1993-10-15 - Re: Monitor radiation overlooking.

Header Data

From: Lyle_Seaman@transarc.com
To: cypherpunks@toad.com
Message Hash: 870feb0489f33b7a125572309ffe3ac66ad2d034dc2760748b2fa5eca4d47c4f
Message ID: <4gjf9GqSMUgEIMznwj@transarc.com>
Reply To: <AA4Gdli8H0@rd.relcom.msk.su>
UTC Datetime: 1993-10-15 14:27:08 UTC
Raw Date: Fri, 15 Oct 93 07:27:08 PDT

Raw message

From: Lyle_Seaman@transarc.com
Date: Fri, 15 Oct 93 07:27:08 PDT
To: cypherpunks@toad.com
Subject: Re: Monitor radiation overlooking.
In-Reply-To: <AA4Gdli8H0@rd.relcom.msk.su>
Message-ID: <4gjf9GqSMUgEIMznwj@transarc.com>
MIME-Version: 1.0
Content-Type: text/plain


Excerpts from internet.cypherpunks: 15-Oct-93 Monitor radiation
overlooking. Victor A. Borisov@rd.rel (1286)

> Some words about DES - I spoke with one cryptoanalisyst from
> KGB and he sow, that for number crypto algotitm c(key, text)
> (key is keyLength tall) present f(key, text), that for all
> key1 and key2 present key with length keyLength, that
> c(key2, c(key1, text))==f(key, text).

> He also say, that now present f() for c()=des(), more f() wery
> like des().

> That`s why for decrypting of des(k1, des(k2, ... des(kN, text) ... ))
> we must try 2^56 keys with spetial function.


I had a little trouble with the English, but I think I followed the
math.  I believe Victor's KGB friend is claiming that DES is a group. 
Victor, does the following text contradict your claim?

From the Crypto FAQ:
Excerpts from netnews.sci.crypt: 4-Oct-93 Cryptography FAQ (05/10: Pr..
crypt-comments@math.ncsu (20767)

>   The security of multiple encipherment also depends on the
>   group-theoretic properties of a cipher. Multiple encipherment is an
>   extension over single encipherment if for keys K1, K2 there does
>   not exist a third key K3 such that

>   E_K2(E_K1(X)) == E_(K3)(X)                (**)

>   which indicates that encrypting twice with two independent keys
>   K1, K2 is equal to a single encryption under the third key K3. If
>   for every K1, K2 there exists a K3 such that eq. (**) is true then
>   we say that E is a group.

>   This question of whether DES is a group under this definition was
> extensively studied by Sherman, Kaliski, and Rivest [SHE88]. In their
> paper they give strong evidence for the hypothesis that DES is not a
> group. In fact DES is not a group [CAM93].

>   [CAM93] K. W. Campbell, M. J. Wiener, Proof the DES is Not a Group. In
> Proceedings of CRYPTO '92, 1993.

>   [SHE88] B. Kaliski, R. Rivest, A. Sherman, Is the Data Encryption
> Standard a Group. Journal of Cryptology, vol. 1, #1,
>           1--36, 1988.






Thread