24轮CAST-256的差分密码分析

2008 IEEE Region 8 International Conference on Computational Technologies in Electrical and Electronics Engineering Pub Date : 2008-07-21 DOI:10.1109/SIBIRCON.2008.4602582

A. Pestunov

{"title":"24轮CAST-256的差分密码分析","authors":"A. Pestunov","doi":"10.1109/SIBIRCON.2008.4602582","DOIUrl":null,"url":null,"abstract":"A 48-round block cipher CAST-256 was a participant of the AES competition. There are two published attacks on this cipher. The first allows to break the cipher, consisted of 16 rounds. Another can break 36 rounds but only for some weak keys, in particulary, a 24-round version of CAST-256 can be broken for a 2-30 part of all possible keys. An attack described in this paper allows to break 24 rounds of CAST-256, but this attack works for all the keys and not only for the weak ones. Requirements of the attack are: 224 chosen plaintexts, 229 bytes of memory and 2244 encryptions. This complexity is less than the complexity of a brute-force attack for 256-bit keys. A success probability of the attack is over 90%.","PeriodicalId":295946,"journal":{"name":"2008 IEEE Region 8 International Conference on Computational Technologies in Electrical and Electronics Engineering","volume":"14 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2008-07-21","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"1","resultStr":"{\"title\":\"Differential cryptanalysis of 24-round CAST-256\",\"authors\":\"A. Pestunov\",\"doi\":\"10.1109/SIBIRCON.2008.4602582\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"A 48-round block cipher CAST-256 was a participant of the AES competition. There are two published attacks on this cipher. The first allows to break the cipher, consisted of 16 rounds. Another can break 36 rounds but only for some weak keys, in particulary, a 24-round version of CAST-256 can be broken for a 2-30 part of all possible keys. An attack described in this paper allows to break 24 rounds of CAST-256, but this attack works for all the keys and not only for the weak ones. Requirements of the attack are: 224 chosen plaintexts, 229 bytes of memory and 2244 encryptions. This complexity is less than the complexity of a brute-force attack for 256-bit keys. A success probability of the attack is over 90%.\",\"PeriodicalId\":295946,\"journal\":{\"name\":\"2008 IEEE Region 8 International Conference on Computational Technologies in Electrical and Electronics Engineering\",\"volume\":\"14 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2008-07-21\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"1\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2008 IEEE Region 8 International Conference on Computational Technologies in Electrical and Electronics Engineering\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/SIBIRCON.2008.4602582\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2008 IEEE Region 8 International Conference on Computational Technologies in Electrical and Electronics Engineering","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/SIBIRCON.2008.4602582","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 1

摘要

一个48轮分组密码CAST-256是AES竞赛的参与者。针对这个密码有两种公开的攻击。第一个可以破解密码，包括16轮。另一个可以破解36轮，但只针对一些弱密钥，特别是，24轮版本的CAST-256可以破解所有可能密钥的2-30部分。本文中描述的一种攻击允许打破24轮CAST-256，但这种攻击适用于所有密钥，而不仅仅适用于弱密钥。攻击要求为:选择明文224条，内存229字节，加密2244次。这种复杂性比256位密钥的暴力攻击的复杂性要小。攻击的成功率超过90%。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文本刊更多论文

Differential cryptanalysis of 24-round CAST-256

A 48-round block cipher CAST-256 was a participant of the AES competition. There are two published attacks on this cipher. The first allows to break the cipher, consisted of 16 rounds. Another can break 36 rounds but only for some weak keys, in particulary, a 24-round version of CAST-256 can be broken for a 2-30 part of all possible keys. An attack described in this paper allows to break 24 rounds of CAST-256, but this attack works for all the keys and not only for the weak ones. Requirements of the attack are: 224 chosen plaintexts, 229 bytes of memory and 2244 encryptions. This complexity is less than the complexity of a brute-force attack for 256-bit keys. A success probability of the attack is over 90%.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

2008 IEEE Region 8 International Conference on Computational Technologies in Electrical and Electronics Engineering

自引率

0.00%

发文量