Cryptography Reference
In-Depth Information
The idea behind this method is simple: we use two 64-bit keys, Kp and Kc ,in
addition to the 56-bit DES key. Ciphertext C is computed from plaintext P as
follows:
C=Kc
DES Kd (P
Kp).
This means that, in addition to the DES cipher, the plaintext is XORed with
additional keys before the encryption, and the ciphertext is XORed with addi-
tional keys after the encryption. It also means that an attacker won't have
any plaintext - ciphertext pairs for DES, and brute force won't work either.
The structure of DES suggests that the algorithm gains from this procedure
(and should there really be a backdoor in DES, then this assumption might be
wrong).
The method is attractively simple. It requires only minimum hardware expan-
sion, while the gain in security is presumably very high. The fact that the USA
once exported only ciphering devices with limited key length (here 40 bits)
won't matter, since whitening compensates for this limitation.
The idea is a brainchild of Ron Rivest; the method is thoroughly studied in
[DESX]. An algorithm called DESX computes Kc as a one-way hash value
(see Section 6.3.1) from Kd and Kp . It has been used in MailSafe (since 1986)
and BSAFE (since 1987). The effective key length of DESX is 120 bits, far
too many for brute force.
One would actually expect whitening to have an effective key length of 64 +
56 + 64 = 184 bits. But this is not so: it is 'only' 120 bits. That's not too hard
to check; I'll just briefly outline it below.
pairs, ( P 1 ,C 1 ) and
( P 2 ,C 2 ) , and set
We pick two plaintext - ciphertext
dP =
P 1
P 2 and dC =
C 1
C 2. The modified plaintexts, P 1
Kp and
P 2
Kp , still also have XOR difference dP . Also, the ciphertexts XORed
with Kc produce a XOR difference, dC .
Now we brute-force all ( P,S) plaintext-key pairs such that
DES S (P)
DES S (P
dP)=dC
holds. This search requires 2 64 + 56
= 2 120 DES ciphers each. In terms of the
order of magnitude, only 2 64 (P , S) pair solutions can be expected. We can try
 
Search WWH ::




Custom Search