Lecture 7 Notes;  April 14, 1997; Notetaker: Scott Miller

DES - Data Encryption Standard
------------------------------

IDEA - cipher following DES correcting some of its problems

Initially IBM created Lucifer
 NSA dropped the key from 128 to 64 bits and claimed it was a good cipher

Takes 64 bits in, ouputs 64 bits
 Key is effectively 56 bits

- is a product cipher - does transposition and substitution
- is a round cipher - algorithm is iterative, run with 16 different keys
created from the initial 56 bit key.

----------------------------------------
Figure on page 16 of the DES handout...

Figure on page 8   

Figure on page 11 
----------------------------------------

Attacks against DES
 Complementation property - letter following DES is the key
  DESk(M) = C
  DESe(M') = C'

 Some keys are their own inverses - 4 of them where
  DESo(M) = C
  DESo(C) = M

Double Encipherment gives you nothing  
 for keys k1, k2 there is some k3 such that
  DESk2(DESk1(M)) = C is equivalent to
  DESk3(M) = C

Analysis of DES using Differential Cryptanalysis
  Having 16 rounds made this technique basically unusable
  - insight on the NSA's decision...

Modes of DES
  - cypherblock chaining
     link messages xor'd with previous cipher text

  - triple DES (common)
    1) 3 key-triple enciphering
    2) EDE mode
      DESk1(DES^-1k2(DESk3(M)))