cast 256
play

CAST-256 A Submission for the Advanced Encryption Standard - PowerPoint PPT Presentation

Jan 27, 2023 •266 likes •608 views

CAST-256 A Submission for the Advanced Encryption Standard Carlisle Adams First AES Candidate Conference August 20-22, 1998 Orchestrating Enterprise Security 1997 Entrust Technologies Vital Statistics ! Name CAST-256 ! Inventors

  1. CAST-256 A Submission for the Advanced Encryption Standard Carlisle Adams First AES Candidate Conference August 20-22, 1998 Orchestrating Enterprise Security  1997 Entrust Technologies

  2. “Vital Statistics” ! Name • CAST-256 ! Inventors • Carlisle Adams, Howard Heys, Stafford Tavares, Michael Wiener ! Key Sizes • 128, 160, 192, 224, 256 bits ! Block Size • 128 bits Orchestrating Enterprise Security  1997 Entrust Technologies p. 2

  3. Outline ! History ! Description ! Analysis ! “Features and Advantages” ! Conclusions Orchestrating Enterprise Security  1997 Entrust Technologies p. 3

  4. History ! 1985-86 • Advice: “don’t go into crypto.; no future” ! 1988-90 • design procedure for symmetric ciphers − Boolean functions, s-boxes, round functions, key scheduling, overall framework ! 1992-93 • the name “CAST” introduced • specification of various parameters • CAST-1, CAST-2 in first Entrust product Orchestrating Enterprise Security  1997 Entrust Technologies p. 4

  5. History (cont’d) ! 1993-95 • modified key schedule: CAST-3 • further concentration on round function • further concentration on s-box design, efficient (networked) construction − preliminary s-boxes: CAST-4 − final s-boxes: CAST-5 • CAST-5 published as “CAST-128” ! 1995-97 • draft paper distributed and on web site • interest begins to rise Orchestrating Enterprise Security  1997 Entrust Technologies p. 5

  6. History (cont’d) ! 1997 • CAST paper published (DCC) • CAST-128 cipher published (RFC 2144) • interest rises significantly ! 1997-98 • CAST-128 used to form basis of CAST-256 ! 1998 • CSE endorsement of CAST-128 • CAST-256 submitted as AES candidate Orchestrating Enterprise Security  1997 Entrust Technologies p. 6

  7. Description ! Based on CAST-128 • identical round function ! Expansion to 128-bit block • simple generalization of Feistel structure ! Expansion to 256-bit key • uses encryption (256-bit block) to generate round keys Orchestrating Enterprise Security  1997 Entrust Technologies p. 7

  8. Feistel Network L R k0 + R L k1 + L R Orchestrating Enterprise Security  1997 Entrust Technologies p. 8

  9. “Incomplete” Feistel Network L R A B C k0 k0 + + R L C A B k1 k1 + + L R B C A k2 + A B C Orchestrating Enterprise Security  1997 Entrust Technologies p. 9

  10. “Incomplete” Feistel Network L R A B C A B C D k0 k0 k0 + + + R L C A B D A B C k1 k1 k1 + + + L R B C A C D A B k2 k2 + + A B C B C D A k3 + A B C D Orchestrating Enterprise Security  1997 Entrust Technologies p. 10

  11. CAST-256 Notation A B C D k0 + = ⊕ ( ) i ( ) i C C f ( D k , , k ) 1 r m { 0 0 = ⊕ ( ) i ( ) i B B f ( , C k , k ) 2 r m β ← Q i ( ) β D A B C 1 1 = ⊕ ( ) i ( ) i A A f ( , B k , k ) 3 r m 2 2 = ⊕ ( ) i ( ) i D D f ( , A k , k ) k1 1 r m 3 3 + “Forward Quad-Round” C D A B k2 = ⊕ ( ) i ( ) i D D f ( , A k , k ) + 1 r m { 3 3 = ⊕ ( ) i ( ) i A A f ( , B k , k ) 3 r m β ← Q i ( ) β 2 2 = ⊕ ( ) i ( ) i B B f ( , C k , k ) 2 r m 1 1 B C D A = ⊕ ( ) i ( ) i C C f ( D k , , k ) 1 r m 0 0 k3 “Reverse Quad-Round” + A B C D Orchestrating Enterprise Security  1997 Entrust Technologies p. 11

