Unformatted text preview: output bits from each Sbox in round i are distributed so that 2 of them affect the middlebits of Sboxes at roundi + 1 and the other 2 affect end bits. — The 4 output bits from each Sbox affect six different Sboxes; no 2 affect the same Sbox. — If the output bit from one Sbox affects a middle bit of another Sbox, then an output bit from that other Sbox cannot affect a middle bit of the first Sbox. The paper goes on to discuss the criteria. Generating Sboxes is pretty easy today, but was a complicated task in the early 1970s. Tuchman has been quoted as saying that they ran computer programs for months cooking up the Sboxes. 12.6 DES Variants Multiple DES
Some DES implementations use tripleDES (see Figure 12.10) [55]. Since DES is not a group, then the resultant ciphertext is much harder to break using exhaustive search: 2112 attempts instead of 256 attempts. See Section 15.2 for more details. Figure 12.10 TripleDES. DES with Independent Subkeys
Another variation is to use a different subkey for each round, instead of generating them from a single 56bit key [851]. Since 48 key bits are used in each of 16 rounds, this means that the key length for this variant is 768 bits. This variant would drastically increase the difficulty of a bruteforce attack against the algorithm; that attack would have a complexity of 2768. However, a meetinthemiddle attack (see Section 15.1) would be possible. This would reduce the complexity of attack to 2384; still long enough for any conceivable security needs. Although independent subkeys foil linear cryptanalysis, this variant is susceptible to differential cryptanalysis and can be broken with 261 chosen plaintexts (see Table 12.15) [167,172]. It would seem that any modification of the key schedule cannot make DES much stronger. DESX
DESX is a DES variant from RSA Data Security, Inc. that has been included in the MailSafe electronic mail security program since 1986 and the BSAFE toolkit since 1987. DESX uses a technique called whitening (see Section 15.6) to obscure the inputs and outputs to DES. In addition to a 56bit DES key, DESX has an additional 64bit whitening key. These 64 bits are XORed to the plaintext before the first round of DES. An additional 64 bits, computed as a oneway function of the entire 120bit DES key, is XORed to the ciphertext after the last round [155]. Whitening makes DESX much stronger than DES against a bruteforce attack; the attack requires (2120)/n operations with n kno...
View
Full Document
 Fall '10
 ALIULGER
 Cryptography, Bruce Schneier, Applied Cryptography, EarthWeb, Search Search Tips

Click to edit the document details