Browse Prior Art Database

The CAST-128 Encryption Algorithm (RFC2144)

IP.com Disclosure Number: IPCOM000002700D
Original Publication Date: 1997-May-01
Included in the Prior Art Database: 2000-Sep-13
Document File: 12 page(s) / 35K

Publishing Venue

Internet Society Requests For Comment (RFCs)

Related People

C. Adams: AUTHOR

Abstract

There is a need in the Internet community for an unencumbered encryption algorithm with a range of key sizes that can provide security for a variety of cryptographic applications and protocols.

This text was extracted from a ASCII Text document.
This is the abbreviated version, containing approximately 8% of the total text.

Network Working Group C. Adams

Request for Comments: 2144 Entrust Technologies

Category: Informational May 1997

The CAST-128 Encryption Algorithm

Status of this Memo

This memo provides information for the Internet community. This memo

does not specify an Internet standard of any kind. Distribution of

this memo is unlimited.

Abstract

There is a need in the Internet community for an unencumbered

encryption algorithm with a range of key sizes that can provide

security for a variety of cryptographic applications and protocols.

This document describes an existing algorithm that can be used to

satisfy this requirement. Included are a description of the cipher

and the key scheduling algorithm (Section 2), the s-boxes (Appendix

A), and a set of test vectors (Appendix B).

TABLE OF CONTENTS

STATUS OF THIS MEMO.............................................1

ABSTRACT........................................................1

1. INTRODUCTION.................................................1

2. DESCRIPTION OF ALGORITHM.....................................2

3. INTELLECTUAL PROPERTY CONSIDERATIONS.........................8

4. SECURITY CONSIDERATIONS......................................8

5. REFERENCES...................................................8

6. AUTHOR'S ADDRESS.............................................8

APPENDICES

A. S-BOXES......................................................9

B. TEST VECTORS................................................15

1. Introduction

This document describes the CAST-128 encryption algorithm, a DES-like

Substitution-Permutation Network (SPN) cryptosystem which appears to

have good resistance to differential cryptanalysis, linear

cryptanalysis, and related-key cryptanalysis. This cipher also

possesses a number of other desirable cryptographic properties,

including avalanche, Strict Avalanche Criterion (SAC), Bit

Independence Criterion (BIC), no complementation property, and an

absence of weak and semi-weak keys. It thus appears to be a good

candidate for general-purpose use throughout the Internet community

wherever a cryptographically-strong, freely-available encryption

algorithm is required.

Adams [Adams] discusses the CAST design procedure in some detail;

analyses can also be obtained on-line (see, for example, [Web1] or

[Web2]).

2. Description of Algorithm

CAST-128 belongs to the class of encryption algorithms known as

Feistel ciphers; overall operation is thus similar to the Data

Encryption Standard (DES). The full encryption algorithm is given in

the following four steps.

INPUT: plaintext m1...m64; key K = k1...k128.

OUTPUT: ciphertext c1...c64.

1. (key schedule) Compute 16 pairs of subkeys {Kmi, Kri} from K

(see Sections 2.1 and 2.4).

2. (L0,R0) <-- (m1...m64). (Split the plaintext into left and

right 32-bit ...