1993-10-12 - Re: Breaking DES

Header Data

From: smb@research.att.com
To: an41418@anon.penet.fi
Message Hash: d5bd7c05e5aa14e274c45d61e7ebe27c16e664a3aca1d037c6c6cb9a0d5871c8
Message ID: <9310120012.AA21398@toad.com>
Reply To: N/A
UTC Datetime: 1993-10-12 00:16:42 UTC
Raw Date: Mon, 11 Oct 93 17:16:42 PDT

Raw message

From: smb@research.att.com
Date: Mon, 11 Oct 93 17:16:42 PDT
To: an41418@anon.penet.fi
Subject: Re: Breaking DES
Message-ID: <9310120012.AA21398@toad.com>
MIME-Version: 1.0
Content-Type: text/plain


	  My understanding of how an exhaustive search on the key space
	  can be used to break DES is that for every key, K, D(K,Cipher)
	  is applied until the output matches something legible.

	  Say that some random string, to be thrown out, is added
	  to the beginning of the plain text, and that DES is applied
	  in cbc mode, then how could such an attack work?

	  My point, I don't see how DES can be broken if the initial
	  block is a grabage block, and cipher block chaining is used.
	  Please enlighten me (gently).

The decryption equation for CBC mode is

	P[n] <- D(C[n]) ^ C[n-1]

In other words, decrypt the current ciphertext block, and XOR with the
previous ciphertext block.  Note carefully: the previous ciphertext
block.  That implies that you can start at any point in the string
and do your decryption.  You don't have to know the plaintext of the
previous block to proceed, which is what you're implying.

The property of CBC mode is related to its error propagation character-
istics, which are important in some environment.  Suppose that ciphertext
block C[n] is garbled, either by a bird sitting on a phone line or by
hostile action.  That will garble two blocks of output:  P[n] and P[n+1].
(Derivation is left as an exercise for the reader.)  But P[n+2] will
be decrypted properly, since it depends on P[n+1] and P[n+2].  (N.B.
I'm deliberately ignoring insertion/deletion errors.  If those are a
concern, use CFB mode.)

In accordance with my usual habits, I'll cite an excellent reference
on how to use cipher systems, and what the properties of the different
encryption modes are:

	@book{daviesprice,
	   author = {Donald W. Davies and Wyn L. Price},
	   edition = {second},
	   publisher = {John Wiley \& Sons},
	   title = {Security for Computer Networks},
	   year = {1989}
	}

Bruce Schneier's excellent book ``APPLIED CRYPTOGRAPHY: PROTOCOLS, ALGORITHMS,
AND SOURCE CODE IN C'' is due out next month; it covers this, too.  (I'll
forbear to cite my own book till it's nearer completion...)





Thread