Home

Camellia - NTTの暗号要素技術

1.
2.
3.
4.
5.
6.
7.
8.
9.
10.
11.
12.
13.
14.
15. C
16. 2 0000 21 D Foo E20 F KMA 98
17. 2 8 320 64 8 32 64 32 64 Camellia MMX IA 32 32 MMX IA 32 Alpha 64 4 1 4 1 1 4 1 2 128 Kr KA KA 4 1 3 Camellia Feistel U 2 3
18. 7 Camellia 7 Camellia Camellia KKO 256 FL pp Camel lia 10 192 9 128 8 6 7 SQUARE DKR97 SQUARE Rijndael Hierocrypt Camellia Camellia 6 8 100 KKO1 He Qing 6 Camellia ICICS 2001 HOO 6 Camellia 01
19. 2 DO CL Camellia 5 Feistel Camellia Camellia Ps ds 2 4 P 5 B 5 9 FL FL 160 1 2 p lt 228 1 2 9 22 9 132 4 lt 2028 1 2 9 22 9 132 128 7 29 15 16 Camellia FL FL 1 2 1 Feistel Camellia Camellia 3 M99 e e e FL FL FL FL 1
20. 4 2 4 2 50000 F P S IX MHH P S X 4 2 5 5 s Dn 2 00 0000 GF 25 4 8 82 83 84 81 2 83 54 1 1 4 5 Java virtual machine 20 100 31 1 32 2 42 6 32 ZL ZR 21 22 23 24 25 26 27 28 Z Zt Zh 5 AL lt Zr Zn lt a ZR 2 2 lt 16 AL lt Zr Zng3 s ZR l
21. Camellia 128 2128 128 CBC CFB 1 2 Camellia 128 264 38
22. a b c 2 a 1 128 b c 1 2128 Camellia FPGA 3 3 Throughput 128 bits b b s GY 00 sec xO 5 4 4 2 4 CBC D 40 Type 4 90 Type 4 9 Type 4 1 27 Copyright NTT
23. 6 UU U 6 1 U U Biham Shamir 593 M94 i 2 M95 CV95 1 5 P Feistel 1 P B min wula wa 0 v 2 IU U IU U 1 8 28 1 3 Ta GF 2 si GE 27 Pr si z Az Ay GF 2 si z Az Prix s x Ty 2 vrs si z Ty 4 psl l5552 U 00 000 2 jy mac md 2 3 2 1 29 Copyright NTT and Mitsubishi Electric Corporation 2000
24. P6 movzx eax ebx ecx edx Lr Rr 4 2 2 4 4 3 Camellia align intrinsic IA 32 Visual C pragma intrinsic lrot1 lrotl 5 Pentium IA 32 rdtsc I99 Alpha rpcc C98 P6 EV6 out of order 21 Copyright NTT and Mitsubishi Electric Corporation 2000 2001 100 Pentium
25. MIYYSS GF 25 GF 2 2 4 FL FL FL FL Feistel 6 1 Feis tel Camellia FL FL FLO FL MISTY FL 9710 MISTY 0 Camellia 1 Camellia XOR 2 5 1 2 128 192 256 128 3 1 agility 4 on the fly Copyright NTT and Mitsubishi Electric Corporation 2000 2001
26. of rounds 1 2 3 4 9 6 7 8 9 10 11 12 1 2 2 12 2 30 2 42 2 66 2 96 2 9 7 11 16 Camellia 1 2 6 2 12 2 36 2 54 2 66 2 72 2 72 2 78 2 102 2 120 2 132 0 1 2 6 9 11 12 12 13 17 20 22 FL FL 1 1 2 6 2 12 2 36 2 54 2 66 2 78 2 84 2 108 2 120 2 132 0 1 2 6 9 11 3 14 18 20 22 0 FL FL 12 Camellia 2 128 1000 11 truncated differentials Knudsen K95 MT99 differential
27. on the fly Rijndael DR98 Serpent ABK98 10 2 3 5 128 Camellia 16 128 16 128 32 192 256 64 Copyright NTT and Mitsubishi Electric Corporation 2000 2001
28. 6 4 0 Feistel 5 Camellia 6 FL ppt Feistel Camellia 5 SKIO1 0 7 FL FL 10 FL Camellia 6 5 2 W99 2 PA PV papy 22 9 6 1000 FL FL Camellia 6 FL Camellia 8 30 r 22379050 pv 2277 Je Camellia Camellia 18 Camellia 6 6 JK97 1 d 1 0 GF 23 GF 25 Camellia 93 Copyright NTT and Mitsubishi Electric Corporation 2000 2001
29. 1 0000 00 128 Camellia Camellia 128 128 192 256 AES Advanced Encryption Standard BS93 M94 Camellia 2 K95 JK97 JK97 A00 B94 KSW96 truncated differential attacks K95 99 W99 BW99 BW00 128 Camellia Camellia 8 s box IC 8 CPU PC 32 CPU 64 CPU Camellia 128 32 Pentium II III Athlon Camellia 4 GF 25 GF 2 Copyright NTT and Mitsubishi Electric Corporation 2000 2001
30. 3 0000 3 1 32 64 1 2 77 RAM ROM 00 001 ISKM01 AIK 00b YOla YO1b Camellia IC 32 64 1090 M 0 10 0 m milli 4 C C C C 1
