Cryptography Reference
In-Depth Information
to compute
Kp
and
Kc
for each pair and test the result on a third and fourth
plaintext - ciphertext pair. This effort is 'negligibly small' (namely about 72
quadrillion times smaller) compared with 2
120
ciphers, but 256 times larger
compared with the usual DES cracking.
Should anybody one day succeed in reducing the search for (
P,S
) pairs with
a clever trick, then whitening would presumably not be of much use.
[DESX] shows that the cost to be expected for different
Kp
and
Pc
, too, would
be in the order of magnitude of 2
64
+
56
−
1
−
lg(m)
, where
m
denotes the number
of eavesdropped plaintext - ciphertext pairs.
Under this aspect, it appears reasonable to choose
Kc
as a function of
Kp
and
Kd
right away as is done in DESX.
5.3
IDEA: A Special-Class Algorithm
Despite Triple-DES and the modified DES with key-dependent S-boxes by
Biham and Biryukov, there was an understandable wish to get away from this
algorithm once and for all. In fact, this algorithm is more than a quarter of a
century old, and it cannot be entirely excluded that somebody
might
know a
more successful attack against this type of encryption than we do — after all, it
is assumed that only the smaller part of cryptological research is public.
A joint project of ETH Zurich (under the supervision of famous cryptologists
X. Lai and J. Massey) and Ascom Systec AG tried to find theoretically solid
foundations for a new algorithm. Such an algorithm was published with the
name
PES
(
Proposed Encryption Standard
) in its original form in 1990. This
method was attacked successfully by Biham and Shamir using differential crypt-
analysis. As a consequence, Lai and Massey protected their algorithm against
this attack and put an 'I' for 'Improved' in front of its name. Since 1992, we
have known the algorithm by the name
IDEA
—
International Data Encryp-
tion Algorithm
(see
algor/idea
directory on our Web site and [SchnCr, 13.9]).
5.3.1 This Time First: IDEA Patent Rights
IDEA is used for symmetric encryption in the very popular PGP software
package, which is the main reason why it is well known. Unfortunately, it
is less noticed that IDEA is patent-protected — in Europe until May 16, 2011,
while the USA will enjoy its free use one year earlier. This fact is omitted so
