Although its short key length of 56 bits makes it too insecure for applications, it has been highly influential in the advancement of cryptography. Developed in the early 1970s at IBM and based on an earlier design by Horst Feistel, the algorithm was submitted to the National Bureau of Standards (NBS) following the agency's invitation to propose a candidate for the protection of sensitive, unclassified electronic government data.

The S-boxes of DES were much more resistant to the attack than if they had been chosen at random, strongly suggesting that IBM knew about the technique in the 1970s.

In the 1970s there were very few cryptographers, except for those in military or intelligence organizations, and little academic study of cryptography.

The IBM 3624 later adopted a similar PIN verification system to the earlier Atalla system. On 15 May 1973, after consulting with the NSA, NBS solicited proposals for a cipher that would meet rigorous design criteria.

This time, IBM submitted a candidate which was deemed acceptable—a cipher developed during the period 1973–1974 based on an earlier algorithm, Horst Feistel's Lucifer cipher.

A second request was issued on 27 August 1974.

According to Steven Levy, IBM Watson researchers discovered differential cryptanalytic attacks in 1974 and were asked by the NSA to keep the technique secret.

The team at IBM involved in cipher design and analysis included Feistel, Walter Tuchman, Don Coppersmith, Alan Konheim, Carl Meyer, Mike Matyas, Roy Adler, Edna Grossman, Bill Notz, Lynn Smith, and Bryant Tuckerman. === NSA's involvement in the design === On 17 March 1975, the proposed DES was published in the Federal Register.

IBM Journal of Research and Development, 38(3), 243–250. Diffie, Whitfield and Martin Hellman, "Exhaustive Cryptanalysis of the NBS Data Encryption Standard" IEEE Computer 10(6), June 1977, pp74–84 Ehrsam and others., Product Block Cipher System for Data Security, , Filed February 24, 1975 Gilmore, John, "Cracking DES: Secrets of Encryption Research, Wiretap Politics and Chip Design", 1998, O'Reilly, . Junod, Pascal.

In 1976, after consultation with the National Security Agency (NSA), the NBS selected a slightly modified version (strengthened against differential cryptanalysis, but weakened against brute-force attacks), which was published as an official Federal Information Processing Standard (FIPS) for the United States in 1977. The publication of an NSA-approved encryption standard led to its quick international adoption and widespread academic scrutiny.

Bruce Schneier observed that "It took the academic community two decades to figure out that the NSA 'tweaks' actually improved the security of DES." === The algorithm as a standard === Despite the criticisms, DES was approved as a federal standard in November 1976, and published on 15 January 1977 as FIPS PUB 46, authorized for use on all unclassified data.

In 1976, after consultation with the National Security Agency (NSA), the NBS selected a slightly modified version (strengthened against differential cryptanalysis, but weakened against brute-force attacks), which was published as an official Federal Information Processing Standard (FIPS) for the United States in 1977. The publication of an NSA-approved encryption standard led to its quick international adoption and widespread academic scrutiny.

Bruce Schneier observed that "It took the academic community two decades to figure out that the NSA 'tweaks' actually improved the security of DES." === The algorithm as a standard === Despite the criticisms, DES was approved as a federal standard in November 1976, and published on 15 January 1977 as FIPS PUB 46, authorized for use on all unclassified data.

IBM Journal of Research and Development, 38(3), 243–250. Diffie, Whitfield and Martin Hellman, "Exhaustive Cryptanalysis of the NBS Data Encryption Standard" IEEE Computer 10(6), June 1977, pp74–84 Ehrsam and others., Product Block Cipher System for Data Security, , Filed February 24, 1975 Gilmore, John, "Cracking DES: Secrets of Encryption Research, Wiretap Politics and Chip Design", 1998, O'Reilly, . Junod, Pascal.

Department of Commerce, Washington D.C., January 1977. Christof Paar, Jan Pelzl, "The Data Encryption Standard (DES) and Alternatives", free online lectures on Chapter 3 of "Understanding Cryptography, A Textbook for Students and Practitioners".

In the unclassified summary of their findings, published in 1978, the Committee wrote: However, it also found that Another member of the DES team, Walter Tuchman, stated "We developed the DES algorithm entirely within IBM using IBMers.

It was subsequently reaffirmed as the standard in 1983, 1988 (revised as FIPS-46-1), 1993 (FIPS-46-2), and again in 1999 (FIPS-46-3), the latter prescribing "Triple DES" (see below).

It was subsequently reaffirmed as the standard in 1983, 1988 (revised as FIPS-46-1), 1993 (FIPS-46-2), and again in 1999 (FIPS-46-3), the latter prescribing "Triple DES" (see below).

The NSA did not dictate a single wire!" In contrast, a declassified NSA book on cryptologic history states: and Some of the suspicions about hidden weaknesses in the S-boxes were allayed in 1990, with the independent discovery and open publication by Eli Biham and Adi Shamir of differential cryptanalysis, a general method for breaking block ciphers.

