Cryptanalysis of reduced versions of the Camellia block cipher

The Camellia block cipher has a 128-bit block length, a user key 128, 192 or 256 bits long and a total of 18 rounds for a 128-bit key and 24 rounds for a 192 or 256-bit key. It is a Japanese CRYPTREC-recommended e-government cipher, a European new European schemes for signatures, integrity and encryption (NESSIE) selected cipher and an ISO international standard. In this study, the authors describe a flaw in the approach used to choose plaintexts or ciphertexts in certain previously published square-like cryptanalytic results for Camellia and give two possible approaches to correct them. Finally, by taking advantage of the early abort technique and a few observations on the key schedule of Camellia, the authors present impossible differential attacks on 10-round Camellia with the FL/FL^-1 functions under 128 key bits, 11-round Camellia with the FL/FL^-1 functions under 192 key bits, 14-round Camellia without the FL/FL^-1 functions under 192 key bits and 16-round Camellia without the FL/FL^-1 functions under 256 key bits.