Collision attack on reduced-round Camellia 被引量：7

Collision attack on reduced-round Camellia

导出

摘要 Camellia is the final winner of 128-bit block cipher in NESSIE. In this paper, we construct some efficient distinguishers between 4-round Camellia and a random permutation of the blocks space. By using collision-searching techniques, the distinguishers are used to attack on 6, 7, 8 and 9 rounds of Camellia with 128-bit key and 8, 9 and 10 rounds of Camellia with 192/256-bit key. The 128-bit key of 6 rounds Camellia can be recovered with 210 chosen plaintexts and 215 encryptions. The 128-bit key of 7 rounds Camellia can be recovered with 212 chosen plaintexts and 254.5 encryptions. The 128-bit key of 8 rounds Camellia can be recovered with 213 chosen plaintexts and 2112.1 encryptions. The 128-bit key of 9 rounds Camellia can be recovered with 2113.6 chosen plaintexts and 2121 encryptions. The 192/256-bit key of 8 rounds Camellia can be recovered with 213 chosen plaintexts and 2111.1 encryptions. The 192/256-bit key of 9 rounds Camellia can be recovered with 213 chosen plaintexts and 2175.6 encryptions. The 256-bit key of 10 rounds Camellia can be recovered with 214 chosen plaintexts and 2239.9 encryptions. Camellia is the final winner of 128-bit block cipher in NESSIE. In this paper, we construct some efficient distinguishers between 4-round Camellia and a random permutation of the blocks space. By using collision-searching techniques, the distinguishers are used to attack on 6, 7, 8 and 9 rounds of Camellia with 128-bit key and 8, 9 and 10 rounds of Camellia with 192/256-bit key. The 128-bit key of 6 rounds Camellia can be recovered with 210 chosen plaintexts and 215 encryptions. The 128-bit key of 7 rounds Camellia can be recovered with 212 chosen plaintexts and 254.5 encryptions. The 128-bit key of 8 rounds Camellia can be recovered with 213 chosen plaintexts and 2112.1 encryptions. The 128-bit key of 9 rounds Camellia can be recovered with 2113.6 chosen plaintexts and 2121 encryptions. The 192/256-bit key of 8 rounds Camellia can be recovered with 213 chosen plaintexts and 2111.1 encryptions. The 192/256-bit key of 9 rounds Camellia can be recovered with 213 chosen plaintexts and 2175.6 encryptions. The 256-bit key of 10 rounds Camellia can be recovered with 214 chosen plaintexts and 2239.9 encryptions.

作者 WUWenling FENGDengguo

机构地区 StateKeyLaboratoryofInformationSecurity

出处《Science in China(Series F)》 2005年第1期78-90,共13页 中国科学（F辑英文版）

基金 supported by the National Natural Science Foundation of China(Grant No.60373047) the State 863 Project(Grant No.2003AA144030) 973 Project(Grant No.2004CB318004)

关键词 block cipher collision attack KEY data complexity time complexity. block cipher, collision attack, key, data complexity, time complexity.

分类号 TN918 [电子电信—通信与信息系统]

引文网络
相关文献

参考文献9

1[1]http://www.cryptonessie.org.
2[2]Aoki, K., Ichikawa, T., Kanda, M. et al., Specification of Camellia-a 128-bit block cipher, Selected Areas in Cryptography-SAC'2000, Berlin: Springer-Verlag, 2000, 183-191.
3[3]Hatano, Y., Sekine, H., Kaneko, T., Higher order differential attack of Camellia (Ⅱ), Selected Areas in Cryptography-SAC'02, Berlin: Springer-Verlag, 2002, 39-56.
4[4]Lee, S., Hong, S., Lim, J. et al., Truncated differential cryptanalysis of Camellia, ICISC2001, Berlin:Springer-Verlag, 1993, 32-38.
5[5]Sugita, M., Kobara, K., Imai, H., Security of reduced version of the block cipher Camellia against truncated and impossible differential cryptanalysis, Asiacrypt'01, Berlin: Springer-Verlag, 2001, 193-207.
6[6]Shirai, T., Kanamaru, S., Abe, G., Improved upper bounds of differential and linear characteristic probability for Camellia, Fast Software Encryption-FSE'02, Berlin: Springer-Verlag, 2002,128- 142.
7[7]He Yeping, Qing Sihan, Square attack on reduced Camellia cipher, ICICS2001, Berlin: Springer-Verlag, 2001,238-245.
8[8]Yeom, Y., Park, S., Kim, I., On the security of Camellia against the square attack, Fast Software Encryption-FSE'02, Berlin: Springer-Verlag, 2002, 89-99.
9[9]Yeom, Y., Park, S., Kim, I., A study of Integral type cryptanalysis on Camellia, The 2003 Symposium on Cryptography and Security -SCS'03, Hamamatsu, Japan, 2003, 26-29.

