From: wcs@anchor.ho.att.com (bill.stewart@pleasantonca.ncr.com +1-510-484-6204)
To: rubin@citi.umich.edu
Message Hash: 906ef6ff464346e75c260d458cbdc474d3839ec521d04ed9b98b6a8d348763ae
Message ID: <9402120503.AA27541@anchor.ho.att.com>
Reply To: N/A
UTC Datetime: 1994-02-12 05:10:40 UTC
Raw Date: Fri, 11 Feb 94 21:10:40 PST
From: wcs@anchor.ho.att.com (bill.stewart@pleasantonca.ncr.com +1-510-484-6204)
Date: Fri, 11 Feb 94 21:10:40 PST
To: rubin@citi.umich.edu
Subject: Re: Nx2 DES Found Weak
Message-ID: <9402120503.AA27541@anchor.ho.att.com>
MIME-Version: 1.0
Content-Type: text/plain
> How is this different from a birthday attack ?
In Nx2 DES, you have A -k1-> B -k2-> C .
In a birthday attack, you try values of k1' and k2' until you get k1', k2' s.t.
E(A,k1') = B' = D(C,k2')
but that's only true for that particular plaintext set A,C.
If you have B' = the same value of B that the original k1,k2 produced, you win,
but there may be many other values of B' besides the one for k1'=k1, k2'=k2.
Return to February 1994
Return to “wcs@anchor.ho.att.com (bill.stewart@pleasantonca.ncr.com +1-510-484-6204)”
1994-02-12 (Fri, 11 Feb 94 21:10:40 PST) - Re: Nx2 DES Found Weak - wcs@anchor.ho.att.com (bill.stewart@pleasantonca.ncr.com +1-510-484-6204)