31. d a 128 b c 1 2128 inzi ASIC 3 3 JU Oo put DD 128 bits Pigs sec x 25 Through 5 3 3 Copyright NTT and Mitsubishi Electric Corporation 2000 2001 2 FPGA 3 2 FPGA
32. 6 14 128 128 192 256 3 k ECB 9k K94 Camellia 9k 1 128 192 256 21274 9191 9255 Camellia 28 ps of 1180 KM96 2 97 Copyright NTT and Mitsubishi Electric Corporation 2000 2001
33. 8 8 100 1 4 AU00 0 0 100 0 000000000 00000 5 l U U DU 1 9 silty 9 0 si y SPo200 y s2 y 0 0 5 90 0 gt 0 salu 34 D SPuio ys SPo222 y5 5 S 4 2 2 2 lt DO SPyuio y1 SPo222 y2 SP3033 y3 5 25 2 2 28 lt DO SPioni y1 SP2200 y2 S S Pooaa l U U U U U U GI 4 2 8 000 100 U U U l U U U DU 0 0 0 U U U D UD U U 0 0 D 0 0 0 0 U U U D D 0 U 0 0 0 0000000000000 IA 32 I99 movzx Alpha C98 extb1 000
34. ASIC Design Compiler 1998 08 0 35 Design Compiler 2000 11 SP1 0 18um Design Compiler 2000 05 1 0 25um FPGA Synplify 5 3 1 ALLIANCE 2 1i XC4000XL Synplify H H H 6 1 3 ALLIANCE 3 3 07i VirtexE JUD Type l Type 4 JUD Copyright NTT and Mitsubishi Electric Corporation 2000 2001
35. N N N N A00 JK97 A00 GF 2 12 12 128 192 256 rQ r lt 4 1 4 255 256 120 0 Camellia A00 Theorem 3 Camellia SQUARE DKR97 6 9 6 10 B94 K93 BW99 BW00 Camellia Feistel 6 FL FL 0 6 11 35 Copyright NTT and Mitsubishi Electric Corporation 2000 2001
36. e 4 4 2 7 3 SP SP SP3 SP 5 6 20 640 6 60 6 70 e 6 120 100 46
37. 30 Copyright NTT and Mitsubishi Electric Corporation 2000 2001 10 Camellia 1 2 3 4 5 6 7 8 9 10 11 12 200 Sd 2 42 2 66 2 96 2 9 7 11 16 Camellia 1 2 6 2 12 2 42 2 54 2 66 2 72 2 72 2 8 2 108 2 120 2 132 0 1 2 9 11 12 12 03 18 20 22 FL FL 1 1 2 6 2 12 2 42 2 54 2 66 2 78 2 90 2 108 2 126 2 132 0 1 2 7 9 11 13 15 18 21 22 I 11 Camellia
38. BBo33m 18 2436 10935 1 1170655 27282 5591 21691 429 AIK 00b1 170 55 3 200 00 018m 128 4596 4596 1 2 850 2490 1137 000 DD 035m 128 1020 2767 a 20 1135 498 637 19 41 AIK 008 AIK 00a 212 16 AIK 00b 168 28 940 62 864 57 1 050 90 177 65 1 881 25 837 00 22222 _ 2 pr 26 S 397 00 2342 1930 963 1717 CO0 Type2 128 36283 7882 21 7734 129 5968 000 2 Xilinx XCA000XL Type 3 Xilinx XC4000XL Xilinx VirtexE Xilinx VirtexE R c Xilinx VirtexE 2 se 1 4264 SKM 962 696 45 ISKMOI 0000 20 10000000 00 0000000 00000000000000000900000000000000000 U UU U 0000000 000 000000 0000000 0 00000000 000000000900000 000
39. ZR Z 2 09 ZR lt Zg s 4 lt Zp3 g Zn ZgGZrg Z 2421 ZR Zgmg i16 ZL Zp s Zr ZR ZL Z Zn ZR ZL 100 SQ l U U LU 5 U P 16 H zg 21 0 025 26 02 Zg 21 22 23 z z 29 27 28 zy 27 022024 A 25 21 26 27 25 lt 26 21 23 24 zu 25 z4 25 26 21 25 29 23 24 G 21 29 23 24 25 d 1 21 060220 25 17 Copyright NTT and Mitsubishi Electric Corporation 2000 2001 060230 26 22 24 27 23 lt 06021 28 1 24 D 23 24 25 G lt 1 25 D 21 24 26 G lt I Z6 D z1 22 27 6 27 D 29 za 28 G lt 1 28 4 2 7 ee CERES
40. 4 1 6 Kr Kn Kr Kn KA Ka 4 1 4 4 1 7 128 192 256 128 Kp 2 F 4 1 8 8 4 1 4 16 1 16 1 2 1 Q 32 IA 32 shrd shld 41 9 F F 4 2 13 Copyright NTT and Mitsubishi Electric Corporation 2000 2001 4 1 10 Camellia 3 4 2 4 21 Endian
41. Copyright NTT and Mitsubishi Electric Corporation 2000 2001 Copyright NTT and Mitsubishi Electric Corporation 2000 2001
