This preview shows page 1. Sign up to view the full content.
Unformatted text preview: pending only on the key. So, if you have one plaintext and its corresponding ciphertext, you can predict the parity of the ciphertext for any plaintext. None of this is damning in itself, but it doesn’t leave me with a good feeling about the algorithm. I do not recommend Madryga. 13.3 NewDES
NewDES was designed in 1985 by Robert Scott as a possible DES replacement [1405, 364]. The algorithm is not a DES variant, as its name might imply. It operates on 64bit blocks of plaintext, but it has a 120bit key. NewDES is simpler than DES, with no initial or final permutations. All operations are on entire bytes. (Actually, NewDES isn’t anything like a new version of DES; the name is unfortunate.) The plaintext block is divided into eight 1byte subblocks: B0, B1,..., B6, B7. Then the subblocks go through 17 rounds. Each round has eight steps. In each step, one of the subblocks is XORed with some key material (there is one exception), substituted with another byte via an f function, and then XORed with another subblock to become that subblock. The 120bit key is divided into 15 key subblocks: K0, K1,..., K13, K14. The process is easier to understand visually than to describe. Figure 13.2 shows the NewDES encryption algorithm. The ffunction is derived from the Declaration of Independence. See [1405] for details. Scott showed that every bit of the plaintext block affects every bit of the ciphertext block after only 7 rounds. He also analyzed the f function and found no obvious problems. NewDES has the same complementation property that DES has [364]: If EK(P) = C, then EK´(P´) = C´. This reduces the work required for a bruteforce attack from 2120 steps to 2119 steps. Biham noticed that any change of a full byte, applied to all the key and data bytes, leads to another complementation property [160]. This reduces a bruteforce attack further to 2112 steps. Figure 13.2 NewDES. This is not damning, but Biham’s relatedkey cryptanalytic attack can break NewDES with 233 chos...
View
Full
Document
This note was uploaded on 10/18/2010 for the course MATH CS 301 taught by Professor Aliulger during the Fall '10 term at Koç University.
 Fall '10
 ALIULGER
 Cryptography

Click to edit the document details