{"title":"Differential cryptanalysis of 24-round CAST-256","authors":"A. Pestunov","doi":"10.1109/SIBIRCON.2008.4602582","DOIUrl":null,"url":null,"abstract":"A 48-round block cipher CAST-256 was a participant of the AES competition. There are two published attacks on this cipher. The first allows to break the cipher, consisted of 16 rounds. Another can break 36 rounds but only for some weak keys, in particulary, a 24-round version of CAST-256 can be broken for a 2-30 part of all possible keys. An attack described in this paper allows to break 24 rounds of CAST-256, but this attack works for all the keys and not only for the weak ones. Requirements of the attack are: 224 chosen plaintexts, 229 bytes of memory and 2244 encryptions. This complexity is less than the complexity of a brute-force attack for 256-bit keys. A success probability of the attack is over 90%.","PeriodicalId":295946,"journal":{"name":"2008 IEEE Region 8 International Conference on Computational Technologies in Electrical and Electronics Engineering","volume":"14 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2008-07-21","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"1","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2008 IEEE Region 8 International Conference on Computational Technologies in Electrical and Electronics Engineering","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/SIBIRCON.2008.4602582","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 1
Abstract
A 48-round block cipher CAST-256 was a participant of the AES competition. There are two published attacks on this cipher. The first allows to break the cipher, consisted of 16 rounds. Another can break 36 rounds but only for some weak keys, in particulary, a 24-round version of CAST-256 can be broken for a 2-30 part of all possible keys. An attack described in this paper allows to break 24 rounds of CAST-256, but this attack works for all the keys and not only for the weak ones. Requirements of the attack are: 224 chosen plaintexts, 229 bytes of memory and 2244 encryptions. This complexity is less than the complexity of a brute-force attack for 256-bit keys. A success probability of the attack is over 90%.
京公网安备 11010802042870号
京ICP备2023020795号-1
分享
求助内容:
应助结果提醒方式:
扫码关注我们
