DOCSLIB.ORG

Camellia: a 128-Bit Block Cipher Suitable for Multiple Platforms

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
Camellia: a 128-Bit Block Cipher Suitable for Multiple Platforms gopyright x nd witsuishi iletri gorp ortion PHHHEPHHI g mel l iX e IPVEfit flo k gipher uitle for wultiple ltforms y z y uzumro eoki etsuyshikw wsyuki und z y z z witsuru wtsui hiho worii tunkoxkjim oshio okit y xipp on elegrph nd elephone gorp ortion IEI rikrino okD okosukD ungwD PQWEHVRU tpn fmroDkndDshihogdislFnttFoFjp z witsuishi iletri gorp ortion SEIEI yfunD umkurD ungwD PRUEVSHI tpn fihikwDmtsuiDjuneISDtokitgdissFislFmeloFoFjp er IFHX tuly IQD PHHH er PFHX eptemer PTD PHHI estrtF e present new IPVEit lo k ipher lled gmel liF gmelli supp orts IPVEit lo ksizend IPVED IWPED nd PSTEit keysD iFeF the sme interfe sp eitions s the edvned inryption tndrd @eiAF iieny on oth softE wre nd hrdwre pltforms is remrkle hrteristi of gmelli in ddition to its high level of seurityF st is onrmed tht gmelli provides strong seurity ginst dierentil nd liner ryptnlysisF gompred to the ei nlistsD iFeF weD gTD ijndelD erp entD nd woshD gmelli oers t lest omprle enryption sp eed in softwre nd hrdwreF en optimized implementtion of gmelE li in ssemly lnguge n enrypt on entiums s s @IFIQqrzA t the rte of RUI wits p er seondF sn dditionD distinguishing feture is its smll hrdwre designF e hrdwre implementtionD whih inludes enryptionD deryptionD nd the key shedule for IPVEit keysD o upies only VFIPu gtes using HFIV"m gwy esg lirryF his is in the smllest lss mong ll existing IPVEit lo k iphersF gopyright x nd witsuishi iletri gorp ortion PHHHEPHHI gontents I sntro dution I P hesign tionle Q PFI p Efuntion X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X Q PFP Efuntion X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X Q PFQ sE oxes X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X Q I PFR pvE nd pv Efuntions X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X Q PFS uey hedule X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X R Q erformne pigures S QFI oftwre erformne X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X S QFP rrdwre erformne X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X S R oftwre smplementtion ehniques II RFI etup X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X II RFP ht ndomiztion X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X IP RFQ qenerl quidelines X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X IV S rrdwre ivlutions PH SFI yp e IX pst smplementtionEI @pully lo op unrolled rhitetureA X X X X X X X X X PH SFP yp e PX mll smplementtionEI @vo op rhitetureA X X X X X X X X X X X X X X X X PI SFQ yp e QX mll smplementtionEP @p eil gse for pqeD vo op rhitetureA X X PP SFR yp e RX pst smplementtionEP @ip eline rhitetureA X X X X X X X X X X X X X X X PR T eurity PT TFI hierentil nd viner gryptnlysis X X X X X X X X X X X X X X X X X X X X X X X X X PT TFP runted hierentil gryptnlysis X X X X X X X X X X X X X X X X X X X X X X X X X PU TFQ runted viner gryptnlysis X X X X X X X X X X X X X X X X X X X X X X X X X X X X PW TFR gryptnlysis with smp ossile hierentil X X X X X X X X X X X X X X X X X X X X X X PW TFS fo omerng ettk X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X PW TFT righer yrder hierentil ettk X X X X X X X X X X X X X X X X X X X X X X X X X X X QH TFU qure ettk X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X QH TFV snterp oltion ettk nd viner ume ttk X X X X X X X X X X X X X X X X X X X X QI TFW xo iquivlentueys X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X QI TFIH lide ettk X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X QI TFII eltedEkey ettk X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X QP TFIP ttistil ests X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X QP TFIQ smplementtion ettks X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X QP TFIR frute pore ettks X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X QQ U gonlusion QS e ristory RI i gopyright x nd witsuishi iletri gorp ortion PHHHEPHHI I sntro dution his pp er presents IPVEit lo k ipher lled gmel liDwhihws jointly develop ed yx nd witsuishi iletri gorp ortionF gmelli supp orts IPVEit lo k size nd IPVED IWPED