|Designers||Carlisle Adams and Stafford Tavares|
|Key sizes||40 to 128 bits|
|Block sizes||64 bits|
|Rounds||12 or 16|
In cryptography, CAST-128 (alternatively CAST5) is a symmetric-key block cipher used in a number of products, notably as the default cipher in some versions of GPG and PGP. It has also been approved for Canadian government use by the Communications Security Establishment. The algorithm was created in 1996 by Carlisle Adams and Stafford Tavares using the CAST design procedure.
Another member of the CAST family of ciphers, CAST-256 (a former AES candidate) was derived from CAST-128. According to some sources, the CAST name is based on the initials of its inventors, though Bruce Schneier reports the authors' claim that "the name should conjure up images of randomness".
CAST-128 is a 12- or 16-round Feistel network with a 64-bit block size and a key size of between 40 to 128 bits (but only in 8-bit increments). The full 16 rounds are used when the key size is longer than 80 bits.
Components include large 8×32-bit S-boxes based on bent functions, key-dependent rotations, modular addition and subtraction, and XOR operations. There are three alternating types of round function, but they are similar in structure and differ only in the choice of the exact operation (addition, subtraction or XOR) at various points.
- Carlisle M. Adams (1997). "Constructing Symmetric Ciphers Using the CAST Design Procedure" (PDF). Designs, Codes, and Cryptography (12): 283–316.
- Bruce Schneier (1996). Applied Cryptography, (2nd ed.). John Wiley & Sons. pp. 334–335. ISBN 0-471-11709-9.
- Carlisle M. Adams (1997-05-12). "CAST Design Procedure Addendum" (PDF). Entrust.
- RFC 2144 The CAST-128 Encryption Algorithm
- CAST Encryption Algorithm Related Publications at the Wayback Machine (archived December 17, 2007)
- "Standard Cryptographic Algorithm Naming: Symmetric Ciphers - CAST-128". Retrieved 2013-01-14.
- "CSEC Approved Cryptographic Algorithms for the Protection of Sensitive Information and for Electronic Authentication and Authorization Applications within GC". Communications Security Establishment Canada. 2011-03-01. Retrieved 2014-12-04.