Skip to main content
SpringerLink
Log in

Improved Differential Cryptanalysis of CAST-128 and CAST-256

  • Conference paper
  • First Online:
Information Security and Cryptology (Inscrypt 2016)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 10143))

Included in the following conference series:

  • 1232 Accesses

Abstract

CAST-128 and CAST-256 are two symmetric algorithms designed by Adams in 1990s. Both of them adopt the CAST design procedure which makes them process a number of desirable cryptographic. CAST-128 is notably used as the default cipher in some versions of GNU Privacy Guard (GPG) and Pretty Good Privacy (PGP) systems. As an extension of CAST-128, CAST-256 was submitted as a candidate for the Advanced Encryption Standard (AES). Since they are widely used, there are many different attacks on them. Differential cryptanalysis is one of the most powerful tools. In this paper, we achieve improved differential cryptanalysis of both CAST-128 and CAST-256 based on the technique of accessing differential tables. Firstly, we propose a differential attack on 9-round CAST-128 with \(2^{73}\) encryptions and \(2^{58}\) chosen plaintexts. Although we cannot improve the number of attacked rounds, the time complexity is significantly reduced. Then we mount an improved differential attack on 10 quad-rounds of modified CAST-256 which increase one quad-round than previous attack. The time complexity of this attack is \(2^{217}\) encryptions, and the data complexity is \(2^{123}\) chosen plaintexts. As far as we know, these are the best known attacks on CAST-128 and CAST-256 under weak key assumption.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. Adams, C.: Constructing symmetric ciphers using the CAST design procedure. Des. Codes Crypt. 9, 283–316 (1997)

    Article  MathSciNet  MATH  Google Scholar 

  2. Adams, C.: The CAST-128 Encryption Algorithm. RFC 2144 (1997)

    Google Scholar 

  3. Adams, C., Cilchist, J.: The CAST-256 Encryption Algorithm. RFC 2612 (1997)

    Google Scholar 

  4. Adams, C., Heys, H.: An analysis of the CAST-256 cipher. In: IEEE Canadian Conference on Electrical and Computer Engineering, pp. 9–12. IEEE Press, Canada (1999)

    Google Scholar 

  5. Biham, E.: New types of cryptanalytic attacks using related keys. In: Helleseth, T. (ed.) EUROCRYPT 1993. LNCS, vol. 765, pp. 398–409. Springer, Heidelberg (1994). doi:10.1007/3-540-48285-7_34

    Google Scholar 

  6. Biham, E., Shamir, A.: Differential cryptanalysis of DES-like cryptosystems. In: Menezes, A.J., Vanstone, S.A. (eds.) CRYPTO 1990. LNCS, vol. 537, pp. 2–21. Springer, Heidelberg (1991). doi:10.1007/3-540-38424-3_1

    Chapter  Google Scholar 

  7. Biham, E., Shamir, A.: Differential Cryptanalysis of the Data Encryption Standard. Springer New York, New York (1993)

    Book  MATH  Google Scholar 

  8. Bogdanov, A., Leander, G., Nyberg, K., Wang, M.: Integral and multidimensional linear distinguishers with correlation zero. In: Wang, X., Sako, K. (eds.) ASIACRYPT 2012. LNCS, vol. 7658, pp. 244–261. Springer, Heidelberg (2012). doi:10.1007/978-3-642-34961-4_16

    Chapter  Google Scholar 

  9. Cui, T., Chen, H., Wen, L., Wang, M.: Statistic integral attack on CAST-256 and IDEA. In: ArcticCrypt 2016, Longyearbyen (2016)

    Google Scholar 

  10. Fluhrer, S., Mantin, I., Shamir, A.: Weaknesses in the key scheduling algorithm of RC4. In: Vaudenay, S., Youssef, A.M. (eds.) SAC 2001. LNCS, vol. 2259, pp. 1–24. Springer, Heidelberg (2001). doi:10.1007/3-540-45537-X_1

