Hash functions based on block ciphers: a synthetic approach
CRYPTO '93 Proceedings of the 13th annual international cryptology conference on Advances in cryptology
Camellia: A 128-Bit Block Cipher Suitable for Multiple Platforms - Design and Analysis
SAC '00 Proceedings of the 7th Annual International Workshop on Selected Areas in Cryptography
A Generalized Birthday Problem
CRYPTO '02 Proceedings of the 22nd Annual International Cryptology Conference on Advances in Cryptology
Black-Box Analysis of the Block-Cipher-Based Hash-Function Constructions from PGV
CRYPTO '02 Proceedings of the 22nd Annual International Cryptology Conference on Advances in Cryptology
Distinguishers for Ciphers and Known Key Attack against Rijndael with Large Blocks
AFRICACRYPT '09 Proceedings of the 2nd International Conference on Cryptology in Africa: Progress in Cryptology
The Rebound Attack: Cryptanalysis of Reduced Whirlpool and Grøstl
Fast Software Encryption
How Risky Is the Random-Oracle Model?
CRYPTO '09 Proceedings of the 29th Annual International Cryptology Conference on Advances in Cryptology
Selected Areas in Cryptography
Rebound Distinguishers: Results on the Full Whirlpool Compression Function
ASIACRYPT '09 Proceedings of the 15th International Conference on the Theory and Application of Cryptology and Information Security: Advances in Cryptology
Known-key distinguishers for some block ciphers
ASIACRYPT'07 Proceedings of the Advances in Crypotology 13th international conference on Theory and application of cryptology and information security
Known-key attacks on Rijndael with large blocks and strengthening shiftrow parameter
IWSEC'10 Proceedings of the 5th international conference on Advances in information and computer security
Known-key distinguishers on 11-round Feistel and collision attacks on its hashing modes
FSE'11 Proceedings of the 18th international conference on Fast software encryption
Known and chosen key differential distinguishers for block ciphers
ICISC'10 Proceedings of the 13th international conference on Information security and cryptology
EUROCRYPT'10 Proceedings of the 29th Annual international conference on Theory and Applications of Cryptographic Techniques
New impossible differential cryptanalysis of reduced-round camellia
CANS'11 Proceedings of the 10th international conference on Cryptology and Network Security
New impossible differential attacks on camellia
ISPEC'12 Proceedings of the 8th international conference on Information Security Practice and Experience
Preimage attacks on Feistel-SP functions: impact of omitting the last network twist
ACNS'13 Proceedings of the 11th international conference on Applied Cryptography and Network Security
| Hi-index | 0.00 |
This paper revisits previous known-key distinguishers on generic Feistel-SP ciphers based on rebound attacks. In this paper first we propose a new 5-round inbound phase that requires 2c computations, while the previous work requires 22c computations (c is a size of the S-box). The new method also improves the number of rounds which can be attacked. Then, we apply the new procedure to Camellia. After several optimizations for Camellia, it is shown that collisions are efficiently generated against 9 rounds out of 18 rounds of Camellia-128 including FL and whitening layers in the compression function modes such as MMO and Miyaguchi-Preneel modes. The attack on Camellia is verified by a machine experiment and the generated results are presented in the paper.