scispace - formally typeset
Search or ask a question
Author

Kazumaro Aoki

Bio: Kazumaro Aoki is an academic researcher from Waseda University. The author has contributed to research in topics: Block cipher & Encryption. The author has an hindex of 4, co-authored 6 publications receiving 485 citations.

Papers
More filters
01 Jan 2000
TL;DR: Camellia as discussed by the authors is a new 128-bit block cipher with 128-, 192-, and 256-bit key lengths, which was designed to withstand all known cryptanalytic attacks and even to have a sufficiently large security leeway for use of the next 10-20 years.
Abstract: We present a new 128-bit block cipher called Camellia. Camellia sup- ports 128-bit block size and 128-, 192-, and 256-bit key lengths, i.e. the same interface specifications as the Advanced Encryption Standard (AES). Camellia was carefully designed to withstand all known cryptanalytic attacks and even to have a sufficiently large security leeway for use of the next 10-20 years. There are no hidden weakness inserted by the designers. It was also designed to have suitability for both software and hardware implementations and to cover all possible encryption applications that range from low-cost smart cards to high-speed network systems. Compared to the AES finalists, Camellia offers at least comparable encryption speed in software and hardware. An optimized implementation of Camellia in assembly language can en- crypt on a PentiumIII (800MHz) at the rate of m ore than 276 Mbits per second, which is much faster than the speed of an optimized DES implementation. In ad- dition, a distinguishing feature is its small hardware design. The hardware design, which includes key schedule, encryption and decryption, occupies approximately 11K gates, which is the smallest among all existing 128-bit block ciphers as far as we know. It perfectly meet current market requirements in wireless cards, for instance, where low power consumption is a mandaroty condition.

377 citations

01 Jan 2001
TL;DR: Notations and Conventions 2.2.1 Radix 2.3 List of Symbols 2.4 Bit/Byte Ordering 2.5 Bit/ Byte Ordering.
Abstract: 2 Notations and Conventions 3 2.1 Radix . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3 2.2 Notations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3 2.3 List of Symbols . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3 2.4 Bit/Byte Ordering . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3

56 citations

Patent
27 Jan 1999
TL;DR: In this paper, a plurality of round processing parts (38) are provided each of which contains a nonlinear function part (304), and each non linear function part comprises: a first keydependent linear transformation part (341) which performs a linear transformation based on a subkey; a splitting part (342) which splits the output from the first key-dependent linear transform part into n pieces of subdata, respectively; a first nonlinear transform part (343) which nonlinearly transforms those subdata and a combining part (346) which combines the nonlinear transformed outputs
Abstract: A plurality of round processing parts (38) are provided each of which contains a nonlinear function part (304), and each nonlinear function part (304) comprises: a first key-dependent linear transformation part (341) which performs a linear transformation based on a subkey; a splitting part (342) which splits the output from the first key-dependent linear transformation part into n pieces of subdata; a first nonlinear transformation part (343) which nonlinearly transforms those pieces of subdata, respectively; a second key-dependent linear transformation part (344) which linearly transforms those nonlinearly transformed outputs based on a subkey and outputs n pieces of transformed subdata; a second nonlinear transformation part (345) which nonlinearly transforms those transformed subdata; and a combining part (346) which combines the nonlinearly transformed outputs. An n x n matrix, which represents the linear transformation in the second key-dependent linear transformation part (344), is formed by n vectors whose Hamming weights are equal to or larger than T-1 for a security threshold T, thereby increasing the invulnerability against differential cryptanalysis and linear cryptanalysis.

35 citations

Book ChapterDOI
21 Aug 1994
TL;DR: It has been confirmed that the entire subkeys used in FEAL-8 can be derived with 225 pairs of known plaintexts and ciphertexts with a success rate approximately 70% spending about 1 hour using a WS.
Abstract: This paper discusses the security of the Fast Data Encipherment Algorithm (FEAL) against Linear Cryptanalysis. It has been confirmed that the entire subkeys used in FEAL-8 can be derived with 225 pairs of known plaintexts and ciphertexts with a success rate approximately 70% spending about 1 hour using a WS (SPARCstation 10 Model 30). This paper also evaluates the security of FEAL-N in comparison with that of the Data Encryption Standard (DES).

15 citations

Patent
15 Feb 2002
TL;DR: In this article, the authors proposed a data converting device to perform plural sub-conversion processing in parallel, which can speed up the data conversion processing such as encipher, decipher, and data diffusion.
Abstract: PROBLEM TO BE SOLVED: To speed up the data conversion processing such as encipher, decipher and data diffusion by constituting a data converting device so as to perform plural sub-conversion processing in parallel. SOLUTION: A-input data 101 are subjected to a first nonlinear conversion by a first key parameter 111 and the exclusive OR of the converted result 109 and B-input data 102 is made to be the B-input data of the sub-conversion processing part 122 of a next stage as B-intermediate data 106. B-input data 102 is made to be the A-input data of the sub-conversion processing part of the next stage and are subjected to a second nonlinear conversion by a second key parameter 112, and the exclusive OR of the converted result and the B- intermediate data 106 are made to be the B-input data of the sub-conversion processing part 123 of a next stage as B-intermediate data 108.

