Jump to content

Camellia (cipher): Difference between revisions

From Wikipedia, the free encyclopedia
Content deleted Content added
See also: general computer science provides no particular insight on this specific topic
External links: add RFCs and ISO/IEC 18033-3:2010
Line 158: Line 158:
* RFC 3657 Use of the Camellia Encryption Algorithm in Cryptographic Message Syntax (CMS)
* RFC 3657 Use of the Camellia Encryption Algorithm in Cryptographic Message Syntax (CMS)
* RFC 3713 A Description of the Camellia Encryption Algorithm
* RFC 3713 A Description of the Camellia Encryption Algorithm
* RFC 4051 Additional XML Security Uniform Resource Identifiers (URIs)
* RFC 4132 Addition of Camellia Cipher Suites to Transport Layer Security (TLS)
* RFC 4132 Addition of Camellia Cipher Suites to Transport Layer Security (TLS)
* RFC 4312 The Camellia Cipher Algorithm and Its Use With IPsec
* RFC 4312 The Camellia Cipher Algorithm and Its Use With IPsec
* RFC 5528 Camellia Counter Mode and Camellia Counter with CBC-MAC Mode Algorithms
* RFC 5529 Modes of Operation for Camellia for Use with IPsec
* RFC 5581 Certification of Camellia Cipher as IETF standard for [[OpenPGP]]
* RFC 5581 Certification of Camellia Cipher as IETF standard for [[OpenPGP]]
* RFC 5932 Camellia Cipher Suites for TLS
* RFC 5990 Use of the RSA-KEM Key Transport Algorithm in the Cryptographic Message Syntax (CMS)
* RFC 6030 Portable Symmetric Key Container (PSKC)
* RFC 6272 Internet Protocols for the Smart Grid
* RFC 6367 Addition of the Camellia Cipher Suites to Transport Layer Security (TLS)
* [http://www.iso.org/iso/home/store/catalogue_ics/catalogue_detail_ics.htm?csnumber=54531 ISO/IEC 18033-3:2010] Information technology -- Security techniques -- Encryption algorithms -- Part 3: Block ciphers


{{Cryptography navbox | block}}
{{Cryptography navbox | block}}

Revision as of 01:26, 30 November 2013

Camellia
General
DesignersMitsubishi, NTT
First published2000
Derived fromE2, MISTY1
CertificationCRYPTREC, NESSIE
Cipher detail
Key sizes128, 192 or 256 bits
Block sizes128 bits
StructureFeistel network
Rounds18 or 24

In cryptography, Camellia is a 128-bit symmetric-key block cipher jointly developed by Mitsubishi and NTT of Japan. The cipher has been approved for use by the ISO/IEC, the European Union's NESSIE project and the Japanese CRYPTREC project. The cipher has security levels and processing abilities comparable to the Advanced Encryption Standard.[1]

Camellia's block size is 16 bytes (128 bits), and can use 128-bit, 192-bit or 256-bit keys. The block cipher was designed to be suitable for both software and hardware implementations, from low-cost smart cards to high-speed network systems.[2]

Design

Camellia is a Feistel cipher with either 18 rounds (when using 128-bit keys) or 24 rounds (when using 192 or 256-bit keys). Every six rounds, a logical transformation layer is applied: the so-called "FL-function" or its inverse. Camellia uses four 8 x 8-bit S-boxes with input and output affine transformations and logical operations. The cipher also uses input and output key whitening. The diffusion layer uses a linear transformation based on a matrix with a branch number of 5.[citation needed]

Security analysis

Camellia is a block cipher which can be completely defined by minimal systems of multivariate polynomials.[vague][3]

  • The Camellia (as well as AES) S-boxes can be described by a system of 23 quadratic equations in 80 terms.[4]
  • The key schedule can be described by 1120 equations in 768 variables using 3328 linear and quadratic terms.[3]
  • The entire block cipher can be described by 5104 equations in 2816 variables using 14592 linear and quadratic terms.[3]
  • In total, 6224 equations in 3584 variables using 17920 linear and quadratic terms are required.[3]
  • The number of free terms is 11696, which is approximately the same number as for AES.

Theoretically, such properties might make it possible to break Camellia (and AES) using an algebraic attack, such as Extended Sparse Linearisation, in the future (provided that the attack becomes feasible). With today's technology, such an attack would take years to compute.

