资源描述:
《DES is not a Group》由会员上传分享,免费在线阅读,更多相关内容在学术论文-天天文库。
1、DESisnotaGroupKeithW.CampbellandMichaelJ.WienerBell-NorthernResearch,P.O.Box3511StationC,Ottawa,Ontario,Canada,K1Y4H7Abstract.WeprovethatthesetofDESpermutations(encryptionanddecryptionforeachDESkey)isnotclosedunderfunctionalcomposition.Thisimpliesthat,ingeneral,multipleDES-encryp
2、tionisnotequivalenttosingleDES-encryption,andthatDESisnotsusceptibletoaparticularknown-plaintextattackwhichrequires,onaverage,228steps.WealsoshowthatthesizeofthesubgroupgeneratedbythesetofDESpermutationsisgreaterthan102499,whichistoolargeforpotentialattacksonDESwhichwouldexploita
3、smallsubgroup.1.IntroductionTheDataEncryptionStandard(DES)[3]definesasetofpermutationsonmessagesfromthesetM={0,1}64.ThepermutationsconsistofencryptionanddecryptionwithkeysfromthesetK={0,1}56.LetE:M®Mdenotetheencryptionpermutationforkeyk,kandletEk-1bethecorrespondingdecryptionperm
4、utation.IfthesetofDESpermutationswereclosedunderfunctionalcomposition,thenforanytwopermutationstandu,therewouldexistsomeotherpermutationvsuchthatu(t(m))=v(m)forallmessagesmÎM.ThequestionofwhetherthesetofDESpermutationsisclosedunderfunctionalcompositionisanimportantonebecauseclosu
5、rewouldimplythatthereexistsaknown-plaintextattackonDESthatrequires,onaverage,228steps[4].Furthermore,multipleencryptionwouldbesusceptibletothesameattackbecausemultipleencryptionwouldbeequivalenttosingleencryption.Kaliski,Rivest,andShermandevelopednovelcyclingtestswhichgaveevidenc
6、ethatthesetofDESpermutationsisnotclosed[4].However,theirworkrelieduponrandomnessassumptionsabouteitherDESitselforapseudo-randomfunctionr:M®Kwhichwasusedincyclingexperiments.Becauseoftherandomnessassumptions,itisdifficulttousetheresultsoftheircyclingteststomakeanyclaimsabouttheprob
7、abilitythatDESisnotclosed.WehavedevelopedourownDEScyclingexperimentswhichprovideevidencethatDESisnotclosed;thisevidencedoesnotrelyuponrandomnessassumptions.OurcyclingexperimentsaresimilartothoseofQuisquaterandDelescailleforfindingDEScollisions[7,8].Otherrecentrelatedworkistheswit
8、chingclosuretestsofMorita,Ohta,andMiyagu
