Security research with Square attack to a variant Camellia cipher

Xiangyang XU; Guangsheng ZHANG

doi:10.1007/s11460-010-0095-x

PDF(140 KB)

Front. Electr. Electron. Eng. ›› 2010, Vol. 5 ›› Issue (4) : 482-487. DOI: 10.1007/s11460-010-0095-x

RESEARCH ARTICLE

Security research with Square attack to a variant Camellia cipher

Xiangyang XU¹ ,
Guangsheng ZHANG²

Author information +

History +

Abstract

This paper investigates the relation between the choice of S-boxes and Square attack. A variant Camellia, which uses only a single S-box instead of four, is proposed. The security of the variant Camellia against Square attack is studied in detail. Result shows that it needs only 28 chosen plaintexts to recover a byte of the 6th round-key of variant Camellias, while the original Camellia needs either 28 chosen plaintexts to recover a byte of the 6th round-key and a byte of some constant or 216 chosen plaintexts to recover a byte of the 6th round-key. Furthermore, Square attacks on other round-reduced variant Camellia are proposed, and the time complexity of 11-round attack is reduced from 2²⁵⁰ to 2^225.5. The weaker variant Camellia indicates that the choice of S-box and the order of different S-boxes have influence on Square attack.

Keywords

block cipher / Camellia / Square attack

Cite this article

EndNote

Ris (Procite)

Bibtex

Download citation ▾

Xiangyang XU, Guangsheng ZHANG. Security research with Square attack to a variant Camellia cipher. Front Elect Electr Eng Chin, 2010, 5(4): 482‒487 https://doi.org/10.1007/s11460-010-0095-x

References

Publishing order | Descend order by publishing year | Descend order by cited within

[1]	Daemen J, Knudsen L R, Rijmen V. The block cipher Square. In: Proceedings of the 4th International Workshop on Fast Software Encryption. Lecture Notes in Computer Science, 1997, 1267: 149–165

[2]	Lucks S. The saturation attack—a bait for Twofish. In: Proceedings of the 8th International Workshop on Fast Software Encryption. Lecture Notes in Computer Science, 2002, 2355: 1–15

[3]	Biryukov A, Shamir A. Structural cryptanalysis of SASAS. In: Proceedings of the International Conference on the Theory and Application of Cryptographic Techniques: Advances in Cryptology. Lecture Notes in Computer Science, 2001, 2045: 395–405 CrossRef Google scholar

[4]	Knudsen L R, Wagner D. Integral cryptanalysis. In: Proceedings of the 9th International Workshop on Fast Software Encryption. Lecture Notes in Computer Science, 2002, 2365: 112–127

[5]	Reza Z’aba M, Raddum H, Henricksen M, Dawson E. Bit-pattern based integral attack. In: Proceedings of the 15th International Workshop on Fast Software Encryption. Lecture Notes in Computer Science, 2008, 5086: 363–381

[6]

Aoki K, Ichikawa T, Kanda M, Matsui M, Moriai S, Nakajima J, Tokita T. Camellia: a 128-bit block cipher suitable for multiple platforms—design and analysis. In: Proceedings of the 7th Annual International Workshop on Selected Areas in Cryptography. Lecture Notes in Computer Science, 2001, 2012: 39–56

CrossRef Google scholar

[7]	Kanda M, Matsumoto T. Security of Camellia against truncated differential cryptanalysis. In: Proceedings of the 8th International Workshop on Fast Software Encryption. Lecture Notes in Computer Science, 2002, 2355: 286–299

[8]	Hatano Y, Sekine H, Kaneko T. Higher order differential attack of Camellia (II). In: Proceedings of the 9th Annual International Workshop on Selected Areas in Cryptography, Lecture Notes in Computer Science, 2003, 2595: 129–146

[9]	He Y P, Qing S H. Square attack on reduced Camellia cipher. In: Proceedings of the 3rd International Conference on Information and Communications Security. Lecture Notes in Computer Science, 2001, 2229: 238–245 CrossRef Google scholar

[10]	Yeom Y, Park S, Kim I. On the security of Camellia against the Square attack. In: Proceedings of the 9th International Workshop on Fast Software Encryption. Lecture Notes in Computer Science, 2002, 2365: 89–99

[11]	Lei D, Chao L, Feng K Q. New observation on Camellia. In: Proceedings of the 12th International Workshop on Selected Areas in Cryptography. Lecture Notes in Computer Science, 2006, 3897: 51–64

[12]	Wu W L, Feng D G. Collision attack on reduced-round Camellia. Science in China, Series F: Information Sciences, 2005, 48(1): 78–90 CrossRef Google scholar

[13]	Wu W L, Zhang W T, Feng D G. Impossible differential cryptanalysis of reduced-round ARIA and Camellia. Journal of Compute Science and Technology, 2007, 22(3): 449–456 CrossRef Google scholar

[14]

Lu J Q, Kim J, Keller N, Dunkelman O. Improving the efficiency of impossible differential cryptanalysis of reduced Camellia and MISTY1. In: Proceedings of the Cryptopgraphers’ Track at the RSA conference on Topics in cryptology. Lecture Notes in Computer Science, 2008, 4964: 370–386

CrossRef Google scholar

[15]	Kwon D, Kim J, Park S, Sung S H, Sohn Y, Song J H, Yeom Y, Yoon E-J, Lee S, Lee J, Chee S, Han D, Hong J. New block cipher: ARIA. In: Proceedings of the 6th International Conference on Information Security and Cryptology. Lecture Notes in Computer Science, 2004, 2971: 432–445

[16]	Li P, Sun B, Li C. Integral cryptanalysis of ARIA. In: Proceedings of Information Security and Cryptology—Inscrypt2009

Acknowledgements

This work was supported by the Planned Science and Technology Project of Hunan Province of China (Grant No. 2010GK3063 ) and A Project Supported by Scientific Research Fund of Hunan Provincial Education Department.