Camellia — Where (Horst) Feistel Meets Rijndael (AES)
In research, you should never dismiss something, just because it isn’t currently being used. A good researcher will always look to the other competing methods to current practice, and note their strengths and weaknesses. Something might just come along that could fit a particular problem. And, so, with the advent of AES (aka Rijndael) and ChaCha20, other block ciphers hardly get a look-in. The Camellia cipher is one of these. Overall, it is named after Camellia japonica — which is a Japanese flower that has undulating petals.
Like AES, Camellia has a block size of 128 bits (16 bytes), and can use 128-, 192-, and 256-bit encryption keys. It was created by Mitsubishi and NTT and has been approved by the ISO/IEC. Camellia is also efficient for both hardware and software implementations, and is part of the TLS stack [here]:
Camellia is a Feisitel cipher and uses 18 rounds for 128-bit keys or 24 rounds for 192/256-bit keys. It also uses four 8x8 S-boxes. These s-boxes have a similar structure to the ones used by AES. This means that its performance can be enhanced by using the x86 AES-NI instruction set.