  12. CAST-256 Cipher β = 128 bits of plaintext. = < + + for i ( 0 ; i 6 ; i ) β ← Q i ( ) β = < + + for i ( 6 ; i 12 ; i ) β ← Q i ( ) β 128 bits of ciphertext = β Orchestrating Enterprise Security  1997 Entrust Technologies p. 12

  13. CAST-256 Key Schedule κ = = ABCDEFGH 256 bits of primary key, K . = < + + for i ( 0 ; i 12 ; i ){ κ ← ω κ ( ) 2 i κ ← ω κ ( ) + 2 i 1 ← κ k ( ) i r ← κ k ( ) i m } = ⊕ ( ) i ( ) i G G f ( H t , , t ) 1 r m 0 0 = ⊕ ( ) i ( ) i F F f ( G t , , t ) 2 r m 1 1 = ⊕ ( ) i ( ) i E E f ( F t , , t ) 3 r m 2 2 i ( ) { = ⊕ ( ) i ( ) i D D f ( E t , , t ) κ ← ω κ 1 r m 3 3 = ⊕ ( ) i ( ) i C C f ( D t , , t ) 2 r m 4 4 = ⊕ ( ) i ( ) i B B f ( , C t , t ) 3 r m 5 5 = ⊕ ( ) , i ( ) i A A f ( , B t t ) 1 r m 6 6 = ⊕ ( ) i ( ) i H H f ( , A t , t ) 2 r m 7 7 Orchestrating Enterprise Security  1997 Entrust Technologies p. 13

  14. CAST-256 Key Schedule (cont’d) = = 30 c 2 2 5 827999 A m 16 = = 30 m 2 3 6 ED EBA 9 1 m 16 = c 19 r = m 17 r = < + + for i ( 0 ; i 24 ; i ) = < + + for j ( 0 ; j 8 ; j ){ = ( ) i t c m m j = + 32 ( ) mod 2 c c m m m m = ( ) i t c r r j = + c ( c m ) mod 32 r r r } Orchestrating Enterprise Security  1997 Entrust Technologies p. 14

  15. Outline ! History ! Description ! Analysis ! “Features and Advantages” ! Conclusions Orchestrating Enterprise Security  1997 Entrust Technologies p. 15

  16. Analysis ! Inherited from CAST-128 • Boolean functions • Substitution boxes • Key mixing per round • Mixed operations • Multiple round functions Orchestrating Enterprise Security  1997 Entrust Technologies p. 16

  17. Analysis ! Inherited from CAST-128 • Boolean functions • Substitution boxes • Key mixing per round • Mixed operations • Multiple round functions Orchestrating Enterprise Security  1997 Entrust Technologies p. 17

  18. Boolean Functions ! “Bent” functions of 8 variables • highest possible nonlinearity over all binary Boolean functions (120) • nonlinear order of 4 (highest possible for bent functions) Orchestrating Enterprise Security  1997 Entrust Technologies p. 18

  19. Analysis ! Inherited from CAST-128 • Boolean functions • Substitution boxes • Key mixing per round • Mixed operations • Multiple round functions Orchestrating Enterprise Security  1997 Entrust Technologies p. 19

  20. S-Boxes ! Properties • XOR difference table of 0’s and 2’s • nonlinearity of 74 • DMOSAC = 0 • DHOBIC 32,1 = 36 • row weight distribution: approx. binomial • row pair wt. distribution: approx. binomial • average column weight: 128 Orchestrating Enterprise Security  1997 Entrust Technologies p. 20

  21. Analysis ! Inherited from CAST-128 • Boolean functions • Substitution boxes • Key mixing per round • Mixed operations • Multiple round functions Orchestrating Enterprise Security  1997 Entrust Technologies p. 21

  22. Key Mixing ! Non-surjective attack considerations • key entropy per round = 37 bits ! Differential, Linear considerations • combination of masking key, rotation key, and mixed operations for data combining Orchestrating Enterprise Security  1997 Entrust Technologies p. 22

  23. Analysis ! Inherited from CAST-128 • Boolean functions • Substitution boxes • Key mixing per round • Mixed operations • Multiple round functions Orchestrating Enterprise Security  1997 Entrust Technologies p. 23

  24. Mixed Operations ! Experimental work • combinations of pairs and triples of s-boxes using XOR, addition, subtraction − examination of XOR diff. distribution table − significant drop in maximum entry ! Theoretical work • deriving probability of maximum entry exceeding a specific bound − supports experimental evidence Orchestrating Enterprise Security  1997 Entrust Technologies p. 24