42. 1 FSE 99 MT99 8 112 MSAKOO E2 FT 8 E2 J 2 MSAK00 IT FT 7 E20 2 Camellia E2 99 MSAKO00 Camellia 2 S P S 1 2 Feistel 259 Camellia 20 5 Drs Feis FL FL 10 11 Camellia Camellia F L FL ASIACRYPT2001 SKIOI 2 BE Camellia P FL PLL 10 11 Camellia 32 Copyright NTT and Mitsubishi Electric Corporation 2000 2001
43. F00 22 Copyright NTT and Mitsubishi Electric Corporation 2000 2001 5 3 Camellia 0 FPGA 3 4 5 1 Type 1 1 Type 1 ASIC FPGA 1 Type 1 60 Type 1 Plaintext Ciphertext gt 5 A T 5 8 Encryption ag and Key Expansion K i B ey SA Decryption Logic 5 1 Logic E d S bad an
44. Copyright NTT and Mitsubishi Electric Corporation 2000 2001 3 2 100 ASIC Application Specific Integrated Circuit FPGA Field Programmable Gate Array l D U 00 DD 0 30000 l U UU l U U U 4 D 10 ASIC FPGA ASIC 0 35um CMOS ASIC 0 184m CMOS ASIC 0 25 um CMOS ASIC U 2000 IU U U FPGA Xilinx XC4000XL Xilinx VirtexE ASIC FPGA Verilog XL ASIC 0 25um ASIC VCS5 1 0 25 D
45. on the fly 128 32 192 256 64 20000 3 NTT log ISO IEC JIC 1 SC 27 Camellia 20000 9 NESSIE New Eu ropean Schemes for Signature Integrity and Encryption Camellia 2001 9 2nd Phase 200 Camellia I 0 3 5 Camellia 7 Camellia Camellia 128 Copyright NTT and Mitsubishi Electric Corporation 2000 2001
46. 1 77 77 b c 2 77 77 1 128 b Camellia ASIC FPGA 3 b Throughput 128 bits b s ee sec 5 2 2 2 2 ASIC FPGA 21 Type 2 Type 2 T Type 2 00 1 77 77 24 Critical Path of Data Encryption or Decryption lt K Copyright NTT and Mitsubishi Electric Corporation 2000 2001 Plaintext Ciphertex One Round of Encryption and Decryption Logic with sharing a part of Ciphertext Plaintext Data Selector ____ t Key Schedule Logic and a part of Key Expansion Logic or all of Key Expansion Logic 2 Type 2 ASIC FPGA gt Critical Path of Key Expansion
47. 20 Copyright NTT and Mitsubishi Electric Corporation 2000 2001
48. 3 Type 3 Critical Path of Data Encryption or Decryption 4 Ciphertext Plaintext 80 Type 3 3 Type 3 8 Type 3 Plaintext Ciphertext Data Selector __ One Round of Encryption and Decryption Logic Subkeys FPGA 26 Copyright NTT
49. SSE Pentium III pshufw UE 1990 pshufw 6400 endian 500 4 2 2 Little endian 1 4 2 1 FL 100 LU LU endian zl little endian 32 xi 1 lt 2 Oxfefefefe 223515 N Oxfefefefe 1 1 0 21 1 KSI x mask 32 pandn Alpha bic U 00 ANDNOT Camellia Oxfefefefe 4 2 3 whitening kura D cx y Ok zo kol t k nl xnl e knl 2 rQk r 9O k Lp UD e kn k l 0000000000600 200000000 15 Copyright NTT and Mitsubishi Electric Corporation 2000 2001
50. 31 Copyright NTT and Mitsubishi Electric Corporation 2000 2001
51. 2 380 9 0 0 95msec 7 500 9 900 10 128 9 7 6 0 5 679 8 430 MC68HC908AB32 i 208 0 0 71 1 05msec M32Rx D C 0 44 C3 44 8 684 1 392 f AIK 00b 6 42msec 12 36msec D D DD D 00 0 0 0 00 0 0000 200000000000000000000000000000000000000 0 00000000000000 000000000000000010000000000000000000000000000000000000 0 0 0 DD D D D D D 0 000000 DD D D 00000000 DD 0000000 0000000000000000000000000000 6 DD D D D D D 00 000000000 7 Unix 0 0000 8051 2MHz 19 000 2120 0 0 0 oscillator periods 0000 00 28 Windows 780 9 200000 00 9 0 0000 0000 00 00 0 H8 3113 5MHz 19 000 220 0 oscillator periods 3100000 D In Cireuit 0000 00000 0 0 000 068050 O MC68HC705B 16 2 1 MHz C1D 000 dm cireuiq 0000 0000000 00000 068050 0 MC68HC908AB32 2 412 5 2310000000000 320 000 0000 0000 M32Rx D 100MH2 Copyright NTT and Mitsubishi Electric Corporation 2000 2001 Table 3 Camellia 0000000 20011 80 31000
