Cryptography Reference
In-Depth Information
Why is this principle so useful? Because if you know function
f
S,i
for all
i
,
you can decrypt! The reason is that you get the following from (1):
⊕
f
S
,
i
(R
i
)
⊕
f
S
,
i
(R
i
)
=R
i
⊕
f
S
,
i
(R
i
)
L
i
=L
i
+
1
And from this, you can already derive the decryption for an
n
-round method:
R
n
1
=L
n
−
⊕
L
n
1
=R
n
f
S
,
n
1
(R
n
1
)
−
−
−
...
R
0
=L
1
L
0
=R
1
⊕
f
S
,
0
(R
0
)
This means that the
f
S,i
functions don't have to be reversible. To design encryp-
tion algorithms, we had to ensure that the key-dependent mapping,
f
S
,in
ciphertext = f
S
(plaintext)
was reversible only by somebody who had key
S
. With the method discussed
here, we only need to ensure that none of the
f
S,i
functions can be computed
without knowing
S
. This is a much simpler task; we can build 'wild' functions.
Of course, cryptanalysis has adjusted itself to this. But more about this later.
Examples of Feistel networks are DES, FEAL, and Blowfish.
4.3 The DES Method
The
Data Encryption Standard
(
DES
) is probably the best analyzed crypto-
graphic method. We owe many modern design principles and modern crypt-
analysis to this algorithm.
Although the suspicion that the NSA might have built a backdoor into DES
has never been cleared up, no practically usable vulnerability has been found
in it until today to my knowledge. The insecurity of DES is due to the fact that
brute-force attacks are technically possible nowadays.
Since DES has played a major role in history and still does today, we will have
a closer look at this algorithm.
