display | more...

CAST-128 is a 64-bit block cipher invented by Carlisle Adams and Stafford Tavares. It was published in RFC 2144, and additional RFCs have been produced which tell how to use it with OpenPGP, CMS, and telnet encryption. It is sometimes called CAST5.

Unlike ciphers like Blowfish and Twofish, CAST-128 makes use of 4 fixed S-boxes which are specially designed to be resistant to attack. CAST-128 is a typical Feistel cipher, with an interesting change - there are three somewhat different round functions, which alternate one after another. CAST-128 usually uses 16 rounds, but only 12 if an 80 bit (or smaller) key is used. Each round involves the input word being combined (with addition, subtraction, or XOR) with a sub-key, and then rotated based on the value of another sub-key. Finally, the input word is split into four bytes, each one is passed through one of the S-boxes, and the outputs are combined, again using a combination of addition, subtraction, and XOR.

CAST-128's key schedule is clumsy, but it runs quickly and seems to be secure. In addition to the four S-boxes used for encryption, there is an additional set of four used only for generating sub-keys. The input key is split up into bytes, and passed through a long and rather confusing series of S-box lookups. However, each lookup is very fast, so the key schedule runs much faster than one like Blowfish.

The design process used to create CAST-128's S-boxes has been patented by Nortel worldwide, but they allow CAST-128 to be used for commercial and non-commercial purposes worldwide without requiring royalties or license. CAST-128 has been officially adopted by the Canadian government.

A version of CAST-128, modified to support large block and key sizes, was submitted to the AES competition, but lost in the first round.

Log in or register to write something here or to contact authors.