This preview shows page 1. Sign up to view the full content.
Unformatted text preview: 28457 Publication Date: 01/01/96 Search this book:
Go! Previous Table of Contents Next
 RDES
RDES is a variant that replaces swapping the left and right halves at the end of each round with a keydependent swap [893]. The swappings are fixed, depending solely on the key. This means that the 15 keydependent swaps occur with 215 possible instances, and that the variant is not resistant to differential cryptanalysis [816,894,112]. RDES has a large number of weak keys. In fact, almost every key is weaker than a typical DES key. This variant should not be used. A better idea is to swap only within the right half, at the beginning of each round. Another better idea is to make the swapping dependent on the input data and not a static function of the key. There are a number of possible variants [813,815]. In RDES1, there is a datadependent swap of the 16bit words at the beginning of each round. In RDES2, there is a datadependent swap of the bytes at the beginning of each round after the 16bit swappings as in RDES1. And so on through RDES4. RDES1 is secure against both differential cryptanalysis [815] and linear cryptanalysis [1136]. Presumably RDES2 and greater are as well. Table 12.15 Differential Cryptanalysis Attacks against DES Variants Modified Operation Full DES (no modification) P permutation Identity permutation Order of Sboxes Chosen Plaintexts 247 Cannot strengthen 219 238 Replace XORs by additions Sboxes: Random Random permutations One entry Uniform tables Elimination of the E Expansion Order of E and subkey XOR GDES (width q = 8): 16 rounds 64 rounds 239, 231 218–220 233–241 233 226 226 244 6, 16 249 (independent key) sn DES A group of Korean researchers, led by Kwangjo Kim, has attempted to find a set of Sboxes that are optimally secure against both linear and differential cryptanalysis. Their first attempt, known as s2DES, was presented in [834] and shown to be worse than DES against differential cryptanalysis in [855,858]. Their next attempt...
View
Full
Document
This note was uploaded on 10/18/2010 for the course MATH CS 301 taught by Professor Aliulger during the Fall '10 term at Koç University.
 Fall '10
 ALIULGER
 Cryptography

Click to edit the document details