Unformatted text preview: means is that a chosenplaintext attack against DES only has to test half the possible keys: 255 keys instead of 256 [1080]. Eli Biham and Adi Shamir showed [172] that there is a knownplaintext attack of the same complexity, requiring at least 233 known plaintexts. It is questionable whether this is a weakness, since most messages don’t have complement blocks of plaintext (in random plaintext, the odds against it are extremely high) and users can be warned not to use complement keys. Algebraic Structure
All possible 64bit plaintext blocks can be mapped onto all possible 64bit ciphertext blocks in 264! different ways. The DES algorithm, with its 56bit key, gives us 256 (approximately 1017) of these mappings. Using multiple encryption, it seems possible to reach a larger portion of those possible mappings. However, this is only true if the DES operation does not have certain algebraic structures. If DES were closed, then for any K1 and K2 there would always be a K3 such that EK2(EK1(P)) = EK3(P) In other words, the DES encryption operation would form a group, and encrypting a set of plaintext blocks with K1 followed by K2 would be identical to encrypting the blocks with K3. Even worse, DES would be vulnerable to a meetinthemiddle knownplaintext attack that runs in only 228 steps [807]. If DES were pure, then for any K1 K2 and K3 there would always be a K4 such that EK3(EK2(EK1(P))) = EK4(P) Triple encryption would be useless. (Note that a closed cipher is necessarily pure but a pure cipher is not necessarily closed.) An early theoretical paper by Don Coppersmith gave some hints, but it wasn’t enough [377]. Various cryptographers wrestled with this question [588,427,431,527,723,789]. Cycling experiments gathered “overwhelming evidence” that DES is not a group [807,371,808,1116,809], but it wasn’t until 1992 that cryptographers proved that DES is not a group [293]. Coppersmith said that the IBM team knew it all along. Key Length
IBM’s original submission to NBS had a 112b...
View
Full Document
 Fall '10
 ALIULGER
 Cryptography, Bruce Schneier, Applied Cryptography, EarthWeb, Search Search Tips

Click to edit the document details