Open Access
Camellia: A 128-Bit Block Cipher Suitable for Multiple Platforms
Kazumaro Aoki,Tetsuya Ichikawa,Masayuki Kanda,Mitsuru Matsui,Shiho Moriai,Nakajima Junko,Toshio Tokita,Nippon Telegraph +7 more
TLDR
Camellia as discussed by the authors is a new 128-bit block cipher with 128-, 192-, and 256-bit key lengths, which was designed to withstand all known cryptanalytic attacks and even to have a sufficiently large security leeway for use of the next 10-20 years.Abstract:
We present a new 128-bit block cipher called Camellia. Camellia sup- ports 128-bit block size and 128-, 192-, and 256-bit key lengths, i.e. the same interface specifications as the Advanced Encryption Standard (AES). Camellia was carefully designed to withstand all known cryptanalytic attacks and even to have a sufficiently large security leeway for use of the next 10-20 years. There are no hidden weakness inserted by the designers. It was also designed to have suitability for both software and hardware implementations and to cover all possible encryption applications that range from low-cost smart cards to high-speed network systems. Compared to the AES finalists, Camellia offers at least comparable encryption speed in software and hardware. An optimized implementation of Camellia in assembly language can en- crypt on a PentiumIII (800MHz) at the rate of m ore than 276 Mbits per second, which is much faster than the speed of an optimized DES implementation. In ad- dition, a distinguishing feature is its small hardware design. The hardware design, which includes key schedule, encryption and decryption, occupies approximately 11K gates, which is the smallest among all existing 128-bit block ciphers as far as we know. It perfectly meet current market requirements in wireless cards, for instance, where low power consumption is a mandaroty condition.read more
Citations
More filters
Journal ArticleDOI
Brutus : Refuting the Security Claims of the Cache Timing Randomization Countermeasure Proposed in CEASER
TL;DR: It is shown that the complexity of a cache timing attack remains unaltered even with the presence of CEASER, and the encryption overheads if CEASer is implemented with a stronger encryption algorithm is compared.
Proceedings ArticleDOI
Compact FPGA implementation of Camellia
Panasayya Yalla,Jens-Peter Kaps +1 more
TL;DR: This work presents the smallest FPGA implementation of Camellia for 128-bit key length to date using only 318 slices at a throughput of 18.41Mbps on the smallest Xilinx Spartan-3 XC3S50–5 device.
Book ChapterDOI
New insights on impossible differential cryptanalysis
Orr Dunkelman,Gaëtan Leurent +1 more
TL;DR: A new approach is presented for the construction and the usage of impossible differentials for Generalized Feistel structures to answer an open problem about the ability to perform this kind of analysis, and tackle, for the first time the case of non-bijective round functions.
Posted Content
New Impossible Differential Attacks of Reduced-Round Camellia-192 and Camellia-256.
TL;DR: This paper proposes several 6-round impossible differentials of Camellia with FL/FL-1 layers in the middle of them, and presents the best cryptanalytic results of camellia-192/-256 with FL /FL/FL/1 layers and CameLLia-256 without FL/Fl- 1 layers to date.
Posted Content
Provable Security Evaluation of Structures against Impossible Differential and Zero Correlation Linear Cryptanalysis.
TL;DR: In this article, Sun et al. studied the security of the SPN structure and the Feistel structure with SP-type round functions and showed that the length of impossible differentials is upper bounded by the primitive index of the linear layers.
References
More filters
Book ChapterDOI
Differential Power Analysis
TL;DR: In this paper, the authors examine specific methods for analyzing power consumption measurements to find secret keys from tamper resistant devices. And they also discuss approaches for building cryptosystems that can operate securely in existing hardware that leaks information.
Book ChapterDOI
Timing Attacks on Implementations of Diffie-Hellman, RSA, DSS, and Other Systems
TL;DR: By carefully measuring the amount of time required to perform private key operalions, attackers may be able to find fixed Diffie-Hellman exponents, factor RSA keys, and break other cryptosystems.
Book ChapterDOI
Linear cryptanalysis method for DES cipher
TL;DR: A new method is introduced for cryptanalysis of DES cipher, which is essentially a known-plaintext attack, that is applicable to an only-ciphertext attack in certain situations.
Book
Differential Cryptanalysis of the Data Encryption Standard
Eli Biham,Adi Shamir +1 more
TL;DR: This book introduces a new cryptographic method, called differential cryptanalysis, which can be applied to analyze cryptosystems, and describes the cryptanalysis of DES, deals with the influence of its building blocks on security, and analyzes modified variants.