Browse Prior Art Database

The CAST-256 Encryption Algorithm (RFC2612)

IP.com Disclosure Number: IPCOM000003199D
Original Publication Date: 1999-Jun-01
Included in the Prior Art Database: 2019-Feb-11
Document File: 19 page(s) / 24K

Publishing Venue

Internet Society Requests For Comment (RFCs)

Related People

C. Adams: AUTHOR [+1]

Related Documents

10.17487/RFC2612: DOI

Abstract

This document describes an existing algorithm that can be used to satisfy this requirement. Included are a description of the cipher and the key scheduling algorithm, the s-boxes, and a set of test vectors (Appendix A). This memo provides information for the Internet community.

This text was extracted from a PDF file.
This is the abbreviated version, containing approximately 9% of the total text.

Network Working Group C. Adams Request for Comments: 2612 J. Gilchrist Category: Informational Entrust Technologies June 1999

The CAST-256 Encryption Algorithm

Status of this Memo

This memo provides information for the Internet community. It does not specify an Internet standard of any kind. Distribution of this memo is unlimited.

Copyright Notice

Copyright (C) The Internet Society (1999). All Rights Reserved.

Abstract

There is always a desire in the Internet community for unencumbered encryption algorithms with a range of key sizes that can provide security for a variety of cryptographic applications and protocols.

This document describes an existing algorithm that can be used to satisfy this requirement. Included are a description of the cipher and the key scheduling algorithm, the s-boxes, and a set of test vectors (Appendix A).

Table of Contents

Abstract........................................................1 1. Introduction.................................................2 2. CAST-256 Algorithm Specification.............................2 3. Cipher Naming................................................8 4. Cipher Usage.................................................8 5. Security Considerations......................................8 6. References...................................................9 7. Authors’ Addresses...........................................9 Appendix A. Test Vectors.......................................10 Full Copyright Statement.......................................19

Adams & Gilchrist Informational [Page 1]

RFC 2612 The CAST-256 Encryption Algorithm June 1999

1. Introduction

This document describes the CAST-256 encryption algorithm, a DES-like Substitution-Permutation Network (SPN) cryptosystem built upon the CAST-128 encryption algorithm [1] which appears to have good resistance to differential cryptanalysis, linear cryptanalysis, and related-key cryptanalysis. This cipher also possesses a number of other desirable cryptographic properties, including avalanche, Strict Avalanche Criterion (SAC), Bit Independence Criterion (BIC), no complementation property, and an absence of weak and semi-weak keys. It thus appears to be a good candidate for general-purpose use throughout the Internet community wherever a cryptographically- strong, freely-available encryption algorithm is required.

CAST-256 has a block size of 128 bits and a variable key size (128, 160, 192, 224, or 256 bits).

2. CAST-256 Algorithm Specification

2.1 CAST-128 Notation

The following notation from CAST-128 [1] is relevant to CAST-256.

CAST-128 uses a pair of subkeys per round: a 5-bit quantity Kri is used as a "rotation" key for round i and a 32-bit quantity Kmi is used as a "masking" key for round i.

Three different round functions are used in CAST-128. The rounds are as follows (where D is the data input to the operation, Ia - Id are the most significant byte through least significant byte of I, respectively, Si is the ith s-box (see Section 2.1.1...

Processing...
Loading...