nd PSTEit key lengthsD nd so oers the sme interfe sp eitions s the edvned inryption tndrd @eiAF he design gols of gmelli re s followsF righ level of seurityF he reent dvnes in ryptnlyti tehniques re remrkleF e quntittiveevlution of seurity ginst p owerful ryptnlyti tehniques suh s dierentil ryptnlysis fWQ nd liner ryptnlysis wWR is onsidered to e essentil in designing ny new lo k ipherF eevluted the seurityof gmelli y utilizing stteEofErt ryptnlyti tehniquesF ehve onrmed tht gmelli hs no dierentil nd liner hrteristis tht IPV hold with proility more thn P F woreoverD gmelli ws designed to oer seurity ginst other dvned ryptnlyti ttks inluding higher order dierentil ttks uWSD tuWUD interp oltion ttks tuWUD eHHD reltedEkey ttks fWRD uWTD trunted dierentil tE tks uWSD wWWD o omerng ttks WWD nd slide ttks fWWD fHHF iieny on multiple pltformsF es ryptogrphi systems re needed in vrious ppliE tionsD enryption lgorithms tht n e implemented eiently on wide rnge of pltforms re desirleD howeverD few IPVEit lo k iphers re suitle for oth softwre nd hrdwre implementtionF gmelli ws designed to oer exellent eieny in hrdwre nd softwre implementtionsD inluding gte ount for hrdwre designD memory requirements in smrt rd implementtionsD s well s p erformne on multiple pltformsF gmelli onsists of only VEyEVEit sustitution tles @sE oxesA nd logil op ertions tht neeiently implemented on wide vriety of pltformsF hereforeD it n e implemented eiently in softwreD inluding the VEit pro essors used in lowEend smrt rdsD QPEit pro esE sors widely used in gsD nd TREit pro essorsF gmelli do esn9t use QPEit integer dditions nd multiplitionsD whih re extensively used in some softwreEoriented IPVEit lo k iphersF uh op ertions p erformw ell on pltforms providing high degree of supp ortD eFgFD entiumssGsss or ethlonD ut not s well on othersF hese op ertions n use longer ritil pth nd lrger hrdwre implementtion requirementsF he sE oxes of gmelli re designed to minimize hrdwre sizeF he four sE oxes re V ne equivlenttothe inversion funtion in the nite eld qp@P AF woreoverD we redued the V R inversion funtion in qp@P A to few qp@P A rithmeti op ertionsF st enled us to implement the sE oxes yfewer gte ountsF he key shedule is very simple nd shres prt of its pro edure with enryptionF st supp orts onEtheEkey sukey genertion nd sukeys re omputle in ny orderF he memory requireE ment for generting sukeys is quite smllY n eient implementtion requires out QPEyte ew for IPVEit keys nd out TREyte ew for IWPE nd PSTEit keysF tndrdiztion tivitiesF sn wrh PHHH x nd witsuishi iletri gorp ortion proE p osed gmelli in resp onse to the ll for ontriutions fromsyGsig tg IGg PUD imingt its eing dopted s n interntionl stndrdF sn eptemer PHHHD we sumitted gmelli to I gopyright x nd witsuishi iletri gorp ortion PHHHEPHHI xisi @xew iurop en hemes for igntureD sntegrityD nd inryptionA pro jet s strong ryptogrphi primitiveF sn eptem er PHHID gmelli ws seleted s ndidtes for the Pnd hse of the xisi pro jetF yutline of the pp erF his pp er is orgnized s followsX etion P desri es the rtionle ehind gmelli9s designF etion Q disusses the p erformne of gmelliF etion R ontins the tehniques for softwre implementtionF sn etion S we disuss our hrdwre evlutionsF sn etion T weevluted gmelli9s strength ginst known ttksF e onlude in etion UF por the sp eition of gmelliD plese see the seprte do ument titled p eition of gmelli { IPVEit flo k gipherF4 e will follow the denitions nd nottion given in this seprte pp erF P gopyright x nd witsuishi iletri gorp ortion PHHHEPHHI P hesign tionle PFI p Efuntion C he design strtegy of the p Efuntion of gmelli follows tht of the p Efuntion of iP uwe WVF he min dierene etween iP nd gmelli is the doption of the IEround @onservtiveA x @ustitutionEermuttion xetworkAD not the PEround xD iFeF EEF hen the IEround x is used s the round funtion in peistel ipherD the theoretil evlution of the upp er ound of dierentil nd liner hrteristi proility eomes more omplitedD ut the sp eed under the sme level of rel4 seurity is exp eted to e improvedF ee etion T for detiled disussions on seurityF PFP Efuntion he design rtionle of the Efuntion is similr to tht of the Efuntion of iPF ht isD for omE puttionl eienyD it should e represented using only ytewise exlusiveEys