DES is not a Group
We prove that the set of DES permutations (encryption and decryption for each DES key) is not closed under functional composition. This implies that, in general, multiple DES-encryption is not equivalent to single DES-encryption, and that DES is not susceptible to a particular known-plaintext attack which requires, on average, 228 steps. We also show that the size of the subgroup generated by the set of DES permutations is greater than 102499, which is too large for potential attacks on DES which would exploit a small subgroup.
- D. Coppersmith, “In Defense of DES”, personal communication, July 1992 (This work was also described briefly in a posting to sci.crypt on Usenet News, 1992 May 18).
- D. Coppersmith, “The Real Reason for Rivest’s Phenomenon”, Advances in Cryptology-Crypto’ 85 Proceedings, Springer-Verlag, New York, pp. 535–536.
- Data Encryption Standard, Federal Information Processing Standards Publication 46, National Bureau of Standards, U.S. Department of Commerce, Washington, DC (1977 Jan. 15).
- Kaliski, B.S., Rivest, R.L., Sherman, A.T. (1988) Is the Data Encryption Standard a Group? (Results of Cycling Experiments on DES). Journal of Cryptology 1: pp. 3-36 CrossRef
- J.H. Moore and G.J. Simmons, “Cycle Structure of the DES with Weak and Semi-weak Keys”, Advances in Cryptology-Crypto’ 86 Proceedings, Springer-Verlag, New York, pp. 9–32.
- H. Morita, K. Ohta, and S. Miyaguchi, “A Switching Closure Test to Analyze Cryptosystems”, Advances in Cryptology-Crypto’ 91 Proceedings, Springer-Verlag, New York, pp. 183–193.
- J.-J. Quisquater and J.-P. Delescaille, “How easy is collision search? Application to DES”, Advances in Cryptology-Eurocrypt 89 Proceedings, Springer-Verlag, New York, pp. 429–434.
- J.-J. Quisquater and J.-P. Delescaille, “How easy is collision search. New results and applications to DES”, Advances in Cryptology-Crypto’ 89 Proceedings, Springer-Verlag, New York, pp. 408–413.
- Sedgewick, R., Szymanski, T.G., Yao, A.C. (1982) The complexity of finding cycles in periodic functions. Siam Journal on Computing 11: pp. 376-390 CrossRef
- DES is not a Group
- Book Title
- Advances in Cryptology — CRYPTO’ 92
- Book Subtitle
- 12th Annual International Cryptology Conference Santa Barbara, California, USA August 16–20, 1992 Proceedings
- Book Part
- Session XII:
- pp 512-520
- Print ISBN
- Online ISBN
- Series Title
- Lecture Notes in Computer Science
- Series Volume
- Series ISSN
- Springer Berlin Heidelberg
- Copyright Holder
- Springer-Verlag Berlin Heidelberg
- Additional Links
- Industry Sectors
- eBook Packages
To view the rest of this content please follow the download PDF link above.