DES
From CryptoLounge
Contents |
Algorithm Type: Block Cipher
- Designers:
- Published in: 1977
- Standards: FIPS 46 (1977), FIPS 46-3 (1999)
- Cryptanalysis status: Broken
Key Lengths
- Valid key lengths: 56 bits
Block Size
- Fixed Block Size: 8 bytes
Links
Papers About This Algorithm
| Title | Published in | Proposed | Defined | Analyzed | Wounded | Broken |
|---|---|---|---|---|---|---|
| FIPS 46 | 1977 | DES | ||||
| The First Experimental Cryptanalysis of the Data Encryption Standard | 1994 | DES | DES | |||
| FIPS 46-3 | 1999 | DES TDES |
Algorithm
Introduction
DES is a symmetric-key block cipher based in sexteen Feistel rounds created by IBM. Its design resembles Lucifer, created by Horst Feistel of IBM. Cryptanalysis in DES was very explored since its approval in 1977, and it is now broken, but since then, several sucessors with improved security were designed, with TDES (or triple DES), DES-X and LOKI89 being the best known. Although the DES algorithm was broken, it is useful to other cryptographic methods, such as TDES, which is calculated using three iterated calculations of DES with different keys.
History
On 15 May 1973, the NBS (National Bureau of Standards, now named NIST), after consulting with the NSA, solicited proposals for a new cipher that would meet some rigorous criteria. None of the submissions, however, were suitable. A second request was issued in August 1974. At this time, IBM submitted a cipher which was acceptable, based on Horst Feistel's Lucifer cipher. This cipher was accepted as the DES and the standard FIPS 46 was created in 1977 defining the algorithm. When DES was published in the Federal Register, in March 1975, public comments were requested, and there was some criticism from various parties. In these comments, Martin Hellman and Whitfield Diffie, citing the shortened key length and the S-boxes as evidence of improper interference from the NSA. The suspiction was that the algorithm had been weakened by the agency so that they - but only they - could easily read the encrypted messages.
In 1990, Adi Shamir and Biham discovered the differential cryptanalysis, but it needed unrealistic 247 chosen plaintexts to break DES, showing that the DES S-boxes were strongly optimized against the method, proving that the IBM and NSA really knew about the method before the DES creation and kept it secret. According to Steven Levy, IBM discovered differential cryptanalysis in 1974 and was asked by the NSA to keep the method secret because it can be used against many schemes and could adversely affect national security. In 1993 (3), Mitsuru Matsui discovered the linear cryptanalysis, which needs 243 known plaintexts to break 16-round DES cipher and in 1994 the first experimental cryptanalysis was reported using this method. Since then the method was somewhat improved and the attacks to DES became even more simpler, and now multiple linear cryptanalysis need at most 241 plaintexts (4).
References
- (1) Savard's DES page
- (2) FIPS 46-3 (DES)
- (3) Linear Cryptanalysis for DES cipher
- (4) Multiple Linear Approximations
| Relations to other articles | |
|---|---|
| Algorithm type | Block Cipher + |
| Attribute values | |
| Min key length | 7 byte (56 bit) + |
| Max key length | 7 byte (56 bit) + |
| Key length multiple | 0.125 byte (1 bit) + |
| Valid key length | 7 byte (56 bit) + |
| Valid block size | 8 byte (64 bit) + |
| Min block size | 8 byte (64 bit) + |
| Max block size | 8 byte (64 bit) + |
| Wikipedia entry | http://en.wikipedia.org/wiki/Data_Encryption_Standard + |