3 citations


Cited by
More filters
Book
01 Jan 1996
TL;DR: A valuable reference for the novice as well as for the expert who needs a wider scope of coverage within the area of cryptography, this book provides easy and rapid access of information and includes more than 200 algorithms and protocols.
Abstract: From the Publisher: A valuable reference for the novice as well as for the expert who needs a wider scope of coverage within the area of cryptography, this book provides easy and rapid access of information and includes more than 200 algorithms and protocols; more than 200 tables and figures; more than 1,000 numbered definitions, facts, examples, notes, and remarks; and over 1,250 significant references, including brief comments on each paper.

13,597 citations

Journal Article
TL;DR: In this paper, the authors describe an ultra-lightweight block cipher, present, which is suitable for extremely constrained environments such as RFID tags and sensor networks, but it is not suitable for very large networks such as sensor networks.
Abstract: With the establishment of the AES the need for new block ciphers has been greatly diminished; for almost all block cipher applications the AES is an excellent and preferred choice. However, despite recent implementation advances, the AES is not suitable for extremely constrained environments such as RFID tags and sensor networks. In this paper we describe an ultra-lightweight block cipher, present . Both security and hardware efficiency have been equally important during the design of the cipher and at 1570 GE, the hardware requirements for present are competitive with today's leading compact stream ciphers.

1,750 citations

BookDOI
01 Jan 2004
TL;DR: This work considers two variants of secondorder differential power analysis: Zero-Offset 2DPA and FFT2DPA, and explores a couple of attacks that attempt to efficiently employ second-order techniques to overcome masking.
Abstract: Viable cryptosystem designs must address power analysis attacks, and masking is a commonly proposed technique for defending against these side-channel attacks. It is possible to overcome simple masking by using higher-order techniques, but apparently only at some cost in terms of generality, number of required samples from the device being attacked, and computational complexity. We make progress towards ascertaining the significance of these costs by exploring a couple of attacks that attempt to efficiently employ second-order techniques to overcome masking. In particular, we consider two variants of secondorder differential power analysis: Zero-Offset 2DPA and FFT 2DPA.

508 citations

Book ChapterDOI
26 Mar 2007
TL;DR: A new 128-bit blockcipher CLEFIA supporting key lengths of 128, 192 and 256 bits, which is compatible with AES is proposed, which achieves enough immunity against known attacks and flexibility for efficient implementation in both hardware and software.
Abstract: We propose a new 128-bit blockcipher CLEFIA supporting key lengths of 128, 192 and 256 bits, which is compatible with AES. CLEFIA achieves enough immunity against known attacks and flexibility for efficient implementation in both hardware and software by adopting several novel and state-of-the-art design techniques. CLEFIA achieves a good performance profile both in hardware and software. In hardware using a 0.09 μm CMOS ASIC library, about 1.60 Gbps with less than 6 Kgates, and in software, about 13 cycles/byte, 1.48 Gbps on 2.4 GHz AMD Athlon 64 is achieved. CLEFIA is a highly efficient blockcipher, especially in hardware.

414 citations

01 Jan 2000
TL;DR: Camellia as discussed by the authors is a new 128-bit block cipher with 128-, 192-, and 256-bit key lengths, which was designed to withstand all known cryptanalytic attacks and even to have a sufficiently large security leeway for use of the next 10-20 years.
Abstract: We present a new 128-bit block cipher called Camellia. Camellia sup- ports 128-bit block size and 128-, 192-, and 256-bit key lengths, i.e. the same interface specifications as the Advanced Encryption Standard (AES). Camellia was carefully designed to withstand all known cryptanalytic attacks and even to have a sufficiently large security leeway for use of the next 10-20 years. There are no hidden weakness inserted by the designers. It was also designed to have suitability for both software and hardware implementations and to cover all possible encryption applications that range from low-cost smart cards to high-speed network systems. Compared to the AES finalists, Camellia offers at least comparable encryption speed in software and hardware. An optimized implementation of Camellia in assembly language can en- crypt on a PentiumIII (800MHz) at the rate of m ore than 276 Mbits per second, which is much faster than the speed of an optimized DES implementation. In ad- dition, a distinguishing feature is its small hardware design. The hardware design, which includes key schedule, encryption and decryption, occupies approximately 11K gates, which is the smallest among all existing 128-bit block ciphers as far as we know. It perfectly meet current market requirements in wireless cards, for instance, where low power consumption is a mandaroty condition.

377 citations