Presentation	2000/7/18 Differential Attack on CAST-256 Haruki SEKI, Toshinobu KANEKO,
PDF Download Page	PDF download Page Link
Abstract(in Japanese)	(See Japanese page)
Abstract(in English)	An block cipher CAST-256 based on CAST-128 was a candidate algorithm for the AES Round 1. In this paper we present a differential attack on CAST-256 reduced to 9 quad-rounds. One of the three round functions of CAST-256 has differential characteristics, which a non-zero inputxor result in a zero outputxor, with high probability. We also show that CAST-256 has weak keys with respect to differential attack. Thus CAST-256 reduced to 9 quad-rounds can be attacked using 2^<123> chosen plaintexts in the case of differentially weak keys. The time complexity is about 2^<100> encryptions.
Keyword(in Japanese)	(See Japanese page)
Keyword(in English)	Block cipher / CAST-256 / differential attack / AES
Paper #	ISEC2000-35
Date of Issue

Conference Information
Committee	ISEC
Conference Date	2000/7/18(1days)
Place (in Japanese)	(See Japanese page)
Place (in English)
Topics (in Japanese)	(See Japanese page)
Topics (in English)
Chair
Vice Chair
Secretary
Assistant

Paper Information
Registration To	Information Security (ISEC)
Language	JPN
Title (in Japanese)	(See Japanese page)
Sub Title (in Japanese)	(See Japanese page)
Title (in English)	Differential Attack on CAST-256
Sub Title (in English)
Keyword(1)	Block cipher
Keyword(2)	CAST-256
Keyword(3)	differential attack
Keyword(4)	AES
1st Author's Name	Haruki SEKI
1st Author's Affiliation	Telecommunications Advancement Organization of Japan()
2nd Author's Name	Toshinobu KANEKO
2nd Author's Affiliation	Department of Electrical Engineering, Science University of TOKYO
Date	2000/7/18
Paper #	ISEC2000-35
Volume (vol)	vol.100
Number (no)	213
Page	pp.pp.-
#Pages	8
Date of Issue