Improving the efficiency of impossible differential cryptanalysis of reduced camellia and MISTY1

Jiqiang Lu, Jongsung Kim, Nathan Keller, Orr Dunkelman

Research output: Chapter in Book/Report/Conference proceedingConference contributionpeer-review


We observe that when conducting an impossible differential cryptanalysis on Camellia and MISTY1, their round structures allow us to partially determine whether a candidate pair is useful by guessing only a small fraction of the unknown required subkey bits of a relevant round at a time, instead of guessing all of them at once. Taking advantage of the early abort technique, we improve a previous impossible differential attack on 6-round MISTY1 without the FL functions, and present impossible differential cryptanalysis of 11-round Camellia-128 without the FL functions, 13-round Camellia-192 without the FL functions and 14-round Camellia-256 without the FL functions. The presented results are better than any previously published cryptanalytic results on Camellia and MISTY1 without the FL functions.

Original languageEnglish
Title of host publicationTopics in Cryptology - CT-RSA 2008 - The Cryptographers' Track at the RSA Conference 2008, Proceedings
Number of pages17
StatePublished - 2008
Externally publishedYes
EventCryptographers' Track at the RSA Conference, CT-RSA 2008 - San Francisco, CA, United States
Duration: 8 Apr 200811 Apr 2008

Publication series

NameLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume4964 LNCS
ISSN (Print)0302-9743
ISSN (Electronic)1611-3349


ConferenceCryptographers' Track at the RSA Conference, CT-RSA 2008
Country/TerritoryUnited States
CitySan Francisco, CA


  • Block cipher
  • Camellia
  • Impossible differential cryptanalysis
  • MISTY1

ASJC Scopus subject areas

  • Theoretical Computer Science
  • General Computer Science


Dive into the research topics of 'Improving the efficiency of impossible differential cryptanalysis of reduced camellia and MISTY1'. Together they form a unique fingerprint.

Cite this