Cryptography Reference
In-Depth Information
Diagram 3.1 An S-DES Round
SK
⊕
S
1
S
2
L
1
−−−−→
L
2
−−−−→
L
1
−−−−→
R
1
−−−−→
E
−−−−→
E
(
R
)
−−−−−−→
E
(
R
)
(
L
1
,L
2
)
⊕
SK
R
L
−−−−−−−−−−−−−−→ ⊕
Z
←−−−−−−−−−−−−−−−−
INPUT
P
L
(
L
,R
)
R
R
−−−−−−−−−−−−−−→
OUTPUT
−−−−→
DES Design Principles
In a 1994 publication, [60], Coppersmith described the criteria used in the
design of DES. The focus is principally upon the design of the S-Boxes and
the permutation function that processes their outputs. There is an interesting
story behind this publication and what led up to it. Almost twenty years before
Coppersmith decided (or rather was allowed), to publish this knowledge, it was
known that IBM researchers had discovered an attack on DES, later known as
differential cryptanalysis (see Footnote 3.4 on page 127). This was, let us say,
not met with great joy by the NSA, since they had known about it for some
time and it was classified information. Moreover, added to this lack of joy at
NSA was the fact that IBM researchers had discovered methods for thwarting
the attack. Hence, the NSA went out of its way to sanction IBM and classify
the IBM discoveries. Not only was this attack a powerful tool against DES,
but also many other ciphers, and the NSA did not want this information to be
leaked. Coppersmith was one of the IBM researchers who worked on the meth-
ods for combating the attack. The compliance by IBM to the NSA demands for
secrecy only contributed to the speculation about potential secret back doors
through which NSA could cryptanalyze the DES cryptosystem. This is part of
the background to the controversy we discussed on page 98, which led to investi-
gations mentioned therein. Ultimately, the information became public through
independent discoveries, and as we have seen, the governmental agencies, such
as NSA, could no longer control the flow of information. The advent of the In-
ternet, public-key cryptography, and all the interrelated activities in the public
domain saw to that.
One important aspect of block ciphers, especially DES, that requires eluci-
dation is the notion of
linearity
.A
linear cipher
is one for which each output
bit is a linear combination of the input bits. An example of such a cipher is the
Hill cipher discussed on pages 111-113. The Hill cipher is easily broken with
a known-plaintext attack. The reason is that since a key matrix
e
acts upon
a plaintext matrix
m
to produce a ciphertext matrix
c
via
c
=
me
, then this
Search WWH ::
Custom Search