Improving the efficiency of impossible differential cryptanalysis of Reduced Camellia and MISTY1

J. Lu; J. Kim; N. Keller; O. Dunkelman

doi:10.1007/978-3-540-79263-5_24

Improving the efficiency of impossible differential cryptanalysis of Reduced Camellia and MISTY1

J. Lu, J. Kim, N. Keller, O. Dunkelman

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › Academic › peer-review

94 Citations (Scopus)

Abstract

We observe that when conducting an impossible differential cryptanalysis on Camellia and MISTY1, their round structures allow us to partially determine whether a candidate pair is useful by guessing only a small fraction of the unknown required subkey bits of a relevant round at a time, instead of guessing all of them at once. Taking advantage of the early abort technique, we improve a previous impossible differential attack on 6-round MISTY1 without the FL functions, and present impossible differential cryptanalysis of 11-round Camellia-128 without the FL functions, 13-round Camellia-192 without the FL functions and 14-round Camellia-256 without the FL functions. The presented results are better than any previously published cryptanalytic results on Camellia and MISTY1 without the FL functions.

Original language	English
Title of host publication	Topics in Cryptology - CT-RSA 2008 (Proceedings of The Cryptographers' Track at the RSA Conference 2008, San Francisco CA, USA, April 8-11, 2008)
Editors	T.G. Malkin
Place of Publication	Berlin
Publisher	Springer
Pages	370-386
ISBN (Print)	978-3-540-79262-8
DOIs	https://doi.org/10.1007/978-3-540-79263-5_24
Publication status	Published - 2008

Publication series

Name	Lecture Notes in Computer Science
Volume	4964
ISSN (Print)	0302-9743

Access to Document

10.1007/978-3-540-79263-5_24

Cite this

Lu, J., Kim, J., Keller, N., & Dunkelman, O. (2008). Improving the efficiency of impossible differential cryptanalysis of Reduced Camellia and MISTY1. In T. G. Malkin (Ed.), Topics in Cryptology - CT-RSA 2008 (Proceedings of The Cryptographers' Track at the RSA Conference 2008, San Francisco CA, USA, April 8-11, 2008) (pp. 370-386). (Lecture Notes in Computer Science; Vol. 4964). Springer. https://doi.org/10.1007/978-3-540-79263-5_24

Lu, J. ; Kim, J. ; Keller, N. et al. / Improving the efficiency of impossible differential cryptanalysis of Reduced Camellia and MISTY1. Topics in Cryptology - CT-RSA 2008 (Proceedings of The Cryptographers' Track at the RSA Conference 2008, San Francisco CA, USA, April 8-11, 2008). editor / T.G. Malkin. Berlin : Springer, 2008. pp. 370-386 (Lecture Notes in Computer Science).

@inproceedings{08b3af75b46e42a2a34acdf1d32a798c,

title = "Improving the efficiency of impossible differential cryptanalysis of Reduced Camellia and MISTY1",

abstract = "We observe that when conducting an impossible differential cryptanalysis on Camellia and MISTY1, their round structures allow us to partially determine whether a candidate pair is useful by guessing only a small fraction of the unknown required subkey bits of a relevant round at a time, instead of guessing all of them at once. Taking advantage of the early abort technique, we improve a previous impossible differential attack on 6-round MISTY1 without the FL functions, and present impossible differential cryptanalysis of 11-round Camellia-128 without the FL functions, 13-round Camellia-192 without the FL functions and 14-round Camellia-256 without the FL functions. The presented results are better than any previously published cryptanalytic results on Camellia and MISTY1 without the FL functions.",

author = "J. Lu and J. Kim and N. Keller and O. Dunkelman",

year = "2008",

doi = "10.1007/978-3-540-79263-5_24",

language = "English",

isbn = "978-3-540-79262-8",

series = "Lecture Notes in Computer Science",

publisher = "Springer",

pages = "370--386",

editor = "T.G. Malkin",

booktitle = "Topics in Cryptology - CT-RSA 2008 (Proceedings of The Cryptographers' Track at the RSA Conference 2008, San Francisco CA, USA, April 8-11, 2008)",