CRYPTO 1992: pp512–520 Coppersmith, Don.

It was subsequently reaffirmed as the standard in 1983, 1988 (revised as FIPS-46-1), 1993 (FIPS-46-2), and again in 1999 (FIPS-46-3), the latter prescribing "Triple DES" (see below).

DES was designed to be resistant to DC. Linear cryptanalysis was discovered by Mitsuru Matsui, and needs 243 known plaintexts (Matsui, 1993); the method was implemented (Matsui, 1994), and was the first experimental cryptanalysis of DES to be reported.

Other finalists in the NIST AES competition included RC6, Serpent, MARS, and Twofish. == See also == Cracking the Data Encryption Standard DES supplementary material Skipjack (cipher) Triple DES == Notes == ==References== (preprint) Biham, Eli and Shamir, Adi, Differential Cryptanalysis of the Data Encryption Standard, Springer Verlag, 1993.

This was indeed the case; in 1994, Don Coppersmith published some of the original design criteria for the S-boxes.

DES was designed to be resistant to DC. Linear cryptanalysis was discovered by Mitsuru Matsui, and needs 243 known plaintexts (Matsui, 1993); the method was implemented (Matsui, 1994), and was the first experimental cryptanalysis of DES to be reported.

A generalization of LC—multiple linear cryptanalysis—was suggested in 1994 (Kaliski and Robshaw), and was further refined by Biryukov and others.

Such analysis gives an insight into how many rounds are needed for safety, and how much of a "security margin" the full version retains. Differential-linear cryptanalysis was proposed by Langford and Hellman in 1994, and combines differential and linear cryptanalysis into a single attack.

CRYPTO 1994: pp26–39 Knudsen, Lars, John Erik Mathiassen: A Chosen-Plaintext Linear Attack on DES.

CRYPTO 1994: 17–25 Levy, Steven, How the Code Rebels Beat the Government—Saving Privacy in the Digital Age, 2001, . National Bureau of Standards, Data Encryption Standard, FIPS-Pub.46.

GDES was a DES variant proposed as a way to speed up encryption, but it was shown to be susceptible to differential cryptanalysis. On January 2, 1997, NIST announced that they wished to choose a successor to DES.

IBM Journal of Research and Development, 38(3), 243–250. Diffie, Whitfield and Martin Hellman, "Exhaustive Cryptanalysis of the NBS Data Encryption Standard" IEEE Computer 10(6), June 1977, pp74–84 Ehrsam and others., Product Block Cipher System for Data Security, , Filed February 24, 1975 Gilmore, John, "Cracking DES: Secrets of Encryption Research, Wiretap Politics and Chip Design", 1998, O'Reilly, . Junod, Pascal.

In January 1999, distributed.net and the Electronic Frontier Foundation collaborated to publicly break a DES key in 22 hours and 15 minutes (see chronology).

A similar reduction in data complexity can be obtained in a chosen-plaintext variant of linear cryptanalysis (Knudsen and Mathiassen, 2000).

Fast Software Encryption - FSE 2000: pp262–272 Langford, Susan K., Martin E.

In 2001, after an international competition, NIST selected a new cipher, the Advanced Encryption Standard (AES), as a replacement.

"On the Complexity of Matsui's Attack." Selected Areas in Cryptography, 2001, pp199–211. Kaliski, Burton S., Matt Robshaw: Linear Cryptanalysis Using Multiple Approximations.

CRYPTO 1994: 17–25 Levy, Steven, How the Code Rebels Beat the Government—Saving Privacy in the Digital Age, 2001, . National Bureau of Standards, Data Encryption Standard, FIPS-Pub.46.

On 26 May 2002, DES was finally superseded by the Advanced Encryption Standard (AES), following a public competition.

An enhanced version of the attack can break 9-round DES with 215.8 chosen plaintexts and has a 229.2 time complexity (Biham and others, 2002). === Minor cryptanalytic properties === DES exhibits the complementation property, namely that E_K(P)=C \iff E_{\overline{K}}(\overline{P})=\overline{C} where \overline{x} is the bitwise complement of x.

ASIACRYPT 2002: pp254–266 Biham, Eli: A Fast New DES Implementation in Software Cracking DES: Secrets of Encryption Research, Wiretap Politics, and Chip Design, Electronic Frontier Foundation (preprint). Campbell, Keith W., Michael J.

Springer, 2009. ==External links== FIPS 46-3: The official document describing the DES standard (PDF) COPACOBANA, a $10,000 DES cracker based on FPGAs by the Universities of Bochum and Kiel DES step-by-step presentation and reliable message encoding application A Fast New DES Implementation in Software - Biham On Multiple Linear Approximations RFC4772 : Security Implications of Using the Data Encryption Standard (DES) Broken block ciphers

All text is taken from Wikipedia. Text is available under the Creative Commons Attribution-ShareAlike License .

Page generated on 2021-08-05