  25. Mixed Operations (cont’d) ! Appear to • increase resistance to linear, differential attacks by decreasing round probability ! Appear to • significantly increase resistance to higher- order differential attacks Orchestrating Enterprise Security  1997 Entrust Technologies p. 25

  26. Analysis ! Inherited from CAST-128 • Boolean functions • Substitution boxes • Key mixing per round • Mixed operations • Multiple round functions Orchestrating Enterprise Security  1997 Entrust Technologies p. 26

  27. Multiple Round Functions ! Appear to • increase complexity of constructing differential and linear characteristics − order of round functions precludes iteration of some low-round characteristics Orchestrating Enterprise Security  1997 Entrust Technologies p. 27

  28. Analysis (cont’d) ! Particular to CAST-256 • Generalized (“incomplete”) Feistel − security of quad-round − security of “forward then reverse” quad-rounds − number of rounds • Key schedule − security of overall structure − equivalent, weak, semi-weak keys Orchestrating Enterprise Security  1997 Entrust Technologies p. 28

  29. Outline ! History ! Description ! Analysis ! “Features and Advantages” ! Conclusions Orchestrating Enterprise Security  1997 Entrust Technologies p. 29

  30. “Features and Advantages” ! History • CAST design procedure has been under scrutiny for almost 10 years (both public and private) • minor weaknesses have been found − non-surjective attack, HOD attack but nothing extendable beyond 5-6 rounds • CAST-128 has received most extensive analysis and appears to be strong • CAST-256 inherits the strength of the round fn. Orchestrating Enterprise Security  1997 Entrust Technologies p. 30

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Green Cast Setapafum 1600 Green Cast Setaparfum 1600 Green Cast Setaparfum 1600 is the new

Green Cast Setapafum 1600 Green Cast Setaparfum 1600 Green Cast Setaparfum 1600 is the new

CROSSLINKED FOR IMPROVED CHEMICAL RESISTANCE Green Cast Setapafum 1600 Green Cast Setaparfum 1600 Green Cast Setaparfum 1600 is the new cross-linked product developed to comply with the new requirements of the customers working in the

298 views • 3 slides
SPL SPLIT IT CA CAST ST Installation of Split Cast Kit Split Cast Kit Rf QM 2000 2 screws

SPL SPLIT IT CA CAST ST Installation of Split Cast Kit Split Cast Kit Rf QM 2000 2 screws

SPL SPLIT IT CA CAST ST Installation of Split Cast Kit Split Cast Kit Rf QM 2000 2 screws , 2 magnets 2 split cast plates and 2 retention disks 1 : remove the nut of the screw 2 : Fixe the screws on articulator 3 : Fixe the magnets on

205 views • 9 slides
EC CAST Project Overview Dr Simon Norris, Radioactive Waste Management, UK EC CAST Project

EC CAST Project Overview Dr Simon Norris, Radioactive Waste Management, UK EC CAST Project

EC CAST Project Overview Dr Simon Norris, Radioactive Waste Management, UK EC CAST Project Coordinator CAST Acknowledgement The project has received funding from the European Unions European Atomic Energy Communitys (Euratom) Seventh

685 views • 26 slides
Review and prospects of the Review and prospects of the CAST experiment CAST experiment

Review and prospects of the Review and prospects of the CAST experiment CAST experiment

Review and prospects of the Review and prospects of the CAST experiment CAST experiment Konstantinos Kousouris Outline Outline Axion physics Strong CP problem Peccei-Quinn solution Axion properties The CAST experiment

259 views • 15 slides
detector at the CAST experiment Christoph Krieger University of Bonn On behalf of the CAST

detector at the CAST experiment Christoph Krieger University of Bonn On behalf of the CAST

Search for solar chameleons with a GridPix detector at the CAST experiment Christoph Krieger University of Bonn On behalf of the CAST collaboration 14 th Patras Workshop on Axions, WIMPs and WISPs 18 th 22 nd June 2018 DESY Hamburg Dark

607 views • 44 slides
Rev 12:9, So the great dragon was cast out, that serpent of old, called the Devil and Satan,

Rev 12:9, So the great dragon was cast out, that serpent of old, called the Devil and Satan,

Rev 12:9, So the great dragon was cast out, that serpent of old, called the Devil and Satan, who deceives the whole world; he was cast to the earth, and his angels were cast out with him. Rev 18:2, And he cried mightily with a loud

