cryptography Cryptography, or cryptology (from grc, , translit=kryptós "hidden, secret"; and ''graphein'', "to write", or ''-logia'', "study", respectively), is the practice and study of techniques for secure communication in the presence of adve ...

, Camellia is a symmetric key

block cipher In cryptography, a block cipher is a deterministic algorithm operating on fixed-length groups of bits, called ''blocks''. Block ciphers are specified cryptographic primitive, elementary components in the design of many cryptographic protocols and ...

with a block size of 128

bit The bit is the most basic unit of information in computing and digital communications. The name is a portmanteau of binary digit. The bit represents a logical state with one of two possible values. These values are most commonly represented a ...

s and

key size In cryptography, key size, key length, or key space refer to the number of bits in a key used by a cryptographic algorithm (such as a cipher). Key length defines the upper-bound on an algorithm's security (i.e. a logarithmic measure of the fastes ...

s of 128, 192 and 256 bits. It was jointly developed by

Mitsubishi Electric , established on 15 January 1921, is a Japanese multinational electronics and electrical equipment manufacturing company headquartered in Tokyo, Japan. It is one of the core companies of Mitsubishi. The products from MELCO include elevators a ...

and NTT of Japan. The cipher has been approved for use by the ISO/IEC, the

European Union The European Union (EU) is a supranational political and economic union of member states that are located primarily in Europe. The union has a total area of and an estimated total population of about 447million. The EU has often been ...

's NESSIE project and the Japanese CRYPTREC project. The

cipher In cryptography, a cipher (or cypher) is an algorithm for performing encryption or decryption—a series of well-defined steps that can be followed as a procedure. An alternative, less common term is ''encipherment''. To encipher or encode i ...

has security levels and processing abilities comparable to the

Advanced Encryption Standard The Advanced Encryption Standard (AES), also known by its original name Rijndael (), is a specification for the encryption of electronic data established by the U.S. National Institute of Standards and Technology (NIST) in 2001. AES is a variant ...

. The

was designed to be suitable for both software and hardware implementations, from low-cost smart cards to high-speed network systems. It is part of the

Transport Layer Security Transport Layer Security (TLS) is a cryptographic protocol designed to provide communications security over a computer network. The protocol is widely used in applications such as email, instant messaging, and voice over IP, but its use in secu ...

(TLS) cryptographic protocol designed to provide communications security over a

computer network A computer network is a set of computers sharing resources located on or provided by network nodes. The computers use common communication protocols over digital interconnections to communicate with each other. These interconnections ar ...

such as the

Internet The Internet (or internet) is the global system of interconnected computer networks that uses the Internet protocol suite (TCP/IP) to communicate between networks and devices. It is a ''internetworking, network of networks'' that consists ...

. The cipher was named for the flower ''

Camellia japonica ''Camellia japonica'', known as common camellia, or Japanese camellia, is a species of flowering plant in the family Theaceae. There are thousands of cultivars of ''C. japonica'' in cultivation, with many colors and forms of flowers. In the U.S. ...

'', which is known for being long-lived as well as because the cipher was developed in Japan.

Design

Camellia is a Feistel cipher with either 18 rounds (when using 128-bit keys) or 24 rounds (when using 192- or 256-bit keys). Every six rounds, a logical transformation layer is applied: the so-called "FL-function" or its inverse. Camellia uses four 8×8-bit S-boxes with input and output

affine transformations In Euclidean geometry, an affine transformation or affinity (from the Latin, ''affinis'', "connected with") is a geometric transformation that preserves lines and parallelism, but not necessarily Euclidean distances and angles. More generally, ...

and logical operations. The cipher also uses input and output key whitening. The

diffusion Diffusion is the net movement of anything (for example, atoms, ions, molecules, energy) generally from a region of higher concentration to a region of lower concentration. Diffusion is driven by a gradient in Gibbs free energy or chemical p ...

layer uses a

linear transformation In mathematics, and more specifically in linear algebra, a linear map (also called a linear mapping, linear transformation, vector space homomorphism, or in some contexts linear function) is a mapping V \to W between two vector spaces that pr ...

based on a

matrix Matrix most commonly refers to: * ''The Matrix'' (franchise), an American media franchise ** '' The Matrix'', a 1999 science-fiction action film ** "The Matrix", a fictional setting, a virtual reality environment, within ''The Matrix'' (franchi ...

with a branch number of 5.

