Abstract
Differential, linear and improved Davies' attacks are capable of breaking DES faster than exhaustive search, but are usually impractical due to enormous amounts of data required. In [20] Wiener designed a million dollar special purpose computer capable of breaking DES in 3.5 hours in average by exhaustive search. In this paper we describe methods of strengthening DES against exhaustive search, differential attacks, linear attacks and improved Davies' attacks that can be applied on existing DES hardware. We use the fact that there are DES chips in the market that permit replacement of the S-boxes. We introduce the concept of key-dependent invariant S-box transformations. Differential and linear properties of the cipher are invariant under these transformations. We show how to expand the key using such transformations. Possible reorderings of S-boxes are discussed; we present orders of the original DES S-boxes which are slightly stronger than the standard order of S-boxes. Finally we suggest a concrete scheme to strengthen DES which uses the methods described above. This modified DES can be used with existing DES hardware and is much stronger than the standard DES.
This is a preview of subscription content, log in via an institution to check access.
Preview
Unable to display preview. Download preview PDF.
Abbreviations
- nb :
-
A binary number ra is denoted with the subscript b (e.g. 110000b = 48)
- nx :
-
A hexadecimal number n is denoted with the subscript x (e.g. 10x = 16)
- EK(P):
-
The encryption of 64-bit plaintext block P under the key K
- Kd :
-
A 56-bit subkey (of our scheme) which is entered to the (original) DES key scheduling algorithm
- Ki:
-
The i-th round 48-bit subkey of K d
- E(·):
-
The expansion operation of DES.
References
Thomas A. Berson, Long key variants of DES, Advances in Cryptology, Proceedings of CRYPTO'82, pp. 311–313, 1982.
Eli Biham, Adi Shamir, Differential Cryptanalysis of the Data Encryption Standard, Springer-Verlag, 1993.
Eli Biham, Alex Biryukov, An Improvement of Davies' Attack on DES, Proceedings of EUROCRYPT'94, to appear.
Eli Biham, Alex Biryukov, Uwe Blöcher, Markus Dichtl, Modifications of DES and their Effect on Differential and Linear Cryptanalysis, unpublished paper, 1994.
Ishai Ben-Aroya, Eli Biham, A Systematic Method to Find Characteristics, unpublished paper, 1993.
Don Coppersmith, The Data Encryption Standard (DES) and its Strength Against Attacks, IBM Journal of Research and Development, Vol. 38, No. 3, pp. 243–250, May 1994.
D.W. Davies, Some Regular Properties of the’ Data Encryption Standard’ Algorithm, Advances in Cryptology, Proceedings of CRYPTO'82, pp. 89–96, 1982.
D.W. Davies, Investigation of a Potential Weakness in the DES Algorithm, private communications, 1987.
Whitfield Diffie, Martin Hellman, Exhaustive Cryptanalysis of the NBS Data Encryption Standard, IEEE Computer, Vol. 10, No. 6, pp. 74–84, June 1977.
M. Hellman, R. Merkle, R. Schroeppel, L. Washington, W. Diffie, S. Pohlig, P. Schweitzer, Results of an Initial Attempt to Cryptanalyze the NBS Data Encryption Standard, Information Systems Laboratory Report, Stanford University, November 1976.
Kwangjo Kim, Sangjun Park, Sangjin Lee, Reconstruction of s 2 DES S-boxes and their Immunity to Differential Cryptanalysis, Proceedings of JW-ISC93 — Korea-Japan Joint Workshop on Information Security and Cryptology, Seoul, Korea, October 24–26, 1993.
Lars Knudsen, An Analysis of Kim, Park and Lee's DES-like S-boxes, private communication, June 1993.
Lars Knudsen, On the Design of Secure Block Ciphers, Fast Software Encryption, Proceedings of Cambridge security workshop, pp. 9–11, December 1993.
Mitsuru Matsui, Linear Cryptanalysis Method for DES Cipher, Proceedings of EUROCRYPT'93, pp. 386–397, 1993.
Mitsuru Matsui, On Correlation Between the Order of S-boxes and the Strength of DES, Proceedings of EUROCRYPT'94, to appear.
Ralph C. Merkle, Fast Software Encryption Functions, Lecture Notes in Computer Science, Advances in Cryptology, Proceedings of CRYPTO'90, pp. 476–501, 1990.
National Bureau of Standards, Data Encryption Standard, Federal Information Processing Standards Publication 46, January 1977.
SuperCrypt, High Speed Cryptographic Data Security Element, Preliminary Data Sheet.
J.-J. Quisquater, Y. Desmedt, M. Davio, The Importance of’ Good’ Key Scheduling Schemes, Proceedings of CRYPTO'85, pp. 537–542, 1985.
M. J. Wiener, Efficient DES Key Search, technical report TR-244, School of Computer Science, Carleton University, Ottawa, Canada, May 1994. Presented at the Rump session of CRYPTO'93, August 1993.
Author information
Authors and Affiliations
Editor information
Rights and permissions
Copyright information
© 1995 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Biham, E., Biryukov, A. (1995). How to strengthen DES using existing hardware. In: Pieprzyk, J., Safavi-Naini, R. (eds) Advances in Cryptology — ASIACRYPT'94. ASIACRYPT 1994. Lecture Notes in Computer Science, vol 917. Springer, Berlin, Heidelberg. https://doi.org/10.1007/BFb0000451
Download citation
DOI: https://doi.org/10.1007/BFb0000451
Published:
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-59339-3
Online ISBN: 978-3-540-49236-8
eBook Packages: Springer Book Archive