CAST-256
Encyclopedia
In cryptography
, CAST-256 (or CAST6) is a block cipher
published in June 1998. It was submitted as a candidate for the Advanced Encryption Standard
(AES); however, it was not among the five AES finalists. It is an extension of an earlier cipher, CAST-128
; both were designed according to the "CAST" design methodology invented by Carlisle Adams
and Stafford Tavares
. Howard Heys
and Michael Wiener also contributed to the design.
CAST-256 uses the same elements as CAST-128, including S-boxes, but is adapted for a block size
of 128 bits — twice the size of its 64-bit predecessor. (A similar construction occurred in the evolution of RC5
into RC6
). Acceptable key size
s are 128, 160, 192, 224 or 256 bits. CAST-256 is composed of 48 rounds, sometimes described as 12 "quad-rounds", arranged in a generalised Feistel network.
In RFC
2612, the authors state that, "The CAST-256 cipher described in this document is available worldwide on a royalty-free and licence-free basis for commercial and non-commercial uses."
Cryptography
Cryptography is the practice and study of techniques for secure communication in the presence of third parties...
, CAST-256 (or CAST6) is a block cipher
Block cipher
In cryptography, a block cipher is a symmetric key cipher operating on fixed-length groups of bits, called blocks, with an unvarying transformation. A block cipher encryption algorithm might take a 128-bit block of plaintext as input, and output a corresponding 128-bit block of ciphertext...
published in June 1998. It was submitted as a candidate for the Advanced Encryption Standard
Advanced Encryption Standard
Advanced Encryption Standard is a specification for the encryption of electronic data. It has been adopted by the U.S. government and is now used worldwide. It supersedes DES...
(AES); however, it was not among the five AES finalists. It is an extension of an earlier cipher, CAST-128
CAST-128
in cryptography, CAST-128 is a block cipher used in a number of products, notably as the default cipher in some versions of GPG and PGP. It has also been approved for Canadian government use by the Communications Security Establishment...
; both were designed according to the "CAST" design methodology invented by Carlisle Adams
Carlisle Adams
Carlisle M. Adams is a cryptographer and computer security researcher. Formerly senior cryptographer at Entrust, he is currently a professor at the University of Ottawa. His notable work includes the design of the block ciphers CAST-128 and CAST-256. He also helped organize the first Selected...
and Stafford Tavares
Stafford Tavares
Stafford Emanuel Tavares is a cryptographer, professor emeritus at Queen's University.His notable work includes the design of the block ciphers CAST-128 and CAST-256. He also helped organize the first Selected Areas in Cryptography workshop in 1994...
. Howard Heys
Howard Heys
Howard M. Heys is a cryptographer, currently chair of Electrical and Computer Engineering at Memorial University of Newfoundland. His research includes the design and analysis of stream and block ciphers and efficient hardware implementations of them; he participated in the design of CAST-256 and...
and Michael Wiener also contributed to the design.
CAST-256 uses the same elements as CAST-128, including S-boxes, but is adapted for a block size
Block size (cryptography)
In modern cryptography, symmetric key ciphers are generally divided into stream ciphers and block ciphers. Block ciphers operate on a fixed length string of bits. The length of this bit string is the block size...
of 128 bits — twice the size of its 64-bit predecessor. (A similar construction occurred in the evolution of RC5
RC5
In cryptography, RC5 is a block cipher notable for its simplicity. Designed by Ronald Rivest in 1994, RC stands for "Rivest Cipher", or alternatively, "Ron's Code"...
into RC6
RC6
In cryptography, RC6 is a symmetric key block cipher derived from RC5. It was designed by Ron Rivest, Matt Robshaw, Ray Sidney, and Yiqun Lisa Yin to meet the requirements of the Advanced Encryption Standard competition. The algorithm was one of the five finalists, and was also submitted to the...
). Acceptable key size
Key size
In cryptography, key size or key length is the size measured in bits of the key used in a cryptographic algorithm . An algorithm's key length is distinct from its cryptographic security, which is a logarithmic measure of the fastest known computational attack on the algorithm, also measured in bits...
s are 128, 160, 192, 224 or 256 bits. CAST-256 is composed of 48 rounds, sometimes described as 12 "quad-rounds", arranged in a generalised Feistel network.
In RFC
Request for Comments
In computer network engineering, a Request for Comments is a memorandum published by the Internet Engineering Task Force describing methods, behaviors, research, or innovations applicable to the working of the Internet and Internet-connected systems.Through the Internet Society, engineers and...
2612, the authors state that, "The CAST-256 cipher described in this document is available worldwide on a royalty-free and licence-free basis for commercial and non-commercial uses."