Cryptography Reference
In-Depth Information
0000 000 0000 000 0000 000 0000 000
0000 000 0000 000 0000 000 0000 000
1111 111 1111 111 1111 111 1111 111
1111 111 1111 111 1111 111 1111 111
1111 111 1111 111 1111 111 1111 111
0000 000 0000 000 0000 000 0000 000
0000 000 0000 000 0000 000 0000 000
1111 111 1111 111 1111 111 1111 111
Figure 4.13: The four weak keys of DES (bitwise representation).
example, if all bits of the key are equal to 0, or perhaps all equal to 1, then
rotating the half keys in each round changes nothing: all rounds use the same
key. This holds true even if the left half key contains only 0-bits and the right
one only 1-bits. Such keys are called weak keys .
Six pairs of DES keys consist of semiweak keys . The keys in such a pair are
inverse to each other: things encrypted with one of the two keys are decrypted
with the other key. Finally, there are 48 possibly weak keys : each one of them
creates only four different round keys, which are each used four times in the
16 rounds.
If there were many weak keys, or if these four keys occurred frequently due to
poor automatic key selection, then an attacker could test for them right away.
This test could be an attack tailored to DES, for example, with equal round
keys. If it is successful, the attacker has reached his goal; otherwise he has to
try other methods.
Compared with the 72 trillion possible keys, these 64 potential risks are a
ridiculously small number. In addition, it is very easy to discard such weak
keys, or have weak keys automatically replaced by 'strong' ones.
In general, a key is said to be weak if the encryption method that uses it
deteriorates into one that's easier to break. How about this for a blurred def-
inition? Anyhow, when designing an algorithm, one also has to think of this
type of attack. If an algorithm uses a fairly large percentage of weak keys in
any respect, it earns a minus score.
4.4.4 Linear Cryptanalysis and Other Methods
Linear cryptanalysis was developed by Matsui in 1993; it is one of the most
modern cryptanalytic methods. It seems that it will not be used to its full
potential until a long time in the future.
Search WWH ::




Custom Search