مرکز منطقه ای اطلاع رساني علوم و فناوري - Differential cryptanalysis of 24-round CAST-256

DocumentCode :

2626315

Title :

Differential cryptanalysis of 24-round CAST-256

Author :

Pestunov, Andrey

Author_Institution :

Inst. of Comput. Technol., SB RAS, Novosibirsk

fYear :

2008

fDate :

21-25 July 2008

Firstpage :

Lastpage :

Abstract :

A 48-round block cipher CAST-256 was a participant of the AES competition. There are two published attacks on this cipher. The first allows to break the cipher, consisted of 16 rounds. Another can break 36 rounds but only for some weak keys, in particulary, a 24-round version of CAST-256 can be broken for a 2^-30 part of all possible keys. An attack described in this paper allows to break 24 rounds of CAST-256, but this attack works for all the keys and not only for the weak ones. Requirements of the attack are: 2²⁴ chosen plaintexts, 2²⁹ bytes of memory and 2²⁴⁴ encryptions. This complexity is less than the complexity of a brute-force attack for 256-bit keys. A success probability of the attack is over 90%.

Keywords :

computational complexity; cryptography; 24-round CAST-256; 48-round block cipher CAST-256; brute-force attack; differential cryptanalysis; encryptions; Bismuth; Cryptography; Helium; Modular construction; Region 8; Security;

fLanguage :

English

Publisher :

ieee

Conference_Titel :

Computational Technologies in Electrical and Electronics Engineering, 2008. SIBIRCON 2008. IEEE Region 8 International Conference on

Conference_Location :

Novosibirsk

Print_ISBN :

978-1-4244-2133-6

Electronic_ISBN :

978-1-4244-2134-3

Type :

conf

DOI :

10.1109/SIBIRCON.2008.4602582

Filename :

4602582

Link To Document :

https://search.ricest.ac.ir/dl/search/defaultta.aspx?DTC=49&DC=2626315