[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Monitor radiation overlooking.
Excerpts from internet.cypherpunks: 15-Oct-93 Monitor radiation
overlooking. Victor A. [email protected] (1286)
> Some words about DES - I spoke with one cryptoanalisyst from
> KGB and he sow, that for number crypto algotitm c(key, text)
> (key is keyLength tall) present f(key, text), that for all
> key1 and key2 present key with length keyLength, that
> c(key2, c(key1, text))==f(key, text).
> He also say, that now present f() for c()=des(), more f() wery
> like des().
> That`s why for decrypting of des(k1, des(k2, ... des(kN, text) ... ))
> we must try 2^56 keys with spetial function.
I had a little trouble with the English, but I think I followed the
math. I believe Victor's KGB friend is claiming that DES is a group.
Victor, does the following text contradict your claim?
From the Crypto FAQ:
Excerpts from netnews.sci.crypt: 4-Oct-93 Cryptography FAQ (05/10: Pr..
[email protected] (20767)
> The security of multiple encipherment also depends on the
> group-theoretic properties of a cipher. Multiple encipherment is an
> extension over single encipherment if for keys K1, K2 there does
> not exist a third key K3 such that
> E_K2(E_K1(X)) == E_(K3)(X) (**)
> which indicates that encrypting twice with two independent keys
> K1, K2 is equal to a single encryption under the third key K3. If
> for every K1, K2 there exists a K3 such that eq. (**) is true then
> we say that E is a group.
> This question of whether DES is a group under this definition was
> extensively studied by Sherman, Kaliski, and Rivest [SHE88]. In their
> paper they give strong evidence for the hypothesis that DES is not a
> group. In fact DES is not a group [CAM93].
> [CAM93] K. W. Campbell, M. J. Wiener, Proof the DES is Not a Group. In
> Proceedings of CRYPTO '92, 1993.
> [SHE88] B. Kaliski, R. Rivest, A. Sherman, Is the Data Encryption
> Standard a Group. Journal of Cryptology, vol. 1, #1,
> 1--36, 1988.