Open main menu
Home
Random
Recent changes
Special pages
Community portal
Preferences
About Wikipedia
Disclaimers
Incubator escapee wiki
Search
User menu
Talk
Dark mode
Contributions
Create account
Log in
Editing
Camellia (cipher)
(section)
Warning:
You are not logged in. Your IP address will be publicly visible if you make any edits. If you
log in
or
create an account
, your edits will be attributed to your username, along with other benefits.
Anti-spam check. Do
not
fill this in!
== Security analysis == Camellia is considered a modern, safe cipher. Even using the smaller key size option (128 bits), it's considered infeasible to break it by [[brute-force attack]] on the keys with current technology. There are no known successful attacks that weaken the cipher considerably. The cipher has been approved for use by the [[International Organization for Standardization|ISO/IEC]], the [[European Union]]'s [[NESSIE]] project and the [[Japan]]ese [[CRYPTREC]] project. The Japanese [[block cipher|cipher]] has security levels and processing abilities comparable to the [[Advanced Encryption Standard|AES/Rijndael]] cipher.<ref name="camellia-aes" /> Camellia is a [[block cipher]] which can be completely defined by minimal systems of [[multivariate polynomial]]s:{{Vague|What does this sentence say? If this makes perfect sense to a pro, please consider expanding for casual readers to understand. Don't just rely on internal links.|date=August 2010}}<ref name="quadratic"> {{citation |author1=Alex Biryukov |author2=Christophe De Canniere |chapter=Block Ciphers and Systems of Quadratic Equations |title=Fast Software Encryption | series = Lecture Notes in Computer Science |doi=10.1007/978-3-540-39887-5_21 | citeseerx = 10.1.1.95.349 | publisher = [[Springer Science+Business Media|Springer-Verlag]] | year = 2003 |volume=2887 | pages = 274β289 |isbn=978-3-540-20449-7 }}</ref> * The Camellia (as well as [[Advanced Encryption Standard|AES]]) [[S-boxes]] can be described by a system of 23 quadratic equations in 80 terms.<ref> {{citation |author1=Nicolas T. Courtois |author2=Josef Pieprzyk | title = Cryptanalysis of Block Ciphers with Overdefined Systems of Equations | publisher = Springer-Verlag | year = 2002 | pages = 267β287 | url = https://eprint.iacr.org/2002/044.pdf | access-date=2010-08-13 }}</ref> * The [[key schedule]] can be described by {{formatnum:1120}} equations in 768 variables using {{formatnum:3328}} linear and quadratic terms.<ref name="quadratic"/> * The entire block cipher can be described by {{formatnum:5104}} equations in {{formatnum:2816}} variables using {{formatnum:14592}} linear and quadratic terms.<ref name="quadratic"/> * In total, {{formatnum:6224}} equations in {{formatnum:3584}} variables using {{formatnum:17920}} linear and quadratic terms are required.<ref name="quadratic"/> * The number of [[Free variable|free terms]] is {{formatnum:11696}}, which is approximately the same number as for [[Advanced Encryption Standard|AES]]. Theoretically, such properties might make it possible to break Camellia (and [[Advanced Encryption Standard|AES]]) using an algebraic attack, such as [[XSL attack|extended sparse linearisation]], in the future, provided that the attack becomes feasible.
Edit summary
(Briefly describe your changes)
By publishing changes, you agree to the
Terms of Use
, and you irrevocably agree to release your contribution under the
CC BY-SA 4.0 License
and the
GFDL
. You agree that a hyperlink or URL is sufficient attribution under the Creative Commons license.
Cancel
Editing help
(opens in new window)