Cryptography Reference
In-Depth Information
•
The S-boxes introduce non-linearity and resistance to differential crypt-
analysis (see Sections 4.4.2 and 4.4.4).
•
As the round keys are created, the rotation and the compression permu-
tation ensure that any change to a key bit can influence all ciphertext bits
after only a few rounds.
•
As mentioned above, the input and output permutations are probably
due to the hardware design; they are meaningless from the cryptology
viewpoint.
You may reasonably assume that each detail of DES has its reason. Talented
cryptologists have cut their teeth over it. For one thing, it is very difficult
to design S-boxes such that the algorithm created is cryptologically secure.
Rumors have it that when designing DES the developers put their computers
to work on good S-boxes for months.
To an outsider who doesn't know the theory behind them, the S-boxes may
seem to be merely an 'arbitrary' collection of numbers. No wonder many users
were extremely doubtful about DES and suspected a backdoor. There might
be one, or there might not. We'll be smarter in fifty years from now when the
secret documents will likely have become accessible.
4.4 How Secure is DES?
We know that there is no exhaustive, officially known answer to this question.
Only the types of attacks against DES are known:
•
brute-force,
•
differential, and
•
linear cryptanalysis.
We will discuss all three types below and, on this occasion, learn a new crypt-
analytic method.
4.4.1 Brute-Force Attack and the 'Deep Crack' Computer
The only practicable attack against DES is brute force, i.e., trying all 2
56
pos-
sible keys. This is a huge number: the ciphertext has to be decrypted
and
tested for about 72 000 000 000 000 000 or 72 quadrillion keys to produce some
meaningful plaintext.
