[Cryptography] NIST Workshop on Elliptic Curve Cryptography Standards

Dave Howe davehowe.pentesting at gmail.com
Wed May 20 06:45:20 EDT 2015


On 20/05/2015 03:12, Bill Frantz wrote:
> My understanding is they changed it to protect against differential
> cryptanalysis. At the time, differential cryptanalysis was known by
> NSA, but not generally known in the public crypto community.
  My memory seems to give me a nudge that IBM knew about differential
during this period - Wiki seems to say the same thing, but of course wiki...

  It is possible that the NSA strengthened DES against differential
because IBM knew about it, but not against linear because IBM didn't (if
the NSA knew at the time of course is debatable, but it would be in
keeping with their standard practice for them to leave DES open to it
because it wasn't known to be known outside of the NSA, even if it was
known within the NSA)


More information about the cryptography mailing list