| General | |
|---|---|
| Designers | Mitsubishi Electric, NTT |
| First published | 2000 |
| Derived from | E2, MISTY1 |
| Certification | CRYPTREC, NESSIE |
| Cipher detail | |
| Key sizes | 128, 192 or 256 bits |
| Block sizes | 128 bits |
| Structure | Feistel network |
| Rounds | 18 or 24 |
| Best public cryptanalysis | |
| Truncated differential cryptanalysis requiring chosen plaintexts on modified Camellia reduced to 7 and 8 rounds.[1] Impossible differential attack on 12 rounds of Camellia-192 and 14 rounds of Camellia-256.[2] | |
In cryptography, Camellia is a symmetric key block cipher with a block size of 128 bits and key sizes of 128, 192 and 256 bits. It was jointly developed by Mitsubishi Electric and NTT of Japan. The cipher has been approved for use by the ISO/IEC, the European Union's NESSIE project and the Japanese CRYPTREC project. The cipher has security levels and processing abilities comparable to the Advanced Encryption Standard.[3]
The cipher was designed to be suitable for both software and hardware implementations, from low-cost smart cards to high-speed network systems. It is part of the Transport Layer Security (TLS)[4] cryptographic protocol designed to provide communications security over a computer network such as the Internet.
The cipher was named for the flower Camellia japonica, which is known for being long-lived as well as because the cipher was developed in Japan.