applied cryptography - protocols, algorithms, and source code in c

Applied cryptography protocols algorithms and source code in c

This preview shows page 1. Sign up to view the full content.

This is the end of the preview. Sign up to access the rest of the document.

Unformatted text preview: 28457 Publication Date: 01/01/96 Search this book: Go! Previous Table of Contents Next ----------- RDES RDES is a variant that replaces swapping the left and right halves at the end of each round with a key-dependent swap [893]. The swappings are fixed, depending solely on the key. This means that the 15 key-dependent swaps occur with 215 possible instances, and that the variant is not resistant to differential cryptanalysis [816,894,112]. RDES has a large number of weak keys. In fact, almost every key is weaker than a typical DES key. This variant should not be used. A better idea is to swap only within the right half, at the beginning of each round. Another better idea is to make the swapping dependent on the input data and not a static function of the key. There are a number of possible variants [813,815]. In RDES-1, there is a data-dependent swap of the 16-bit words at the beginning of each round. In RDES-2, there is a data-dependent swap of the bytes at the beginning of each round after the 16-bit swappings as in RDES-1. And so on through RDES-4. RDES-1 is secure against both differential cryptanalysis [815] and linear cryptanalysis [1136]. Presumably RDES-2 and greater are as well. Table 12.15 Differential Cryptanalysis Attacks against DES Variants Modified Operation Full DES (no modification) P permutation Identity permutation Order of S-boxes Chosen Plaintexts 247 Cannot strengthen 219 238 Replace XORs by additions S-boxes: Random Random permutations One entry Uniform tables Elimination of the E Expansion Order of E and subkey XOR GDES (width q = 8): 16 rounds 64 rounds 239, 231 218–220 233–241 233 226 226 244 6, 16 249 (independent key) sn DES A group of Korean researchers, led by Kwangjo Kim, has attempted to find a set of S-boxes that are optimally secure against both linear and differential cryptanalysis. Their first attempt, known as s2DES, was presented in [834] and shown to be worse than DES against differential cryptanalysis in [855,858]. Their next attempt...
View Full Document

This note was uploaded on 10/18/2010 for the course MATH CS 301 taught by Professor Aliulger during the Fall '10 term at Koç University.

Ask a homework question - tutors are online