[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: DES w/ variable S-boxes



At 10:32 PM 6/15/94 -0400, Rick Busdiecker wrote:
>    Date: Wed, 15 Jun 1994 17:32:24 -0700
>    From: [email protected]
>
>    Are there any implementations of DES-variants that use variable S-boxes?
>
>Well, if you don't use the DES S-boxes then it isn't DES :-)

Well...yeah....

>Variable boxes tend to weaken DES.  The DES S-boxes were chosen to
>make differential cryptanalysis difficult.  Random S-boxes don't tend
>to have this desirable property.

Perhaps I should clarify: not DES with randomly-chosen fixed S-boxes; I'm
well aware that those that DES uses are the best for differential
cryptanalysis.

However, as Bruce Schneier points out (p. 242), *variable* S-boxes make
differential cryptanalysis impossilbe, as such an adaptive plaintext attack
relies on knowledge of the composition of the S-boxes. If the boxes and
their contents change with both keys used and plaintext--probably with the
help of a strong RNG--then the only way such an attack could work would be
by first figuring out what causes the changes in the S-boxes; in that case,
the attack is probably already finished, by other means. Perhaps, even, the
S-boxes could change with so many chunks of text--again, variable, of
course.

Most, if not all, of the actual S-box designs used would be much weaker
than the original design of DES for differential cryptanalysis. However,
each different plaintext (and key) would use different s-boxes, so that
particular attack isn't possible.

So, I guess part of my question should be, does this open up other attacks?
Or, for that matter, am I completely wrong? And, like I said before, has
this been done?

>Use IDEA.

Certainly, until there's something better. I'm just hoping this might be,
or that I can learn more along the way.

>                        Rick

And thanks to Bill and Lyman, who also responded similarly.

b&

PS Hopefully, I'll learn to check the Cc: line more carefully in the
future. Apologies again for the noise. b&

--
[email protected], Arizona State University School of Music
 net.proselytizing (write for info): Protect your privacy; oppose Clipper.
 Voice concern over proposed Internet pricing schemes. Stamp out spamming.
 Finger [email protected] for PGP 2.3a public key.