., Moriai, S., Nakajima, J., Tokita, T.: Camellia: A 128-Bit Block Cipher Suitable for Multiple Platforms - Design and Analysis. In: Stinson, D.R., Tavares, S. (eds.) SAC 2000. LNCS, vol. 2012, pp. 39–56. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  2. 2.
    Aoki, K., Ichikawa, T., Kanda, M., Matsui, M., Moriai, S., Nakajima, J., Tokita, T.: Specification of Camellia-a 128-bit Block Cipher. version 2.0 (2001),
  3. 3.
    Bai, D., Li, L.: New Impossible Differential Attacks on Camellia. IACR Cryptology ePrint Archive 2011, 661 (2011)Google Scholar
  4. 4.
    Biham, E., Biryukov, A., Shamir, A.: Cryptanalysis of Skipjack Reduced to 31 Rounds Using Impossible Differentials. In: Stern, J. (ed.) EUROCRYPT 1999. LNCS, vol. 1592, pp. 12–23. Springer, Heidelberg (1999)Google Scholar
  5. 5.
    Chen, J., Jia, K., Yu, H., Wang, X.: New Impossible Differential Attacks of Reduced-Round Camellia-192 and Camellia-256. In: Parampalli, U., Hawkes, P. (eds.) ACISP 2011. LNCS, vol. 6812, pp. 16–33. Springer, Heidelberg (2011)CrossRefGoogle Scholar
  6. 6.
    CRYPTREC-Cryptography Research and Evaluation Committees, report, Archive (2002),
  7. 7.
    Demirci, H., Selçuk, A.A.: A Meet-in-the-Middle Attack on 8-Round AES. In: Nyberg, K. (ed.) FSE 2008. LNCS, vol. 5086, pp. 116–126. Springer, Heidelberg (2008)CrossRefGoogle Scholar
  8. 8.
    Diffie, W., Hellman, M.: Special Feature Exhaustive Cryptanalysis of the NBS Data Encryption Standard. Computer 10, 74–84 (1977)CrossRefGoogle Scholar
  9. 9.
    Duo, L., Li, C., Feng, K.: Square Like Attack on Camellia. In: Qing, S., Imai, H., Wang, G. (eds.) ICICS 2007. LNCS, vol. 4861, pp. 269–283. Springer, Heidelberg (2007)CrossRefGoogle Scholar
  10. 10.
    Gilbert, H., Minier, M.: A Collision Attack on 7 Rounds of Rijndael. In: AES Candidate Conference, pp. 230–241 (2000)Google Scholar
  11. 11.
    Hatano, Y., Sekine, H., Kaneko, T.: Higher Order Differential Attack of Camellia (II). In: Nyberg, K., Heys, H.M. (eds.) SAC 2002. LNCS, vol. 2595, pp. 129–146. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  12. 12.
    International Standardization of Organization (ISO), International Standard- ISO/IEC 18033-3, Information technology-Security techniques-Encryption algorithms -Part 3: Block ciphers (2005)Google Scholar
  13. 13.
    Knudsen, L.: DEAL - A 128-bit Block Cipher. In: NIST AES Proposal (1998)Google Scholar
  14. 14.
    Lee, S., Hong, S.H., Lee, S.-J., Lim, J.-I., Yoon, S.H.: Truncated Differential Cryptanalysis of Camellia. In: Kim, K.-c. (ed.) ICISC 2001. LNCS, vol. 2288, pp. 32–38. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  15. 15.
    Lei, D., Chao, L., Feng, K.: New Observation on Camellia. In: Preneel, B., Tavares, S. (eds.) SAC 2005. LNCS, vol. 3897, pp. 51–64. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  16. 16.
    Li, L., Chen, J., Jia, K.: New Impossible Differential Cryptanalysis of Reduced-Round Camellia. In: Lin, D., Tsudik, G., Wang, X. (eds.) CANS 2011. LNCS, vol. 7092, pp. 26–39. Springer, Heidelberg (2011)CrossRefGoogle Scholar
  17. 17.
    Liu, Y., Li, L., Gu, D., Wang, X., Liu, Z., Chen, J., Li, W.: New Observations on Impossible Differential Cryptanalysis of Reduced-Round Camellia. To appear at FSE 2012 (2012)Google Scholar
