Scribd
Upload
290 views17 pages

CAST-128 Encryption Algorithm

CAST-128 is a symmetric encryption algorithm that operates on 64-bit blocks using a Feistel network structure. It uses between 12 and 16 rounds depending on the key size, which can range from 40 to 128 bits. The algorithm uses 4 S-boxes and 3 different function types that are applied in alternating rounds. CAST-128 was designed to be secure and has been reviewed by cryptologists. It is used in some encryption software products like PGP, which provides security for email and files.

Uploaded by

Ghifari ramadhika
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as TXT, PDF, TXT or read online on Scribd
290 views17 pages

CAST-128 Encryption Algorithm

CAST-128 is a symmetric encryption algorithm that operates on 64-bit blocks using a Feistel network structure. It uses between 12 and 16 rounds depending on the key size, which can range from 40 to 128 bits. The algorithm uses 4 S-boxes and 3 different function types that are applied in alternating rounds. CAST-128 was designed to be secure and has been reviewed by cryptologists. It is used in some encryption software products like PGP, which provides security for email and files.

Uploaded by

Ghifari ramadhika
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as TXT, PDF, TXT or read online on Scribd
You are on page 1/ 17

CAST-128 Encryption Algorithm

CAST-128
‡ CAST is a design procedure for symmetric encryption algorithms developed by
Carlisle Adams and Stafford Tavares ‡ Feistel Network structure ‡ Operating on 64-
bit blocks of plaintext ‡ Key size which can vary from 40 bits to 128 bits
Variable Keysize
‡ For key sizes up to and including 80 bits (i.e., 40, 48, 56, 64, 72, and 80 bits)
uses 12 rounds ‡ For key sizes greater than 80 bits, the algorithms uses the full
16 rounds ‡ For key sizes less than 128 bits, the key is padded with zero bytes (in
the rightmost, or least significant, positions)
For example
40-bit key = 01 23 45 67 12 = 01 23 45 67 12 00 00 00 00 00 00 00 00 00 00 00
Plaintext = 01 23 45 67 89 AB CD EF
CAST-128 Algorithm
CAST-128 Algorithm
Function Type 1: I = ((Kmi + D) <<< Kri) f = ((S1[Ia] ^ S2[Ib]) - S3[Ic]) + S4[Id]
Function Type 2: I = ((Kmi ^ D) <<< Kri) f = ((S1[Ia] - S2[Ib]) + S3[Ic]) ^ S4[Id]
Function Type 3: I = ((Kmi - D) <<< Kri) f = ((S1[Ia] + S2[Ib]) ^ S3[Ic]) - S4[Id]
Rounds 1, 4, 7, 10, 13, and 16 use f function Type 1. Rounds 2, 5, 8, 11, and 14
use f function Type 2. Rounds 3, 6, 9, 12, and 15 use f function Type 3.

‡ ‡ ‡ ‡ ‡ ‡ ‡ ‡ ‡ ‡ ‡

where, Km is used as a masking key; Kr is used as a rotation key; D is the data


input to the f function; Ia, Ib, Ic, Id are the most significant byte down to the
least significant byte of I, respectively; S1, S2, S3, S4 are SBox 1, 2, 3 and 4; i
is the round number; + and - are addition and subtraction (The inverse operation,
denoted by - ) ^ is bitwise exclusive OR; <<< is a circular left shift operation.
CAST-128 Substitution box
‡ ‡ ‡ ‡ It is 8*32 S-box Have 8 S boxes For S1 to S4 uses for encryption and
decryption process For S5 to S8 uses for key scheduling
Example of S-Box S1
Key scheduling
‡ K1-K16 are used in their entirety. The set of K1-K16 is called Km (m for
"masking") ‡ Only the least significant 5 bits of K17-K32 are used (Since there are
only 32 bits, only 5 bits are needed for the rotations. Any more is useless). This
set is called Kr (r for "rotation")
Function Type 1
Function Type 1: I = ((Kmi + D) <<< Kri) f = ((S1[Ia] ^ S2[Ib]) - S3[Ic]) + S4[Id]
‡ ‡ ‡ ‡ ‡ ‡ ‡ ‡ ‡ ‡ ‡ where, Km is used as a masking key; Kr is used as a rotation
key; D is the data input to the f function; Ia, Ib, Ic, Id are the most significant
byte down to the least significant byte of I, respectively; S1, S2, S3, S4 are SBox
1, 2, 3 and 4; i is the round number; + and - are addition and subtraction ^ is
bitwise exclusive OR; <<< is a circular left shift operation.

Rounds 1, 4, 7, 10, 13, and 16 are used


Function Type 2
Function Type 2: I = ((Kmi ^ D) <<< Kri) f = ((S1[Ia] - S2[Ib]) + S3[Ic]) ^ S4[Id]
‡ ‡ ‡ ‡ ‡ ‡ ‡ ‡ ‡ ‡ ‡ where, Km is used as a masking key; Kr is used as a rotation
key; D is the data input to the f function; Ia, Ib, Ic, Id are the most significant
byte down to the least significant byte of I, respectively; S1, S2, S3, S4 are SBox
1, 2, 3 and 4; i is the round number; + and - are addition and subtraction ^ is
bitwise exclusive OR; <<< is a circular left shift operation.

Rounds 2, 5, 8, 11, and 14 are used


Function Type 3
Function Type 3: I = ((Kmi - D) <<< Kri) f = ((S1[Ia] + S2[Ib]) ^ S3[Ic]) S4[Id]
‡ ‡ ‡ ‡ ‡ ‡ ‡ ‡ ‡ ‡ ‡ where, Km is used as a masking key; Kr is used as a rotation
key; D is the data input to the f function; Ia, Ib, Ic, Id are the most significant
byte down to the least significant byte of I, respectively; S1, S2, S3, S4 are SBox
1, 2, 3 and 4; i is the round number; + and - are addition and subtraction ^ is
bitwise exclusive OR; <<< is a circular left shift operation.

Rounds 3, 6, 9, 12, and 15 are used


CAST-128
‡ CAST is the result of a long process of research and development and has
benefited from extensive review by cryptologists. It is beginning to be used in a
number of products, including PGP.
What is PGP?
‡ Stand for Pretty Good Privacy ‡ Software that provides confidential,
authentication and integrity service for e-mail and file storage applications ‡
Based on the best algorithms available
Thank You

You might also like