address = "Germany",

}

Lu, J, Kim, J, Keller, N & Dunkelman, O 2008, Improving the efficiency of impossible differential cryptanalysis of Reduced Camellia and MISTY1. in TG Malkin (ed.), Topics in Cryptology - CT-RSA 2008 (Proceedings of The Cryptographers' Track at the RSA Conference 2008, San Francisco CA, USA, April 8-11, 2008). Lecture Notes in Computer Science, vol. 4964, Springer, Berlin, pp. 370-386. https://doi.org/10.1007/978-3-540-79263-5_24

Improving the efficiency of impossible differential cryptanalysis of Reduced Camellia and MISTY1. / Lu, J.; Kim, J.; Keller, N. et al.
Topics in Cryptology - CT-RSA 2008 (Proceedings of The Cryptographers' Track at the RSA Conference 2008, San Francisco CA, USA, April 8-11, 2008). ed. / T.G. Malkin. Berlin: Springer, 2008. p. 370-386 (Lecture Notes in Computer Science; Vol. 4964).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › Academic › peer-review

TY - GEN

T1 - Improving the efficiency of impossible differential cryptanalysis of Reduced Camellia and MISTY1

AU - Lu, J.

AU - Kim, J.

AU - Keller, N.

AU - Dunkelman, O.

PY - 2008

Y1 - 2008

N2 - We observe that when conducting an impossible differential cryptanalysis on Camellia and MISTY1, their round structures allow us to partially determine whether a candidate pair is useful by guessing only a small fraction of the unknown required subkey bits of a relevant round at a time, instead of guessing all of them at once. Taking advantage of the early abort technique, we improve a previous impossible differential attack on 6-round MISTY1 without the FL functions, and present impossible differential cryptanalysis of 11-round Camellia-128 without the FL functions, 13-round Camellia-192 without the FL functions and 14-round Camellia-256 without the FL functions. The presented results are better than any previously published cryptanalytic results on Camellia and MISTY1 without the FL functions.

AB - We observe that when conducting an impossible differential cryptanalysis on Camellia and MISTY1, their round structures allow us to partially determine whether a candidate pair is useful by guessing only a small fraction of the unknown required subkey bits of a relevant round at a time, instead of guessing all of them at once. Taking advantage of the early abort technique, we improve a previous impossible differential attack on 6-round MISTY1 without the FL functions, and present impossible differential cryptanalysis of 11-round Camellia-128 without the FL functions, 13-round Camellia-192 without the FL functions and 14-round Camellia-256 without the FL functions. The presented results are better than any previously published cryptanalytic results on Camellia and MISTY1 without the FL functions.

U2 - 10.1007/978-3-540-79263-5_24

DO - 10.1007/978-3-540-79263-5_24

M3 - Conference contribution

SN - 978-3-540-79262-8

T3 - Lecture Notes in Computer Science

SP - 370

EP - 386

BT - Topics in Cryptology - CT-RSA 2008 (Proceedings of The Cryptographers' Track at the RSA Conference 2008, San Francisco CA, USA, April 8-11, 2008)

A2 - Malkin, T.G.

PB - Springer

CY - Berlin

ER -

Lu J, Kim J, Keller N, Dunkelman O. Improving the efficiency of impossible differential cryptanalysis of Reduced Camellia and MISTY1. In Malkin TG, editor, Topics in Cryptology - CT-RSA 2008 (Proceedings of The Cryptographers' Track at the RSA Conference 2008, San Francisco CA, USA, April 8-11, 2008). Berlin: Springer. 2008. p. 370-386. (Lecture Notes in Computer Science). doi: 10.1007/978-3-540-79263-5_24

Improving the efficiency of impossible differential cryptanalysis of Reduced Camellia and MISTY1

Abstract

Publication series

Access to Document

Fingerprint

Cite this