New Linear Cryptanalytic Results of Reduced-Round of CAST-128 and CAST-256

  • Meiqin Wang
  • Xiaoyun Wang
  • Changhui Hu
Part of the Lecture Notes in Computer Science book series (LNCS, volume 5381)


This paper presents a linear cryptanalysis for reduced round variants of CAST-128 and CAST-256 block ciphers. Compared with the linear relation of round function with the bias 2− 17 by J. Nakahara et al., we found the more heavily biased linear approximations for 3 round functions and the highest one is 2− 12.91. We can mount the known-plaintext attack on 6-round CAST-128 and the ciphertext-only attack on 4-round CAST-128. Moreover the known-plaintext attack on 24-round CAST-256 with key size 192 and 256 bits has been given, and the ciphertext-only attack on 21-round CAST-256 with key size 192 and 256 bits can be performed. At the same time, we also present the attack on 18-round CAST-256 with key size 128 bits.


Linear Cryptanalysis Block Cipher CAST-128 CAST-256 


  1. 1.
    Adams, C., Tavares, S.: The CAST-128 Encryption Algorithm. RFC 2144 (May 1997)Google Scholar
  2. 2.
    GnuPG, Gnu Privacy Guard,
  3. 3.
    PGP, Pretty Good Privacy,
  4. 4.
    Adams, C., Gilchrist, J.: The CAST-256 Encryption Algorithm. RFC 2612 (June 1999)Google Scholar
  5. 5.
  6. 6.
    Biham, E.: A Note on Comparing the AES Candidates, The AES Development Process,
  7. 7.
    Seki., H., Kaneko., T.: Differential Cryptanalysis of CAST-256 Reduced to Nine Quad-rounds. Leice Transactions on Fundamentals of Electronics Communications and Computer Sciences E84A(4), 913–918 (2001)Google Scholar
  8. 8.
    Nakahara Jr., J., Rasmussen, M.: Linear Analysis of Reduced-round CAST-128 and CAST-256, SBSEG2007, pp.45–55 (2007)Google Scholar
  9. 9.
    NBS, Data Encryption Standard (DES), FIPS PUB 46, Federal Information Processing Standards Publication 46, U.S. Department of Commerce (January 1977)Google Scholar
  10. 10.
    Matsui, M.: Linear cryptanalysis method for DES cipher. In: Helleseth, T. (ed.) EUROCRYPT 1993. LNCS, vol. 765, pp. 386–397. Springer, Heidelberg (1994)CrossRefGoogle Scholar
  11. 11.
    Wagner, D.: The boomerang attack. In: Knudsen, L.R. (ed.) FSE 1999. LNCS, vol. 1636, p. 156. Springer, Heidelberg (1999)CrossRefGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2009

Authors and Affiliations

  • Meiqin Wang
    • 1
  • Xiaoyun Wang
    • 1
  • Changhui Hu
    • 1
  1. 1.Key Laboratory of Cryptologic Technology and Information Security, Ministry of EducationShandong UniversityJinanChina

Personalised recommendations