Improving the efficiency of impossible differential cryptanalysis of Reduced Camellia and MISTY1

J. Lu, J. Kim, N. Keller, O. Dunkelman

    Research output: Chapter in Book/Report/Conference proceedingConference contributionAcademicpeer-review

    87 Citations (Scopus)


    We observe that when conducting an impossible differential cryptanalysis on Camellia and MISTY1, their round structures allow us to partially determine whether a candidate pair is useful by guessing only a small fraction of the unknown required subkey bits of a relevant round at a time, instead of guessing all of them at once. Taking advantage of the early abort technique, we improve a previous impossible differential attack on 6-round MISTY1 without the FL functions, and present impossible differential cryptanalysis of 11-round Camellia-128 without the FL functions, 13-round Camellia-192 without the FL functions and 14-round Camellia-256 without the FL functions. The presented results are better than any previously published cryptanalytic results on Camellia and MISTY1 without the FL functions.
    Original languageEnglish
    Title of host publicationTopics in Cryptology - CT-RSA 2008 (Proceedings of The Cryptographers' Track at the RSA Conference 2008, San Francisco CA, USA, April 8-11, 2008)
    EditorsT.G. Malkin
    Place of PublicationBerlin
    ISBN (Print)978-3-540-79262-8
    Publication statusPublished - 2008

    Publication series

    NameLecture Notes in Computer Science
    ISSN (Print)0302-9743


    Dive into the research topics of 'Improving the efficiency of impossible differential cryptanalysis of Reduced Camellia and MISTY1'. Together they form a unique fingerprint.

    Cite this