52. 81 JUDUL 000 0000000 ELO D 0 0 D D 0 0 00 21 D DUD D DD D D 0 DD DD D 000 3 000000 0000000000 0 000000000600 U 0080 00000000000 0000 0000 4 PC AT PC 0 0 Pentium 700MHz on die L2 256KB FreeBSD 4 06 128 5 IBM PC AT PC Pentium III 650MHz on die 120 000 256KB Windows98 SE 64MB 6 IBM PC AT PC Pentium II 300MHz L2 10 0 512KB Windows95 O 160MB 7 0 HDD UO U D Visual C 9 600000 0000000 G6 Zp16 ML Ox Ob2 8 IBM PC A Pentium III 1GHz on die L2 256KB Windows2000 512 9 IBM Java Compiler 1 2 2 IBM Java VM 1 2 2 10 Alpha 21264 667MHz Tru64 UNIX 4 0F 2GB 11 Alpha 21264 463 2 Tru64 UNIX V5 1 512MBI 12 Ultra SPARC 400MHz Solaris 7 256MB Copyright NTT and Mitsubishi Electric Corporation 2000 2001 U 2 IcU 0 eee eee 20011 80 310 Tm 0000 00 00000 0200000 0 D UU 00001 jus 0001 O00 1 O00 1 000 10 217 4 un 10 22msec 32 AIK 00b 5 146 1 608 1 03msec f 2809 000 35 951 7 19msec 37 553 5
53. 5 00 1 00 1 2 2 3 3 4 4 U 1 Camellia HO 00000000 20010 8D 310 00 AIK 00b AIK 00b Pentium C A AIK 00b 326 467 gt 474 0 20 236 I 55 Pentium II Pentium III 9 091 793 AIK 00b 5 AIK Alpha 21264 C AIK 00b 282 Alpha 21264 C 1 448 435 355
54. 128 192 256 AES Advanced Encryption Standard Camellia Camellia AES MARS RC6 Rijndael Serpent Twofish Pentium III 1 13GHz 471 Mbps 0 18um CMOS ASIC 812k 128 000 2 1 2 2 2 3 2 4 2 5 F P Copyright NTT and Mitsubishi Electric Corporation 2000 2001 3 1 3 2 4 1 4 2 4 3 9 1 5 2 5 3 5 4 1 2 3 4 6 1 6 2 6 3 6 4 6 5 6 6 6 7 6 8 ii wo WwW e 12 12 14 21 23 23
55. X Lai J L Massey and S Murphy Markov Ciphers and Differential Cryptanalysis In D W Davies editor Advances in Cryptology EUROCRYPT 91 Volume 547 of Lecture Notes in Computer Science 17 38 Springer Verlag Berlin Heidelberg New York 1991 M Matsui Linear Cryptanalysis Method for DES Cipher In T Helleseth editor Advances in Cryptology EUROCRYPT 93 Volume 765 of Lecture Notes in Com 43 M95 M97 M99 MIY Y88 MSAKO00 MT99 RDP 96 Copyright and Mitsubishi Electric Corporation 2000 2001 puter Science 386 397 Springer Verlag Berlin Heidelberg New York 1994 A preliminary version written in Japanese was presented at SCIS93 3C M Matsui On Correlation Between the Order of S boxes and the Strength of DES In A D Santis editor Advances in Cryptology EUROCRYPT 94 Volume 950 of Lecture Notes in Computer Science pp 366 375 Springer Verlag Berlin Heidelberg New York 1995 M Matsui New Block Encryption Algorithm MISTY In E Biham editor Fast Software Encryption 4th International Workshop FSE 97 Volume 1267 of Lecture Notes in Computer Science pp 54 68 Berlin Heidelberg New York 1997 Springer Verlag preliminary version written in Japanese was presented at ISEC96 11 M Matsui Differential Path Search of the Block Cipher E2 Technical Report ISEC99 19 The Institute of Electronics Information and Communication Eng
56. 51 si y si u 1 Y 510 1 81 82 salu 5 salu salu salu s2 u 5 5 s3 y 8 sa u SP y sa y sa y salu 54 salu sa y salu sa u SP35 y 4 JO gt Fo fe g WD 9 lt 45 oe m E gt a gt D e a n A lt E Jee f gt a N 4 g lt ro SPo y2 SP3 y3 SP
57. 6 11 Camellia 94 KSW96 6 12 1 128 CRYPTREC Report 2000 01 Camellia IU 4 6 13 timing attacks K96 power analysis attacks KJJ99 DR99 0 O Camellia favorable Chari AES CJRR99 2 Camellia 36 Copyright NTT and Mitsubishi Electric Corporation 2000 2001
58. Copyright NTT and Mitsubishi Electric Corporation 2000 2001 Camel 7 OOO Camellia lia http info isl ntt co jp camellia Camellia Camellia Camellia 39 0000 A00 ABK98 AIK 00a AIK 00b AU00 B94 BS93 BW99 BW00 Copyright NTT and Mitsubishi Electric Corporation 2000 2001 K Aoki Practical Evaluation of Security against Generalized Interpolation Attack IEICE Transactions Fundamentals of Electronics Communications and Computer Sciences Japan Vol E83 A No 1 pp 33 38 2000 A preliminary version was presented at SAC 99 R Anderson E Biham and L Knudsen Serpent A Flexible Block Cipher Wit
59. E2 Camellia 2 SPN Sub stitution Permutation Network 1 Feistel 6 2 2 P Camellia 00 E20 KMA 98 XOR branch number P 8 CPU 32 CPU 000 IC 1 P 2 3 GF 25 GF 2 279 2 6 2 5 GF 25 Camellia F 25 2 GF 2 4 MT99 GF 2 GF 2 24 Copyright NTT and Mitsubishi Electric Corporation 2000 2001
60. submitted to ASIACRYPT 2001 2001 D Wagner The Boomerang Attack In L R Knudsen editor Fast Software En cryption 6th International Workshop FSE 99 Volume 1636 of Lecture Notes in Computer Science pp 156 170 Berlin Heidelberg New York 1999 Springer Verlag C H Yang Performance Evaluation of AES DES Camellia on the 6805 and H8 300 CPUs In Proceedings of the 2001 Symposium on Cryptography and Information Security Volume II of 52152001 pp 727 730 Oiso Japan 2001 Technical Group on Information Security IEICE C H Yang Supplementary information for C H Yang SCIS 2001 paper http www geocities com chyang00 SCIS2001 2001 45 Copyright NTT and Mitsubishi Electric Corporation 2000 2001 0000 110 2001 80 280 3 10 Camellia e 100 Camellia A Camellia 2 00 20010 90 260
61. 2112 KKO01 222 6 HQOI 13 x 25 KK01 217 6 8 JK97 N N 34 Copyright NTT and Mitsubishi Electric Corporation 2000 2001
62. 3 000 F Krr X T F Krn X2 K 2 RR O F Krr KRL 3 ju 226 Kn S F Krn 22 12 Copyright NTT and Mitsubishi Electric Corporation 2000 2001 128 3 192 256 2 L 41 4 Kr Kn 161 4 1 5 ki ki klg 192 256 kls kle D k12 32 kii kle
63. and Mitsubishi Electric Corporation 2000 2001 Plaintext Ciphertext Encryption and Decryption Logic Stage 1 Register 1 i Key Expansion Key ss Logic 5272 4 1 round gt 2 Stagen 1 55 Register n 1 BE an Perera ESE 1 round Stage gt Register n Critical Path of Key Expansion Ciphertext Plaintext 4 Type 400 FPGA c 10 n 1 128 Camellia FPGA 3 3 Throughput 1
64. 2001
65. 24 26 27 6 9 6 10 6 11 6 12 6 13 6 14 Copyright NTT and Mitsubishi Electric Corporation 2000 2001 tust ha pix eom 35 rotos Pek af Pk ee Sf US 35 Vii sl s edm I ae Rt EIS WP E a 36 am other aypa Q hy paq GS ms 36 ted aly 36 37 39 46 iii Copyright NTT and Mitsubishi Electric Corporation 2000 2001
66. 28 bits b s sec 28 Copyright NTT and Mitsubishi Electric Corporation 2000 2001
67. Camelia 00000000 128000000000 tagon T Ooo 0000 0000 0001 1 0 239 0847 00000000000 11 maro kanda shiho isl ntt co jp 00000000 247 8501 000000000 5 1 1 ichikawa matsui june15 tokita iss isl melco co jp 0 10g 20000 70 130 20009 90 210 110 20010 80 28 0 200 20010 90 260 Copyright NTT and Mitsubishi Electric Corporation 2000 2001 128 Camellia L Camellia 128
68. a oS gt Critical Path of Key Expansion Ciphertext Plaintext 1 Type 1 ASIC FPGA 6 1 00 23 Copyright NTT and Mitsubishi Electric Corporation 2000 2001
69. a ys GLS D ys SP ys 5 3 SPa y7 hos Row koc 21 225 23 24 25 26 27 28 00000 l U ul l U U U U U 0 U U 4 40 i vut 8 KB UU U L l U Camellia 0 1700 0 32 si y 81 81 0 S 10 SN FTT D N lt lt D N S 2 N N gt x l omm D x N N N gt C DN 0 sa y sa y S Pao y 19 Copyright NTT and Mitsubishi Electric Corporation 2000 2001 S Piiio ys SPo222 y5 SP3033 y6 S S Puio y1 SPo222 y2 SP3033 y3 S Paapa ya j wp qd 8 2 2 4 25 26 27 21 25 23 24 LU gt s l U U 00 D 0 0000000
70. amellia big endian little endian big endian endian 10000 endian FL FL endian FL FL 1 endian endian 1 1 endian Camellia 4 2 2 endian 80486 IA 32 bswap 98 endian endian 3200 1 64 endian 32 gt endian Ul e mask x lt Q Ox 00 lt s Sg N 0 6100 224 x Kis 2916 Oxff 00ff lt s x gt gt s 0xffOOff 14 Copyright NTT and Mitsubishi Electric Corporation 2000 2001 Ox 00 8 x g N 0 11001
71. and Mitsubishi Electric Corporation 2000 2001
72. h Maximum Assurance In The First AES Candidate Conference 1998 K Aoki T Ichikawa Kanda M Matsui S Moriai J Nakajima and T Tokita Implementations of the 128 bit block cipher Camellia Technical Report ISEC2000 73 The Institute of Electronics Information and Communication En gineers 2000 in Japanese K Aoki T Ichikawa M Kanda M Matsui S Moriai J Nakajima and T Tokita Camellia 128 Bit Block Cipher Suitable for Multiple Platforms Extended Ab stract In First NESSIE Workshop 2000 K Aoki and H Ueda Optimized Software Implementations of E2 IEICE Transactions Fundamentals of Electronics Communications and Computer Sciences Japan Vol E83 A No 1 pp 101 105 2000 The full paper is available on http info isl ntt co 4 linebreak 3 jp e2 RelDocs E Biham New Types of Cryptanalytic Attacks Using Related Keys Journal of Cryptology Vol 7 No 4 pp 229 246 1994 extended abstract was appeared at EUROCRYPT 93 E Biham and A Shamir Differential Cryptanalysis of the Data Encryption Stan dard Springer Verlag Berlin Heidelberg New York 1993 A Biryukov and D Wagner Slide Attacks In L Knudsen editor Fast Software Encryption 6th International Workshop FSE 99 Volume 1636 of Lecture Notes Computer Science 245 259 Berlin Heidelberg New York 1999 Springer Verlag A Biryukov and D Wagner Advanced Slide Attacks In S Vaudenay edito
73. ineers 1999 in Japanese M Matsui T Inoue A Yamagishi and H Yoshida A note on calculation circuits over 22 Technical Report IT88 14 The Institute of Electronics Information and Communication Engineers 1988 in Japanese 5 Moriai M Sugita K Aoki and M Kanda Security of E2 against Truncated Differential Cryptanalysis In H Heys and C Adams editors Selected Areas in Cryptography 6th Annual International Workshop 5 4799 Volume 1758 of Lec ture Notes in Computer Science pp 106 117 Berlin Heidelberg New York 2000 Springer Verlag M Matsui and T Tokita Cryptanalysis of Reduced Version of the Block Cipher E2 In L Knudsen editor Fast Software Encryption 6th International Workshop FSE 99 Volume 1636 of Lecture Notes Computer Science pp 71 80 Berlin Heidelberg New York 1999 Springer Verlag