Linear Analysis of reduced-round CAST-128 and CAST-256

Jorge Nakahara JrMads Rasmussen

This paper describes a linear analysis of reduced-round versions of the CAST-128 and CAST-256 block ciphers. CAST-256 was a former candidate to the AES Development Process. Both ciphers use the same nonlinear components (fixed 8×32-bit S-boxes, key-dependent bit-rotation, modular addition and subtraction on 32-bit words) and a Feistel Network structure. We exploit the fact that the S-boxes are non-surjective mappings to construct iterative linear distinguishers for both ciphers. As far as we are aware of, this paper describes the first known-plaintext analysis of reduced-round variants of these ciphers.

Caso o link acima esteja inválido, faça uma busca pelo texto completo na Web: Buscar na Web

Biblioteca Digital Brasileira de Computação - Contato:
     Mantida por: