标题：Improved automatic search of impossible differentials for camellia with FL/FL-1 layers
作者：Ding Yaoling;Wang Xiaoyun;Wang Ning;Wang Wei
作者机构：[Ding Yaoling] Department of Computer Science and Technology, Tsinghua University, Beijing 100084, China.;[Wang Xiaoyun] Institute for Advanced Study, 更多 通讯作者地址：[Wang, XY]Tsinghua Univ, Inst Adv Study, Beijing 100084, Peoples R China;[Wang, XY]Shandong Univ, Key Lab Cryptol Technol & Informat Secur, Minist Edu 更多
摘要：Camellia is an international standard adopted by ISO/IEC and is recommended by CRYPTREC and NESSIE project. Wu et al. presented an effective tool to search truncated impossible differentials for word-oriented block ciphers with bijective Sboxes. However, their method only adopted Sbox as the nonlinear part and cannot be applied to Camellia with FL/FL~(-1) layers. We discover the difference propagation of three basic components employed in the FL/FL~(-1) layers, i.e., AND, OR, ROTATION operations, and generalize the automatic search to consider more nonlinear operations. Using this system, we search for impossible differentials of round-reduced Camellia with FL/FL~(-1) layers. Moreover, by some changes in the nonlinear subsystem, our algorithm can be easily adjusted to be compatible with searching for impossible differentials which are with restrictions on input/output differences or subkeys. Table 1 summaries our searching results and compares them with the previous results. In order to demonstrate that our algorithm is effective, we launch an impossible differential attack on 14- round Camellia-256 with FL/FL~(-1) layers using the new impossible differential obtained by our algorithm. Compared to the previous best attack achieved by Boura et al., our attack improves the time and memory complexity a lot.