[3] The cipher was designed to be suitable for both software and hardware implementations, from low-cost smart cards to high-speed network systems.
[3] Camellia is a block cipher which can be completely defined by minimal systems of multivariate polynomials:[vague][5] Theoretically, such properties might make it possible to break Camellia (and AES) using an algebraic attack, such as extended sparse linearisation, in the future, provided that the attack becomes feasible.
[7] This has allowed the Camellia cipher to become part of the OpenSSL Project, under an open-source license, since November 2006.
Also, support for the Camellia cipher was added to the disk encryption storage class geli of FreeBSD by Yoshisato Yanagisawa.
[16] Moreover, various popular security libraries, such as Crypto++, GnuTLS, mbed TLS and OpenSSL also include support for Camellia.
The selection was based on Camellia's high reputation for ease of procurement, and security and performance features comparable to those of the Advanced Encryption Standard (AES).
As a result, it is possible to accelerate Camellia software implementations using CPU instruction sets designed for AES, such as x86 AES-NI or x86 GFNI, by affine isomorphism.