Is the data encryption standard a group? (Results of cycling experiments on DES) (Q1112006)

From MaRDI portal
Revision as of 15:00, 13 November 2024 by Daniel (talk | contribs) (‎Created claim: DBLP publication ID (P1635): journals/joc/KaliskiRS88, #quickstatements; #temporary_batch_1731505720702)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
scientific article
Language Label Description Also known as
English
Is the data encryption standard a group? (Results of cycling experiments on DES)
scientific article

    Statements

    Is the data encryption standard a group? (Results of cycling experiments on DES) (English)
    0 references
    0 references
    0 references
    0 references
    1988
    0 references
    DES defines an indexed set of permutations acting on the message space \(m=\{0,1\}^{64}\). There are \(M=2^{64}\) messages and \(K=2^{56}\) keys. In this paper two statistical tests are presented to determine whether (in whole generality) an indexed set of permutations acting on a finite message space forms a group under functional composition. If the set of permutations according to DES would be a group, or would satisfy some other algebraic closure properties, two well known methods to strengthen DES via multiple encryption would be equivalent to single encryption. As an even more drastic consequence of this assumption, DES would be vulnerable to a known-plaintext attack running in \(2^{28}\) steps (on the average). Several experiments with the tests confirm the a priori belief with high confidence, that DES doesn't form a group. The first test is a ``meet-in- the-middle'' algorithm based on the Birthday Paradox, and uses 0(\(\sqrt{K})\) time and space, where K is the size of the key space. The second test represents a new cycling algorithm that uses 0(\(\sqrt{K})\) time, but only a small constant amount of space. The tests yield known- plaintext attacks on any finite, deterministic cryptosystem that generates a small group, without using specific structural properties of the underlying set of permutations. The results are discussed in detail and a list of open questions about the algebraic structure of DES is included.
    0 references
    data encryption standard
    0 references
    finite permutation group
    0 references
    pure cipher
    0 references
    closed cipher
    0 references
    statistical tests
    0 references
    Birthday Paradox
    0 references
    0 references
    0 references
    0 references
    0 references
    0 references
    0 references
    0 references
    0 references
    0 references
    0 references
    0 references
    0 references
    0 references

    Identifiers