Abstract
CAST-128 and CAST-256 are two symmetric algorithms designed by Adams in 1990s. Both of them adopt the CAST design procedure which makes them process a number of desirable cryptographic. CAST-128 is notably used as the default cipher in some versions of GNU Privacy Guard (GPG) and Pretty Good Privacy (PGP) systems. As an extension of CAST-128, CAST-256 was submitted as a candidate for the Advanced Encryption Standard (AES). Since they are widely used, there are many different attacks on them. Differential cryptanalysis is one of the most powerful tools. In this paper, we achieve improved differential cryptanalysis of both CAST-128 and CAST-256 based on the technique of accessing differential tables. Firstly, we propose a differential attack on 9-round CAST-128 with \(2^{73}\) encryptions and \(2^{58}\) chosen plaintexts. Although we cannot improve the number of attacked rounds, the time complexity is significantly reduced. Then we mount an improved differential attack on 10 quad-rounds of modified CAST-256 which increase one quad-round than previous attack. The time complexity of this attack is \(2^{217}\) encryptions, and the data complexity is \(2^{123}\) chosen plaintexts. As far as we know, these are the best known attacks on CAST-128 and CAST-256 under weak key assumption.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
References
Adams, C.: Constructing symmetric ciphers using the CAST design procedure. Des. Codes Crypt. 9, 283–316 (1997)
Adams, C.: The CAST-128 Encryption Algorithm. RFC 2144 (1997)
Adams, C., Cilchist, J.: The CAST-256 Encryption Algorithm. RFC 2612 (1997)
Adams, C., Heys, H.: An analysis of the CAST-256 cipher. In: IEEE Canadian Conference on Electrical and Computer Engineering, pp. 9–12. IEEE Press, Canada (1999)
Biham, E.: New types of cryptanalytic attacks using related keys. In: Helleseth, T. (ed.) EUROCRYPT 1993. LNCS, vol. 765, pp. 398–409. Springer, Heidelberg (1994). doi:10.1007/3-540-48285-7_34
Biham, E., Shamir, A.: Differential cryptanalysis of DES-like cryptosystems. In: Menezes, A.J., Vanstone, S.A. (eds.) CRYPTO 1990. LNCS, vol. 537, pp. 2–21. Springer, Heidelberg (1991). doi:10.1007/3-540-38424-3_1
Biham, E., Shamir, A.: Differential Cryptanalysis of the Data Encryption Standard. Springer New York, New York (1993)
Bogdanov, A., Leander, G., Nyberg, K., Wang, M.: Integral and multidimensional linear distinguishers with correlation zero. In: Wang, X., Sako, K. (eds.) ASIACRYPT 2012. LNCS, vol. 7658, pp. 244–261. Springer, Heidelberg (2012). doi:10.1007/978-3-642-34961-4_16
Cui, T., Chen, H., Wen, L., Wang, M.: Statistic integral attack on CAST-256 and IDEA. In: ArcticCrypt 2016, Longyearbyen (2016)
Fluhrer, S., Mantin, I., Shamir, A.: Weaknesses in the key scheduling algorithm of RC4. In: Vaudenay, S., Youssef, A.M. (eds.) SAC 2001. LNCS, vol. 2259, pp. 1–24. Springer, Heidelberg (2001). doi:10.1007/3-540-45537-X_1
Mala, H., Dakhilalian, M., Rijmen, V., Modarres-Hashemi, M.: Improved impossible differential cryptanalysis of 7-Round AES-128. In: Gong, G., Gupta, K.C. (eds.) INDOCRYPT 2010. LNCS, vol. 6498, pp. 282–291. Springer, Heidelberg (2010). doi:10.1007/978-3-642-17401-8_20
Matsui, M., Yamagishi, A.: A new method for known plaintext attack of FEAL cipher. In: Rueppel, R.A. (ed.) EUROCRYPT 1992. LNCS, vol. 658, pp. 81–91. Springer, Heidelberg (1993). doi:10.1007/3-540-47555-9_7
National Institute of Standards and Technology: Advanced Encryption Standard(AES). crsc.nist.gov/encryption/aes
Nakahara, J., Rasmussen, M.: Linear analysis of reduced-round CAST-128 and CAST-256. In: SBSEG2007, pp. 45–55. Brazil (2007)
Selçuk, A., Bicak, A.: On probability of success in linear and differential cryptanalysis. J. Crypt. 21, 131–147 (2008)
Seki, H., Kaneko, T.: Differential cryptanalysis of CAST-256 reduced to nine quad-rounds. IEICE Trans. Fundam. E84–A, 913–918 (2001)
Wagner, D.: The boomerang attack. In: Knudsen, L. (ed.) FSE 1999. LNCS, vol. 1636, pp. 156–170. Springer, Heidelberg (1999). doi:10.1007/3-540-48519-8_12
Wang, M., Wang, X., Chow, K.: New differential cryptanalysis results for reduced-round CAST-128. IEICE Trans. Fundam. Electron. Commun. Comput. Sci. E93–A, 2744–2754 (2010)
Wang, M., Wang, X., Hu, C.: New linear cryptanalytic results of reduced-round of CAST-128 and CAST-256. In: Avanzi, R.M., Keliher, L., Sica, F. (eds.) SAC 2008. LNCS, vol. 5381, pp. 429–441. Springer, Heidelberg (2009). doi:10.1007/978-3-642-04159-4_28
Zhao, J., Wang, M., Wen, L.: Improved linear cryptanalysis of CAST-256. J. Comput. Sci. Technol. 537, 2–21 (2001)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2017 Springer International Publishing AG
About this paper
Cite this paper
Wang, S., Cui, T., Wang, M. (2017). Improved Differential Cryptanalysis of CAST-128 and CAST-256. In: Chen, K., Lin, D., Yung, M. (eds) Information Security and Cryptology. Inscrypt 2016. Lecture Notes in Computer Science(), vol 10143. Springer, Cham. https://doi.org/10.1007/978-3-319-54705-3_2
Download citation
DOI: https://doi.org/10.1007/978-3-319-54705-3_2
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-54704-6
Online ISBN: 978-3-319-54705-3
eBook Packages: Computer ScienceComputer Science (R0)