rfc2144.txt - Network Working Group C. Adams Request for...

Info iconThis preview shows pages 1–3. Sign up to view the full content.

View Full Document Right Arrow Icon

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
This is the end of the preview. Sign up to access the rest of the document.

Unformatted text preview: Network Working Group C. Adams Request for Comments: 2144 Entrust Technologies Category: Informational May 1997 The CAST-128 Encryption Algorithm Status of this Memo This memo provides information for the Internet community. This memo does not specify an Internet standard of any kind. Distribution of this memo is unlimited. Abstract There is a need in the Internet community for an unencumbered encryption algorithm with a range of key sizes that can provide security for a variety of cryptographic applications and protocols. This document describes an existing algorithm that can be used to satisfy this requirement. Included are a description of the cipher and the key scheduling algorithm (Section 2), the s-boxes (Appendix A), and a set of test vectors (Appendix B). TABLE OF CONTENTS STATUS OF THIS MEMO.............................................1 ABSTRACT........................................................1 1. INTRODUCTION.................................................1 2. DESCRIPTION OF ALGORITHM.....................................2 3. INTELLECTUAL PROPERTY CONSIDERATIONS.........................8 4. SECURITY CONSIDERATIONS......................................8 5. REFERENCES...................................................8 6. AUTHOR’S ADDRESS.............................................8 APPENDICES A. S-BOXES......................................................9 B. TEST VECTORS................................................15 1. Introduction This document describes the CAST-128 encryption algorithm, a DES-like Substitution-Permutation Network (SPN) cryptosystem which appears to have good resistance to differential cryptanalysis, linear cryptanalysis, and related-key cryptanalysis. This cipher also possesses a number of other desirable cryptographic properties, including avalanche, Strict Avalanche Criterion (SAC), Bit Independence Criterion (BIC), no complementation property, and an absence of weak and semi-weak keys. It thus appears to be a good Adams Informational [Page 1] RFC 2144 CAST-128 Encryption Algorithms May 1997 candidate for general-purpose use throughout the Internet community wherever a cryptographically-strong, freely-available encryption algorithm is required. Adams [Adams] discusses the CAST design procedure in some detail; analyses can also be obtained on-line (see, for example, [Web1] or [Web2]). 2. Description of Algorithm CAST-128 belongs to the class of encryption algorithms known as Feistel ciphers; overall operation is thus similar to the Data Encryption Standard (DES). The full encryption algorithm is given in the following four steps. INPUT: plaintext m1...m64; key K = k1...k128. OUTPUT: ciphertext c1...c64. 1. (key schedule) Compute 16 pairs of subkeys {Kmi, Kri} from K (see Sections 2.1 and 2.4)....
View Full Document

This note was uploaded on 11/14/2011 for the course COMP 6370 taught by Professor Staff during the Fall '08 term at Auburn University.

Page1 / 15

rfc2144.txt - Network Working Group C. Adams Request for...

This preview shows document pages 1 - 3. Sign up to view the full document.

View Full Document Right Arrow Icon
Ask a homework question - tutors are online