- C.M. Adams, "A Formal and Practical Design Procedure for Substitution-Permutation network Cryptosystems", PhD Thesis, Queen's University, Kingston, Ontario, Canada, September, 1990

- C. Adams, "Symmetric cryptographic system for data encryption", U.S.
Patent # 5,511,123, April 23, 1996.

- C.M. Adams, "Constructing Symmetric Ciphers Using the CAST Design Procedure", Designs, Codes, and Cryptography, Vol. 12, No. 3, pp. 283-316, 1997

*This paper describes the CAST design procedure for constructing a family of DES-like Substitution-Permutation Network (SPN) cryptosystems which appear to have good resistance to differential cryptanalysis, linear cryptanalysis, and related-key cryptanalysis, along with a number of other desirable cryptographic properties. Details of the design choices in the procedure are given, including those regarding the component substitution boxes (s-boxes), the overall framework, the key schedule, and the round function. An example CAST cipher, an output of this design procedure, is presented as an aid to understanding the concepts and to encourage detailed analysis by the cryptologic community.*[Postscript]

- C.M. Adams, "CAST Design Procedure Addendum

*This addendum to the CAST paper (above) specifies how to use CAST with a variable key size (40 to 128 bits), provides test vectors for 40-, 80-, and 128-bit keys (so that implementations can be verified for correctness), and includes some AlgorithmIdentifiers (i.e., OBJECT IDENTIFIERs with associated Parameters) which have been defined for CAST.*[Postscript]

- C.M. Adams and S.E. Tavares, "The Use of Bent Sequences to Achieve Higher-Order Strict Avalanche Criterion in S-Box Design. Technical Report TR 90-013. Department of Electrical Engineering, Queen's University, Kingston, Ontario. Jan. 1990.

*Recently, Pieprzyk and Finkelstein described a construction procedure for the substitution boxes (s-boxes) of Substitution-Permutation Network cryptosystems which yielded s-boxes of high nonlinearity. Shortly afterward, in seemingly unrelated work, Yarlagadda and Hershey discussed the analysis and synthesis of binary bent sequences of length 4^(k), for k a positive integer. In this paper, we report on work which not only extends the results of both of these papers, but also combines them through the concept of "higher orders" of the Strict Avalanche Criterion for Boolean functions. We discuss the implications for s-box design and the use of such s-boxes in the construction of DES-like cryptosystems*[Postscript]

- J. Lee, H.M. Heys, and S.E. Tavares, "Resistance of a CAST-like Encryption Algorithm to
Linear and Differential Cryptanalysis", Designs, Codes, and Cryptography,Vol. 12, No. 3, pp. 267-282, 1997.

*Linear cryptanalysis and differential cryptanalysis are two recently introduced, powerful methodologies for attacking private-key ciphers. In this paper, we examine the application of these two cryptanalysis techniques to a CAST-like encryption algorithm based on randomly generated s-boxes. It is shown that, when randomly generated s-boxes are used in a CAST-like algorithm, the resulting cipher is resistant to both the linear attack and the differential attack.*[Postscript]

- V. Rijmen, B. Preneel and E.De Win "On weaknesses of non-surjective round functions", Designs, Codes, and Cryptography, Vol. 12, No. 3, pp. 253-266,1997

- A.M. Youssef, S.E. Tavares, S. Mister and C.M. Adams, "Linear approximation of Injective S-boxes", IEE Electronics Letters, Vol.31, No. 25, pp.2168-2169, 1995.

*In this letter the authors derive an estimate for the expected nonlinearity of a randomly selected injective substitution box. In particular, they show that the expected value of the nonlinearity of a randomly selected 8x32 s-box (the same dimenssions of the CAST s-boxes) is about 72. The theoritical argument is supported with experimental results*[postscript]

- A.M. Youssef, Z. Chen and S.E. Tavares, "Construction of
Highly Nonlinear Injective S-boxes with Application to CAST-like
Encryption Algorithm", To appear in the proceedings of the
Canadian Conference on Electrical and Computer Engineering (CCECE'
97).

*In this paper we present two methods for constructing highly nonlinear injective s-boxes. Both of these methods, which are based on exponential sums, outperform previously proposed methods. In particular, we are able to obtain injective 8x32 s-boxes with nonlinearity equal to 80 and maximum XOR table entry of 2. We also re-evaluate the resistance of the CAST-like encryption algorithms constructed using randomly selected s-boxes to the basic linear cryptanalysis.*[postscript]

- S. Mister and C. Adams, "Practical S-Box Design", Workshop in Selected Areas of Cryptography, SAC' 96, Workshop record, pp. 61-76, 1996

*Much of the security of a block cipher based on the Feistel network depends on the properties of the substitution boxes (s-boxes) used in the round function. This paper presents one effort to construct large, cryptographically secure s-boxes, contrasting theoretical and practical limitations, and highlighting areas for future research. Several (known) bent function construction methods are summarized, and properties of the resulting bent functions are discussed. A rapid method for calculating the nonlinearity of a boolean function, based on the Hadamard matrix, is described. The constructions presented are based on the use of bent functions as s-box columns. This ensures that the maximum order strict avalanche criterion (SAC) is satisfied. The construction attempts to maximize nonlinearity, minimize the largest s-box XOR table entry and distance to maximum order bit independence criterion (BIC), and ensures that the column and row weight distributions are approximately binomial. The best characteristics achieved for a generated s-box are compared to those obtained for a randomly generated s-box. The constructed s-box is at least as good with respect to all of these properties, and is slightly better with respect to nonlinearity and distance to higher order BIC.*[postscript]

- H. Heys and S. Tavares, "On the Security of the CAST Encryption
Algorithm", Proceedings of the Canadian Conference on Electrical and
Computer Engineering, Halifax, NS, Canada, Sept. 1994, pp.332-335.

- C. Adams, "Simple and Effective Key Scheduling for Symmetric Ciphers", Workshop in Selected Areas of Cryptography, SAC' 94, Workshop record, pp. 129-133, 1994

- C. Adams, "Designing DES-like Ciphers with Guranteed Resistance to Differential and Linear Attacks", Workshop in Selected Areas of Cryptography, SAC' 95, Workshop record, pp. 133-144, 1995

- C. Adams and S. Tavares, "Designing S-Boxes for Ciphers Resistant to
Differential Cryptanalysis", Proceedings of the 3rd Symposium on State
and Progress of Research in Cryptography, Rome, Italy, 1993, pp.181-190.

- B. Schneier, Applied Cryptography: Protocols, Algorithms, and Source
Code in C (2nd edition), John Wiley & Sons, 1996, pp.334-335.

- A. Menezes, P. van Oorschot, and S. Vanstone, Handbook of Applied
Cryptography, CRC Press, 1997, p.281.

This page belongs to Queen's Cryptography and Data Security Lab and it is maintained by Amr Youssef