1994-06-16 - Re: DES w/ variable S-boxes
Header Data
From: Ben.Goren@asu.edu
To: Rick Busdiecker <rfb@lehman.com>
Message Hash: 1877f44d277f86c8029464a6310363bbffeb9c2b318351ed2c0cda9465fff7c9
Message ID: <9406161609.AA01225@Tux.Music.ASU.Edu>
Reply To: N/A
UTC Datetime: 1994-06-16 16:09:30 UTC
Raw Date: Thu, 16 Jun 94 09:09:30 PDT
Raw message
From: Ben.Goren@asu.edu
Date: Thu, 16 Jun 94 09:09:30 PDT
To: Rick Busdiecker <rfb@lehman.com>
Subject: Re: DES w/ variable S-boxes
Message-ID: <9406161609.AA01225@Tux.Music.ASU.Edu>
MIME-Version: 1.0
Content-Type: text/plain
At 10:32 PM 6/15/94 -0400, Rick Busdiecker wrote:
> Date: Wed, 15 Jun 1994 17:32:24 -0700
> From: Ben.Goren@asu.edu
>
> Are there any implementations of DES-variants that use variable S-boxes?
>
>Well, if you don't use the DES S-boxes then it isn't DES :-)
Well...yeah....
>Variable boxes tend to weaken DES. The DES S-boxes were chosen to
>make differential cryptanalysis difficult. Random S-boxes don't tend
>to have this desirable property.
Perhaps I should clarify: not DES with randomly-chosen fixed S-boxes; I'm
well aware that those that DES uses are the best for differential
cryptanalysis.
However, as Bruce Schneier points out (p. 242), *variable* S-boxes make
differential cryptanalysis impossilbe, as such an adaptive plaintext attack
relies on knowledge of the composition of the S-boxes. If the boxes and
their contents change with both keys used and plaintext--probably with the
help of a strong RNG--then the only way such an attack could work would be
by first figuring out what causes the changes in the S-boxes; in that case,
the attack is probably already finished, by other means. Perhaps, even, the
S-boxes could change with so many chunks of text--again, variable, of
course.
Most, if not all, of the actual S-box designs used would be much weaker
than the original design of DES for differential cryptanalysis. However,
each different plaintext (and key) would use different s-boxes, so that
particular attack isn't possible.
So, I guess part of my question should be, does this open up other attacks?
Or, for that matter, am I completely wrong? And, like I said before, has
this been done?
>Use IDEA.
Certainly, until there's something better. I'm just hoping this might be,
or that I can learn more along the way.
> Rick
And thanks to Bill and Lyman, who also responded similarly.
b&
PS Hopefully, I'll learn to check the Cc: line more carefully in the
future. Apologies again for the noise. b&
--
Ben.Goren@asu.edu, Arizona State University School of Music
net.proselytizing (write for info): Protect your privacy; oppose Clipper.
Voice concern over proposed Internet pricing schemes. Stamp out spamming.
Finger ben@tux.music.asu.edu for PGP 2.3a public key.
Thread
Return to June 1994
Return to “Ben.Goren@asu.edu”
1994-06-16 (Thu, 16 Jun 94 09:09:30 PDT) - Re: DES w/ variable S-boxes - Ben.Goren@asu.edu