[Cryptography] Guaranteeing that no distinct keys produce indistinguishable results
Dave Horsfall
dave at horsfall.org
Thu May 28 02:16:51 EDT 2015
On Wed, 27 May 2015, Jonathan Thornburg wrote:
> There is good evidence that DES is *not* a group (references below).
> This means that composing multiple DES encryptions yields an operation
> which is distinct from any single-DES.
[...]
> References:
> * Kaliski, Burton S. Jr.; Ronald L. Rivest; and Alan T. Sherman,
> "Is the Data Encryption Standard a Group?"
> Eurocrypt 85 (Springer LNCS 219) pp 81 - 95
> * Kaliski, Burton S. Jr.; Ronald L. Rivest; and Alan T. Sherman,
> "Is the Data Encryption Standard a group?"
> Journal of Cryptology, 1:1 (1988), 3--36.
Or, for those who prefer their references in PDF form:
http://math.boisestate.edu/~liljanab/Math509Spring10/DesNotGroup.pdf
which references the document(s) above.
DES is not a Group
Keith W. Campbell and Michael J. Wiener
Bell-Northern Research, P.O. Box 3511 Station C, Ottawa, Ontario, Canada, K1Y 4H7
Abstract.
We prove that the set of DES permutations (encryption and decryption for
each DES key) is not closed under functional composition. This implies
that, in general, multiple DES-encryption is not equivalent to single
DES-encryption, and that DES is not susceptible to a particular
known-plaintext attack which requires, on average, 2^28 steps. We also
show that the size of the subgroup generated by the set of DES
permutations is greater than 10^2499, which is too large for potential
attacks on DES which would exploit a small subgroup.
--
Dave Horsfall DTM (VK2KFU) "Those who don't understand security will suffer."
http://www.horsfall.org/spam.html (and check the home page whilst you're there)
More information about the cryptography
mailing list