Construction symmetric ciphers using the cast design procedure
First Claim
1. In a data encryption method of cryptographically transforming plaintext into ciphertext in data blocks of a predetermined bitlength comprising a plurality of consecutive transformation rounds of half of each data block, each consecutive transformation round comprising steps of:
- combining the half data block with a first masking key of predetermined length using a first binary operation to generate a first modified half data block;
combining the first modified half data block with a second masking key of predetermined length using a second and different binary operation to generate a second modified half data block;
processing the second modified half data block by a plurality of (m×
n) mutually different substitution boxes to generate a third modified half data block, m and n being positive integers; and
XORing the third modified half data block with the remaining half of the data block to generate a transformed half data block of a transformation round.
8 Assignments
0 Petitions
Accused Products
Abstract
A new design procedure for constructing a family of DES-like Substitution-Permutation Network (SPN) cryptosystems with desirable cryptographic properties including provable resistance to differential cryptanalysis, linear cryptanalysis, and related-key cryptanalysis is described. New cryptosystems called CAST ciphers, constructed according to the procedure, are also described. Details of the design choices in the procedure are given, including those regarding the component substitution boxes (s-boxes), the overall framework, the key schedule, and the round function. A fully specified example CAST cipher, an output of this design procedure, is presented as an aid to understanding the concepts and to encourage detailed analysis by the cryptologic community.
-
Citations
15 Claims
-
1. In a data encryption method of cryptographically transforming plaintext into ciphertext in data blocks of a predetermined bitlength comprising a plurality of consecutive transformation rounds of half of each data block, each consecutive transformation round comprising steps of:
-
combining the half data block with a first masking key of predetermined length using a first binary operation to generate a first modified half data block; combining the first modified half data block with a second masking key of predetermined length using a second and different binary operation to generate a second modified half data block; processing the second modified half data block by a plurality of (m×
n) mutually different substitution boxes to generate a third modified half data block, m and n being positive integers; andXORing the third modified half data block with the remaining half of the data block to generate a transformed half data block of a transformation round. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15)
-
Specification