From: Rolf Michelsen <Rolf.Michelsen@delab.sintef.no>
Date: Thu, 26 May 94 23:53:56 PDT
To: Matt Blaze <mab@crypto.com>
Subject: Re: dispersed DES
In-Reply-To: <9405261559.AA25189@crypto.com>
Message-ID: <Pine.3.88.9405270838.B23228-0100000@svme.er.sintef.no>
MIME-Version: 1.0
Content-Type: text/plain


On Thu, 26 May 1994, Matt Blaze wrote:

> Assuming the 4 bytes really are unpredictable, and assuming you deal with
> both "ends" of the stream, there doesn't seem to be an *obvious* attack
> that allows independent search for each of the 2 or 3 des keys.  There
> was a paper in Eurocrypt this year (that I haven't seen yet) that
> discusses some not-so-obvious properties of multi-cipher modes that may
> reveal another attack, however.

This was probably Eli Biham's talk during the rump session titled 
"Cryptanalysis of multiple modes of operation".  His conclusions were 
basically that you should use the "traditional" triple DES -- other 
variants had a nasty habit of being *very* vulnerable to diff cryptanalysis.

-- Rolf



----------------------------------------------------------------------
Rolf Michelsen                           "Standards are wonderful --     
Email: rolf.michelsen@delab.sintef.no      everyone should have one"
Phone: +47 73 59 87 33                       -- Ancient FORTH proverb
----------------------------------------------------------------------