Cryptography Reference
In-Depth Information
plaintext, sixty-four bits at a time. Because they are performed directly at
the binary level, each operation necessitates only the simplest hardware to
implement it, yet their composition yields a cipher of remarkable strength
while achieving speeds yet to be met by any cipher based on algebraic
properties.
50
If Feistel's goal of protecting individual's privacy did not seem to be
associated with any specific market, protecting banking transactions clearly
was. IBM quickly realized the business potential of integrating crypto-
graphic technologies into the data processing infrastructure undergirding
the deployment of networked ATM machines (introduced in the United
States in 1968). Aware of the increasing needs for a cryptographic algo-
rithm suitable for industry purposes, the National Bureau of Standards
(NBS) solicited proposals for a standard in 1973. Selection as a federal
standard would be premised on meeting two distinct conditions: the algo-
rithm would be forwarded to the National Security Agency (NSA) for evalu-
ation, and the winner would grant nonexclusive royalty-free licenses to
design, build, use, and sell hardware and software implementing the
cipher.
51
The only game in town at the time, Lucifer was selected and the
details of the algorithm published in March 1975 in the
Federal Register
as
the
Data Encryption Standard (DES, pronounced
dez)
, with requests for
comments from the industry and the public.
52
Almost immediately, critics pointed to the suspicious reduction of the
original 64 bits keys length to 56 bits, with the assignment of 8 bits to
error correction. The move seemed to suggest an attempt “to intentionally
reduce the cost of exhaustive key search by a factor of 256.”
53
Martin
Hellman, a soon-to-become-famous Stanford professor of electrical engi-
neering, wrote to the NBS that “Whit Diffie and I have become concerned
that the proposed data encryption standard, while probably secure against
commercial assault, may be extremely vulnerable to attack by an intelli-
gence organization.”
54
Diffie and Hellman subsequently published an
extensive analysis of the standard, claiming that “using the simplest crypt -
analytic attack [exhaustive key search], a $20 million machine can be built
to break the proposed standard in about 12 hours of computation time . . .
major intelligence agencies possess the financial resources and the interest
to build such a machine.”
55
Worse still, critics pointed that the design
criteria for the “S-boxes”—eight fixed tables dictating the specific bit
substitutions—was not publicly clarified, an omission that suggested