297 views • 18 slides
P-CAST Philips Narrowcasting Rogier Guns, rogier.guns@philips.com 1 Impressions of P-CAST

P-CAST Philips Narrowcasting Rogier Guns, rogier.guns@philips.com 1 Impressions of P-CAST

P-CAST Philips Narrowcasting Rogier Guns, rogier.guns@philips.com 1 Impressions of P-CAST Philips Narrowcasting P-CAST helps to touch employees and customers in an innovative and sustainable way, engage them better, and build brand

205 views • 19 slides
Status and plans of the CAST experiment 115 th Meeting of the SPSC Stephan Neff TU Darmstadt On

Status and plans of the CAST experiment 115 th Meeting of the SPSC Stephan Neff TU Darmstadt On

Status and plans of the CAST experiment 115 th Meeting of the SPSC Stephan Neff TU Darmstadt On the behalf of the CAST Collaboration Tuesday, 21 October 2014 CAST has been operating since 2003 and still has a great potential for physics

620 views • 45 slides
The Swiss Needle Cast Story Swiss Needle Cast Caused by Nothophaeocryptopus gaeumannii

The Swiss Needle Cast Story Swiss Needle Cast Caused by Nothophaeocryptopus gaeumannii

The Swiss Needle Cast Story Swiss Needle Cast Caused by Nothophaeocryptopus gaeumannii Native to North America Specific to Douglas-fir ( Pseudotsuga menziesii) Common everywhere DF grows, yet disease develops only in certain

558 views • 29 slides
CAST Search for Solar Axions The CAST Collaboration Athens, CERN, Chicago, Darmstadt, Frankfurt,

CAST Search for Solar Axions The CAST Collaboration Athens, CERN, Chicago, Darmstadt, Frankfurt,

CAST Search for Solar Axions The CAST Collaboration Athens, CERN, Chicago, Darmstadt, Frankfurt, Freiburg, Gainesville, Istanbul, Katlenburg-Lindau, Livermore, Moscow (INR), Munich ( MPE-MPP ), Patras, Pisa, Saclay, Thessaloniki, Trieste,

456 views • 17 slides
Thermo- -Mechanical Fatigue of Cast Mechanical Fatigue of Cast Thermo 319 Aluminum Alloys 319

Thermo- -Mechanical Fatigue of Cast Mechanical Fatigue of Cast Thermo 319 Aluminum Alloys 319

University of Illinois at Urbana-Champaign Thermo- -Mechanical Fatigue of Cast Mechanical Fatigue of Cast Thermo 319 Aluminum Alloys 319 Aluminum Alloys Huseyin Sehitoglu, 1 Carlos C. Engler-Pinto Jr. 2 , Hans J. Maier 3 ,Tracy J. Foglesong 4

715 views • 33 slides
Open cast mining Structure Introduction What is open cast mining Figures: coal land

Open cast mining Structure Introduction What is open cast mining Figures: coal land

Open cast mining Structure Introduction What is open cast mining Figures: coal land use worldwide Countries overview Values Economical x Ecological point of view Vision for coal/ possibilities What is open

502 views • 20 slides
AST Continuous Casting Applications Plant Country Q-ty Application ALCAN Alma Canada 6

AST Continuous Casting Applications Plant Country Q-ty Application ALCAN Alma Canada 6

AST Continuous Casting Applications Plant Country Q-ty Application ALCAN Alma Canada 6 Cast Bar, Rolled Rods between Mills ALCAN Jonquiere Canada 3 Cast Bar ALCAN St. Jean de Maurienne France 5 Cast Bar ALUAR Argentina 2 Cast

368 views • 36 slides
Cast Project &amp; Node.js Paul Querna paul.querna@rackspace.com &lt;- we are hiring May 5, 2011

Cast Project &amp; Node.js Paul Querna paul.querna@rackspace.com &lt;- we are hiring May 5, 2011

Cast Project &amp; Node.js Paul Querna paul.querna@rackspace.com &lt;- we are hiring May 5, 2011 Agenda Cast Project Intro Things we learned writing Cast &amp; other Node.js software Background Autoscalling is (mostly) a DIRTY

492 views • 23 slides
How to challenge and cast your e-vote Sandra Guasch, Paz Morillo Financial Cryptography and Data

How to challenge and cast your e-vote Sandra Guasch, Paz Morillo Financial Cryptography and Data

