[Top] [All Lists]

Alternative symmetric algorithm freely available for IETF S/MIME (re: RC2 licensing).

1997-04-16 08:28:15
It has been suggested that the IETF consider specifying an alternative
"MUST" symmetric encryption algorithm in its version of S/MIME.  One of
the alternatives is CAST. Entrust Technologies announced in January that
it was making CAST available.  From the press release:

        Entrust\xAE Technologies announced today that it is making a version of
        CAST encryption algorithm available for free commercial and
        CAST is a design procedure for symmetric encryption algorithms.
        the design procedure and choosing appropriate values for various
        creates an algorithm which is tailored to suit particular needs. As a
        CAST defines a family of encryption algorithms, each of which is
        simple, and easily implemented, flexible and very efficient in terms of
        encryption/decryption speed. CAST can be specified as the default in
        that require non-proprietary algorithms. 

The full text of the press release is available at

The paper documenting the CAST design process can be found in our white
papers library at  Scroll down about
halfway to find the CAST papers.  There are two, be sure to get them

Peter Gutmann of New Zealand posted C code for CAST-128, derived from
the description on the web page, to sci.scrypt a few weeks ago, so it is
globally available now.  Test vectors in the spec allow verification
that the implementation is correct.  My apologies for not having a
reference to his article available.

I've included the abstracts of the design papers:

        "Constructing Symmetric Cyphers Using the CAST Design Procedure"

        Abstract. This paper describes the CAST design procedure for
        a family of DES-like Substitution-Permutation Network (SPN) ciphers.

        The version of the CAST algorithm discussed in this paper is now
        royalty-free for both commercial and non-commercial use - see the
        press release for details.

        "CAST Design Procedure Addendum"

        Abstract. This addendum to the CAST paper (above) specifies how to use
        CAST with a variable key size (40 to 128 bits), provides test vectors
for 40-,
        80-, and 128-bit keys (so that implementations can be verified for
        correctness), and includes some AlgorithmIdentifiers (i.e., OBJECT
        IDENTIFIERs with associated Parameters) which have been defined for

Both papers are available from the Web page in PDF and in MS RTF.

The first paper is also scheduled to appear in the journal "Designs,
Codes, and Cryptography".

Some of the advantages of CAST are:

        Free for commercial and non-commercial use.

        Variable key sizes:  CAST has been implemented with 40, 64, 80,
        and 128 bit keys.

        Guaranteed resistance to differential and linear cryptanalysis attacks.

        Immunity to weak keys and complementary keys.

Additional information about CAST is available from Queen's University:


Peter Whittaker         Entrust Key Validation Sequence:  7ORS-NGND-P6ZX
Senior Designer, PKI    mailto:pww(_at_)entrust(_dot_)com    Phone: +1 613 765 
Entrust Technologies      Fax: +1 613 765 3520