DES is not a Group

  • Keith W. Campbell
  • Michael J. Wiener
Conference paper

DOI: 10.1007/3-540-48071-4_36

Part of the Lecture Notes in Computer Science book series (LNCS, volume 740)
Cite this paper as:
Campbell K.W., Wiener M.J. (1993) DES is not a Group. In: Brickell E.F. (eds) Advances in Cryptology — CRYPTO’ 92. CRYPTO 1992. Lecture Notes in Computer Science, vol 740. Springer, Berlin, Heidelberg


We prove that the set of DES permutations (encryption and decryption for each DES key) is not closed under functional composition. This implies that, in general, multiple DES-encryption is not equivalent to single DES-encryption, and that DES is not susceptible to a particular known-plaintext attack which requires, on average, 228 steps. We also show that the size of the subgroup generated by the set of DES permutations is greater than 102499, which is too large for potential attacks on DES which would exploit a small subgroup.

Download to read the full conference paper text

Copyright information

© Springer-Verlag Berlin Heidelberg 1993

Authors and Affiliations

  • Keith W. Campbell
    • 1
  • Michael J. Wiener
    • 1
  1. 1.Bell-Northern ResearchOttawaCanada

Personalised recommendations