Cryptography Reference
In-Depth Information
that the method is almost as effective as brute force with a given plaintext,
for, when 99.2 % of all plaintext blocks fall through the sieve, the search cost
increases by less than 1 % compared with a plaintext attack. I find the following
facts particularly remarkable:
As mentioned earlier, it is a ciphertext attack against DES-encrypted
code; the only one I know of.
It doesn't matter which ciphering mode is used.
The findings are by no means limited to compress ; the process can be
applied to any compression method for which an easily checkable test
for plaintext, similar to (*) in Section 3.6.4, can be found.
The process can also be generalized for each block algorithm with too
short a key length. I find this alarming, particularly in view of the US
export laws that dictate 40-bit keys (which would require six ciphertext
blocks).
I don't want to warn of compression in general. If the encryption method is
good and the key length sufficient, there won't be any risk. For example, though
the PGP program discussed in Section 7.1 compresses a plaintext before it is
encrypted, it uses the secure IDEA algorithm, and the 128-bit key length of that
algorithm sends any idea about a brute-force attack into the realm of utopia.
4.4.2 Differential Cryptanalysis—The Role of the S-Boxes
No method that could crack DES faster than a brute-force attack was known
until 1990. In that year, the Israeli mathematicians Elie Biham and Adi Shamir
developed differential cryptanalysis and used it first against DES, then FEAL,
LOKI, and other known algorithms. That was a breakthrough in cryptanalysis.
We used this method in relatively simple form against fcrypt in Section 3.7,
and want to have a closer look at it now.
DES Without S-Boxes
Imagine DES were designed without S-boxes. Assume that some fixed com-
pression permutation from 48 to 32 bits were to take their place. We change
some single bit in the plaintext block and follow up on the effect this change
has on the ciphertext, as shown in Figures 4.7, 4.8, and 4.10.
Search WWH ::




Custom Search