Security analysis

Camellia is considered a modern, safe cipher. Even using the smaller key size option (128 bits), it's considered infeasible to break it by brute-force attack on the keys with current technology. There are no known successful attacks that weaken the cipher considerably. The cipher has been approved for use by the ISO/IEC, the

's NESSIE project and the Japanese CRYPTREC project. The Japanese

has security levels and processing abilities comparable to the AES/Rijndael cipher. Camellia is a

which can be completely defined by minimal systems of multivariate polynomials: * The Camellia (as well as

AES AES may refer to: Businesses and organizations Companies * AES Corporation, an American electricity company * AES Data, former owner of Daisy Systems Holland * AES Eletropaulo, a former Brazilian electricity company * AES Andes, formerly AES Gener ...

) S-boxes can be described by a system of 23 quadratic equations in 80 terms. * The

key schedule In cryptography, the so-called product ciphers are a certain kind of cipher, where the (de-)ciphering of data is typically done as an iteration of ''rounds''. The setup for each round is generally the same, except for round-specific fixed val ...

can be described by equations in 768 variables using linear and quadratic terms. * The entire block cipher can be described by equations in variables using linear and quadratic terms. * In total, equations in variables using linear and quadratic terms are required. * The number of free terms is , which is approximately the same number as for

. Theoretically, such properties might make it possible to break Camellia (and

) using an algebraic attack, such as extended sparse linearisation, in the future, provided that the attack becomes feasible.

Patent status

Although Camellia is patented, it is available under a royalty-free license. This has allowed the Camellia cipher to become part of the

OpenSSL OpenSSL is a software library for applications that provide secure communications over computer networks against eavesdropping or need to identify the party at the other end. It is widely used by Internet servers, including the majority of HT ...

Project, under an

open-source license An open-source license is a type of license for computer software and other products that allows the source code, blueprint or design to be used, modified and/or shared under defined terms and conditions. This allows end users and commercial compan ...

, since November 2006. It has also allowed it to become part of the Mozilla's NSS (Network Security Services) module.

Adoption

Support for Camellia was added to the final release of

Mozilla Firefox Mozilla Firefox, or simply Firefox, is a free and open-source web browser developed by the Mozilla Foundation and its subsidiary, the Mozilla Corporation. It uses the Gecko rendering engine to display web pages, which implements current a ...

3 in 2008 (disabled by default as of Firefox 33 in 2014 in spirit of the "Proposal to Change the Default TLS Ciphersuites Offered by Browsers", and has been dropped from version 37 in 2015). Pale Moon, a fork of Mozilla/Firefox, continues to offer Camellia and had extended its support to include Galois/Counter mode (GCM) suites with the cipher, but has removed the GCM modes again with release 27.2.0, citing the apparent lack of interest in them. Later in 2008, the

FreeBSD FreeBSD is a free and open-source Unix-like operating system descended from the Berkeley Software Distribution (BSD), which was based on Research Unix. The first version of FreeBSD was released in 1993. In 2005, FreeBSD was the most popular ...

Release Engineering Team announced that the cipher had also been included in the

6.4-RELEASE. Also, support for the Camellia cipher was added to the disk encryption storage class geli of FreeBSD by Yoshisato Yanagisawa. In September 2009,

GNU Privacy Guard GNU Privacy Guard (GnuPG or GPG) is a free-software replacement for Symantec's PGP cryptographic software suite. The software is compliant with RFC 4880, the IETF standards-track specification of OpenPGP. Modern versions of PGP are interoper ...

added support for Camellia in version 1.4.10. VeraCrypt (a fork of TrueCrypt) included Camellia as one of its supported encryption algorithms. Moreover, various popular security libraries, such as

Crypto++ Crypto++ (also known as CryptoPP, libcrypto++, and libcryptopp) is a free and open-source C++ class library of cryptographic algorithms and schemes written by Wei Dai. Crypto++ has been widely used in academia, student projects, open-source, and ...

, GnuTLS,

mbed TLS Mbed TLS (previously PolarSSL) is an implementation of the Transport Layer Security, TLS and SSL protocols and the respective cryptographic algorithms and support code required. It is distributed under the Apache License version 2.0. Stated on t ...

and

also include support for Camellia. On March 26, 2013, Camellia was announced as having been selected again for adoption in Japan's new e-Government Recommended Ciphers List as the only 128-bit block cipher encryption algorithm developed in Japan. This coincides with the CRYPTREC list being updated for the first time in 10 years. The selection was based on Camellia's high reputation for ease of procurement, and security and performance features comparable to those of the Advanced Encryption Standard (AES). Camellia remains unbroken in its full implementation. An impossible differential attack on 12-round Camellia without FL/FL⁻¹ layers does exist.

