Show Summary Details
More options …

# Journal of Mathematical Cryptology

Managing Editor: Magliveras, Spyros S. / Steinwandt, Rainer / Trung, Tran

Editorial Board: Blackburn, Simon R. / Blundo, Carlo / Burmester, Mike / Cramer, Ronald / Gilman, Robert / Gonzalez Vasco, Maria Isabel / Grosek, Otokar / Helleseth, Tor / Kim, Kwangjo / Koblitz, Neal / Kurosawa, Kaoru / Lauter, Kristin / Lange, Tanja / Menezes, Alfred / Nguyen, Phong Q. / Pieprzyk, Josef / Rötteler, Martin / Safavi-Naini, Rei / Shparlinski, Igor E. / Stinson, Doug / Takagi, Tsuyoshi / Williams, Hugh C. / Yung, Moti

CiteScore 2017: 1.43

SCImago Journal Rank (SJR) 2017: 0.293
Source Normalized Impact per Paper (SNIP) 2017: 1.117

Mathematical Citation Quotient (MCQ) 2017: 0.51

Online
ISSN
1862-2984
See all formats and pricing
More options …
Volume 11, Issue 2

# Multiple differential-zero correlation linear cryptanalysis of reduced-round CAST-256

• Corresponding author
• School of Mathematics, Iran University of Science and Technology, Narmak, Tehran 16844, Iran
• Email
• Other articles by this author:
Published Online: 2017-04-21 | DOI: https://doi.org/10.1515/jmc-2016-0054

## Abstract

CAST-256 (or CAST6) is a symmetric-key block cipher published in June 1998. It was submitted as a candidate for Advanced Encryption Standard (AES). In this paper, we will propose a new chosen text attack, the multiple differential-zero correlation linear attack, to analyze the CAST-256 block cipher. Our attack is the best-known attack on CAST-256 according to the number of rounds without the weak-key assumption. We first construct a 30-round differential-zero correlation linear distinguisher. Based on the distinguisher, we propose a first 33-round attack on CAST-256 with data complexity of ${2}^{115.63}$ and time complexity ${2}^{238.26}$. In the end, the 111-bit subkey is recovering.

MSC 2010: 94A60

## References

• [1]

E. Biham, O. Dunkelman and N. Keller, Enhancing differential-linear cryptanalysis, Advances in Cryptology – ASIACRYPT 2002, Lecture Notes in Comput. Sci. 2501, Springer, Berlin (2002), 254–266. Google Scholar

• [2]

E. Biham and A. Shamir, Differential cryptanalysis of DES-like cryptosystems, Advances in Cryptology – CRYPTO ’90, Lecture Notes in Comput. Sci. 537, Springer, Berlin (1990), 2–21. Google Scholar

• [3]

E. Biham and A. Shamir, Differential cryptanalysis of the full 16-round DES, Advances in Cryptology – CRYPTO ’92, Lecture Notes in Comput. Sci. 740, Springer, Berlin (1993), 487–496. Google Scholar

• [4]

A. Bogdanov, G. Leander, K. Nyberg and M. Wang, Integral and multidimensional linear distinguishers with correlation zero, preprint (2012), https://www.iacr.org/archive/asiacrypt2012/76580239/76580239.pdf.

• [5]

A. Bogdanov, G. Leander, K. Nyberg and M. Wang, Integral and multidimensional linear distinguishers with correlation zero, Advances in Cryptology – ASIACRYPT 2012, Lecture Notes in Comput. Sci. 7658, Springer, Berlin (2012), 244–261. Google Scholar

• [6]

A. Bogdanov and V. Rijmen, Linear hulls with correlation zero and linear cryptanalysis of block ciphers, Des. Codes Cryptogr. 70 (2014), 369–383.

• [7]

A. Bogdanov and M. Wang, Zero correlation linear cryptanalysis with reduced data complexity, Fast Software Encryption – FSE ’12, Lecture Notes in Comput. Sci. 7549, Springer, Berlin (2012), 29–48. Google Scholar

• [8]

S. K. Langford and M. E. Hellman, Differential-linear cryptanalysis, Advances in Cryptology – CRYPTO ’94, Lecture Notes in Comput. Sci. 839, Springer, Berlin (1994), 17–25. Google Scholar

• [9]

M. Matsui, Linear cryptanalysis method for DES cipher, Advances in Cryptology – EUROCRYPT ’93, Lecture Notes in Comput. Sci. 765, Springer, Berlin (1994), 386–397. Google Scholar

• [10]

M. Matsui and A. Yamagishi, A new method for known plaintext attack of FEAL cipher, Advances in Cryptology – EUROCRYPT ’92, Lecture Notes in Comput. Sci. 658, Springer, Berlin (1993), 81–91. Google Scholar

• [11]

J. J. Nakahara and M. Rasmussen, Linear analysis of reduced-round CAST-128 and CAST-256, Proceedings of the 7th Brazilian Symposium on Information and Computer System Security, Federal University of Rio de Janeiro, Rio de Janeiro (2007), 45–55. Google Scholar

• [12]

D. Wagner, The boomerang attack, Fast Software Encryption – FSE ’99, Lecture Notes in Comput. Sci. 1636, Springer, Berlin (1999), 156–170. Google Scholar

• [13]

M. Q. Wang, X. Y. Wang and C. H. Hu, New linear cryptanalytic results of reduced-round of CAST-128 and CAST-256, Selected Areas in Cryptography – SAC 2008, Lecture Notes in Comput. Sci. 5381, Springer, Berlin (2009), 429–441. Google Scholar

• [14]

J. Y. Zhao, M. Q. Wang and L. Wen, Improved linear cryptanalysis of CAST-256, J. Comput. Sci. Tech. 29 (2014), 1134–1139. Google Scholar

Accepted: 2017-02-09

Published Online: 2017-04-21

Published in Print: 2017-06-01

Citation Information: Journal of Mathematical Cryptology, Volume 11, Issue 2, Pages 55–62, ISSN (Online) 1862-2984, ISSN (Print) 1862-2976,

Export Citation

© 2017 Walter de Gruyter GmbH, Berlin/Boston.