    Chapter  Google Scholar 

  11. Mala, H., Dakhilalian, M., Rijmen, V., Modarres-Hashemi, M.: Improved impossible differential cryptanalysis of 7-Round AES-128. In: Gong, G., Gupta, K.C. (eds.) INDOCRYPT 2010. LNCS, vol. 6498, pp. 282–291. Springer, Heidelberg (2010). doi:10.1007/978-3-642-17401-8_20

    Chapter  Google Scholar 

  12. Matsui, M., Yamagishi, A.: A new method for known plaintext attack of FEAL cipher. In: Rueppel, R.A. (ed.) EUROCRYPT 1992. LNCS, vol. 658, pp. 81–91. Springer, Heidelberg (1993). doi:10.1007/3-540-47555-9_7

    Google Scholar 

  13. National Institute of Standards and Technology: Advanced Encryption Standard(AES). crsc.nist.gov/encryption/aes

  14. Nakahara, J., Rasmussen, M.: Linear analysis of reduced-round CAST-128 and CAST-256. In: SBSEG2007, pp. 45–55. Brazil (2007)

    Google Scholar 

  15. Selçuk, A., Bicak, A.: On probability of success in linear and differential cryptanalysis. J. Crypt. 21, 131–147 (2008)

    Article  MathSciNet  MATH  Google Scholar 

  16. Seki, H., Kaneko, T.: Differential cryptanalysis of CAST-256 reduced to nine quad-rounds. IEICE Trans. Fundam. E84–A, 913–918 (2001)

    Google Scholar 

  17. Wagner, D.: The boomerang attack. In: Knudsen, L. (ed.) FSE 1999. LNCS, vol. 1636, pp. 156–170. Springer, Heidelberg (1999). doi:10.1007/3-540-48519-8_12

    Chapter  Google Scholar 

  18. Wang, M., Wang, X., Chow, K.: New differential cryptanalysis results for reduced-round CAST-128. IEICE Trans. Fundam. Electron. Commun. Comput. Sci. E93–A, 2744–2754 (2010)

    Article  Google Scholar 

  19. Wang, M., Wang, X., Hu, C.: New linear cryptanalytic results of reduced-round of CAST-128 and CAST-256. In: Avanzi, R.M., Keliher, L., Sica, F. (eds.) SAC 2008. LNCS, vol. 5381, pp. 429–441. Springer, Heidelberg (2009). doi:10.1007/978-3-642-04159-4_28

    Chapter  Google Scholar 

  20. Zhao, J., Wang, M., Wen, L.: Improved linear cryptanalysis of CAST-256. J. Comput. Sci. Technol. 537, 2–21 (2001)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Key Laboratory of Cryptologic Technology and Information Security, Ministry of Education, Shandong University, Jinan, 250100, China

    Shaomei Wang, Tingting Cui & Meiqin Wang

Authors
  1. Shaomei Wang
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Tingting Cui
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Meiqin Wang
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Meiqin Wang .

Editor information

Editors and Affiliations

  1. School of Science, Hangzhou Normal University, Hangzhou, China

    Kefei Chen

  2. Institute of Information Engineering, SKLOIS, Beijing, China

    Dongdai Lin

  3. Snapchat Inc., Columbia University, New York, New York, USA

    Moti Yung

Rights and permissions

Reprints and permissions

Copyright information

© 2017 Springer International Publishing AG

About this paper

Cite this paper

Wang, S., Cui, T., Wang, M. (2017). Improved Differential Cryptanalysis of CAST-128 and CAST-256. In: Chen, K., Lin, D., Yung, M. (eds) Information Security and Cryptology. Inscrypt 2016. Lecture Notes in Computer Science(), vol 10143. Springer, Cham. https://doi.org/10.1007/978-3-319-54705-3_2

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-54705-3_2

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-54704-6

  • Online ISBN: 978-3-319-54705-3

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation