中文摘要：

CAST-256是在CAST-128基础上改进的Feistel结构分组密码,作为首轮AES候选算法,该算法的分析成果已有不少。目前,已知的攻击方法分析中,多维零相关线性分析和积分分析能实现28轮的密钥恢复攻击。根据已有的文献资料,详细分析了如何利用积分分析与零相关分析两种方法之间联系,实现28轮CAST-256算法积分分析,并且密钥恢复算法的复杂度达到2247Enc。

英文摘要：

CAST-256 is a block cipher designed based on CAST-128. As a candidate for the first AES conference, there are a lot of researches on CAST- 256. As known, the zero-correlation eryptanalysis and integral cryptanalysis for 28-round CAST- 256 have been given. According to the existing literature, this paper studied the links between those methods and gave the integral analysis for 28-round CAST-256 with the links in tail.