Abstract
We present a new 128-bit block cipher called Camellia. Camellia supports 128-bit block size and 128-, 192-, and 256-bit keys, i.e., the same interface specifications as the Advanced Encryption Standard (AES). Efficiency on both software and hardware platforms is a remarkable characteristic of Camellia in addition to its high level of security. It is confirmed that Camellia provides strong security against differential and linear cryptanalyses. Compared to the AES finalists, i.e., MARS, RC6, Rijndael, Serpent, and Twofish, Camellia offers at least comparable encryption speed in software and hardware. An optimized implementation of Camellia in assembly language can encrypt on a Pentium III (800MHz) at the rate of more than 276 Mbits per second, which is much faster than the speed of an optimized DES implementation. In addition, a distinguishing feature is its small hardware design. The hardware design, which includes encryption and decryption and key schedule, occupies approximately 11K gates, which is the smallest among all existing 128-bit block ciphers as far as we know.
Chapter PDF
Similar content being viewed by others
References
Aoki, Ichikawa, Kanda, Matsui, Moriai, Nakajima, Tokita, “Specification of Camellia — a 128-bit Block Cipher,” http://info.isl.ntt.co.jp/camellia/, 2000.
Aoki, “Practical Evaluation of Security against Generalized Interpolation Attack,” IEICE Transactions on Fundamentals of Electronics, Communications and Computer Sciences, Vol.E83-A, No.1, pp.33–38, 2000.
Aoki, Ueda, “Optimized Software Implementations of E2,” IEICE Transactions on Fundamentals of Electronics, Communications and Computer Sciences, Vol.E83-A, No.1, pp.101–105, 2000.
Biham, Shamir, “Differential Cryptanalysis of the Data Encryption Standard,” Springer-Verlag, 1993.
Biham, “New Types of Cryptanalytic Attacks Using Related Keys,” Journal of Cryptology, Vol.7, No.4, pp.229–246, Springer-Verlag, 1994.
Biryukov, Wagner, “Slide Attacks,” Fast Software Encryption, FSE’99, LNCS 1636, pp.245–259, 1999.
Biryukov, Wagner, “Advanced Slide Attacks,” Advances in Cryptology — EUROCRYPT2000, LNCS 1807, pp.589–606, 2000.
Chabaud, Vaudenay, “Links Between Differential and Linear Cryptanalysis,” Advances in Cryptology — EUROCRYPT’94, LNCS 950, pp.356–365, 1995.
Daemen, Knudsen, Rijmen, “The Block Cipher Square,” Fast Software Encryption, FSE’97, LNCS 1267, pp.54–68, 1997.
Jakobsen, Knudsen, “The Interpolation Attack on Block Ciphers,” Fast Software Encryption, FSE’97, LNCS 1267, pp.28–40, 1997.
Kanda, “Practical Security Evaluation against Differential and Linear Cryptanalyses for Feistel Ciphers with SPN Round Function,” Selected Areas in Cryptography, SAC2000, LNCS in this proceeding.
Knudsen, “Cryptanalysis of LOKI91,” Advances in Cryptology — AUSCRYPT’92, LNCS 718, pp.196–208, 1993.
Knudsen, “Truncated and Higher Order Differentials,” Fast Software Encryption —Second International Workshop, LNCS 1008, pp.196–211, 1995.
Kanda, Moriai, Aoki, Ueda, Takashima, Ohta, Matsumoto, “E2—A New 128-Bit Block Cipher,” IEICE Transactions on Fundamentals of Electronics, Communications and Computer Sciences, Vol.E83-A, No.1, pp.48–59, 2000.
Kelsey, Schneier, Wagner, “Key-Schedule Cryptanalysis of IDEA, G-DES, GOST, SAFER, and Triple-DES,” Advances in Cryptology — CRYPTO’96, LNCS 1109, pp.237–251, 1996.
Kanda, Takashima, Matsumoto, Aoki, Ohta, “A Strategy for Constructing Fast Round Functions with Practical Security against Differential and Linear Cryptanalysis,” Selected Areas in Cryptography, SAC’98, LNCS 1556, pp.264–279, 1999.
Lai, Massey, Murphy, “Markov Ciphers and Differential Cryptanalysis,” Advances in Cryptology — EUROCRYPT’91, LNCS 547, pp.17–38, 1991.
Matsui, “Linear Cryptanalysis Method for DES Cipher,” Advances in Cryptology—EUROCRYPT’93, LNCS 765, pp.386–397, 1994.
Matsui, “On Correlation Between the Order of S-boxes and the Strength of DES,” Advances in Cryptology—EUROCRYPT’94, LNCS 950, pp.366–375, 1995.
Matsui, “New Block Encryption Algorithm MISTY,” Fast Software Encryption, FSE’97, LNCS 1267, pp.54–68, 1997.
Matsui, “Differential Path Search of the Block Cipher E2,” Technical report of IEICE, ISEC99-19, pp.57–64, The Institute of Electronics, Information and Communication Engineers, 1999. (in Japanese)
Matsui, Inoue, Yamagishi, Yoshida, “A note on calculation circuits over GF(22n),” Technical Report of IEICE, IT88-14, The Institute of Electronics, Information and Communication Engineers, 1988. (in Japanese)
Matsui, Tokita, “Cryptanalysis of a Reduced Version of the Block Cipher E2,” Fast Software Encryption, FSE’99, LNCS 1636, pp.71–80, 1999.
Moriai, Sugita, Aoki, Kanda, “Security of E2 against Truncated Differential Cryptanalysis,” Selected Areas in Cryptography, SAC’99, LNCS 1758, pp.106–117, 2000.
Rijmen, Daemon, Preneel, Bosselaers, Win, “The cipher SHARK,” Fast Software Encryption—Third International Workshop, LNCS 1039, pp.99–111, 1996.
Wagner, “The Boomerang Attack,” Fast Software Encryption, FSE’99, LNCS 1636, pp.156–170, 1999.
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2001 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Aoki, K. et al. (2001). Camellia: A 128-Bit Block Cipher Suitable for Multiple Platforms — Design andAnalysis. In: Stinson, D.R., Tavares, S. (eds) Selected Areas in Cryptography. SAC 2000. Lecture Notes in Computer Science, vol 2012. Springer, Berlin, Heidelberg. https://doi.org/10.1007/3-540-44983-3_4
Download citation
DOI: https://doi.org/10.1007/3-540-44983-3_4
Published:
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-42069-9
Online ISBN: 978-3-540-44983-6
eBook Packages: Springer Book Archive