Improved Impossible Differential Attack On Reduced Version Of Camellia With Fl/Fl-1 Functions

As an ISO/IEC international standard, Camellia has been used in various cryptographic applications. In this study, the authors present the best currently known attacks on Camellia-192/256 with key-dependent layers FL/FL-1 (without the whitening layers) by taking advantage of the intrinsic weakness of keyed functions, the redundancy of key schedule and the early abort technique. Specifically, the authors mount the first impossible differential attack on 13-round Camellia-192 with 2(124.79) chosen plaintexts, 2(186.09) 13-round encryptions and 2(129.79) bytes, while the analysis for the biggest number of rounds in previous results on Camellia-192 worked on 12 rounds. Furthermore, the authors successfully attack on 14-round Camellia-256 with 2(122.14) chosen plaintexts, 2(228.33) 14-round encryptions and 2(134.14) bytes. Compared with the previously best known attack on 14-round Camellia-256, the time and memory complexities are reduced by 2(9.87) times and 2(46.06) times, and the data complexity is comparable.