  18. 18.
    Lu, J., Kim, J.-S., Keller, N., Dunkelman, O.: Improving the Efficiency of Impossible Differential Cryptanalysis of Reduced Camellia and MISTY1. In: Malkin, T. (ed.) CT-RSA 2008. LNCS, vol. 4964, pp. 370–386. Springer, Heidelberg (2008)CrossRefGoogle Scholar
  19. 19.
    Lu, J., Wei, Y., Kim, J., Fouque, P.A.: Cryptanalysis of Reduced Versions of the Camellia Block Cipher,
  20. 20.
    Lu, J., Wei, Y., Kim, J., Pasalic, E.: The Higher-Order Meet-in-the-Middle Attack and Its Application to the Camellia Block Cipher. Presented in part at the First Asian Workshop on Symmetric Key Cryptography (ASK 2011), Singapore (August 2011),
  21. 21.
    Mala, H., Shakiba, M., Dakhilalian, M., Bagherikaram, G.: New Results on Impossible Differential Cryptanalysis of Reduced–Round Camellia–128. In: Jacobson Jr., M.J., Rijmen, V., Safavi-Naini, R. (eds.) SAC 2009. LNCS, vol. 5867, pp. 281–294. Springer, Heidelberg (2009)CrossRefGoogle Scholar
  22. 22.
    Mozilla: Camellia cipher added to Firefox. Mozilla in Asia (2009)Google Scholar
  23. 23.
    NESSIE-New European Schemes for Signatures, Integrity, and Encryption, final report of European project IST-1999-12324. Archive (1999),
  24. 24.
    NTT: The Open Source Community OpenSSL Project Adopts the Next Generation International Standard Cipher ”Camellia” Developed in Japan (2008)Google Scholar
  25. 25.
    Shirai, T.: Differential, Linear, Boomerang and Rectangle Cryptanalysis of Reduced-Round Camellia. In: Proceedings of the Third NESSIE Workshop, Munich, Germany, November 6-7 (2002)Google Scholar
  26. 26.
    Sugita, M., Kobara, K., Imai, H.: Security of Reduced Version of the Block Cipher Camellia against Truncated and Impossible Differential Cryptanalysis. In: Boyd, C. (ed.) ASIACRYPT 2001. LNCS, vol. 2248, pp. 193–207. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  27. 27.
    Wu, W., Zhang, W., Feng, D.: Impossible Differential Cryptanalysis of Reduced-Round ARIA and Camellia. Journal of Computer Science and Technology 22(3), 449–456 (2007)CrossRefGoogle Scholar
  28. 28.
    Wenling, W., Dengguo, F., Hua, C.: Collision Attack and Pseudorandomness of Reduced-Round Camellia. In: Handschuh, H., Hasan, M.A. (eds.) SAC 2004. LNCS, vol. 3357, pp. 252–266. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  29. 29.
    Wu, W., Zhang, L., Zhang, W.: Improved Impossible Differential Cryptanalysis of Reduced-Round Camellia. In: Avanzi, R., Keliher, L., Sica, F. (eds.) SAC 2008. LNCS, vol. 5381, pp. 442–456. Springer, Heidelberg (2009)CrossRefGoogle Scholar
  30. 30.
    Yeom, Y., Park, S., Kim, I.: A Study of Integral Type Cryptanalysis on Camellia. In: Proceedings of the 2003 Symposium on Cryptography and Information Security, pp. 453-456 (2003)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2012

Authors and Affiliations

  • Jiazhe Chen
    • 1
    • 2
  • Leibo Li
    • 1
  1. 1.Key Laboratory of Cryptologic Technology and Information Security, Ministry of Education, School of MathematicsShandong UniversityJinanChina
  2. 2.ESAT/COSIC and IBBTKU LeuvenBelgium

Personalised recommendations