Jump to ContentJump to Main Navigation
Show Summary Details
More options …

Journal of Mathematical Cryptology

Managing Editor: Magliveras, Spyros S. / Steinwandt, Rainer / Trung, Tran

Editorial Board: Blackburn, Simon R. / Blundo, Carlo / Burmester, Mike / Cramer, Ronald / Gilman, Robert / Gonzalez Vasco, Maria Isabel / Grosek, Otokar / Helleseth, Tor / Kim, Kwangjo / Koblitz, Neal / Kurosawa, Kaoru / Lauter, Kristin / Lange, Tanja / Menezes, Alfred / Nguyen, Phong Q. / Pieprzyk, Josef / Rötteler, Martin / Safavi-Naini, Rei / Shparlinski, Igor E. / Stinson, Doug / Takagi, Tsuyoshi / Williams, Hugh C. / Yung, Moti


CiteScore 2017: 1.43

SCImago Journal Rank (SJR) 2017: 0.293
Source Normalized Impact per Paper (SNIP) 2017: 1.117

Mathematical Citation Quotient (MCQ) 2017: 0.51

Online
ISSN
1862-2984
See all formats and pricing
More options …
Volume 11, Issue 2

Issues

Multiple differential-zero correlation linear cryptanalysis of reduced-round CAST-256

Massoud Hadian Dehkordi
  • Corresponding author
  • School of Mathematics, Iran University of Science and Technology, Narmak, Tehran 16844, Iran
  • Email
  • Other articles by this author:
  • De Gruyter OnlineGoogle Scholar
/ Roghayeh Taghizadeh
Published Online: 2017-04-21 | DOI: https://doi.org/10.1515/jmc-2016-0054

Abstract

CAST-256 (or CAST6) is a symmetric-key block cipher published in June 1998. It was submitted as a candidate for Advanced Encryption Standard (AES). In this paper, we will propose a new chosen text attack, the multiple differential-zero correlation linear attack, to analyze the CAST-256 block cipher. Our attack is the best-known attack on CAST-256 according to the number of rounds without the weak-key assumption. We first construct a 30-round differential-zero correlation linear distinguisher. Based on the distinguisher, we propose a first 33-round attack on CAST-256 with data complexity of 2115.63 and time complexity 2238.26. In the end, the 111-bit subkey is recovering.

Keywords: CAST-256; symmetric-key block cipher; differential cryptanalysis; zero correlation linear attack; linear approximation

MSC 2010: 94A60

References

  • [1]

    E. Biham, O. Dunkelman and N. Keller, Enhancing differential-linear cryptanalysis, Advances in Cryptology – ASIACRYPT 2002, Lecture Notes in Comput. Sci. 2501, Springer, Berlin (2002), 254–266. Google Scholar

  • [2]

    E. Biham and A. Shamir, Differential cryptanalysis of DES-like cryptosystems, Advances in Cryptology – CRYPTO ’90, Lecture Notes in Comput. Sci. 537, Springer, Berlin (1990), 2–21. Google Scholar

  • [3]

    E. Biham and A. Shamir, Differential cryptanalysis of the full 16-round DES, Advances in Cryptology – CRYPTO ’92, Lecture Notes in Comput. Sci. 740, Springer, Berlin (1993), 487–496. Google Scholar

  • [4]

    A. Bogdanov, G. Leander, K. Nyberg and M. Wang, Integral and multidimensional linear distinguishers with correlation zero, preprint (2012), https://www.iacr.org/archive/asiacrypt2012/76580239/76580239.pdf.

  • [5]

    A. Bogdanov, G. Leander, K. Nyberg and M. Wang, Integral and multidimensional linear distinguishers with correlation zero, Advances in Cryptology – ASIACRYPT 2012, Lecture Notes in Comput. Sci. 7658, Springer, Berlin (2012), 244–261. Google Scholar

  • [6]

    A. Bogdanov and V. Rijmen, Linear hulls with correlation zero and linear cryptanalysis of block ciphers, Des. Codes Cryptogr. 70 (2014), 369–383. CrossrefGoogle Scholar

  • [7]

    A. Bogdanov and M. Wang, Zero correlation linear cryptanalysis with reduced data complexity, Fast Software Encryption – FSE ’12, Lecture Notes in Comput. Sci. 7549, Springer, Berlin (2012), 29–48. Google Scholar

  • [8]

    S. K. Langford and M. E. Hellman, Differential-linear cryptanalysis, Advances in Cryptology – CRYPTO ’94, Lecture Notes in Comput. Sci. 839, Springer, Berlin (1994), 17–25. Google Scholar

  • [9]

    M. Matsui, Linear cryptanalysis method for DES cipher, Advances in Cryptology – EUROCRYPT ’93, Lecture Notes in Comput. Sci. 765, Springer, Berlin (1994), 386–397. Google Scholar

  • [10]

    M. Matsui and A. Yamagishi, A new method for known plaintext attack of FEAL cipher, Advances in Cryptology – EUROCRYPT ’92, Lecture Notes in Comput. Sci. 658, Springer, Berlin (1993), 81–91. Google Scholar

  • [11]

    J. J. Nakahara and M. Rasmussen, Linear analysis of reduced-round CAST-128 and CAST-256, Proceedings of the 7th Brazilian Symposium on Information and Computer System Security, Federal University of Rio de Janeiro, Rio de Janeiro (2007), 45–55. Google Scholar

  • [12]

    D. Wagner, The boomerang attack, Fast Software Encryption – FSE ’99, Lecture Notes in Comput. Sci. 1636, Springer, Berlin (1999), 156–170. Google Scholar

  • [13]

    M. Q. Wang, X. Y. Wang and C. H. Hu, New linear cryptanalytic results of reduced-round of CAST-128 and CAST-256, Selected Areas in Cryptography – SAC 2008, Lecture Notes in Comput. Sci. 5381, Springer, Berlin (2009), 429–441. Google Scholar

  • [14]

    J. Y. Zhao, M. Q. Wang and L. Wen, Improved linear cryptanalysis of CAST-256, J. Comput. Sci. Tech. 29 (2014), 1134–1139. Google Scholar

About the article


Received: 2016-09-14

Accepted: 2017-02-09

Published Online: 2017-04-21

Published in Print: 2017-06-01


Citation Information: Journal of Mathematical Cryptology, Volume 11, Issue 2, Pages 55–62, ISSN (Online) 1862-2984, ISSN (Print) 1862-2976, DOI: https://doi.org/10.1515/jmc-2016-0054.

Export Citation

© 2017 Walter de Gruyter GmbH, Berlin/Boston.Get Permission

Comments (0)

Please log in or register to comment.
Log in