Development Milestones: DES, RSA - Cryptology Unlocked

Cryptography Reference

In-Depth Information

4.3.1 A Difficult Labor

In 1973, when it identified a need for a governmental standard to encrypt

sensitive information, the National Bureau of Standards (NBS; now named

NIST — National Institute of Standards and Technology) publicly solicited pro-

posals for a secure cipher. Due to the development and proliferation of computer

technology and communication, a generally accessible and secure method was

needed. Though the response to this request showed a strong interest in such

a standard, none of the submissions turned out to be suitable [SchnCr, 12.1]!

This shows very impressively how much cryptology was an occult science

back then.

When a second request was issued in 1974, an IBM workgroup including Horst

Feistel (mentioned in Section 4.2) and the famous cryptanalyst Don Copper-

smith, submitted a candidate that was deemed acceptable. It was a cipher based

on the Lucifer project conducted by IBM, after which at least one algorithm

was named.

Supposedly short of expert knowledge, the NBS involved the NSA in evaluating

the security of the algorithm. This involvement — so it was feared — wasn't

limited to evaluating the proposed standard. The suspicion was that the NSA

had shortened the key length from 128 bits, as suggested by IBM, to 56 bits.

IBM developers Tuchman and Meyer said that the NSA had not changed a

single bit in DES. But Coppersmith commented that the so-called S-boxes (see

Section 4.3.2) were all different when they came back from the NSA. This can

be interpreted in two ways: either the NSA built a backdoor into DES, or they

wanted to prevent IBM from building in a backdoor themselves.

In any event, the design criteria of the S-boxes — the security-relevant part

of DES — remained hidden. That gave rise to suspicion, of course. Tuchman

(who claimed the NSA had changed nothing) commented that these criteria had

been kept secret on NSA's request since members of the IBM team ' ... had

unknowingly rediscovered some of the best-guarded secrets their own [NSA's]

algorithms were based on' [SchnCr, 12.3].

In 1978, a committee that had access to publicly inaccessible documents inves-

tigated the matter and found that DES was completely safe and free from

weaknesses. However, the specific findings underlying this judgment remained

secret.

DES was approved as an official encryption standard at the end of 1976. The

method was authorized for use on 'unclassified' data rather than for the pro-

tection of highly confidential information. Of course, this gave rise to doubts

Search WWH ::

Custom Search

Home