Open Access
Camellia: A 128-Bit Block Cipher Suitable for Multiple Platforms
Kazumaro Aoki,Tetsuya Ichikawa,Masayuki Kanda,Mitsuru Matsui,Shiho Moriai,Nakajima Junko,Toshio Tokita,Nippon Telegraph +7 more
TLDR
Camellia as discussed by the authors is a new 128-bit block cipher with 128-, 192-, and 256-bit key lengths, which was designed to withstand all known cryptanalytic attacks and even to have a sufficiently large security leeway for use of the next 10-20 years.Abstract:
We present a new 128-bit block cipher called Camellia. Camellia sup- ports 128-bit block size and 128-, 192-, and 256-bit key lengths, i.e. the same interface specifications as the Advanced Encryption Standard (AES). Camellia was carefully designed to withstand all known cryptanalytic attacks and even to have a sufficiently large security leeway for use of the next 10-20 years. There are no hidden weakness inserted by the designers. It was also designed to have suitability for both software and hardware implementations and to cover all possible encryption applications that range from low-cost smart cards to high-speed network systems. Compared to the AES finalists, Camellia offers at least comparable encryption speed in software and hardware. An optimized implementation of Camellia in assembly language can en- crypt on a PentiumIII (800MHz) at the rate of m ore than 276 Mbits per second, which is much faster than the speed of an optimized DES implementation. In ad- dition, a distinguishing feature is its small hardware design. The hardware design, which includes key schedule, encryption and decryption, occupies approximately 11K gates, which is the smallest among all existing 128-bit block ciphers as far as we know. It perfectly meet current market requirements in wireless cards, for instance, where low power consumption is a mandaroty condition.read more
Citations
More filters
Journal ArticleDOI
Automatic Security Analysis of EPCBC against Differential Attacks
TL;DR: This paper shows that 32 rounds of EPCBC are secure enough for resisting the differential attacks and finds the lower bound of active S-boxes is an effective method.
Book ChapterDOI
Low-Data Complexity Attacks on Camellia
TL;DR: This paper proposes low data complexity attacks on reduced-round Camellia based on deterministic truncated differential characteristics exploiting properties of binaries matrices and differential properties of S-boxes and obtains 4 to 6 rounds attacks.
The mini-square propagation over block cipher and its application to AES and Camellia
TL;DR: This paper introduces the mini-square propagation: four ciphertexts corresponding to four plaintexts with some specific differences summing to zero after several rounds, and extends this propagation by appending a linear propagation to the mini,square propagation and by preceding it with differential propagations.
Journal ArticleDOI
Security research with Square attack to a variant Camellia cipher
Xiangyang Xu,Guangsheng Zhang +1 more
TL;DR: The weaker variant Camellia indicates that the choice of S-box and the order of different S-boxes have influence on Square attack, and the time complexity of 11-round attack is reduced.
Book ChapterDOI
Advanced Time-Driven Cache Attacks on Block Ciphers
TL;DR: This chapter begins with a second round time-driven cache attack on AES and then dwells into differential cache attacks on Feistel ciphers.
References
More filters
Book ChapterDOI
Differential Power Analysis
TL;DR: In this paper, the authors examine specific methods for analyzing power consumption measurements to find secret keys from tamper resistant devices. And they also discuss approaches for building cryptosystems that can operate securely in existing hardware that leaks information.
Book ChapterDOI
Timing Attacks on Implementations of Diffie-Hellman, RSA, DSS, and Other Systems
TL;DR: By carefully measuring the amount of time required to perform private key operalions, attackers may be able to find fixed Diffie-Hellman exponents, factor RSA keys, and break other cryptosystems.
Book ChapterDOI
Linear cryptanalysis method for DES cipher
TL;DR: A new method is introduced for cryptanalysis of DES cipher, which is essentially a known-plaintext attack, that is applicable to an only-ciphertext attack in certain situations.
Book
Differential Cryptanalysis of the Data Encryption Standard
Eli Biham,Adi Shamir +1 more
TL;DR: This book introduces a new cryptographic method, called differential cryptanalysis, which can be applied to analyze cryptosystems, and describes the cryptanalysis of DES, deals with the influence of its building blocks on security, and analyzes modified variants.