Multiple differential-zero correlation linear cryptanalysis of reduced-round CAST-256

Hadian Dehkordi Massoud; Taghizadeh Roghayeh

doi:10.1515/jmc-2016-0054

Journal of Mathematical Cryptology (Jun 2017)

Multiple differential-zero correlation linear cryptanalysis of reduced-round CAST-256

Hadian Dehkordi Massoud,
Taghizadeh Roghayeh

Affiliations

Hadian Dehkordi Massoud: School of Mathematics, Iran University of Science and Technology, Narmak, Tehran16844, Iran
Taghizadeh Roghayeh: School of Mathematics, Iran University of Science and Technology, Narmak, Tehran16844, Iran

DOI: https://doi.org/10.1515/jmc-2016-0054
Journal volume & issue: Vol. 11, no. 2
pp. 55 – 62

Abstract

Read online

CAST-256 (or CAST6) is a symmetric-key block cipher published in June 1998. It was submitted as a candidate for Advanced Encryption Standard (AES). In this paper, we will propose a new chosen text attack, the multiple differential-zero correlation linear attack, to analyze the CAST-256 block cipher. Our attack is the best-known attack on CAST-256 according to the number of rounds without the weak-key assumption. We first construct a 30-round differential-zero correlation linear distinguisher. Based on the distinguisher, we propose a first 33-round attack on CAST-256 with data complexity of 2115.63{2^{115.63}} and time complexity 2238.26{2^{238.26}}. In the end, the 111-bit subkey is recovering.

Published in Journal of Mathematical Cryptology

ISSN: 1862-2976 (Print); 1862-2984 (Online)
Publisher: De Gruyter
Country of publisher: Poland
LCC subjects: Science: Mathematics
Website: https://www.degruyter.com/view/journals/jmc/jmc-overview.xml

About the journal

Abstract

Keywords