[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: DES w/ variable S-boxes
At 10:32 PM 6/15/94 -0400, Rick Busdiecker wrote:
> Date: Wed, 15 Jun 1994 17:32:24 -0700
> From: [email protected]
>
> Are there any implementations of DES-variants that use variable S-boxes?
>
>Well, if you don't use the DES S-boxes then it isn't DES :-)
Well...yeah....
>Variable boxes tend to weaken DES. The DES S-boxes were chosen to
>make differential cryptanalysis difficult. Random S-boxes don't tend
>to have this desirable property.
Perhaps I should clarify: not DES with randomly-chosen fixed S-boxes; I'm
well aware that those that DES uses are the best for differential
cryptanalysis.
However, as Bruce Schneier points out (p. 242), *variable* S-boxes make
differential cryptanalysis impossilbe, as such an adaptive plaintext attack
relies on knowledge of the composition of the S-boxes. If the boxes and
their contents change with both keys used and plaintext--probably with the
help of a strong RNG--then the only way such an attack could work would be
by first figuring out what causes the changes in the S-boxes; in that case,
the attack is probably already finished, by other means. Perhaps, even, the
S-boxes could change with so many chunks of text--again, variable, of
course.
Most, if not all, of the actual S-box designs used would be much weaker
than the original design of DES for differential cryptanalysis. However,
each different plaintext (and key) would use different s-boxes, so that
particular attack isn't possible.
So, I guess part of my question should be, does this open up other attacks?
Or, for that matter, am I completely wrong? And, like I said before, has
this been done?
>Use IDEA.
Certainly, until there's something better. I'm just hoping this might be,
or that I can learn more along the way.
> Rick
And thanks to Bill and Lyman, who also responded similarly.
b&
PS Hopefully, I'll learn to check the Cc: line more carefully in the
future. Apologies again for the noise. b&
--
[email protected], Arizona State University School of Music
net.proselytizing (write for info): Protect your privacy; oppose Clipper.
Voice concern over proposed Internet pricing schemes. Stamp out spamming.
Finger [email protected] for PGP 2.3a public key.