A novel aspect of CA-1.0 is its block-link structure. A simple physical idea motivates the block-link construction. At each diffusion subround random information is mixed into the message information. This random information diffuses in alternately from the left or right through inverse iteration of a right- respectively left-toggle rule. The way this works is best understood by reference to figure 5. In this figure the hatched areas represent link information, and the unhatched areas represent block information. During block encryption link bits are attached, 10 bits per iteration, to the end of the block. The hatched areas, then, represent either input link bits, or bits which are a function only of link bits inserted at previous iterations. The uppermost line in each link triangle becomes the input link for the next subround. In essence, the link information is ``folded back" into the block encryption at the end of each subround. Before being folded, the link information undergoes link encryption (see figure 8, and for further details see sections 3.1 and 3.3).
Both blocks and links are strings of bits. In general CA cryptosystems, both blocks and links can be used to carry message information. In CA-1.0, however, message information is only inserted into blocks. The link bits are generated by a (in principle perfect) noise generator physically protected within the encryption apparatus. On the receiving end, the link bits appear during decryption in a physically protection portion of the apparatus and are destroyed there as soon as they are no longer needed. That is, the output of the decryption apparatus consists only of the decrypted block.
In CA-1.0 the information in the plaintext block cannot in any way influence the processing of the information in the link. The information in the link is thus sequestered from direct plaintext attack (see section 5). The link information, on the other hand, has a strong influence on the way the block is processed.
Since the processing of the link information does not depend on the message block, the link can be subjected to an independent set of encryption operations. In CA-1.0 blocks and links are encrypted in a recursive fashion. In each subround the link is encrypted first under the link key and then under the block key. The link-key encryption follows the same format as the block-key encryption (see section 3.3).
The dynamical system theorist will recognize in the block-link structure a combination of stretching and folding operations similar to the combination which gives rise to chaos in many dynamical systems. These operations are used here in a way intended to maximize their randomizing potential.
In a block-link cryptosystem the encryption of each block of message information is controlled in part by information in the corresponding link. In CA-1.0 this control is exerted in two ways, 1) through the selection of the reversible CA to be used in the substitution phase, and 2) through the selection of preimages in the diffusion phase. Many other aspects of encryption/decryption are in principle link-programmable. Link programming is limited in CA-1.0 to avoid unnecessary complications which might obscure the basic CA cryptosystem design strategy.
The block-link structure confers some DES compatibility on CA-1.0. Link encryption is controlled by a 64-bit key, as in the DES. In a hierarchical security environment CA-1.0 can be made to emulate DES. If, at some level of the hierarchy, authorization to access to the 1024-bit block key is ambient, then users at that level need only supply 64-bit link keys. The block size of CA-1.0 (384) is chosen as a multiple of the DES block size (64) to further enhance DES compatibility.