Japanese version was presented at SCIS99 V Rijmen J Daemen B Preneel Bosselaers and E De Win Cipher SHARK In D Gollmann editor Fast Software Encryption Third Interna 44 SKI01 W99 YO1a YO1b Copyright NTT and Mitsubishi Electric Corporation 2000 2001 tional Workshop Volume 1039 of Lecture Notes in Computer Science pp 99 111 Springer Verlag Berlin Heidelberg New York 1996 M Sugita K Kobara and H Imai Security of Reduced Version of the Block Cipher Camellia against Truncated and Impossible Differential Cryptanalysis
74. men and Rijmen AES Proposal Rijndael 1998 http www esat kuleuven ac be rijmen rijndael J Daemen and V Rijmen Resistance Against Implementation Attacks Com parative Study of the AES Proposals In The Second AES Candidate Conference 1999 Fog How to optimize for the Pentium microprocessors 2000 http www agner org assem M Hellman Cryptanalytic time memory trade off IEEE Transactions on Infor mation Theory Vol IT 26 No 4 401 406 1980 41 HQO1 199 ISKMO01 JK97 K93 K94 K95 K96 Copyright NTT and Mitsubishi Electric Corporation 2000 2001 Y He and S Qing Square Attack on Reduced Camellia Cipher submitted to the 3rd International Conference on Information and Communications Security ICICS 2001 2001 Intel Corporation ntel Architecture Software Developer s Manual Volume 2 In struction Set Reference 1999 You can download the manual from Intel s developer site http developer intel com T Ichikawa T Sorimachi T Kasuya and M Matsui On the criteria of hardware evaluation of block ciphers 1 Technical Report ISEC2001 53 The Institute of Electronics Information and Communication Engineers 2001 in Japanese T Jakobsen and L Knudsen The Interpolation Attack on Block Cipher In E Biham editor Fast Software Encryption 4th International Workshop FSE 97 Volume 1267 of Lecture Notes in Computer Scie
75. nce pp 28 40 Berlin Heidelberg New York 1997 Springer Verlag L R Knudsen Cryptanalysis of LOKI91 In J Seberry and Y Zheng editors Ad vances in Cryptology AUSCRYPT 92 Volume 718 of Lecture Notes in Computer Science 196 208 Springer Verlag Berlin Heidelberg New York 1993 L R Knudsen Practically secure Feistel ciphers In R Anderson editor Fast Software Encryption 1993 Cambridge Security Workshop FSE1 Volume 809 of Lecture Notes in Computer Science 211 221 Berlin Heidelberg New York 1994 Springer Verlag L R Knudsen Truncated and Higher Order Differentials In B Preneel editor Fast Software Encryption Second International Workshop Volume 1008 of Lecture Notes in Computer Science 196 211 Springer Verlag Berlin Heidelberg New York 1995 P Kocher Timing Attacks on Implementations of Diffie Hellman RSA DSS and Other Systems In Koblitz editor Advances in Cryptology CRYPTO 96 Volume 1109 of Lecture Notes in Computer Science pp 104 113 Springer Verlag Berlin Heidelberg New York 1996 42 KOO KJJ99 KK01 KM96 KMA 98 KSW96 LMM91 M94 Copyright NTT and Mitsubishi Electric Corporation 2000 2001 M Kanda Practical Security Evaluation against Differential and Linear Attacks for Feistel Ciphers with SPN Round Function In SAC2000 Seventh Annual Workshop on Selected Areas in Cryptography 14 15 August 2000 Work
