Camellia Counter Mode and Camellia Counter with CBC-MAC Mode Algorithms
RFC 5528

 
Document Type RFC - Informational (April 2009; No errata)
Was draft-kato-camellia-ctrccm (individual in sec area)
Last updated 2013-07-24
Stream IETF
Formats plain text pdf html
Stream WG state (None)
Consensus Unknown
Document shepherd No shepherd assigned
IESG IESG state RFC 5528 (Informational)
Telechat date
Responsible AD Tim Polk
Send notices to kanda@isl.ntt.co.jp, akato@po.ntts.co.jp, draft-kato-camellia-ctrccm@ietf.org
Network Working Group                                            A. Kato
Request for Comments: 5528                      NTT Software Corporation
Category: Informational                                         M. Kanda
                                                                     NTT
                                                                S. Kanno
                                                NTT Software Corporation
                                                              April 2009

Camellia Counter Mode and Camellia Counter with CBC-MAC Mode Algorithms

Status of This Memo

   This memo provides information for the Internet community.  It does
   not specify an Internet standard of any kind.  Distribution of this
   memo is unlimited.

Copyright Notice

   Copyright (c) 2009 IETF Trust and the persons identified as the
   document authors.  All rights reserved.

   This document is subject to BCP 78 and the IETF Trust's Legal
   Provisions Relating to IETF Documents in effect on the date of
   publication of this document (http://trustee.ietf.org/license-info).
   Please review these documents carefully, as they describe your rights
   and restrictions with respect to this document.

Abstract

   This document describes the algorithms and presents test vectors for
   the Camellia block cipher algorithm in Counter mode (CTR) and Counter
   with Cipher Block Chaining MAC mode (CCM).  The purpose of this
   document is to make the Camellia-CTR and Camellia-CCM algorithm
   conveniently available to the Internet Community.

Kato, et al.                 Informational                      [Page 1]
RFC 5528        Camellia-CTR and Camellia-CCM algorithms      April 2009

Table of Contents

   1. Introduction ....................................................2
      1.1. Terminology ................................................3
   2. The Camellia Cipher Algorithm ...................................3
      2.1. Key Size ...................................................3
      2.2. Weak Keys ..................................................3
      2.3. Block Size and Padding .....................................3
      2.4. Performance ................................................4
   3. Modes of Operation ..............................................4
   4. Test Vectors ....................................................4
      4.1. Camellia-CTR ...............................................4
      4.2. Camellia-CCM ...............................................7
   5. Security Considerations ........................................20
   6. Acknowledgments ................................................20
   7. References .....................................................20
      7.1. Normative References ......................................20
      7.2. Informative References ....................................20

1.  Introduction

   This document describes the use of the Camellia block cipher
   algorithm in Counter (CTR) mode and Counter with CBC-MAC (CCM) mode.

   Camellia is a symmetric cipher with a Feistel structure.  Camellia
   was developed jointly by NTT and Mitsubishi Electric Corporation in
   2000.  It was designed to withstand all known cryptanalytic attacks,
   and it has been scrutinized by worldwide cryptographic experts.
   Camellia is suitable for implementation in software and hardware,
   offering encryption speed in software and hardware implementations
   that is comparable to Advanced Encryption Standard (AES) [5].

   Camellia supports 128-bit block size and 128-, 192-, and 256-bit key
   lengths, i.e., the same interface specifications as the AES.
   Therefore, it is easy to implement Camellia-based algorithms by
   replacing the AES block of AES-based algorithms with a Camellia
   block.

   Camellia already has been adopted by the IETF and other international
   standardization organizations; in particular, the IETF has published
   specifications for the use of Camellia with IPsec [6], TLS [7],
   Secure/Multipurpose Internet Mail Extensions (S/MIME) [8], and XML
   Securiy [9].  Camellia is one of the three ISO/IEC international
   standard [10] 128-bit block ciphers (Camellia, AES, and Super
   Effective and Efficient Delivery (SEED)).  Camellia was selected as a
   recommended cryptographic primitive by the EU NESSIE (New European
   Schemes for Signatures, Integrity and Encryption) project [11] and

Kato, et al.                 Informational                      [Page 2]
RFC 5528        Camellia-CTR and Camellia-CCM algorithms      April 2009

   was included in the list of cryptographic techniques for Japanese
   e-Government systems that was selected by the Japanese CRYPTREC
   (Cryptography Research and Evaluation Committees) [12].
Show full document text