nd for seurity C ginst dierentil nd liner ryptnlysisD its rnh numer should e optiml uw WWF prom mong the liner trnsformtions tht stisfy these onditionsD wehose one onsidering highly eient implementtion on QPEpro essors e HH nd highEend smrt rdsD s well s VEit pro essorsF PFQ sE oxes V es the sE oxes we dopted funtions ne equivlent to the inversion funtion in qp@P A for enhned seurity nd smll hrdwre designF st is well known tht the smllest of the mximum dierentil proility of funtions in V T qp@P Aws proven to e P D nd the smllest of the mximumliner proilit yoffuntionsin V T qp@P A is onjetured to e P F here is funtion ne equivlenttotheinversion funtion V in qp@P A tht hieves the est known of the mximum dierentil nd liner proilitiesD T P F e ho ose this kind of funtions s sE oxesF woreoverD the high degree of the fo olen p olynomil of every output it of the sE oxes mkes it diult to ttk gmelli y higher order dierentil
Load more

Recommended publications
  • Zero Correlation Linear Cryptanalysis on LEA Family Ciphers
    Journal of Communications Vol. 11, No. 7, July 2016 Zero Correlation Linear Cryptanalysis on LEA Family Ciphers Kai Zhang, Jie Guan, and Bin Hu Information Science and Technology Institute, Zhengzhou 450000, China Email: [email protected]; [email protected]; [email protected] Abstract—In recent two years, zero correlation linear Zero correlation linear cryptanalysis was firstly cryptanalysis has shown its great potential in cryptanalysis and proposed by Andrey Bogdanov and Vicent Rijmen in it has proven to be effective against massive ciphers. LEA is a 2011 [2], [3]. Generally speaking, this cryptanalytic block cipher proposed by Deukjo Hong, who is the designer of method can be concluded as “use linear approximation of an ISO standard block cipher - HIGHT. This paper evaluates the probability 1/2 to eliminate the wrong key candidates”. security level on LEA family ciphers against zero correlation linear cryptanalysis. Firstly, we identify some 9-round zero However, in this basic model of zero correlation linear correlation linear hulls for LEA. Accordingly, we propose a cryptanalysis, the data complexity is about half of the full distinguishing attack on all variants of 9-round LEA family code book. The high data complexity greatly limits the ciphers. Then we propose the first zero correlation linear application of this new method. In FSE 2012, multiple cryptanalysis on 13-round LEA-192 and 14-round LEA-256. zero correlation linear cryptanalysis [4] was proposed For 13-round LEA-192, we propose a key recovery attack with which use multiple zero correlation linear approximations time complexity of 2131.30 13-round LEA encryptions, data to reduce the data complexity.
    [Show full text]
  • Internet Engineering Task Force (IETF) S. Kanno Request for Comments: 6367 NTT Software Corporation Category: Informational M
    Internet Engineering Task Force (IETF) S. Kanno Request for Comments: 6367 NTT Software Corporation Category: Informational M. Kanda ISSN: 2070-1721 NTT September 2011 Addition of the Camellia Cipher Suites to Transport Layer Security (TLS) Abstract This document specifies forty-two cipher suites for the Transport Security Layer (TLS) protocol to support the Camellia encryption algorithm as a block cipher. Status of This Memo This document is not an Internet Standards Track specification; it is published for informational purposes. This document is a product of the Internet Engineering Task Force (IETF). It represents the consensus of the IETF community. It has received public review and has been approved for publication by the Internet Engineering Steering Group (IESG). Not all documents approved by the IESG are a candidate for any level of Internet Standard; see Section 2 of RFC 5741. Information about the current status of this document, any errata, and how to provide feedback on it may be obtained at http://www.rfc-editor.org/info/rfc6367. Copyright Notice Copyright (c) 2011 IETF Trust and the persons identified as the document authors. All rights reserved. This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (http://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Simplified BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Simplified BSD License.
