Talk:CAST-128

Hello,

i am writing about an image you created for the article about the Cast-128 crypto algorithm. As i studied the specific algorithm, i realized that there is a slight difference between the image and the Request For Comments 2144 where the algorithm is presented. Copying form the RFC:

      Type 1:  I = ((Kmi + D) <<< Kri)
               f = ((S1[Ia] ^ S2[Ib]) - S3[Ic]) + S4[Id]

      Type 2:  I = ((Kmi ^ D) <<< Kri)
               f = ((S1[Ia] - S2[Ib]) + S3[Ic]) ^ S4[Id]

      Type 3:  I = ((Kmi - D) <<< Kri)
               f = ((S1[Ia] + S2[Ib]) ^ S3[Ic]) - S4[Id]

The RFC also states:

  "CAST-128 uses a pair of subkeys per round:  a 32-bit quantity Km is
  used as a "masking" key and a 5-bit quantity Kr is used as a
  "rotation" key."

So i believe that the two sub-keys (Kmi and Kri) should be switched in place in the image. I believe that now the image depicts the opposite argument.

Moved here from the article (Removed in this edit). Wikipedia is not the place for reference documentation like this. -- Sverdrup (talk) 11:55, 6 March 2013 (UTC)Reply

Test vectors :

Below is a sample test vector, providing the input and the expected output for the above algorithm. Even, the values of Key Schedule, Km and Kr is provided for both encryption and decryption.

Encryption :

128-bit key = 01 23 45 67 12 34 56 78 23 45 67 89 34 56 78 9A
plaintext   = 01 23 45 67 89 AB CD EF
ciphertext  = 23 8B 4F E5 84 7E 44 B2

Decryption :

128-bit key = 01 23 45 67 12 34 56 78 23 45 67 89 34 56 78 9A
plaintext   = 23 8B 4F E5 84 7E 44 B2
ciphertext  = 01 23 45 67 89 AB CD EF

One topic found in other crypto articles is a section discussing known or suspected attack vectors. Even for ciphers considered secure, cryptanalysis research might suggest theoretical avenues of attack, and this would be interesting to note in the article for anyone researching the cipher. Any experts care to add? 137.254.4.10 (talk) 23:09, 13 February 2015 (UTC)Reply