[1749] in cryptography@c2.net mail archive
Question regarding CAST S-Box design
daemon@ATHENA.MIT.EDU (Steve Reid)
Tue Oct 14 22:27:45 1997
Date: Tue, 14 Oct 1997 15:27:29 -0700 (PDT)
From: Steve Reid <sreid@sea-to-sky.net>
To: cryptography@c2.net
In "Constructing Symmetric Ciphers Using the CAST Design Procedure",
C. Adams recommends S-boxes that are strong against differential and
linear cryptanalysis. He then goes on to describe a modification to
the round function to provide "intrinsic immunity" to differential
and linear cryptanalysis.
In AC2, Schneier suggests that structured S-boxes tend to be weaker
against unknown attacks, and gives DES as an example. Other properties
are mentioned in the CAST paper (such as BIC and SAC), but ciphers like
Blowfish seem to do fine with random S-boxes.
Why structure the CAST S-boxes to be strong against differential and
linear cryptanalysis when the round function already provides immunity?
