Dismiss
InnovationQ/InnovationQ Plus content will be updated on Sunday, June 25, 10am ET, with new patent and non-patent literature collections. Click here to learn more.
Browse Prior Art Database

The CAST-256 Encryption Algorithm (RFC2612)

IP.com Disclosure Number: IPCOM000003199D
Original Publication Date: 1999-Jun-01
Included in the Prior Art Database: 2000-Sep-13
Document File: 15 page(s) / 35K

Publishing Venue

Internet Society Requests For Comment (RFCs)

Related People

C. Adams: AUTHOR [+2]

Abstract

There is always a desire in the Internet community for unencumbered encryption algorithms with a range of key sizes that can provide security for a variety of cryptographic applications and protocols.

This text was extracted from a ASCII Text document.
This is the abbreviated version, containing approximately 9% of the total text.

Network Working Group C. Adams

Request for Comments: 2612 J. Gilchrist

Category: Informational Entrust Technologies

June 1999

The CAST-256 Encryption Algorithm

Status of this Memo

This memo provides information for the Internet community. It does

not specify an Internet standard of any kind. Distribution of this

memo is unlimited.

Copyright Notice

Copyright (C) The Internet Society (1999). All Rights Reserved.

Abstract

There is always a desire in the Internet community for unencumbered

encryption algorithms with a range of key sizes that can provide

security for a variety of cryptographic applications and protocols.

This document describes an existing algorithm that can be used to

satisfy this requirement. Included are a description of the cipher

and the key scheduling algorithm, the s-boxes, and a set of test

vectors (Appendix A).

Table of Contents

Abstract........................................................1

1. Introduction.................................................2

2. CAST-256 Algorithm Specification.............................2

3. Cipher Naming................................................8

4. Cipher Usage.................................................8

5. Security Considerations......................................8

6. References...................................................9

7. Authors' Addresses...........................................9

Appendix A. Test Vectors.......................................10

Full Copyright Statement.......................................19

1. Introduction

This document describes the CAST-256 encryption algorithm, a DES-like

Substitution-Permutation Network (SPN) cryptosystem built upon the

CAST-128 encryption algorithm [1] which appears to have good

resistance to differential cryptanalysis, linear cryptanalysis, and

related-key cryptanalysis. This cipher also possesses a number of

other desirable cryptographic properties, including avalanche, Strict

Avalanche Criterion (SAC), Bit Independence Criterion (BIC), no

complementation property, and an absence of weak and semi-weak keys.

It thus appears to be a good candidate for general-purpose use

throughout the Internet community wherever a cryptographically-

strong, freely-available encryption algorithm is required.

CAST-256 has a block size of 128 bits and a variable key size (128,

160, 192, 224, or 256 bits).

2. CAST-256 Algorithm Specification

2.1 CAST-128 Notation

The following notation from CAST-128 [1] is relevant to CAST-256.

CAST-128 uses a pair of subkeys per round: a 5-bit quantity Kri

is used as a "rotation" key for round i and a 32-bit quantity Kmi

is used as a "masking" key for round i.

Three different round functions are used in CAST-128. The rounds

are as follows (where...