Performance

The S-boxes used by Camellia share a similar structure to AES's S-box. As a result, it is possible to accelerate Camellia software implementations using CPU instruction sets designed for AES, such as x86 AES-NI or x86 GFNI, by affine isomorphism.

Standardization

Camellia has been certified as a standard cipher by several standardization organizations: * CRYPTREC * NESSIE *

IETF The Internet Engineering Task Force (IETF) is a standards organization for the Internet and is responsible for the technical standards that make up the Internet protocol suite (TCP/IP). It has no formal membership roster or requirements and ...

** Algorithm *** : A Description of the Camellia Encryption Algorithm **

Block cipher mode In cryptography, a block cipher mode of operation is an algorithm that uses a block cipher to provide information security such as confidentiality or authenticity. A block cipher by itself is only suitable for the secure cryptographic transform ...

*** : Camellia Counter Mode and Camellia Counter with CBC-MAC Mode Algorithms **

S/MIME S/MIME (Secure/Multipurpose Internet Mail Extensions) is a standard for public key encryption and signing of MIME data. S/MIME is on an IETF standards track and defined in a number of documents, most importantly . It was originally developed b ...

*** : Use of the Camellia Encryption Algorithm in Cryptographic Message Syntax (CMS) ** XML Encryption *** : Additional XML Security Uniform Resource Identifiers (URIs) **

TLS/SSL Transport Layer Security (TLS) is a cryptographic protocol designed to provide communications security over a computer network. The protocol is widely used in applications such as email, instant messaging, and voice over IP, but its use in securi ...

*** : Addition of Camellia Cipher Suites to Transport Layer Security (TLS) *** : Camellia Cipher Suites for TLS *** : Addition of the Camellia Cipher Suites to Transport Layer Security (TLS) **

IPsec In computing, Internet Protocol Security (IPsec) is a secure network protocol suite that authenticates and encrypts packets of data to provide secure encrypted communication between two computers over an Internet Protocol network. It is used in ...

*** : The Camellia Cipher Algorithm and Its Use With IPsec *** : Modes of Operation for Camellia for Use with IPsec ** Kerberos *** : Camellia Encryption for Kerberos 5 ** OpenPGP *** : The Camellia Cipher in OpenPGP ** RSA-KEM in CMS *** : Use of the RSA-KEM Key Transport Algorithm in the Cryptographic Message Syntax (CMS) ** PSKC *** : Portable Symmetric Key Container (PSKC) **

Smart grid A smart grid is an electrical grid which includes a variety of operation and energy measures including: * Advanced metering infrastructure (of which smart meters are a generic name for any utility side device even if it is more capable e.g. a ...

*** : Internet Protocols for the Smart Grid * ISO/IEC *
ISO/IEC 18033-3:2010
Information technology—Security techniques—Encryption algorithms—Part 3: Block ciphers *

ITU-T The ITU Telecommunication Standardization Sector (ITU-T) is one of the three sectors (divisions or units) of the International Telecommunication Union (ITU). It is responsible for coordinating standards for telecommunications and Information Commu ...

** Security mechanisms and procedures for NGN (Y.2704) * RSA Laboratories ** Approved cipher in the PKCS#11 * TV-Anytime Forum ** Approved cipher in TV-Anytime Rights Management and Protection Information for Broadcast Applications ** Approved cipher in Bi-directional Metadata Delivery Protection

References

;General * * *

External links

Camellia's English home page
by NTT
256 bit ciphers – CAMELLIA reference implementation and derived code
* Use of the Camellia Encryption Algorithm in Cryptographic Message Syntax (CMS) * A Description of the Camellia Encryption Algorithm * Additional XML Security Uniform Resource Identifiers (URIs) * Addition of Camellia Cipher Suites to Transport Layer Security (TLS) * The Camellia Cipher Algorithm and Its Use With IPsec * Camellia Counter Mode and Camellia Counter with CBC-MAC Mode Algorithms * Modes of Operation for Camellia for Use with IPsec * Certification of Camellia Cipher as IETF standard for OpenPGP * Camellia Cipher Suites for TLS * Use of the RSA-KEM Key Transport Algorithm in the Cryptographic Message Syntax (CMS) * Portable Symmetric Key Container (PSKC) * Internet Protocols for the Smart Grid * Addition of the Camellia Cipher Suites to Transport Layer Security (TLS)
ISO/IEC 18033-3:2010
Information technology—Security techniques—Encryption algorithms—Part 3: Block ciphers {{Mitsubishi Electric Feistel ciphers Mitsubishi Electric products, services and standards 2000 introductions