同被引文献37

1吴文玲,卫宏儒.低轮FOX分组密码的碰撞-积分攻击[J].电子学报,2005,33(7):1307-1310. 被引量：11
2刘跃进,欧日明,陈永忠.我国油茶产业发展现状与对策[J].林业科技开发,2007,21(4):1-4. 被引量：120
3Daemen J, Rijmen V. The Design of Rijndael: AES the Advanced Eucryption Standard[M]. Bet lin: Springer-Verlag, 2002:31-148.
4Biham E, Biryukov A, Shamir A. Cryptanalysis of Skipjack Reduced to 31 Rounds Using Impossible Differentials[M]. Berlin: Springer Verlag, 1999.
5Daemen J, Rijmen V. The Block Cipher Square[M]. Berlin: Springer Verlag, 1997:149-165.
6Wagner D. The Boomerang Attack[M]. Berlin: Springer-Verlag, 1999:156-170.
7Biham E, Dunkelman O, Neller N. The Rectangle Auack-rectangling the Serpent[M]. Berlin: Spring er Verlag, 2001:340-357.
8Murphy S, Robshaw M. Essential Algebraic Structure Within the AES[M]. Berlin: Springer-Verlag, 2002:1 16.
9Biham E, Keller N. Cryplanalysis of Reduced Vari ants of Rijndael[OL]. http://csrc, nist. gov/encryption/aes/round2/conf3/aes3papers, html, 2000.
10Cheon J H, Kim M, Kim K,et al. Improved Impossible Differential Cryptanalysis of Rijndael and Crypton[M]. Berlin: Springer-Verlag, 2002 : 39-49.

引证文献7

1韦永壮,胡予濮.简化AES-192和AES-256的相关密钥矩形新攻击[J].中国科学（F辑:信息科学）,2009,39(2):246-253. 被引量：3
2陈杰,胡予濮,张跃宇.不可能差分分析高级加密标准[J].中国科学（E辑）,2007,37(2):191-198. 被引量：4
3CHEN Jie HU YuPu ZHANG YueYu.Impossible differential cryptanalysis of advanced encryption standard[J].Science in China(Series F),2007,50(3):342-350. 被引量：2
4WEI YongZhuang HU YuPu.New related-key rectangle attacks on reduced AES-192 and AES-256[J].Science in China(Series F),2009,52(4):617-626. 被引量：1
5董晓丽,胡予濮,陈杰.不可能差分分析8轮AES-256[J].武汉大学学报（信息科学版）,2010,35(5):595-598. 被引量：2
6肖继谋,黄远清,何桂恺,路迎春.基于DTOPSIS法的油茶果实经济性状评价研究——以广西国有三门江林场油茶资源圃为例[J].农业研究与应用,2014,27(6):1-9.
7邱丰品,卫宏儒,潘锦航.对简化轮数的SNAKE(2)算法的碰撞攻击[J].计算机科学,2015,42(9):147-150.

二级引证文献10

1牛冀平.高级加密标准的密钥线性特征及相关性分析[J].黄冈师范学院学报,2007,27(6):33-36.
2钟普查,鲍皖苏.三重DES的量子中间相遇搜索算法[J].科学通报,2009,54(19):3003-3007. 被引量：4
3张国华,王菊花,李学远,王新梅.围长至少为10的QC-LDPC码连续码长的紧致下界[J].科学通报,2010,55(22):2257-2262. 被引量：2
4刘景美,赵林森.高级加密标准AES-192的7轮不可能差分分析[J].华中科技大学学报（自然科学版）,2010,38(12):73-76. 被引量：3
5ZHANG GuoHua,WANG JuHua,LI XueYuan,WANG XinMei.Tight lower bound of consecutive lengths for QC-LDPC codes with girth at least ten[J].Chinese Science Bulletin,2011,56(12):1272-1277. 被引量：3
6刘祥忠.分组密码AES-128的差分故障攻击[J].计算机技术与发展,2012,22(9):221-224. 被引量：3
7刘青,卫宏儒.对完整轮数ARIRANG加密模式的新的相关密钥矩形攻击[J].计算机科学,2013,40(8):109-114. 被引量：2
8胡志华,覃中平.一种新的8轮AES_128不可能差分分析[J].小型微型计算机系统,2013,34(9):2111-2115. 被引量：3
9胡志华,覃中平,张青.一种新的9轮AES_256不可能差分分析[J].计算机科学,2014,41(8):197-201. 被引量：1
10李玮,孙文倩,谷大武,张爱琳,温云华.PRIDE轻量级密码的不可能统计故障分析[J].通信学报,2024,45(1):141-151.

1Chen Jie,Hu Yupu,Zhang Yueyu,Dong Xiaoli.Differential Collision Attack on Reduced FOX Block Cipher[J].China Communications,2012,9(7):71-76. 被引量：5
2孙延君,邓林,李海玉.插值法在密码学中的应用[J].电脑编程技巧与维护,2011(12):129-129.
3Vasilios E. Tourloupis Lei Wang.《现代Hash函数综述》[J].中国电子商情（通信市场）,2009(6):114-126.
4吴文玲.Q的线性密码分析[J].计算机学报,2003,26(1):55-59. 被引量：4
5张磊,郭建胜.ARIA的不可能差分分析[J].上海交通大学学报,2011,45(7):1063-1067.
6温巧燕,杨义先.满足K次扩散准则的平衡相关免疫函数的构造[J].北京邮电大学学报,1998,21(3):38-40. 被引量：5
7龚晶,邓元庆.简评NESSIE候选分组加密算法[J].信息安全与通信保密,2002,24(5):36-39. 被引量：4
8刘明洁,陈佳哲.Improved Linear Attacks on the Chinese Block Cipher Standard[J].Journal of Computer Science & Technology,2014,29(6):1123-1133. 被引量：4
9现代密码学[J].走近科学,2001(2):63-63.
10吕学琴.可共享多个秘密的秘密共享方案[J].哈尔滨师范大学自然科学学报,2003,19(1):7-9. 被引量：3

Science in China(Series F)

2005年第1期

浏览历史

内容加载中请稍等...

Collision attack on reduced-round Camellia 被引量：7

参考文献9

同被引文献37

引证文献7

二级引证文献10

相关作者

相关机构

相关主题

浏览历史