It has been suggested that the IETF consider specifying an alternative
"MUST" symmetric encryption algorithm in its version of S/MIME. One of
the alternatives is CAST. Entrust Technologies announced in January that
it was making CAST available. From the press release:
Entrust\xAE Technologies announced today that it is making a version of
CAST encryption algorithm available for free commercial and
CAST is a design procedure for symmetric encryption algorithms.
the design procedure and choosing appropriate values for various
creates an algorithm which is tailored to suit particular needs. As a
CAST defines a family of encryption algorithms, each of which is
simple, and easily implemented, flexible and very efficient in terms of
encryption/decryption speed. CAST can be specified as the default in
that require non-proprietary algorithms.
The full text of the press release is available at
The paper documenting the CAST design process can be found in our white
papers library at http://www.entrust.com/library.htm. Scroll down about
halfway to find the CAST papers. There are two, be sure to get them
Peter Gutmann of New Zealand posted C code for CAST-128, derived from
the description on the web page, to sci.scrypt a few weeks ago, so it is
globally available now. Test vectors in the spec allow verification
that the implementation is correct. My apologies for not having a
reference to his article available.
I've included the abstracts of the design papers:
"Constructing Symmetric Cyphers Using the CAST Design Procedure"
Abstract. This paper describes the CAST design procedure for
a family of DES-like Substitution-Permutation Network (SPN) ciphers.
The version of the CAST algorithm discussed in this paper is now
royalty-free for both commercial and non-commercial use - see the
press release for details.
"CAST Design Procedure Addendum"
Abstract. This addendum to the CAST paper (above) specifies how to use
CAST with a variable key size (40 to 128 bits), provides test vectors
80-, and 128-bit keys (so that implementations can be verified for
correctness), and includes some AlgorithmIdentifiers (i.e., OBJECT
IDENTIFIERs with associated Parameters) which have been defined for
Both papers are available from the Web page in PDF and in MS RTF.
The first paper is also scheduled to appear in the journal "Designs,
Codes, and Cryptography".
Some of the advantages of CAST are:
Free for commercial and non-commercial use.
Variable key sizes: CAST has been implemented with 40, 64, 80,
and 128 bit keys.
Guaranteed resistance to differential and linear cryptanalysis attacks.
Immunity to weak keys and complementary keys.
Additional information about CAST is available from Queen's University:
Peter Whittaker Entrust Key Validation Sequence: 7ORS-NGND-P6ZX
Senior Designer, PKI mailto:pww(_at_)entrust(_dot_)com Phone: +1 613 765
Entrust Technologies http://www.entrust.com Fax: +1 613 765 3520