Unformatted text preview: it was intended. In short, NSA did not impose or attempt to impose any weakness on the DES. Then why did they modify the S-boxes? Perhaps it was to ensure that IBM did not put a trapdoor in DES. The NSA had no reason to trust IBM’s researchers, and would be lax in their duty if they did not make absolutely sure that DES was free of trapdoors. Dictating the S-boxes is one way they could make sure. Very recently some new cryptanalysis results have shed some light on this issue, but for many years this has been the subject of much speculation. Weak Keys Because of the way the initial key is modified to get a subkey for each round of the algorithm, certain initial keys are weak keys [721,427]. Remember that the initial value is split into two halves, and each half is shifted independently. If all the bits in each half are either 0 or 1, then the key used for any cycle of the algorithm is the same for all the cycles of the algorithm. This can occur if the key is entirely 1s, entirely 0s, or if one half of the key is entirely 1s and the other half is entirely 0s. Also, two of the weak keys have other properties that make them less secure . The four weak keys are shown in hexadecimal notation in Table 12.11. (Remember that every eighth bit is a parity bit.) Additionally, some pairs of keys encrypt plaintext to the identical ciphertext. In other words, one key in the pair can decrypt messages encrypted with the other key in the pair. This is due to the way in which DES generates subkeys; instead of generating 16 different subkeys, these keys generate only two different subkeys. Each of these subkeys is used eight times in the algorithm. These keys are called semiweak keys, and are shown in hexadecimal notation in Table 12.12. Table 12.11 DES Weak Keys Weak Key (with parity bits) Actual Key Value 0101 1F1F E0E0 FEFE 0101 1F1F E0E0 FEFE 0101 0E0E F1F1 FEFE 0101 0E0E F1F1 FEFE 0000000 0000000 0000000 FFFFFFF FFFFFFF 0000000 FFFFFFF FFFFFFF Some keys produce only four subkeys, each used four times in the algorithm. These possibly weak keys are listed in Table 12.13. Before co...
View Full Document
- Fall '10
- Cryptography, Bruce Schneier, Applied Cryptography, EarthWeb, Search Search Tips