CA-1.0 is a novel type of dynamical system which programs its own evolution. The information in the link is used in two different ways to program encryption during a subround 1) to specify a permutation for the substitution phase, and 2) to chose preimages during the diffusion phase. The goal of link encryption is to separate these two uses by a level of encryption within the link itself. The block-link structure of CA-1.0 is designed to allow a stream of ciphertext to effectively carry along with it a pseudo-random number generator expressed in the operations on the link. Link encryption contributes randomizing operations at each subround of encryption of each block.
Link encryption is essentially block encryption in miniature. The block size
is smaller (128 vs. 384), the reversible rule
is a permutation is on a smaller number of
objects (
vs. 
), and the irreversible rules
generated from the link key have a smaller radius than
the irreversible rules generated from the block key (3 vs. 5).
Otherwise, block and link encryption proceed in the same
fashion: each subround has a substitution and a diffusion phase,
link keys are balanced like block keys, etc. Note that in other
CA cryptosystems the recursive structure
of block and link encryption expressed in CA-1.0
could be continued for many
levels, generally with increased computation time.
There are some minor differences between link and block encryption in CA-1.0. In block encryption the link for a given subround comes from a previous subround. In link encryption both block and link come from the same subround. The first (left-most) 128 bits of the link are interpreted as the link-block and the last (right-most) 192 bits of the link are interpreted as the link-link (see figure 8). Note that while block encryption is designed so that block and link information do not mix, link-block and link-link information do mix, as they pass from one subround to the next. The link-block and the link-link are read out in opposite directions from the link (figure 8). Since the radius of the link rule is 3, 6 bits are required to drive each inverse iteration of the link-key generated irreversible rules. Hence, the 192 bits in the link-link drive 32 iterations. As in block encryption, left- and a right-toggle rules are applied at alternate subrounds. At a subround where a left-toggle rule is applied in block encryption, a right-toggle rule is applied in link encryption, and vice versa.
In block encryption a permutation is generated from the link by reading bits from left to right, beginning at the left-most bit of the link. The permutation for link encryption is generated from the same link, but this time reading bits from right to left, and beginning at the 310th bit. Reading the information for the two permutations in opposite directions has the effect of maximizing the independence of the block and link permutations. The string of bits determining the block permutation overlaps with the string of bits determining the link permutation. However, this overlap occurs at the least-significant bits of each permutation-generating string. The link permutation generation is begun at the 310th rather then the 320th bit since the last 10 bits of the link at the last subround form part of link ciphertext, i.e. they are in view of cryptanalysts. The effect of these bits on processing is to be minimized.
The various uses of the link in block and link encryption and the relationship between these uses is presented schematically in figure 8.
Note that when properly scheduled, the processing the the link information can be done largely in parallel with the processing of the block information. Details are implementation dependent.