76. pue em o 1 o H Uy mE E 0 s1 y1 0 0 s1 y1 0 s2 y2 s2 y2 s2 y2 s2 y2 s2 y2 101 5101 510 SP SP2 y2 0 sa ya 0 s3 y3 33 3 SP3 ys x wm diis t radon A te D N AON te D N gt N co 0 s4 y4 0 52 05 sa y4 34 SPA SPs ys 0 sa ye 0 S 0 s4 y7 0 1 81 s ys 0 s4 y7 sa y7 s4 y7 sa y7 s4 y7 5 si ys 81 51 SPs ys Q SL 21 25 23 24 25 26 27 28 0 000000000 8 T 16 10000 KB 18 U U U 3 000 Copyright NTT and Mitsubishi Electric Corporation 2000 2001
77. r Advances in Cryptology EUROCRYPT2000 Volume 1807 of Lecture Notes in 40 C98 001 CJRR99 CV95 DKR97 DR98 DR99 F00 H80 Copyright NTT and Mitsubishi Electric Corporation 2000 2001 Computer Science pp 589 606 Berlin Heidelberg New York 2000 Springer Verlag Compaq Computer Corporation Alpha Architecture Handbook Version 4 1998 You can download the manual from Compaq s technical documen tation library http www support compaq com alpha tools documentation current chip docs html CRYPTREC CRYPTREC Report 2000 April 2001 S Chari C Jutla J R Rao and P Rohatgi A Cautionary Note Regarding Evalu ation of AES Candidates on Smart Cards In Second Advanced Encryption Standard Candidate Conference pp 133 147 Hotel Quirinale Rome Italy 1999 Information Technology Laboratory National Institute of Standards and Technology F Chabaud and 5 Vaudenay Links Between Differential and Linear Cryptanaly sis In D Santis editor Advances in Cryptology EUROCRYPT 94 Volume 950 of Lecture Notes in Computer Science 356 365 Springer Verlag Berlin Heidelberg New York 1995 J Daemen L Knudsen and V Rijmen The Block Cipher SQUARE In E Biham editor Fast Software Encryption 4th International Workshop FSE 97 Volume 1267 of Lecture Notes Computer Science 54 68 Berlin Heidelberg New York 1997 Springer Verlag J Dae
78. shop Record 2000 P Kocher J Jaffe and B Jun Differential Power Analysis In M Wiener editor Advances in Cryptology CRYPTO 99 Volume 1666 of Lecture Notes in Computer Science pp 388 397 Springer Verlag Berlin Heidelberg New York 1999 T Kawabata and T Kaneko A Study on Higher Order Differential Attack of Camellia In Second NESSIE Workshop 2001 This paper is based on T Kawabata Y Ohgaki and T Kaneko A Study on Strength of Camellia against Higher Order Differential Attack in Japanese Technical report of IEICE ISEC2001 9 55 62 The Institute of Electronics Information and Communication Engineers 2001 K Kusuda and T Matsumoto Optimization of Time Memory Trade Off Crypt analysis and Its Application to DES FEAL 32 and Skipjack IEICE Transactions Fundamentals of Electronics Communications and Computer Sciences Japan Vol E79 A No 1 pp 35 48 1996 M Kanda S Moriai K Aoki H Ueda M Ohkubo Y Takashima K Ohta and T Matsumoto A New 128 bit Block Cipher E2 Technical Report ISEC98 12 The Institute of Electronics Information and Communication Engineers 1998 in Japanese J Kelsey B Schneier and D Wagner Key Schedule Cryptanalysis of IDEA G DES GOST SAFER and Triple DES In Koblitz editor Advances in Cryptology CRYPTO 96 Volume 1109 of Lecture Notes in Computer Science 231 251 Springer Verlag Berlin Heidelberg New York 1996
79. t Zr 24 gt gt 8 Zi ZR Zr Z 16 Copyright NTT and Mitsubishi Electric Corporation 2000 2001

Camellia - NTTの暗号要素技術

Contents

Download Pdf Manuals

Related Search

Related Contents