Patent status

Although Camellia is patented, it is available under a royalty-free license.[5] This has allowed the Camellia cipher to become part of the OpenSSL Project, under an open-source license, since November 2006.[6] It has also allowed it to become part of the Mozilla's NSS (Network Security Services) module.[7]

Adoption

Support for Camellia was added to the final release of Mozilla Firefox 3 in 2008.[7]

Later in the same year, the FreeBSD Release Engineering Team announced that the cipher had also been included in the FreeBSD 6.4-RELEASE. Also, support for the Camellia cipher was added to the disk encryption storage class geli of FreeBSD by Yoshisato Yanagisawa.[8]

In September 2009, GNU Privacy Guard added support for Camellia in version 1.4.10.[9]

Moreover, various popular security libraries, such as Crypto++, GnuTLS, PolarSSL and OpenSSL also include support for Camellia.

On March 26, 2013, Camellia was announced as having been selected for adoption in Japan's new e-Government Recommended Ciphers List as the only 128-bit block cipher encryption algorithm developed in Japan. This coincides with the CRYPTREC list being updated for the first time in 10 years. The selection was based on Camellia's high reputation for ease of procurement, and security and performance features comparable to those of the Advanced Encryption Standard (AES). Camellia remains unbroken in its full implementation unlike the 192- and 256-bit versions of AES.[10] An impossible differentials attack on 12-round Camellia without FL/FL−1 layers does exist.[11]

See also

References

  1. ^ "Japan's First 128-bit Block Cipher 'Camellia' Approved as a New Standard Encryption Algorithm in the Internet". Phys.Org. 2005-07-20. Retrieved 2013-01-14.
  2. ^ RFC 4132 Addition of Camellia Cipher Suites to Transport Layer Security (TLS)
  3. ^ a b c d Alex Biryukov, Christophe De Canniere (2003), "Block ciphers and systems of quadratic equations", Lecture Notes in Computer Science, proceedings of FSE 2003, Springer-Verlag, pp. 274–289, CiteSeerx10.1.1.95.349
  4. ^ Nicolas T. Courtois and Josef Pieprzyk (2002), Cryptanalysis of Block Ciphers with Overdefined Systems of Equations (PDF), Springer-Verlag, pp. 267–287, retrieved 2010-08-13
  5. ^ "Announcement of Royalty-free Licenses for Essential Patents of NTT Encryption and Digital Signature Algorithms" (Press release). NTT. 2001-04-17. Retrieved 2013-01-14.
  6. ^ "The Open Source Community OpenSSL Project Adopts the Next Generation International Standard Cipher "Camellia" Developed in Japan" (Press release). NTT. 2006-11-08. Retrieved 2013-01-14.
  7. ^ a b Gen Kanai (2007-07-30). "Camellia cipher added to Firefox". Mozilla in Asia. Mozilla.
  8. ^ "FreeBSD System Manager's Manual: GELI(8)". 2011-03-09.
  9. ^ "GnuPG 1.4.10 released". 2009-09-02.
  10. ^ "Camellia Encryption Algorithm Selected for New e-Government Recommended Ciphers List". 2013-03-26.
  11. ^ "Impossible differential cryptanalysis of reduced-round ARIA and Camellia". 2007-05-03.
General
  • Camellia's English home page by NTT
  • 256bit Ciphers - CAMELLIA Reference implementation and derived code
  • RFC 3657 Use of the Camellia Encryption Algorithm in Cryptographic Message Syntax (CMS)
  • RFC 3713 A Description of the Camellia Encryption Algorithm
  • RFC 4051 Additional XML Security Uniform Resource Identifiers (URIs)
  • RFC 4132 Addition of Camellia Cipher Suites to Transport Layer Security (TLS)
  • RFC 4312 The Camellia Cipher Algorithm and Its Use With IPsec
  • RFC 5528 Camellia Counter Mode and Camellia Counter with CBC-MAC Mode Algorithms
  • RFC 5529 Modes of Operation for Camellia for Use with IPsec
  • RFC 5581 Certification of Camellia Cipher as IETF standard for OpenPGP
  • RFC 5932 Camellia Cipher Suites for TLS
  • RFC 5990 Use of the RSA-KEM Key Transport Algorithm in the Cryptographic Message Syntax (CMS)
  • RFC 6030 Portable Symmetric Key Container (PSKC)
  • RFC 6272 Internet Protocols for the Smart Grid
  • RFC 6367 Addition of the Camellia Cipher Suites to Transport Layer Security (TLS)
  • ISO/IEC 18033-3:2010 Information technology -- Security techniques -- Encryption algorithms -- Part 3: Block ciphers