How to challenge and cast your e-vote Sandra Guasch, Paz Morillo Financial Cryptography and Data Security 2016 Table of Contents Introduction 1 Cast-as-intended in Helios 2 Challenge and cast 3 Sandra Guasch, Paz Morillo How to challenge

789 views • 41 slides
Asses Assessmen sments ts to Identify to Identify Remo emova vable ble Cast Cast Walk

Asses Assessmen sments ts to Identify to Identify Remo emova vable ble Cast Cast Walk

Using Using Balance Balance and R and Reac each V h Velocity elocity Asses Assessmen sments ts to Identify to Identify Remo emova vable ble Cast Cast Walk alker Str er Strut ut Height Height Influence on P Influence on Patient

453 views • 17 slides
Jeffrey D. Ullman Stanford University/Infolab Why Care? 1. Density of triangles measures

Jeffrey D. Ullman Stanford University/Infolab Why Care? 1. Density of triangles measures

Jeffrey D. Ullman Stanford University/Infolab Why Care? 1. Density of triangles measures maturity of a community. As communities age, their members tend to connect. 2. The algorithm is actually an example of a recent and powerful theory

588 views • 42 slides
News ws Text xt Seg egme mentat ntation ion in Hum uman n Per erce cepti ption on

News ws Text xt Seg egme mentat ntation ion in Hum uman n Per erce cepti ption on

News ws Text xt Seg egme mentat ntation ion in Hum uman n Per erce cepti ption on Yagunova 1 , Lidia Pivovarova 2 , Svetlana Volskaya 1 Elena 1 Saint Petersburg State University, Saint Petersburg, Russia 2 University of Helsinki,

496 views • 17 slides
CCL Industries Inc. Disclaimer Disclaimer This presentation contains forward-looking information

CCL Industries Inc. Disclaimer Disclaimer This presentation contains forward-looking information

Investor Update May 3, 2012 1 st Quarter 2012 Review 1 CCL Industries Inc. Disclaimer Disclaimer This presentation contains forward-looking information and forward-looking statements, as defined under applicable securities laws (hereinafter

296 views • 16 slides
Contents I. What is a Fire Department History? II. Sanborn Fire Insurance Maps Researching

Contents I. What is a Fire Department History? II. Sanborn Fire Insurance Maps Researching

Contents I. What is a Fire Department History? II. Sanborn Fire Insurance Maps Researching Fire g III. Newspapers, Magazines, Journals, p p , g , , Department Histories and Books IV. Other Information Sources V. Example Fire

498 views • 21 slides
C C C Conferences confronted by challenges of Conferences confronted by challenges of C

C C C Conferences confronted by challenges of Conferences confronted by challenges of C

C C C Conferences confronted by challenges of Conferences confronted by challenges of C Conferences confronted by challenges of Conferences confronted by challenges of f f f f f f f f t d b h ll t d b h ll t d b h ll t d b h

194 views • 6 slides
Square Wheels and Round Tuits Steven M. Bellovin http://www.cs.columbia.edu/~smb Columbia

Square Wheels and Round Tuits Steven M. Bellovin http://www.cs.columbia.edu/~smb Columbia

Square Wheels and Round Tuits Steven M. Bellovin http://www.cs.columbia.edu/~smb Columbia University April 4, 2006 1 / 22 A Conversation, Circa 1981 Me: You get a lot more performance if you A Conversation, Circa 1981 A Talk, Circa 1982

662 views • 31 slides
Air pollution and Health: Recent Advances to Inform the European Green Deal 21-22 January, 2020

Air pollution and Health: Recent Advances to Inform the European Green Deal 21-22 January, 2020

Air pollution and Health: Recent Advances to Inform the European Green Deal 21-22 January, 2020 Brussels WIFI: Square-guest Login: hei Password: hei2020 Organizers Dr. Maria Neira Dr. Barbara Hoffmann Dr. Hanna Boogaard Director Public

324 views • 19 slides
State-Based Testing Part C Test Cases Generating test cases for complex behaviour Reference:

State-Based Testing Part C Test Cases Generating test cases for complex behaviour Reference:

State-Based Testing Part C Test Cases Generating test cases for complex behaviour Reference: Robert V. Binder Testing Object-Oriented Systems: Models, Patterns, and Tools Addison-Wesley, 2000, Chapter 7 Test strategies Exhaustive

687 views • 47 slides

More recommend