• DocumentCode
    2626315
  • Title

    Differential cryptanalysis of 24-round CAST-256

  • Author

    Pestunov, Andrey

  • Author_Institution
    Inst. of Comput. Technol., SB RAS, Novosibirsk
  • fYear
    2008
  • fDate
    21-25 July 2008
  • Firstpage
    46
  • Lastpage
    49
  • Abstract
    A 48-round block cipher CAST-256 was a participant of the AES competition. There are two published attacks on this cipher. The first allows to break the cipher, consisted of 16 rounds. Another can break 36 rounds but only for some weak keys, in particulary, a 24-round version of CAST-256 can be broken for a 2-30 part of all possible keys. An attack described in this paper allows to break 24 rounds of CAST-256, but this attack works for all the keys and not only for the weak ones. Requirements of the attack are: 224 chosen plaintexts, 229 bytes of memory and 2244 encryptions. This complexity is less than the complexity of a brute-force attack for 256-bit keys. A success probability of the attack is over 90%.
  • Keywords
    computational complexity; cryptography; 24-round CAST-256; 48-round block cipher CAST-256; brute-force attack; differential cryptanalysis; encryptions; Bismuth; Cryptography; Helium; Modular construction; Region 8; Security;
  • fLanguage
    English
  • Publisher
    ieee
  • Conference_Titel
    Computational Technologies in Electrical and Electronics Engineering, 2008. SIBIRCON 2008. IEEE Region 8 International Conference on
  • Conference_Location
    Novosibirsk
  • Print_ISBN
    978-1-4244-2133-6
  • Electronic_ISBN
    978-1-4244-2134-3
  • Type

    conf

  • DOI
    10.1109/SIBIRCON.2008.4602582
  • Filename
    4602582
    • Link To Document
    https://search.isc.ac/dl/search/defaultta.aspx?DTC=49&DC=2626315