    [Show full text]
  • Camellia: a 128-Bit Block Cipher Suitable for Multiple Platforms – Design Andanalysis
    Camellia: A 128-Bit Block Cipher Suitable for Multiple Platforms – Design andAnalysis Kazumaro Aoki1, Tetsuya Ichikawa2, Masayuki Kanda1, Mitsuru Matsui2, Shiho Moriai1, Junko Nakajima2, and Toshio Tokita2 1 Nippon Telegraph and Telephone Corporation, 1-1 Hikarinooka, Yokosuka, Kanagawa, 239-0847Japan {maro,kanda,shiho}@isl.ntt.co.jp 2 Mitsubishi Electric Corporation, 5-1-1 Ofuna, Kamakura, Kanagawa, 247-8501 Japan {ichikawa,matsui,june15,tokita}@iss.isl.melco.co.jp Abstract. We present a new 128-bit block cipher called Camellia. Camellia supports 128-bit block size and 128-, 192-, and 256-bit keys, i.e., the same interface specifications as the Advanced Encryption Stan- dard (AES). Efficiency on both software and hardware platforms is a remarkable characteristic of Camellia in addition to its high level of se- curity. It is confirmed that Camellia provides strong security against differential and linear cryptanalyses. Compared to the AES finalists, i.e., MARS, RC6, Rijndael, Serpent, and Twofish, Camellia offers at least comparable encryption speed in software and hardware. An optimized implementation of Camellia in assembly language can encrypt on a Pen- tium III (800MHz) at the rate of more than 276 Mbits per second, which is much faster than the speed of an optimized DES implementation. In addition, a distinguishing feature is its small hardware design. The hard- ware design, which includes encryption and decryption and key schedule, occupies approximately 11K gates, which is the smallest among all ex- isting 128-bit block ciphers as far as we know. 1 Introduction This paper presents a 128-bit block cipher called Camellia, which was jointly developed by NTT and Mitsubishi Electric Corporation.
    [Show full text]
  • Block Ciphers: Fast Implementations on X86-64 Architecture
    Block Ciphers: Fast Implementations on x86-64 Architecture University of Oulu Department of Information Processing Science Master’s Thesis Jussi Kivilinna May 20, 2013 Abstract Encryption is being used more than ever before. It is used to prevent eavesdropping on our communications over cell phone calls and Internet, securing network connections, making e-commerce and e-banking possible and generally hiding information from unwanted eyes. The performance of encryption functions is therefore important as slow working implementation increases costs. At server side faster implementation can reduce the required capacity and on client side it can lower the power usage. Block ciphers are a class of encryption functions that are typically used to encrypt large bulk data, and thus make them a subject of many studies when endeavoring greater performance. The x86-64 architecture is the most dominant processor architecture in server and desktop computers; it has numerous different instruction set extensions, which make the architecture a target of constant new research on fast software implementations. The examined block ciphers – Blowfish, AES, Camellia, Serpent and Twofish – are widely used in various applications and their different designs make them interesting objects of investigation. Several optimization techniques to speed up implementations have been reported in previous research; such as the use of table look-ups, bit-slicing, byte-slicing and the utilization of “out-of-order” scheduling capabilities. We examine these different techniques and utilize them to construct new implementations of the selected block ciphers. Focus with these new implementations is in modes of operation which allow multiple blocks to be processed in parallel; such as the counter mode.
    [Show full text]
  • A Cache Trace Attack on CAMELLIA
    A Cache Trace Attack on CAMELLIA Rishabh Poddar, Amit Datta, and Chester Rebeiro Department of Computer Science and Engineering, Indian Institute of Technology, Kharagpur, India {rishavp,adatta,chester}@cse.iitkgp.ernet.in Abstract. CAMELLIA is a 128 bit block cipher certified for its security by NESSIE and CRYPTREC. Yet an implementation of CAMELLIA can easily fall prey to cache attacks. In this paper we present an attack on CAMELLIA, which utilizes cache access patterns along with the differen- tial properties of CAMELLIA’s s-boxes. The attack, when implemented on a PowerPC microprocessor having a 32 byte cache line size requires power traces from 216 different encryptions. Further, the work shows that this trace requirement reduces to 211 if a 64 byte cache line is used. 1 Introduction With the development of newer and better encryption schemes, it has become increasingly difficult to find flaws in the algorithm and therefore the schemes are more secure. However, implementations of the encryption algorithms are highly susceptible to being attacked. Attacks that target implementations are known as side channel attacks, and were discovered by Paul Kocher in 1996 [10]. These attacks take advantage of the information that gets leaked during the cipher’s execution. The channels for leakage are generally power consumption, timing for execution, and electro-magnetic radiation. Cache attacks are a class of side-channel attacks that glean secret information from the behavior of the processor’s cache memory. These attacks utilize the fact that a cache miss has a different power and timing profile compared to a cache hit. Cache attacks were first prophesied by Kelsey et al.
    [Show full text]
  • Camellia As an Oilseed Crop
    HORTSCIENCE 52(4):488–497. 2017. doi: 10.21273/HORTSCI11570-16 Camellia as an Oilseed Crop Haiying Liang1 Department of Genetics and Biochemistry, Clemson University, Clemson, SC 29634 Bing-Qing Hao, Guo-Chen Chen, Hang Ye, and Jinlin Ma1 Guangxi Forestry Research Institute, Guangxi Key Laboratory of Non-wood Cash Crops Cultivation and Utilization, Nanning, P.R. China, 530002 Additional index words. biodiesel, cultivar, edible oil, new horticultural crop, oil camellias Abstract. Camellia is one of the four main oil-bearing trees along with olive, palm, and coconut in the world. Known as ‘‘Eastern Olive Oil,’’ camellia oil shares similar chemical composition with olive oil, with high amounts of oleic acid and linoleic acid and low saturated fats. Camellia was first exploited for edible oil in China more than 1000 years ago. Today, its oil serves as the main cooking oil in China’s southern provinces. Introduction of camellia oil into the Western countries was delayed until the recognition of its many health benefits. Although popularity for the oil has yet to grow outside of China, interest has emerged in commercial production of camellia oil in other countries in recent years. Unlike seed-oil plants that are grown on arable land, oil camellias normally grow on mountain slopes. This allows the new crop to take full usage of the marginal lands. To facilitate promoting this valuable crop as an alternative oil source and selecting promising cultivars for targeted habitats, this paper reviews the resources of oil camellias developed in China, use of by-products from oil-refining process, as well as the progress of developing camellias for oil production in China and other nations.
    [Show full text]
  • A Review on the Biological Activity of Camellia Species
    molecules Review A Review on the Biological Activity of Camellia Species Ana Margarida Teixeira 1 and Clara Sousa 2,* 1 LAQV/REQUIMTE, Departamento de Ciências Químicas, Faculdade de Farmácia, Universidade do Porto, 4050-290 Porto, Portugal; [email protected] 2 CBQF—Centro de Biotecnologia e Química Fina-Laboratório Associado, Escola Superior de Biotecnologia, Universidade Católica Portuguesa, Rua Diogo Botelho 1327, 4169-005 Porto, Portugal * Correspondence: [email protected] Abstract: Medicinal plants have been used since antiquity to cure illnesses and injuries. In the last few decades, natural compounds extracted from plants have garnered the attention of scientists and the Camellia species are no exception. Several species and cultivars are widespread in Asia, namely in China, Japan, Vietnam and India, being also identified in western countries like Portugal. Tea and oil are the most valuable and appreciated Camellia subproducts extracted from Camellia sinensis and Camellia oleifera, respectively. The economic impact of these species has boosted the search for additional information about the Camellia genus. Many studies can be found in the literature reporting the health benefits of several Camellia species, namely C. sinensis, C. oleifera and Camellia japonica. These species have been highlighted as possessing antimicrobial (antibacterial, antifungal, antiviral) and antitumoral activity and as being a huge source of polyphenols such as the catechins. Particularly, epicatechin (EC), epigallocatechin (EGC), epicatechin-3-gallate (ECG), and specially epigallocatechin-3-gallate (EGCG), the major polyphenols of green tea. This paper presents a detailed review of Camellia species’ antioxidant properties and biological activity. Citation: Teixeira, A.M.; Sousa, C. A Keywords: antimicrobial; antitumor; antifungal; phenolics; flavonoids; ABTS Review on the Biological Activity of Camellia Species.
