CAST-128 is a block cipher used in a number of products, notably as the default cipher in some versions of GPG and PGP. It has been approved for Canadian government use by the Communications Security Establishment. Haruki Seki et al. found 2-round differential characteristics and they can attack 5-round CAST-128. In this paper, we studied the properties of round functions F1 and F3 in CAST-128, and identified differential characteristics for F1 round function and F3 round function. So we identified a 6-round differential characteristic with probability 2-53 under 2-23.8 of the total key space. Then based on 6-round differential characteristic, we can attack 8-round CAST-128 with key sizes greater than or equal to 72 bits and 9-round CAST-128 with key sizes greater than or equal to 104 bits. We give the summary of attacks on reduced-round CAST-128 in Table 10.
The copyright of the original papers published on this site belongs to IEICE. Unauthorized use of the original or translated papers is prohibited. See IEICE Provisions on Copyright for details.
Copy
Meiqin WANG, Xiaoyun WANG, Kam Pui CHOW, Lucas Chi Kwong HUI, "New Differential Cryptanalytic Results for Reduced-Round CAST-128" in IEICE TRANSACTIONS on Fundamentals,
vol. E93-A, no. 12, pp. 2744-2754, December 2010, doi: 10.1587/transfun.E93.A.2744.
Abstract: CAST-128 is a block cipher used in a number of products, notably as the default cipher in some versions of GPG and PGP. It has been approved for Canadian government use by the Communications Security Establishment. Haruki Seki et al. found 2-round differential characteristics and they can attack 5-round CAST-128. In this paper, we studied the properties of round functions F1 and F3 in CAST-128, and identified differential characteristics for F1 round function and F3 round function. So we identified a 6-round differential characteristic with probability 2-53 under 2-23.8 of the total key space. Then based on 6-round differential characteristic, we can attack 8-round CAST-128 with key sizes greater than or equal to 72 bits and 9-round CAST-128 with key sizes greater than or equal to 104 bits. We give the summary of attacks on reduced-round CAST-128 in Table 10.
URL: https://global.ieice.org/en_transactions/fundamentals/10.1587/transfun.E93.A.2744/_p
Copy
@ARTICLE{e93-a_12_2744,
author={Meiqin WANG, Xiaoyun WANG, Kam Pui CHOW, Lucas Chi Kwong HUI, },
journal={IEICE TRANSACTIONS on Fundamentals},
title={New Differential Cryptanalytic Results for Reduced-Round CAST-128},
year={2010},
volume={E93-A},
number={12},
pages={2744-2754},
abstract={CAST-128 is a block cipher used in a number of products, notably as the default cipher in some versions of GPG and PGP. It has been approved for Canadian government use by the Communications Security Establishment. Haruki Seki et al. found 2-round differential characteristics and they can attack 5-round CAST-128. In this paper, we studied the properties of round functions F1 and F3 in CAST-128, and identified differential characteristics for F1 round function and F3 round function. So we identified a 6-round differential characteristic with probability 2-53 under 2-23.8 of the total key space. Then based on 6-round differential characteristic, we can attack 8-round CAST-128 with key sizes greater than or equal to 72 bits and 9-round CAST-128 with key sizes greater than or equal to 104 bits. We give the summary of attacks on reduced-round CAST-128 in Table 10.},
keywords={},
doi={10.1587/transfun.E93.A.2744},
ISSN={1745-1337},
month={December},}
Copy
TY - JOUR
TI - New Differential Cryptanalytic Results for Reduced-Round CAST-128
T2 - IEICE TRANSACTIONS on Fundamentals
SP - 2744
EP - 2754
AU - Meiqin WANG
AU - Xiaoyun WANG
AU - Kam Pui CHOW
AU - Lucas Chi Kwong HUI
PY - 2010
DO - 10.1587/transfun.E93.A.2744
JO - IEICE TRANSACTIONS on Fundamentals
SN - 1745-1337
VL - E93-A
IS - 12
JA - IEICE TRANSACTIONS on Fundamentals
Y1 - December 2010
AB - CAST-128 is a block cipher used in a number of products, notably as the default cipher in some versions of GPG and PGP. It has been approved for Canadian government use by the Communications Security Establishment. Haruki Seki et al. found 2-round differential characteristics and they can attack 5-round CAST-128. In this paper, we studied the properties of round functions F1 and F3 in CAST-128, and identified differential characteristics for F1 round function and F3 round function. So we identified a 6-round differential characteristic with probability 2-53 under 2-23.8 of the total key space. Then based on 6-round differential characteristic, we can attack 8-round CAST-128 with key sizes greater than or equal to 72 bits and 9-round CAST-128 with key sizes greater than or equal to 104 bits. We give the summary of attacks on reduced-round CAST-128 in Table 10.
ER -