Langbahn Team – Weltmeisterschaft

Talk:CAST-128

Cast-128 Image

Hello,

i am writing about an image you created for the article about the Cast-128 crypto algorithm. As i studied the specific algorithm, i realized that there is a slight difference between the image and the Request For Comments 2144 where the algorithm is presented. Copying form the RFC:

      Type 1:  I = ((Kmi + D) <<< Kri)
               f = ((S1[Ia] ^ S2[Ib]) - S3[Ic]) + S4[Id]
      Type 2:  I = ((Kmi ^ D) <<< Kri)
               f = ((S1[Ia] - S2[Ib]) + S3[Ic]) ^ S4[Id]
      Type 3:  I = ((Kmi - D) <<< Kri)
               f = ((S1[Ia] + S2[Ib]) ^ S3[Ic]) - S4[Id]

The RFC also states:

  "CAST-128 uses a pair of subkeys per round:  a 32-bit quantity Km is
  used as a "masking" key and a 5-bit quantity Kr is used as a
  "rotation" key."

So i believe that the two sub-keys (Kmi and Kri) should be switched in place in the image. I believe that now the image depicts the opposite argument.

Test Vectors

Moved here from the article (Removed in this edit). Wikipedia is not the place for reference documentation like this. -- Sverdrup (talk) 11:55, 6 March 2013 (UTC)[reply]

Test vectors :

Below is a sample test vector, providing the input and the expected output for the above algorithm. Even, the values of Key Schedule, Km and Kr is provided for both encryption and decryption.

Encryption :

128-bit key = 01 23 45 67 12 34 56 78 23 45 67 89 34 56 78 9A
plaintext   = 01 23 45 67 89 AB CD EF
ciphertext  = 23 8B 4F E5 84 7E 44 B2
i K[i] Km[i] Kr[i]
1 BC173E26 BC173E26 00000015
2 78A207EF 78A207EF 0000001B
3 ECE0A7F5 ECE0A7F5 00000001
4 7CB0FB6B 7CB0FB6B 00000005
5 A5D2D636 A5D2D636 00000003
6 D78B9407 D78B9407 0000001F
7 56C069D3 56C069D3 0000001F
8 82E8240C 82E8240C 0000001C
9 33543749 33543749 00000010
10 8813D5C7 8813D5C7 0000001F
11 B9FCD732 B9FCD732 00000012
12 59106B36 59106B36 00000001
13 496AF1A9 496AF1A9 0000001D
14 18F8DC43 18F8DC43 00000019
15 8D9DEF0F 8D9DEF0F 00000001
16 83EDA384 83EDA384 0000000F

Decryption :

128-bit key = 01 23 45 67 12 34 56 78 23 45 67 89 34 56 78 9A
plaintext   = 23 8B 4F E5 84 7E 44 B2
ciphertext  = 01 23 45 67 89 AB CD EF
i K[i] Km[i] Kr[i]
1 BC173E26 BC173E26 00000015
2 78A207EF 78A207EF 0000001B
3 ECE0A7F5 ECE0A7F5 00000001
4 7CB0FB6B 7CB0FB6B 00000005
5 A5D2D636 A5D2D636 00000003
6 D78B9407 D78B9407 0000001F
7 56C069D3 56C069D3 0000001F
8 82E8240C 82E8240C 0000001C
9 33543749 33543749 00000010
10 8813D5C7 8813D5C7 0000001F
11 B9FCD732 B9FCD732 00000012
12 59106B36 59106B36 00000001
13 496AF1A9 496AF1A9 0000001D
14 18F8DC43 18F8DC43 00000019
15 8D9DEF0F 8D9DEF0F 00000001
16 83EDA384 83EDA384 0000000F

Attack vectors?

One topic found in other crypto articles is a section discussing known or suspected attack vectors. Even for ciphers considered secure, cryptanalysis research might suggest theoretical avenues of attack, and this would be interesting to note in the article for anyone researching the cipher. Any experts care to add? 137.254.4.10 (talk) 23:09, 13 February 2015 (UTC)[reply]