    [Show full text]
  • An Improved Impossible Differential Attack on MISTY1
    An Improved Impossible Differential Attack on MISTY1 Orr Dunkelman1,⋆ and Nathan Keller2,⋆⋆ 1 Ecole´ Normale Sup´erieure D´epartement d’Informatique, CNRS, INRIA 45 rue d’Ulm, 75230 Paris, France. [email protected] 2Einstein Institute of Mathematics, Hebrew University. Jerusalem 91904, Israel [email protected] Abstract. MISTY1 is a Feistel block cipher that received a great deal of cryptographic attention. Its recursive structure, as well as the added FL layers, have been successful in thwarting various cryptanalytic tech- niques. The best known attacks on reduced variants of the cipher are on either a 4-round variant with the FL functions, or a 6-round variant without the FL functions (out of the 8 rounds of the cipher). In this paper we combine the generic impossible differential attack against 5-round Feistel ciphers with the dedicated Slicing attack to mount an attack on 5-round MISTY1 with all the FL functions with time com- plexity of 246.45 simple operations. We then extend the attack to 6- round MISTY1 with the FL functions present, leading to the best known cryptanalytic result on the cipher. We also present an attack on 7-round MISTY1 without the FL layers. 1 Introduction MISTY1 [10] is a 64-bit block cipher with presence in many cryptographic stan- dards and applications. For example, MISTY1 was selected to be in the CRYP- TREC e-government recommended ciphers in 2002 and in the final NESSIE portfolio of block ciphers, as well as an ISO standard (in 2005). MISTY1 has a recursive Feistel structure, where the round function is in itself (very close to) a 3-round Feistel construction.
    [Show full text]
  • Name of Cryptographic Technique Camellia
    (Appendix B) Publication status of specification (Submission Form 6) Name of cryptographic technique Camellia i) Date and the name of the conference where the submission was publicized Date: 2000.5.25 Name of the speaker: Masayuki KANDA Name of the conference: ISEC Technical report of IEICE Title of the talk and the paper: Camellia – A 128-bit Block Cipher ii) Oath on settlement of the export regulations and the evidence We declare that there is no regulations on the documents of the submitted technique (Camellia) EXCEPT the documents “(4) Test vector” and “(5) Reference code/its specification, and test vector generation program/its specification.” We also declare that there is regulations on the documents (4) and (5) because their documents are unpublished. Name of the applicant in charge: Sei’ichi Ido Evidence on settlement of the regulations (attach a copy of the document). The ISEC technical report on the 25th May, 2000, is attached. Since the following documents do NOTincludes information on design, manufacture, and experiment, they are NOT a target for export regulations; (1) Application form in 2001, (2) Fixed information of Specifications in 2001, (3) Update of Self Evaluation Report in 2001, (6) Publication status of specification, (7) Presentation file for CRYPTREC submission explanation meeting. Title of the document: Camellia – A 128-bit Block Cipher iii) Intellectual property and license We declare that there is no responsibility for evaluation purpose of CRYPTREC on the submitted technique (Camellia). Name of the applicant in charge: Sei’ichi Ido Describe all patents and intellectual properties regarding the submission Patent number, Title, Date of application 2000-064614 データ変換装置及びデータ変換方法及びデータ変換方法をコンピュータに実行させるプログラムを記録したコ ンピュータ読み取り可能な記録媒体 (date of application: March 9.
    [Show full text]
  • Specification of Camellia | a 128-Bit Block Cipher
    Sp eci cation of C amel l ia | a 128-bit Blo ck Cipher y z y Kazumaro AOKI , Tetsuya ICHIKAWA , Masayuki KANDA , z y z z Mitsuru MATSUI , Shiho MORIAI , Junko NAKAJIMA , Toshio TOKITA y z Nipp on Telegraph and Telephone Corp oration, Mitsubishi Electric Corp oration Version 1.0: July 12, 2000 Version 2.0: September 26, 2001 Contents 1 Intro duction 3 2 Notations and Conventions 3 2.1 Radix . 3 2.2 Notations . 3 2.3 List of Symbols . 3 2.4 Bit/Byte Ordering . 3 3 Structure of C amel l ia 5 3.1 List of Functions and Variables . 5 3.2 Encryption Pro cedure . 5 3.2.1 128-bit key . 5 3.2.2 192-bit and 256-bit key . 6 3.3 Decryption Pro cedure . 6 3.3.1 128-bit key . 6 3.3.2 192-bit and 256-bit key . 7 3.4 Key Schedule . 8 4 Comp onents of C amel l ia 10 4.1 F -function . 10 4.2 FL-function . 10 1 4.3 FL -function . 10 4.4 S -function . 10 4.5 s-b oxes . 11 4.6 P -function . 15 A Figures of the Camellia Algorithm 16 B Test Data 22 1 Copyright NTT and Mitsubishi Electric Corp oration 2000-2001 2 C Software Implementation Techniques 22 C.1 Setup . 22 C.1.1 Store All Subkeys . 22 C.1.2 Subkey Generation Order . 23 C.1.3 XOR Cancellation Prop erty in Key Schedule . 23 C.1.4 Rotation Bits for K , K , K ,andK .
