We observe that when conducting an impossible differential cryptanalysis on Camellia and MISTY1, their round structures allow us to partially determine whether a candidate pair is useful by guessing only a small fraction of the unknown required subkey bits of a relevant round at a time, instead of guessing all of them at once. Taking advantage of the early abort technique, we improve a previous impossible differential attack on 6-round MISTY1 without the FL functions, and present impossible differential cryptanalysis of 11-round Camellia-128 without the FL functions, 13-round Camellia-192 without the FL functions and 14-round Camellia-256 without the FL functions. The presented results are better than any previously published cryptanalytic results on Camellia and MISTY1 without the FL functions. © 2008 Springer-Verlag Berlin Heidelberg.
CITATION STYLE
Lu, J., Kim, J., Keller, N., & Dunkelman, O. (2008). Improving the efficiency of impossible differential cryptanalysis of reduced camellia and MISTY1. In Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) (Vol. 4964 LNCS, pp. 370–386). https://doi.org/10.1007/978-3-540-79263-5_24
Mendeley helps you to discover research relevant for your work.