Camellia (cipher)

Camellia (cipher)

Infobox block cipher
name = Camellia

caption =
designers = Mitsubishi, NTT
publish date = 2000
derived from = E2, MISTY1
derived to =
related to =
certification = CRYPTREC, NESSIE
key size = 128, 192 or 256 bits
block size = 128 bits
structure = Feistel network
rounds = 18 or 24
cryptanalysis =

In cryptography, Camellia is a block cipher that has been evaluated favorably by several organisations, including the European Union's NESSIE project (a selected algorithm), and the Japanese CRYPTREC project (a recommended algorithm). The cipher was developed jointly by Mitsubishi and NTT in 2000, and has similar design elements to earlier block ciphers (MISTY1 and E2) from these companies.

Camellia has a block size of 128 bits, and can use 128-bit, 192-bit or 256-bit keys — the same interface as the Advanced Encryption Standard. It is a Feistel cipher with either 18 rounds (if the key is 128 bits) or 24 rounds (if the key is 192 or 256 bits). Every six rounds, a logical transformation layer is applied: the so-called "FL-function" or its inverse. Camelliauses four 8 x 8-bit S-boxes with input and output affine transformations andlogical operations. The cipher also uses input and output key whitening. The diffusion layer uses a linear transformation based on an MDS matrix with a branch number of 5.

In June, 18 2008, support for the adopted Camellia cipher was added to final release of Mozilla Firefox 3.

Yoshisato Yanagisawa had added support for the Camellia cipher to the disk encryption storage class geli (software) in FreeBSD 7.0.

ecurity analysis

Camellia is one of the ciphers that can be completely defined by minimal systems of multivariate polynomials cite
author = Biryukov, De Cannière
title = Block ciphers and systems of quadratic equations
publisher = Springer-Verlag
date = 2003
] . The Camellia (as well as AES) S-boxes can be described by a system of 23 quadratic equations in 80 terms cite
author = N. T. Courtois, J. Pieprzyk
title = Cryptanalysis of block ciphers with overdefined systems of equations
publisher = Springer-Verlag
date = 2002
] . The key schedule can be described by 1120 equations in 768 variables using 3328 linear and quadratic terms . The entire block cipher can be described by 5104 equations in 2816 variables using 14592 linear and quadratic terms . In total, 6224 equations in 3584 variables using 17920 linear and quadratic terms are required . The number of free terms is 11696, which is approximately the same number as for AES. Theoretically, such properties might make it possible to break Camellia (and AES) using an algebraic attack, such as Extended Sparse Linearisation, in the future (provided that the attack becomes feasible).

Patent status

Although patented, Camellia is available under a royalty-free license.cite press release
title = Announcement of Royalty-free Licenses for Essential Patents of NTT Encryption and Digital Signature Algorithms
publisher = NTT
date = 2001-04-17
url =
accessdate = 2006-11-08
] This has allowed the Camellia cipher to become part of the OpenSSL Project, under an Open Source license, as of November 8, 2006.cite press release
title = The Open Source Community OpenSSL Project Adopts the Next Generation International Standard Cipher "Camellia" Developed in Japan
publisher = NTT
date = 2006-11-08
url =
accessdate = 2008-02-29

Notes and references

* cite conference
author = Kazumaro Aoki, Tetsuya Ichikawa, Masayuki Kanda, Mitsuru Matsui, Shiho Moriai, Junko Nakajima, Toshio Tokita
title = Camellia: A 128-Bit Block Cipher Suitable for Multiple Platforms — Design and Analysis
booktitle = Selected Areas in Cryptography
pages = pp. 39–56
publisher = Mitsubishi, NTT
date = 2000
location =
url =
doi =
id =
accessdate = 2006-11-08

External links

* [ Camellia's English home page]
* RFC 3657 — Use of the Camellia Encryption Algorithm in Cryptographic Message Syntax (CMS)
* RFC 4312 — The Camellia Cipher Algorithm and Its Use With IPsec
* RFC 4132 — Addition of Camellia Cipher Suites to Transport Layer Security (TLS)
* [ Bug 382223] — Add support for Camellia to PSM (Mozilla Firefox)
* [ FreeBSD System Manager's Manual] — Add support for Camellia to geli (FreeBSD)

Wikimedia Foundation. 2010.

Look at other dictionaries:

  • Camellia (disambiguation) — Camellia may mean:* Camellia, a flower * Camellia City, a nickname for Sacramento, California * Camellia, New South Wales, a neighbourhood in Sydney, Australia * Camellia (poem), a poem by Rabindranath Tagore * Camellia (cipher), a block cipher * …   Wikipedia

  • Camellia (Algorithmus) — Camellia Entwickler Mitsubishi, NTT Veröffentlicht 2000 Abgeleitet von MISTY1, E2 Zertifizierung NESSIE, CRYPTREC Schlüssellänge 128, 192 oder 256 Bit …   Deutsch Wikipedia

  • Camellia (алгоритм) — У этого термина существуют и другие значения, см. Camellia (значения). Camellia Создатель: Mitsubishi, NTT Создан: 2000 г. Опубликован: 2000 г. Размер ключа: 128, 192 или 256 бит Размер блока: 128 бит Число раундов …   Википедия

  • Camellia (Algorithme) — Pour les articles homonymes, voir camellia. Camellia [[Image:|none|240px]] …   Wikipédia en Français

  • Camellia (algorythme) — Camellia (algorithme) Pour les articles homonymes, voir camellia. Camellia [[Image:|none|240px]] …   Wikipédia en Français

  • Camellia (algorithme) — Pour les articles homonymes, voir camellia. Camellia Résumé Concepteur(s) Nippon Telegraph and Telephone Corporation, Mitsubishi Electric Corporation Première publication 2000 …   Wikipédia en Français

  • Cipher suite — A cipher suite is a named combination of authentication, encryption, and message authentication code (MAC) algorithms used to negotiate the security settings for a network connection using the Transport Layer Security (TLS) or Secure Sockets… …   Wikipedia

  • Cipher security summary — This article summarizes publicly known attacks against ciphers. Note that not all entries may be up to date. Table color key No known successful attacks Theoretical break Attack demonstrated in practice The Best attack column lists the complexity …   Wikipedia

  • Cipher Block Chaining — Mode d opération (cryptographie) En cryptographie, un mode d opération est la manière de traiter les blocs de texte clairs et chiffrés au sein d un algorithme de chiffrement par bloc. Chacun des modes possède ses propres atouts. Plusieurs modes… …   Wikipédia en Français

  • Stream-cipher — Stromverschlüsselung (engl. stream cipher) ist ein kryptographischer Algorithmus, bei dem Zeichen des Klartextes mit den Zeichen eines Schlüsselstroms einzeln (XOR bei nur zwei verschiedenen Zeichen) verknüpft werden. Der Schlüsselstrom ist eine… …   Deutsch Wikipedia

Share the article and excerpts

Direct link
Do a right-click on the link above
and select “Copy Link”

We are using cookies for the best presentation of our site. Continuing to use this site, you agree with this.