    [Show full text]
  • Survey and Benchmark of Block Ciphers for Wireless Sensor Networks
    Survey and Benchmark of Block Ciphers for Wireless Sensor Networks Yee Wei Law, Jeroen Doumen and Pieter Hartel Faculty of Electrical Engineering, Mathematics and Computer Science University of Twente, The Netherlands {ywlaw, doumen, pieter}@cs.utwente.nl Abstract. Choosing the most storage- and energy-efficient block cipher specifically for wireless sensor networks (WSNs) is not as straightforward as it seems. To our knowledge so far, there is no systematic evaluation framework for the purpose. In this paper, we have identified the can- didates of block ciphers suitable for WSNs based on existing literature. For evaluating and assessing these candidates, we have devised a system- atic framework that not only considers the security properties but also the storage- and energy-efficency of the candidates. Finally, based on the evaluation results, we have selected the suitable ciphers for WSNs, namely Rijndael for high security and energy efficiency requirements; and MISTY1 for good storage and energy efficiency. 1 Introduction A wireless sensor network (WSN) is a network comprised of a large number of sensors that (1) are physically small, (2) communicate wirelessly among each other, and (3) are deployed without prior knowledge of the network topology. Due to the limitation of their physical size, the sensors tend to have storage space, energy supply and communication bandwidth so limited that every pos- sible means of reducing the usage of these resources is aggressively sought. For example, a sensor typically has 8∼120KB of code memory and 512∼4096 bytes of data memory. The energy supply of a sensor is such that it will be depleted in less than 3 days if operated constantly in active mode [1].
    [Show full text]
  • 4312 NTT Software Corporation Category: Standards Track S. Moriai Sony Computer Entertainment Inc
    Network Working Group A. Kato Request for Comments: 4312 NTT Software Corporation Category: Standards Track S. Moriai Sony Computer Entertainment Inc. M. Kanda Nippon Telegraph and Telephone Corporation December 2005 The Camellia Cipher Algorithm and Its Use With IPsec Status of This Memo This document specifies an Internet standards track protocol for the Internet community, and requests discussion and suggestions for improvements. Please refer to the current edition of the "Internet Official Protocol Standards" (STD 1) for the standardization state and status of this protocol. Distribution of this memo is unlimited. Copyright Notice Copyright (C) The Internet Society (2005). Abstract This document describes the use of the Camellia block cipher algorithm in Cipher Block Chaining Mode, with an explicit Initialization Vector, as a confidentiality mechanism within the context of the IPsec Encapsulating Security Payload (ESP). 1. Introduction This document describes the use of the Camellia block cipher algorithm in Cipher Block Chaining Mode, with an explicit Initialization Vector, as a confidentiality mechanism within the context of the IPsec Encapsulating Security Payload (ESP). Camellia was selected as a recommended cryptographic primitive by the EU NESSIE (New European Schemes for Signatures, Integrity and Encryption) project [NESSIE] and was included in the list of cryptographic techniques for Japanese e-Government systems that was selected by the Japan CRYPTREC (Cryptography Research, Evaluation Committees) [CRYPTREC]. Camellia has been submitted to several other standardization bodies, such as ISO (ISO/IEC 18033) and the IETF S/MIME Mail Security Working Group [Camellia-CMS]. Kato, et al. Standards Track [Page 1] RFC 4312 Camellia Cipher December 2005 Camellia supports 128-bit block size and 128-, 192-, and 256-bit key lengths, i.e., the same interface specifications as the Advanced Encryption Standard (AES) [AES].
    [Show full text]