Camellia is a block cipher that was developed jointly by Mitsubishi and Nippon Telegraph and Telephone (NTT) in 2000, and has similar design elements to earlier block ciphers (MISTY1 and E2) from these companies. It has a block size of 128 bits, and can use 128-bit, 192-bit or 256-bit keys, the same interface as the Advanced Encryption Standard. It is a Feistel cipher with either 18 rounds (if the key is 128 bits) or 24 rounds (if the key is 192 or 256 bits). Camellia uses four 8 x 8-bit S-boxes with input and output affine transformations and logical operations. The cipher also uses input and output key whitening. The diffusion layer uses a linear transformation based on an MDS matrix with a branch number of 5. Camellia can be divided into a "key scheduling part" and a "data randomizing part". Camellia is characterized by its suitability for both software and hardware implementations as well as its high level of security. From a practical viewpoint, it is designed to enable flexibility in software and hardware implementations on 32-bit processors widely used over the Internet and many applications, 8-bit processors used in smart cards, cryptographic hardware, embedded systems, and so on. Camellia has been scrutinized by the wide cryptographic community during several projects for evaluating cryptographic algorithms. In particular, Camellia was selected as a recommended cryptographic primitive by the European Union's NESSIE (New European Schemes for Signatures, Integrity and Encryption) project, and also is included in the list of cryptographic techniques for Japanese e-Government systems which were selected by the Japan CRYPTREC (Cryptography Research and Evaluation Committees). VOCAL offers a wide range of cryptographic solutions in both hardware and software form factors.